Auto add ssh failed login (which over many times) to hosts.deny

For demo purpose, I may expose my ssh port 22 to public world. Even I have limited only one user with 2FA. Its still have a lots robort attempt to login, here is a script to add failed login hosts (my example is over 50 times) to deny file. 

###
[root@rhel9beta ~]# cat check_sshd_fail.sh 
#!/bin/bash
grep "Failed password" /var/log/secure* | awk '{print $(NF-3)}' | sort -n | uniq -c |sort -nr | awk '{if ($1 >=50) print "sshd: " $2}' > /etc/hosts.deny
###

It can easy add a cron job to run the script regularly.

Comments

Post a Comment

Popular posts from this blog

Openshift cert-manager integrate with ACME IdM on RHEL (Technical Preview)

Image
Explore ACME on IdM Redhat IPA (freeipa) AMCE in technical preview  The Automated Certificate Management Environment (ACME) service is now available in Identity Management (IdM) as a Technology Preview. <- RHEL 9.1 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/9.1_release_notes/index#technology-preview_identity-management In RHEL 9.2. ACME now supports automatically removing expired certificates, but no mention about it is GA https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/9.2_release_notes/index#technology-preview_identity-management In RHEL 9.3 ACME available as a Technology Preview https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/9.3_release_notes/index#technology-preview_identity-management P.s. IdM is a software that comes with RHEL. only need one RHEL subscription. It supports replica (like MS domain controllers replication), but for simple setup, we may consider...
Read more

Remove HPE iLO license

Image
It spend me sometime to reserch how to remove iLO advance license and use HPE OneView Advanced. Here is the solution. 1. download HP Lights-Out configuration Utility https://support.hpe.com/hpsc/swd/public/detail?sp4ts.oid=null&swItemId=MTX_8abe539b67bf46978e8f84acb8&swEnvOid=4184#tab1 2. run the command with xml "C:\Program Files (x86)\Hewlett Packard Enterprise\HP Lights-Out Configuration Utility\HPQLOCFG.exe" -s 10.10.100.43 -f C:\Users\chengwi\Desktop\ilo.xml HP Lights-Out Configuration Utility - HPQLOCFG v5.2.0.0 dated 12/18/2017 (c) 2013, 2017 Hewlett Packard Enterprise Development LP Detecting iLO.... Negotiated cipher:168-bit TripleDes with 160-bit Sha1 and 1024-bit RsaKeyX .... Script succeeded for IP:10.10.100.43:443 ilo.xml      
Read more

TimeSync using ansible and rhel-system-roles.timesync

Install   rhel-system-roles.timesync yum install rhel-system-roles -y After install  /usr/share/ansible/roles/rhel-system-roles.timesync [root@servera ~]# cat inventory   [all] server[a:e] [root@servera ~]# ansible -i inventory all -m ping   servere | SUCCESS => {     "changed": false,       "ping": "pong" } serverb | SUCCESS => {     "changed": false,       "ping": "pong" } servera | SUCCESS => {     "changed": false,       "ping": "pong" } serverd | SUCCESS => {     "changed": false,       "ping": "pong" } serverc | SUCCESS => {     "changed": false,       "ping": "pong" } [root@servera ~]# cat timesync.yml   --- - hosts: all   vars:     timesync_ntp_servers:       - hostname: {IP of NTP 1}     ...
Read more