Last active
October 27, 2019 17:34
-
-
Save MarkZhangTW/94426dfde4e0ca4c651968ea4b5a0b7f to your computer and use it in GitHub Desktop.
A bash script for iptables dropping IPs which logged in failed more than 9 times.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| lastb -if /var/log/btmp.1 | awk '{print$3}' | sort | uniq -cd > lastb.log.1 | |
| lastb -i | awk '{print$3}' | sort | uniq -cd > lastb.log | |
| cat lastb.log.1 lastb.log | sort -n | awk '$1>9{print$2}' | sort -n > try9s.ip | |
| echo '===== IPs failed more than 9 times =====' | |
| cat try9s.ip | |
| while read ip; do | |
| iptables --check INPUT --source $ip --jump DROP 2>/dev/null ||\ | |
| iptables --append INPUT --source $ip --jump DROP | |
| done < try9s.ip |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment