Index of /software/ssh_ipfw
Name Last modified Size Description
![[DIR]](/icons/back.gif)
Parent Directory -
![[ ]](/icons/compressed.gif)
ssh_ipfw-1.0.tar.gz 07-Feb-2005 15:51 9.5K
ssh_ipfw-1.1.tar.gz 01-Aug-2006 12:12 10K
ssh_ipfw
Christopher Masto <chris@masto.com>
Requirements: Perl, File::Tail, Date::Parse
I got tired of this crap:
Jan 9 15:06:24 flavin sshd[61620]: Illegal user webmaster from 66.79.170.220
Jan 9 15:06:24 flavin sshd[61622]: Illegal user data from 66.79.170.220
Jan 9 15:06:25 flavin sshd[61624]: Illegal user user from 66.79.170.220
Jan 9 15:06:26 flavin sshd[61626]: Illegal user user from 66.79.170.220
Jan 9 15:06:27 flavin sshd[61628]: Illegal user user from 66.79.170.220
Jan 9 15:06:28 flavin sshd[61630]: Illegal user web from 66.79.170.220
Jan 9 15:06:29 flavin sshd[61632]: Illegal user web from 66.79.170.220
Jan 9 15:06:30 flavin sshd[61634]: Illegal user oracle from 66.79.170.220
Jan 9 15:06:30 flavin sshd[61636]: Illegal user sybase from 66.79.170.220
Jan 9 15:06:31 flavin sshd[61638]: Illegal user master from 66.79.170.220
Jan 9 15:06:32 flavin sshd[61640]: Illegal user account from 66.79.170.220
Jan 9 15:06:33 flavin sshd[61642]: Illegal user backup from 66.79.170.220
Jan 9 15:06:34 flavin sshd[61644]: Illegal user server from 66.79.170.220
This program will notice those lines in your syslog output and install
ipfw blocks. It will also automatically remove them when they expire.
It uses File::Tail, which deals with log file rotations automatically.
It can also log its actions at various levels of verbosity to stdout
and to syslog.
I made it for FreeBSD and ipfw, because that's what I have. There's
nothing very complicated going on, and the actual system-dependent stuff
is fairly isolated, so I don't expect it would be hard to change.
If you do made changes, find this useful, or have any other comments,
please contact me at chris@masto.com. Thanks. Enjoy.
VERSION HISTORY
1.1 01-Aug-2006
* Can monitor multiple files (useful for FreeBSD jails)
* Update regex to detect "Invalid user"
* Include FreeBSD startup script
1.0 07-Feb-2005 Initial release