just droolin
  on
  SourceForge

idiotblocker
SourceForge Home
idiotblocker home
Project Summary
Project News
Change Log
Installation Instructions
Downloads
  • untar the file to a directory.
    • tar -zxvf idiotblocker-version.tar.gz
  • As root, run script idiotblocker.sh
    • This will create all files required based on the flags passed to the script at executation time.
      • No matter what switch's are set, the following files are created.
        • ib.master.blacklist - This contains all ip's that are blocked with comments that can be used for review purposes. It is also used in creating specific syntax black list files used by the hosts.allow and the pf.conf.
        • ib.hosts.allow.blacklist - This contains all ip's that are to be blocked in the syntax required by the hosts.allow file
        • ib.log - Logging file.
      • If -up switch is set, the folling file is also created.
        • ib.pf.blacklist - This contains ip/hosts that are to be blocked by the firewall. The firewall rules requires that only the ip's/host's be listed in this file.
    • Executation Flag
      • If no switch's are given at executation time, the following will occur.
        • auth.log will be parsed for any entries made by the following in the hosts.allow file.
          • ALL : ALL \
            : severity auth.info \
            : twist /bin/echo "You are not welcome to use %d from %h.
      • -b   Brute Force detection is to occur.
      • -up Update firewall rules with any ips that have been identified as making illegal attemps as defined by this script.
        • ** When this switch is set, the ib.pf.blacklist file is created containing ip's only which are pulled into the firewall rules for blocking purposes.
      • -d   Verbose messgaes for debugging purposes.
      • -m   Manual update switch.
        • Use this switch when you have made manual changes to the ib.master.blacklist and wish to have these changes applied against both the hosts.allow and pf.conf blacklists without parsing the auth.log file.
          ex:
          • ./idiotblocker.sh -m
            ** This will update the hosts.allow blacklist file with what ever is in the ib.master.blacklist without parsing through the auth.log
          • ./idiotblocker.sh -up -m
            ** This will update both the hosts.allow and pf.conf blacklist files with what ever is in the ib.master.blacklist without parsing through the auth.log
  • To have this script run at scheduled times(I run it every 5 minutes):
    • Add a crontab entry like the following for root:
      */5 * * * * /path to idiotblocker/idiotblocker.sh switch's >/dev/null 2>&1
  • Upgrading from idiotblocker-1.0 alpha.
    • Edit the hosts.allow file, and do the following:
      • Copy all the ip's/hosts that have been inserted by idiotblocker-1.0 alpha, and place them in the ib.master.blacklist file.
        • You will need to edit the hosts.allow file and copy all the ip'sthat have been inserted by idiotblocker, and place them in the ib.master.blacklist. Do not include the ALL : and : deny portion of the entries found of these lines. ONLY INSERT THE IP's into the ip.master.blacklist.
        • Run idiotblocker with the -m switch Ifyou are going to set pf firewall blocking rules, also use the -up switch. This will copy update the syntax blacklist files used by hosts.allow amd pf.conf.
idiotblocker is hosted by SourceForge and powerd by the mindless actions of droolin ;o)~ ~ ~