• Willkommen im Linux Club - dem deutschsprachigen Supportforum für GNU/Linux. Registriere dich kostenlos, um alle Inhalte zu sehen und Fragen zu stellen.

SSH brute force defence script Startet nicht

W

Wabrosch

Hallo,

ich habe hier ein SSH brute force defence script, welches ich auf meinem Server platziert habe.
Habe es richtig in den runLevel Scripts verlinkt, aber bei einem ServerStart fügt es mir nicht in die iptables....
muss nach jedem Serverstart das Script manuell starten.

wer kann mir helfen?


Code: 
server:/etc/init.d/rc3.d # ll S06ssh-protection
lrwxrwxrwx 1 root root 17 2007-04-02 11:36 S06ssh-protection -> ../ssh-protection

server:/etc/init.d/rc3.d # ./S06ssh-protection start 
Inserting SSH protection rules.

server:/etc/init.d/rc3.d # who -r
         run-level 3  2007-04-03 10:43                   last=S
server:/etc/init.d/rc3.d #           


server:/etc/init.d # more ssh-protection
#! /bin/sh

### BEGIN INIT INFO
# Provides:         ssh-protection
# Required-Start:   $network $SuSEfirewall2_setup
# X-UnitedLinux-Should-Start:
# Required-Stop:    $network 
# X-UnitedLinux-Should-Stop:
# Default-Start:    3 5
# Default-Stop:     0 1 2 6
# Short-Description:    Protection against SSH brute force attacks
# Description:          Protection against SSH brute force attacks 
### END INIT INFO

# SSH brute force defence
# ------------------------------------------------------------------------------
# Options
SECS='30'
IFACE='eth0'

# Load iptables module 
/sbin/modprobe ip_tables

# System options
IPT="/usr/sbin/iptables"

# Debug iptables dump
/usr/sbin/iptables -L > /tmp/iptables-dump.log

case "$1" in
  start)
    echo "Inserting SSH protection rules." 

    # Create new chain for SSH throttle
    $IPT --new-chain sshthrottle

    # Check if we have a similar address in the last $SECS seconds marked as SSH
    # throttle: if it matches a recent (since $SECS) connection attempt, drop it 
    $IPT --append sshthrottle \
        --match recent --update --seconds $SECS --name sshthrottle \
        --jump DROP

    # Log attempts
    $IPT --append sshthrottle \
        --match recent --set --name sshthrottle \ 
        --jump LOG --log-prefix 'SSH connection stifled '

    # Drop
    $IPT --append sshthrottle --jump DROP

    # Route all new packets going to port 22 which are already named
    # 'sshthrottle' to the sshthrottle chain 
    $IPT --insert INPUT 1 --in-interface $IFACE --protocol tcp \
        --destination-port 22 --match state --state NEW \
        --match recent --update --seconds $SECS --name sshthrottle \
        --jump sshthrottle 

    # Accept all new (since $SECS seconds) connections to port 22
    # and name them 'sshthrottle'
    $IPT --insert INPUT 2 --in-interface $IFACE --protocol tcp \
        --destination-port 22 --match state --state NEW \ 
        --match recent --set --name sshthrottle \
        --jump ACCEPT

  ;;

  *)
    echo "Usage: $0 start"

  ;;
esac

exit 0
server:/etc/init.d
 
Du musst dich einloggen oder registrieren, um hier zu antworten.
Oben