[Wolves] Light-weight fail2ban replacement - sshcan

Alex Willmer alex at moreati.org.uk
Thu Jan 27 14:03:42 UTC 2011

On 27 January 2011 12:08, Andy Jewell <Andy.Jewell at sysmicro.co.uk> wrote:
> Rather than flood your mailboxes with 130+ lines of gibberish, and risk the outgoing message being quarrantined because it contains "code", I've put it in a paste-bin:
> http://hpaste.org/43371/sshcanpy
> An example of it's output/behaviour:
> http://hpaste.org/43372/sshcan_output

> Comments on a post-card please...

Here's my first stab: http://hpaste.org/43375/sshcanpy_annotation

1. No obvious huge memory hogs except that you weren't closing some
file handles. I've fixed those and done some minor formatting. 2. The
sys module was imported and not used - fixed.
3. The string chopping in the main loop is a bit nasty and hard to
understand - I would have used regular expressions assuming the memory
penalty wasn't too big.
4. Your predictable temporary filenames are probably a security
vulnerablility - particularly as you're running them as root - you may
or may not care for a personal script.
5. If your Python version is >=2.2 s/items()/iteritems()


Alex Willmer <alex at moreati.org.uk>
http://moreati.org.uk/blog http://twitter.com/moreati

More information about the Wolves mailing list