Protecting against SSH attacks
On some servers you are obliged not to run a firewall nor use VPN. As a result your sshd will be the direct attack target for many amateurs and professionals alike.
To protect against ssh attacks, I run the following script in crontab:
Sometimes you may encounter a line in /etc/hosts.deny like:
sshd:UNKNOWN
It may be blocking you!
Be aware, I have warned you beforehand.
To protect against ssh attacks, I run the following script in crontab:
#! /bin/bash
#
# A script to automatically counter ssh attacks
#
#
# vars
RETVAL=0
secure='/var/log/secure'
file='/tmp/counter-ssh'
deny='/etc/hosts.deny'
#
# logic
#
# get unique attacking IPs
grep "Did not" $secure | awk '{print $12}' | uniq -u > $file
#
# if IP is in /etc/hosts.deny do nothing, if IP is NOT in /etc/hosts.deny, add it there!
for ip in $(cat $file); do grep --silent $ip $deny; if [ $? -ne 0 ]; then echo "sshd:$ip" >> $deny; fi; done
#
# exit as learnt
RETVAL=$?
echo "we have exited $RETVAL"; exit $RETVAL
#
# A script to automatically counter ssh attacks
#
#
# vars
RETVAL=0
secure='/var/log/secure'
file='/tmp/counter-ssh'
deny='/etc/hosts.deny'
#
# logic
#
# get unique attacking IPs
grep "Did not" $secure | awk '{print $12}' | uniq -u > $file
#
# if IP is in /etc/hosts.deny do nothing, if IP is NOT in /etc/hosts.deny, add it there!
for ip in $(cat $file); do grep --silent $ip $deny; if [ $? -ne 0 ]; then echo "sshd:$ip" >> $deny; fi; done
#
# exit as learnt
RETVAL=$?
echo "we have exited $RETVAL"; exit $RETVAL
Sometimes you may encounter a line in /etc/hosts.deny like:
It may be blocking you!
Be aware, I have warned you beforehand.
Comments
Post a Comment