[Wolves] Light-weight fail2ban replacement - sshcan
Andy Jewell
Andy.Jewell at sysmicro.co.uk
Thu Jan 27 12:12:05 UTC 2011
Guys,
Further to our discussion last night, here's the promised code for my light-weight fail2ban replacement. I've now come up with an ok name for it - sshcan (ssh crack attach neutraliser). Woo hoo.
Rather than flood your mailboxes with 130+ lines of gibberish, and risk the outgoing message being quarrantined because it contains "code", I've put it in a paste-bin:
http://hpaste.org/43371/sshcanpy
An example of it's output/behaviour:
http://hpaste.org/43372/sshcan_output
(The "warning: commands will be executed using /bin/sh" are from the "at" command, because I'm piping a command in with 'echo "....." | at'. I might address that later, possibly by piping stderr to /dev/null... :-)
Comments on a post-card please...
Regards,
Andy D'Arcy Jewell
SysMicro Linux Support
T: +44 (0) 844 991 8804
M: +44 (0) 7961 605631
F: +44 (0) 844 357 7020
E: andy.jewell at sysmicro.co.uk
W: www.sysmicro.co.uk
CRN THE CHANNEL AWARDS 2009 WINNER
SysMicro named CRN’s Editor’s Choice for Emerging Business of the Year 2009, recognising SysMicro for our considerable growth, specifically in Enterprise Solutions.
More information about the Wolves
mailing list