Archive for August, 2020
4
Aug
my fail2ban ssh
#!/bin/bash
BLACKLIST=`tail -n 1000 /var/log/secure | grep “Failed password for root from” | sed ’s/ / /g’ | cut -d’ ‘ -f 11 | sort | uniq -c | sort -n -r | grep -v -E ” 1 | 2 | 3 ” | sed ’s/^ *//g’ | cut -d’ ‘ -f 2`;
for i in $BLACKLIST; do
echo “+”${i} > /proc/net/xt_recent/SSH
done
add crontab */6
modprobe xt_recent ip_list_tot=1000
iptables-restore
-A INPUT -p tcp -m multiport –dports 8443 -m state –state NEW -m recent –rcheck –seconds 86400 –hitcount 1 –name SSH –mask 255.255.255.255 –rsource -j DROP
-A INPUT -p tcp -m multiport –dports 8443 -m state –state NEW -j ACCEPT