57 lines
1.5 KiB
Bash
57 lines
1.5 KiB
Bash
#!/bin/bash
|
|
|
|
if [ ! $UID ]; then
|
|
echo "You must be root to use SSHblock."
|
|
exit 1;
|
|
fi
|
|
|
|
case "$1" in
|
|
'start')
|
|
swatch -c /etc/swatch/sshblock -t /var/log/messages &> /dev/null &
|
|
if [ ! `ls /etc/cron.hourly | grep sshunblock` ]; then
|
|
ln -s /usr/sbin/sshunblock.pl /etc/cron.hourly
|
|
fi
|
|
;;
|
|
'stop')
|
|
pid=`ps auxwww | grep swatch | grep -v grep | grep sshblock | awk '{print $2}'`
|
|
kill $pid
|
|
;;
|
|
'clear')
|
|
for ip in `iptables -nL INPUT | tail +3 | grep DROP | grep dpt:22 | awk '{print $4}'`; do
|
|
iptables -D INPUT -p tcp -s $ip --dport 22 --syn -j DROP
|
|
done
|
|
;;
|
|
'list')
|
|
echo "Blocked IP addresses:"
|
|
iptables -nL INPUT | tail +3 | grep DROP | grep dpt:22 | awk '{print $4}'
|
|
;;
|
|
'status')
|
|
blocking=`ps auxwww | grep swatch | grep -v grep | grep sshblock | wc -l`
|
|
blocked=`iptables -nL INPUT | tail +3 | grep DROP | grep dpt:22 | wc -l`
|
|
unblocking=`ls -l /etc/cron.hourly | grep sshunblock | wc -l`
|
|
if [ $blocked -eq 1 ]; then
|
|
pl=''
|
|
verb='is'
|
|
else
|
|
pl='es'
|
|
verb='are'
|
|
fi
|
|
if [ $blocking -gt 0 ]; then
|
|
echo "SSHblock is active"
|
|
else
|
|
echo "SSHblock is not running"
|
|
fi
|
|
echo "There $verb currently $blocked address$pl blocked."
|
|
;;
|
|
*)
|
|
echo "Usage: $0 [start|stop|clear|status|list]"
|
|
echo " "
|
|
echo "start: Start SSHblock system"
|
|
echo "stop: Stop blocking new IPs; old ones will still expire at the usual rate"
|
|
echo "clear: Clear all blocked addresses"
|
|
echo "status: Report whether SSHblock is running, how many IPs are blocked"
|
|
echo "list: List all blocked IP addresses"
|
|
exit
|
|
;;
|
|
esac
|