Skip to content

nick-parry/ssh-scum-blocker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

TODO

TODO

 
 

baseiptables.go

baseiptables.go

 
 

block.go

block.go

 
 

iptables_test.go

iptables_test.go

 
 

logging.go

logging.go

 
 

main.go

main.go

 
 

readfile.go

readfile.go

 
 

scum.go

scum.go

 
 

scum_test.go

scum_test.go

 
 

state.go

state.go

 
 

state_test.go

state_test.go

 
 

Repository files navigation

ssh-scum-blocker

Block failed and invalid ssh attempts by blackhole'ing IPs with iptables

The goal of this is for me to learn go, while trying to usefully block failed ssh attempts.

Here is the main point of this application:

  • tail the log file and get offending ips
  • After there have been 5(maxAttempts) such offences, that ip needs to be banned.
  • Banned as in iptables drop

Here is the basic flow of this application:

  • make sure the user is root
  • Make sure you have the basic iptables logging/drop chain
  • tail /var/log/auth.log looking for some key patterns
  • If you find an ip, save it and its occurences into a list of "scum" objects
  • If the ip reaches maxAttempts occurences, block it and mark it as blocked

A more current list of features that I want and those that have been added can be found in the TODD file.

About

Block failed and invalid ssh attempts by blackholing IPs with iptables

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages