[Full-disclosure] reduction of brute force login attempts via SSHthrough iptables --hashlimit

[Gary Leons]

On 3/2/06, GroundZero Security <fd at g-0.org> wrote:
>
> After all it works. There are always more ways to do it, but if its -A1 or
> -1 really doesnt matter at all, its just you have to be pedantic over it i guess.
> Yep im not a bash guru maybe,but i really dont care much for optimization
> on a lame script like this as long as it WORKS and is not insecure.
                                                                      
           ^^^^^^^^^^^^^^^
HAH.

>
> If you really think it sucks sooo much that you cant take it, then before you reply to this mail now,
> go and optimize it and send your version to FD then you can be happy and feel superior :-)
>
> -sk

#!/bin/sh
for i in `lastb -ai | awk '{print $(NF)}' | sort | uniq -c | sort -n |
awk '{if ($1 >= 7) print $2}'`; do
    if ! grep -q "sshd: ${i}" /etc/hosts.deny; then
        printf "# %s\nsshd: %s\n" "`date`" "${i}" >> /etc/hosts.deny
    fi
done

5 lines, adds hosts with more than 7 failed logins to hosts.deny, run
it from cron.