freebsd:pf
差異處
這裏顯示兩個版本的差異處。
| Both sides previous revision 前次修改 下次修改 | 前次修改 | ||
|
freebsd:pf [2007/08/07 22:12] wenpei |
freebsd:pf [2010/04/06 12:14] (目前版本) wenpei |
||
|---|---|---|---|
| 行 34: | 行 34: | ||
| # /etc/rc.d/pf start | # /etc/rc.d/pf start | ||
| + | |||
| + | ====== SSH Brute Force Blocker with PF on FreeBSD ====== | ||
| + | http://home.earthlink.net/~valiantsoul/pf.html | ||
| + | |||
| + | /etc/pf.conf 中增加 | ||
| + | table <bruteforce> persist file "/var/db/blacklist" | ||
| + | block quick from <bruteforce> | ||
| + | |||
| + | 程式碼 | ||
| + | <code> | ||
| + | #!/usr/bin/perl | ||
| + | |||
| + | use strict; | ||
| + | |||
| + | my @assholes = (); | ||
| + | |||
| + | open (IN, "/var/log/auth.log"); | ||
| + | while (<IN>) { | ||
| + | if ($_ =~ /Invalid user.*from ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/) { | ||
| + | push(@assholes, $1); | ||
| + | } | ||
| + | if ($_ =~ /Did not receive identification string from ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/) { | ||
| + | push(@assholes, $1); | ||
| + | } | ||
| + | } | ||
| + | close (IN); | ||
| + | |||
| + | @assholes = sort {lc($a) cmp lc($b)} @assholes; | ||
| + | |||
| + | my @allowedIPs = (); | ||
| + | open (IN, "/var/db/allowed-ips"); | ||
| + | while (<IN>) { | ||
| + | if ($_ =~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/) { | ||
| + | push(@allowedIPs, $_); | ||
| + | } | ||
| + | } | ||
| + | close (IN); | ||
| + | |||
| + | chop(@allowedIPs); | ||
| + | |||
| + | my $tmp = ""; | ||
| + | foreach my $asshole (@assholes) { | ||
| + | if ($asshole eq $tmp) { | ||
| + | $asshole = ""; | ||
| + | } else { | ||
| + | if ($asshole =~ /127\.0\.0\.1/) { | ||
| + | $asshole = ""; | ||
| + | } | ||
| + | if ($asshole =~ /192\.168\.[0-9]+\.[0-9]+/) { | ||
| + | $asshole = ""; | ||
| + | } | ||
| + | foreach my $allowedIP (@allowedIPs) { | ||
| + | if ($asshole =~ /$allowedIP/) { | ||
| + | $asshole = ""; | ||
| + | } | ||
| + | } | ||
| + | $tmp = $asshole; | ||
| + | } | ||
| + | } | ||
| + | |||
| + | @assholes = sort {lc($b) cmp lc($a)} @assholes; | ||
| + | |||
| + | my $popCount = 0; | ||
| + | foreach my $asshole (reverse @assholes) { | ||
| + | if ($asshole eq "") { | ||
| + | $popCount++; | ||
| + | } | ||
| + | } | ||
| + | |||
| + | for (my $i = 0; $i < $popCount; $i++) { | ||
| + | pop (@assholes); | ||
| + | } | ||
| + | |||
| + | my $list = ""; | ||
| + | foreach my $asshole (@assholes) { | ||
| + | $list = $list . $asshole . " "; | ||
| + | } | ||
| + | |||
| + | exec "/sbin/pfctl -t bruteforce -T add $list"; | ||
| + | </code> | ||
| + | |||
| + | 加入 Syslog 中 | ||
| + | /etc/syslog.conf | ||
| + | auth.info;authpriv.info | exec /usr/bin/perl /sbin/bruteforcer.pl | ||
| + | |||
| + | 例外之黑/白名單列表 | ||
| + | <code> | ||
| + | touch /var/db/blacklist | ||
| + | chmod 644 /var/db/blacklist | ||
| + | touch /var/db/allowed-ips | ||
| + | chmod 644 /var/db/allowed-ips | ||
| + | </code> | ||
| + | |||
| + | 觀看已經紀錄的列表 | ||
| + | pfctl -t bruteforce -T show | ||
| + | |||
| + | ====== Denyhosts ====== | ||
| + | Reference: http://blog.wu-boy.com/2008/12/26/663/ | ||
| + | |||
| + | |||
| + | |||
freebsd/pf.1186495974.txt.gz · 上一次變更: 2007/08/07 22:12 由 wenpei
若無特別註明,本 wiki 上的內容都是採用以下授權方式: CC Attribution-Noncommercial-Share Alike 3.0 Unported
