Block auth connections with iptables/ipset reading auth.log (rsyslog).
config | ||
systemd | ||
blockauth | ||
install.sh | ||
LICENSE.txt | ||
README.md | ||
unninstall.sh |
blockauth
Tool that blocks IPs that make ssh connection attempts by reading the auth.log file (rsyslog).
Install dependencies (Ubuntu/Debian):
sudo apt install iptables rsyslog grep sed
How to install blockauth:
git clone https://gitlab.com/q3aql/blockauth.git
cd blockauth
sudo ./install.sh
How to unninstall blockauth:
git clone https://gitlab.com/q3aql/blockauth.git
cd blockauth
sudo ./unninstall.sh
How to run service:
-
First, edit the file
/etc/blockauth/blockauth.conf
:# Blockauth configuration file valid_users="test1 test2" always_ip_allowed="192.168.0.1 192.168.0.2" blocklist="/etc/blockauth/blocklist.list" filelog="/etc/blockauth/blockauth.log" max_ip_blocklist="12500" block_ports="22,80,443"
-
Add the service to the system startup and start it:
systemctl enable blockauth
systemctl start blockauth
- IPs using one of the users in
valid_users
variable will never be blocked. - IPs of
always_ip_allowed
variable will never be blocked. - Variable
max_ip_blocklist
set maximum IPs on blocklist. The blocklist will be reset when the maximum is reached.