just droolin


SourceForge Home
idiotblocker home
Project Summary
Project News
Change Log
Installation Instructions

    idiotblocker is a unix sh shell script written with the intended purpose of being one single application used to scan the auth.log for security breatch attempts and apply blocking rules. Where the blocking rules are applied is determined by executation switch's that are passed.

    This script was developed on a FreeBSD OS but should be transferable to any Unix flavored OS that supports the hosts.allow or hosts.deny file. The firewall rules that this script creates are intended for the OpenBSD Packet Filter firewall which is also used on other BSD type OS's. The creation of firewall rules is not a default though, and will only occur when this function has been requested at executation time.

    idiotblocker current functionality:

  • Analysis of auth.log for the following offending entries.
    • hosts.allow final default block: twist aironetworks.propagation.net to /bin/echo "unknown you are not welcome to use sshd from
      • I felt if they tried one way and were blocked, they may try another that might not be caught. Thus, block the IP/host completely for all services.
    • Attempted brute force logins.
  • To be configurable to pick and chose which you want done.
    • Which log entries to look for.
    • Where to build the blocking rules.
      • hosts.allow
      • PF firewall rules

    idiotblocker planned future functionality:

  • Block ip's/hosts that have attempted logins to known daemon process id's. Ie: www, oracle, mysql...
  • Block ip's/hosts that have had repeated failed login attempts against valid user logins. This will require that the repeated failed attempts be greateer then a threashold amount as defined at executation time.
idiotblocker is hosted by SourceForge and powerd by the mindless actions of droolin ;o)~ ~ ~