Cron and iptables

Simon Dawe simondawe at
Mon May 1 19:46:56 UTC 2006

I've written a fairly basic script to try and stop brute force ssh attacks
that get up to thousands of user/password combinations.  The script works
fine for the most part, but requires refinement, that isn't the point
however.  The problem is that when the script is run as a cron job, it
completely ignores anything to do with iptables, but the rest of the script
does what it is supposed to do.  If I manually execute the script with sudo
it works perfectly.

#this script will read contents of auth.log and ban any ip which fails
# more than 10 times.
#clear the current contents of iptables INPUT chain
#iptables -F INPUT

#get all the unique ip's and how many times they appear from auth.log
cat /var/log/auth.log |
grep Failed |
grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' |
uniq -d -c |
while read count ip
  if [[ $count -gt 10 ]]
    #add any IPs with more than 10 failed attempts iptables for dropping
    then iptables -A INPUT -s $ip -j DROP

echo "IP's have been blocked: $(date)" >> /home/simon/blockingscript.log

exit 0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ubuntu-ca mailing list