2024-03-28 12:15:57 +01:00
|
|
|
# blockauth
|
|
|
|
|
2024-04-05 20:14:01 +02:00
|
|
|
`Tool that blocks IPs that make ssh connection attempts by reading the auth.log file (rsyslog).`
|
2024-04-05 20:09:56 +02:00
|
|
|
|
2024-04-05 20:14:01 +02:00
|
|
|
## Install dependencies (Ubuntu/Debian):
|
2024-04-05 20:09:56 +02:00
|
|
|
|
|
|
|
```
|
2024-04-19 11:07:25 +02:00
|
|
|
sudo apt install iptables ipset rsyslog grep sed
|
2024-04-05 20:09:56 +02:00
|
|
|
```
|
|
|
|
|
|
|
|
## How to install blockauth:
|
2024-03-28 12:15:57 +01:00
|
|
|
|
|
|
|
```
|
2024-05-01 11:28:53 +02:00
|
|
|
git clone https://git.q3aql.dev/q3aql/blockauth.git
|
2024-03-28 12:51:08 +01:00
|
|
|
cd blockauth
|
|
|
|
sudo ./install.sh
|
2024-03-28 12:15:57 +01:00
|
|
|
```
|
|
|
|
|
2024-04-05 20:09:56 +02:00
|
|
|
## How to unninstall blockauth:
|
2024-03-28 12:15:57 +01:00
|
|
|
|
2024-03-28 12:51:08 +01:00
|
|
|
```
|
2024-05-01 11:28:53 +02:00
|
|
|
git clone https://git.q3aql.dev/q3aql/blockauth.git
|
2024-03-28 12:51:08 +01:00
|
|
|
cd blockauth
|
|
|
|
sudo ./unninstall.sh
|
|
|
|
```
|
2024-04-05 20:09:56 +02:00
|
|
|
|
|
|
|
## How to run service:
|
|
|
|
|
2024-04-05 20:13:06 +02:00
|
|
|
* First, edit the file `/etc/blockauth/blockauth.conf`:
|
2024-04-05 20:09:56 +02:00
|
|
|
|
|
|
|
```shell
|
2024-04-05 20:13:06 +02:00
|
|
|
# Blockauth configuration file
|
|
|
|
valid_users="test1 test2"
|
|
|
|
always_ip_allowed="192.168.0.1 192.168.0.2"
|
|
|
|
blocklist="/etc/blockauth/blocklist.list"
|
|
|
|
filelog="/etc/blockauth/blockauth.log"
|
2024-04-16 23:08:04 +02:00
|
|
|
max_ip_blocklist="5000"
|
2024-04-16 19:13:46 +02:00
|
|
|
block_ports="22,80,443"
|
2024-04-05 20:09:56 +02:00
|
|
|
````
|
|
|
|
|
2024-04-05 20:13:06 +02:00
|
|
|
* Add the service to the system startup and start it:
|
|
|
|
|
|
|
|
```shell
|
|
|
|
systemctl enable blockauth
|
|
|
|
systemctl start blockauth
|
|
|
|
````
|
|
|
|
|
|
|
|
* IPs using one of the users in `valid_users` variable will never be blocked.
|
|
|
|
* IPs of `always_ip_allowed` variable will never be blocked.
|
2024-04-14 20:45:39 +02:00
|
|
|
* Variable `max_ip_blocklist` set maximum IPs on blocklist. The blocklist will be reset when the maximum is reached.
|
2024-04-05 20:09:56 +02:00
|
|
|
|
|
|
|
## External links:
|
|
|
|
|
|
|
|
* [iptables](https://www.netfilter.org/projects/iptables/index.html)
|
|
|
|
* [rsyslog](https://www.rsyslog.com/)
|
2024-04-19 11:07:25 +02:00
|
|
|
* [ipset](https://ipset.netfilter.org/)
|