Gather a list of ips which fail logins and drop from firewall for the future
lastb | awk '{ FS == "[ \t]+" ; print $3; }' | egrep -o '([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}'| grep -v "192.168." | sort | uniq | xargs -n 1 -I {} iptables -A INPUT -s {} -j DROP
if you want to make it permanent simply
[root@DellR510-3 ~]# /sbin/service iptables save
That’s it.
nJoy 😉
Hi David,
Have a look at fail2ban – it does a good job of blocking people before they’ve logged in. last captures data on people who have logged in…
Hope you’re well.
regards,
Mark
Thanks will test it and check.
😉