Block auth connections with iptables/ipset reading auth.log (rsyslog).

Go to file

q3aql f0e2de7cb8 README.md		2024-04-05 20:09:56 +02:00
config	Add blockauth & config files	2024-03-28 12:32:00 +01:00
systemd	Add blockauth & config files	2024-03-28 12:32:00 +01:00
blockauth	Restart rsyslog when modify auth.log	2024-04-05 14:11:53 +02:00
install.sh	Installer & Unninstaller	2024-03-28 12:49:09 +01:00
README.md	README.md	2024-04-05 20:09:56 +02:00
unninstall.sh	Installer & Unninstaller	2024-03-28 12:49:09 +01:00

README.md

blockauth

Tool that blocks IPs that make ssh connection attempts by reading the auth.log file (rsyslog).

Dependencies (Ubuntu/Debian):

sudo apt install iptables rsyslog grep sed

How to install blockauth:

git clone https://gitlab.com/q3aql/blockauth.git
cd blockauth
sudo ./install.sh

How to unninstall blockauth:

git clone https://gitlab.com/q3aql/blockauth.git
cd blockauth
sudo ./unninstall.sh

How to run service:

* First, edit the file `/etc/blockauth/blockauth.conf`:

  ```shell
  # Blockauth configuration file
  valid_users="test1 test2"
  always_ip_allowed="192.168.0.1 192.168.0.2"
  blocklist="/etc/blockauth/blocklist.list"
  filelog="/etc/blockauth/blockauth.log"
  ````

* Add the service to the system startup and start it:

```shell
systemctl enable blockauth
systemctl start blockauth
````

* IPs using one of the users in `valid_users` variable will never be blocked.
* IPs of `always_ip_allowed` variable will never be blocked.

README.md

blockauth

Dependencies (Ubuntu/Debian):

How to install blockauth:

How to unninstall blockauth:

How to run service:

External links: