Home
Name Modified Size Downloads / Week Status
Totals: 3 Items   16.6 kB 3
sshblock23.sh 2011-01-18 7.4 kB 11 weekly downloads
README 2011-01-18 3.0 kB 11 weekly downloads
sshblock22.sh 2010-11-19 6.2 kB 11 weekly downloads
[ SSH BLOCK 2 ] Version 2.3 ----------- New in SSH Block 2.3 - Added support for Debian based system (auth.log) - Minor code formating improvments, nothing important - This README file Version 2.2 ----------- New in SSH Block 2.2 - Added support for OpenBSD (only tested on OpenBSD 4.0) Version 2.1 ----------- New in SSH Block 2.1 - Added a function to block exciting users (root, mysql, mailman etc) - Changed some AWK code for grep code for compability (Thx to Nick Lott) Verision 2.01 ------------ New in SSH Block 2.01 - Wrapped the script in "( )" and added a & to daemonize the script General SSH Block 2 info ------------------------ SSH Block is a small script that searches the logfiles on a UNIX system for certain strings generated by the SSH daemon. The scripts searches for incorrect usernames, wich is often the result of someone scanning your SSH services for vaild usernames. The script then adds these hosts to the /etc/hosts.deny file so that they will be blocked (Using TCP Wrappers). I am glad to announce version 2 of the SSH Block script! Version two contains many improvments over the earlier versions. A quick list with the best of version two: - Total re-write of the code - No more catting back and forth thruogh the script - No more strange temp files in /Var/state/ssh_block - ONE scriptfile for all system (Linux, FreeBSD, OpenBSD, Solaris and Mac OS X) - No more un-neccesary grepping. The script only "greps" if the size of the log file has changed. This way it uses less system recuorces. - The blocked IP's are now inserted directly into hosts.deny The script should run out of the box on Linux, FreeBSD, OpenBSD and Mac OS X. See special note on Solaris. SPECIAL NOTE ON SOLARIS ########################################################### There are some things you have to do to your system before this script will acually work under Solaris. To start with, TCP Wrappers is not enabled by default on Solaris 10. How to enable TCP Wrappers and some info about it can be found here: http://www.sun.com/bigadmin/content/submitted/tcp_wrap_solaris10.html Second, you have to enable syslog logging of the ssh daemon. This is done by editing /etc/syslog.conf. Adding the following line will have sshd logging to /var/log/authlog auth.info /var/log/authlog Now you can run the script (as root) and it will block IP numbers of probing hosts. The scripts will add this hosts to your /etc/hosts.deny file like this: #BEGIN_SSHBLOCK sshd : 192.168.0.1 sshd : 10.0.0.3 #END_SSHBLOCK I would recommend to backup your /etc/hosts.deny and your /etc/syslog.conf before making changes and running the script. ########################################################### Please drop me an e-mail with comments, bugs, improvments or just about anything! A nice e-mail is always appreciated :) //Jack-Benny Persson jake@cyberinfo.se
Source: README, updated 2011-01-18

Thanks for helping keep SourceForge clean.

Screenshot instructions:
Windows
Mac
Red Hat Linux   Ubuntu

Click URL instructions:
Right-click on ad, choose "Copy Link", then paste here →
(This may not be possible with some types of ads)

More information about our ad policies
X

Briefly describe the problem (required):

Upload screenshot of ad (required):
Select a file, or drag & drop file here.

Please provide the ad click URL, if possible:

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks