Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A script to automatically blacklist illegal ssh attempts' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A script to automatically blacklist illegal ssh attempts
Authored by: thrig on Sep 14, '04 11:52:46AM

The following is poor code, and should not be used. Read more information about temporary file attacks. Instead, use mktemp to create a secure temporary file.

TMPFILE=`mktemp /tmp/example.XXXXXXXXXX` || exit 1
trap "rm -f $TMPFILE" 0 1 2 13 15
zgrep -i Illegal /var/log/system.log*gz | fgrep sshd | awk '{print $NF}' | sort | uniq > $TMPFILE

Maintaining a list of known-bad is far weaker security than simply blocking all by default, then only allowing in specific connections from good hosts. If the list of good hosts is too dynamic, consider port knocking to open the port on the fly to a trusted host.



[ Reply to This | # ]