2,4d1 < # /usr/local/bin/block < # http://crystalfaeries.net/posix/bin/block < # A simple script to go through a VSFTPD log and block people who have unsuccessfully attempted to log in. 7c4,6 < # celeste:crystalfaery (kahealani@inbox.com) 2014-12-06 15:02:45+00:00 --- > # jeffrehley (jeffrehley@hotmail.com) - 5/21/2010 - look for failed attempts in auth.log as well > # A simple script to go through a VSFTPD log and block people who have > # unsuccessfully attempted to log in. 10c9,11 < $logfilename = '/var/log/vsftpd.log'; # location of your logfile. --- > $logfilename1 = '/var/log/vsftpd.log'; # location of ftp logfile. > $logfilename2 = '/var/log/auth.log '; # location of auth logfile. > 12,16c13,16 < # say 1 here, otherwise put 0. < $exception_file = '/var/log/vsftpd.ban'; # if you said 1 above, put your filename here. < $max_failures = 5; # maximum number of failures someone can have before < # getting blocked. < #end of configuration options --- > # say 1 here, otherwise put 0. > > $exception_file = '/var/log/banned.log'; # if you said 1 above, put your filename here. > 18c18,20 < $command = 'grep \'FAIL LOGIN\' '.$logfilename.' | sed -r \'s/^.{0,}Client .//\' | sed -r \'s/\"//\' | uniq -c'; --- > $max_failures = 5; # maximum number of failures someone can have before > # getting blocked. > #end of configuration options 20c22,32 < @connected_ips = `$command`; --- > $command1 = 'grep \'FAIL LOGIN\' '.$logfilename1.' | sed -r \'s/^.{0,}Client .//\' | sed -r \'s/\"//\' | uniq -c'; > $command2 = 'grep \'Failed password for invalid user\' '.$logfilename2.' | cut -f 4 -d: | awk \'{print $8}\' | uniq -c'; > $command3 = 'grep \'Failed password for root\' '.$logfilename2.' | cut -f 4 -d: | awk \'{print $6}\' | uniq -c'; > > @connected_ips1 = `$command1`; > @connected_ips2 = `$command2`; > @connected_ips3 = `$command3`; > > push (@connected_ips,@connected_ips1); > push (@connected_ips,@connected_ips2); > push (@connected_ips,@connected_ips3); 21a34 > #print @connected_ips; 25,27c38,40 < open (FH, $exception_file) or die "$!\n"; < @exceptions = ; < close (FH); --- > open (FH, $exception_file) or die "$!\n"; > @exceptions = ; > close (FH); 32,33c45,46 < chop ($ip); < $noblock{"$ip"} = 1; --- > chop ($ip); > $noblock{"$ip"} = 1; 38,40c51,54 < @info = split(/\s+/, $host); < if (($info[1] > $max_failures) and !$noblock{$info[2]}) { < system("/sbin/iptables -I INPUT 1 -s $info[2] -j DROP"); --- > @info = split(/\s+/, $host); > > if (($info[1] > $max_failures) and !$noblock{$info[2]}) { > system("iptables -I INPUT 1 -s $info[2] -j DROP"); 42,45c56,59 < open FILE,">>$exception_file" or die "Unable to open file!\n"; < print FILE "$info[2]\n"; < close FILE; < } --- > open FILE,">>$exception_file" or die "Unable to open file!\n"; > print FILE "$info[2]\n"; > close FILE; > } 47d60 <