Friday, March 03, 2006

awk '/Failed password/ {if ($9=="invalid") print $13; else print $11}'
/var/log/secure|cut -b 8-|sort|uniq -c|sort -nr|awk '{if ($1>10) print $2}'|
xargs -i iptables -A INPUT -s {} -j DROP

(all one line)

Read the security logs, find IPs with more than 10 failed login attempts, and drop all future traffic from the punkasses!

Man I love iptables. I spent such a long time avoiding learning them because I had a perception that they were complex. They're bloody easy!

No comments: