idiotblocker is a unix sh shell script written
with the intended purpose of being one single application used to scan
the auth.log for security breatch attempts and apply blocking rules.
Where the blocking rules are applied is determined by executation switch's
that are passed.
This script was developed on a FreeBSD OS but
should be transferable to any Unix flavored OS that supports the hosts.allow
or hosts.deny file. The firewall rules that this script creates are
intended for the OpenBSD Packet Filter firewall which is also used on
other BSD type OS's. The creation of firewall rules is not a default
though, and will only occur when this function has been requested at
idiotblocker current functionality:
- Analysis of auth.log for the following offending entries.
- hosts.allow final default block: twist aironetworks.propagation.net
to /bin/echo "unknown you are not welcome to use sshd from
- I felt if they tried one way and were blocked, they may
try another that might not be caught. Thus, block the IP/host
completely for all services.
- Attempted brute force logins.
- To be configurable to pick and chose which you want done.
- Which log entries to look for.
- Where to build the blocking rules.
- PF firewall rules
idiotblocker planned future functionality:
- Block ip's/hosts that have attempted logins to known daemon process
id's. Ie: www, oracle, mysql...
- Block ip's/hosts that have had repeated failed login attempts against
valid user logins. This will require that the repeated failed attempts
be greateer then a threashold amount as defined at executation time.