Pacific-Design.com

    
Home Index

1. Linux

2. Security

+ ssh tunnel

Linux / Security /

Setting SSH localhost

vi /etc/hosts.allow
    sendmail: all
    ALL:127.0.0.1

$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa 
$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

Denial of Attack

#!/bin/bash
#-------------------------------------------------------------------------------#
# Detection of Denial Attack on SSH port auth.log
#-------------------------------------------------------------------------------#
cat /var/log/auth.log | grep "refused connect" | awk '{print $9}' | tee > temp1 
sort temp1 | tee temp2 &> /dev/null;
uniq -c temp2 | sort -n | tee refused_connect.txt
rm temp1 temp2

#-------------------------------------------------------------------------------#
FILE='refused_connect.txt'
# read $FILE using the file descriptors
exec 3<&0
exec 0<$FILE
while read line
do 
    counter=`echo $line | awk '{print $1}'`
    
    if [ "$counter" -ge 100 ]; then 
        echo $line
        echo $line | mail -s "WARNING! $(date +\%F_\%H:\%M)" myemail@gmail.com
    fi  
done
exec 0<&3
#-------------------------------------------------------------------------------#