Giant Batteries
Posted in Tech
Afternoon watch, 6 bells (3:12 pm)

Today I got two additional battery units for my UPS systems. They have really extended my UPS coverage time at a pretty high load (between 600 and 700 watts). They also weigh 125 pounds each. Hefting those into the rack was a chore.

Leave a Comment »
Bad SSH Users
Posted in Tech
Forenoon watch, 3 bells (9:42 am)

Today I built up on my previous IP-banning idea. This time I'm upset that so many people try to crack SSH users and passwords. Where does it end??

Anyway, I wrote a few bits of shell script to make it easier to shut these people down.

First, find out who's failing to log in, preferrably multiple times, but it's up to you:
cat /var/log/secure* | grep "Failed password" | awk '{print $11;}' | sort | nodup | grep "ffff" > ssh.badip

Chances are real good you don't have a program called nodup, because I wrote it. It removes duplicates from sorted lists, only printing one of them. The grep "ffff" part is how I deal with my SSH daemon logging IP addresses. The print $11 awk code is for getting just the IP from the logfile. At the end, the output is redirected to a file.

Next, I wrote a short shell script called iptables.sh that does the work:

#!/bin/bash
for ip in "$@" ; do
/sbin/iptables -A INPUT -s $ip -j DROP
/sbin/iptables -A OUTPUT -s $ip -j DROP
done

Then I just chmod u+x iptables.sh and then run:
./iptables.sh `cat /var/log/ssh.badip`

Voila! Insta-ban badnasty IP addresses at the firewall level!

PS I have since realized that writing my own nodup program is unnecessary, just run sort -u instead.

Leave a Comment »