q3aql/blockauth
q3aql/blockauth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Block auth connections with iptables/ipset reading auth.log (rsyslog).
33 Commits 2 Branches 0 Tags 59 KiB
Shell 100%
main
Go to file
q3aql b352111208 README.md
2024-05-01 11:28:53 +02:00
config Set default max_ip_blocklist to 5000 2024-04-16 22:44:24 +02:00
systemd Add blockauth & config files 2024-03-28 12:32:00 +01:00
blockauth Fix iptables command 2024-04-16 23:06:00 +02:00
install.sh Installer & Unninstaller 2024-03-28 12:49:09 +01:00
LICENSE.txt LICENSE (GPL v2.0) 2024-04-05 20:11:23 +02:00
README.md README.md 2024-05-01 11:28:53 +02:00
unninstall.sh Installer & Unninstaller 2024-03-28 12:49:09 +01:00

README.md

blockauth

Tool that blocks IPs that make ssh connection attempts by reading the auth.log file (rsyslog).

Install dependencies (Ubuntu/Debian):

sudo apt install iptables ipset rsyslog grep sed

How to install blockauth:

git clone https://git.q3aql.dev/q3aql/blockauth.git
cd blockauth
sudo ./install.sh

How to unninstall blockauth:

git clone https://git.q3aql.dev/q3aql/blockauth.git
cd blockauth
sudo ./unninstall.sh

How to run service:

  • First, edit the file /etc/blockauth/blockauth.conf:

    # Blockauth configuration file
valid_users="test1 test2"
always_ip_allowed="192.168.0.1 192.168.0.2"
blocklist="/etc/blockauth/blocklist.list"
filelog="/etc/blockauth/blockauth.log"
max_ip_blocklist="5000"
block_ports="22,80,443"

  • Add the service to the system startup and start it:

systemctl enable blockauth
systemctl start blockauth
  • IPs using one of the users in valid_users variable will never be blocked.
  • IPs of always_ip_allowed variable will never be blocked.
  • Variable max_ip_blocklist set maximum IPs on blocklist. The blocklist will be reset when the maximum is reached.

External links: