slackbuilds_ponce/network/sshblock/rc.sshblock
Willy Sudiarto Raharjo 8d0150f686 network/sshblock: Added (an SSH dictionary-attack blocker).
Signed-off-by: Matteo Bernardini <ponce@slackbuilds.org>
2012-12-16 22:16:31 +01:00

56 lines
1.5 KiB
Bash

#!/bin/bash
if [ ! $UID ]; then
echo "You must be root to use SSHblock."
exit 1;
fi
case "$1" in
'start')
swatch -c /etc/swatch/sshblock -t /var/log/messages &> /dev/null &
if [ ! `ls /etc/cron.hourly | grep sshunblock` ]; then
ln -s /usr/sbin/sshunblock.pl /etc/cron.hourly
fi
;;
'stop')
pid=`ps auxwww | grep swatch | grep -v grep | grep sshblock | awk '{print $2}'`
kill $pid
;;
'clear')
for ip in `iptables -nL INPUT | tail +3 | grep DROP | grep dpt:22 | awk '{print $4}'`; do
iptables -D INPUT -p tcp -s $ip --dport 22 --syn -j DROP
done
;;
'list')
echo "Blocked IP addresses:"
iptables -nL INPUT | tail +3 | grep DROP | grep dpt:22 | awk '{print $4}'
;;
'status')
blocking=`ps auxwww | grep swatch | grep -v grep | grep sshblock | wc -l`
blocked=`iptables -nL INPUT | tail +3 | grep DROP | grep dpt:22 | wc -l`
unblocking=`ls -l /etc/cron.hourly | grep sshunblock | wc -l`
if [ $blocked -eq 1 ]; then
pl=''
verb='is'
else
pl='es'
verb='are'
fi
if [ $blocking -gt 0 ]; then
echo "SSHblock is active"
else
echo "SSHblock is not running"
fi
echo "There $verb currently $blocked address$pl blocked."
;;
*)
echo "Usage: $0 [start|stop|clear|status|list]"
echo " "
echo "start: Start SSHblock system"
echo "stop: Stop blocking new IPs; old ones will still expire at the usual rate"
echo "clear: Clear all blocked addresses"
echo "status: Report whether SSHblock is running, how many IPs are blocked"
echo "list: List all blocked IP addresses"
exit
;;
esac