Deny IP based on failed login requests
Chris W. Parker
cparker at swatgear.com
Wed Feb 9 19:32:03 UTC 2005
Stephen Carville <mailto:stephen at totalflood.com>
on Wednesday, February 09, 2005 11:24 AM said:
> On Wed February 9 2005 10:19 am, Brian Whitehead wrote:
>> I'd say a quick shell script that parses the log file for the failed
>> attempts and the creates an iptables rule to block the IP.
>
> I actually wrote a little filter to do just that:
[snip]
> grep 'Failed passwd' /var/log/messages | login-filter.pl
>
> Getting the addresses into the blacklist I leave as an excercise for
> the student :-)
Oh this is great! I will start testing it out right now. Thanks!
Chris.
More information about the redhat-list
mailing list