Cron and iptables

[Simon Dawe]

I've written a fairly basic script to try and stop brute force ssh attacks
that get up to thousands of user/password combinations.  The script works
fine for the most part, but requires refinement, that isn't the point
however.  The problem is that when the script is run as a cron job, it
completely ignores anything to do with iptables, but the rest of the script
does what it is supposed to do.  If I manually execute the script with sudo
it works perfectly.

#!/bin/bash
#this script will read contents of auth.log and ban any ip which fails
access
# more than 10 times.
#clear the current contents of iptables INPUT chain
#iptables -F INPUT

#get all the unique ip's and how many times they appear from auth.log
cat /var/log/auth.log |
grep Failed |
grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' |
uniq -d -c |
while read count ip
do
  if [[ $count -gt 10 ]]
    #add any IPs with more than 10 failed attempts iptables for dropping
    then iptables -A INPUT -s $ip -j DROP
  fi
done

echo "IP's have been blocked: $(date)" >> /home/simon/blockingscript.log

exit 0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-ca/attachments/20060501/3b66b25a/attachment.html>