ssh_blocker_wrap for tcp wrappers
Scott harney <scott_harney*at*yahoo*doc*com>

http://www.scottharney.com/blog/2005/01/03/#ssh_blocker_wrap-sh

included original script and readme for 
ssh_blocker for OpenBSD and Packet Filter
see also README.ssh_blocker_openbsd


*ABOUT*

This is a simple shell script to dinamically filter people trying to
log in a ssh account using common usernames/passwords.

The main idea is based in a script with the same functionality coded in
Python by Francisco de Borja Lopez Rio (Wu) - http://www.e-shell.org/

I then took Juan's openBSD-specifc shell script from
http://blackshell.usebox.net/pub/shell/ and modified it to use tcp 
wrappers instead.  

*USAGE*

By default the script scans /var/log/authlog and uses /etc/hosts.deny .
You can change this with -a authlog_path  -f hosts_deny_path switches.

entries are added to /etc/hosts.deny or the alternate file you specify.

You can add ssh_blocker_wrap_wrap.sh script to path of your choice 
and chown root:wheel and chmod 500 it. Then add a cron job in
root crontab to execute the script on timed basis:

0 */5 * * * /usr/local/sbin/ssh_blocker_wrap.sh >> /root/ssh_blocker_wrap.log 

*TIPS*

Consider using AllowUsers setting in /etc/sshd_config. See Juan's
original README for more info and man page for sshd_config

You can get IPs from ssh_blocker_wrap's own logs instead of authlog logs
using -l log_path switch (after a reboot the pf table will be empty
and may be you rotate your authlog logs, in this way you can restore
blocked IPs easily running ssh_blocker_wrap manually against its own log).

*WHITE LISTS*

By default 127.0.0.1 never will be added to the blocked list. You can
add more IPs to this "white list" with -w IP_for_white_list.

eg. ssh_blocker_wrap.sh -w 192.168.0.1 -w 10.1.1.3

In that example the IPs 192.168.0.1 and 10.1.1.3 never will be blocked.

You can also edit the top of the script.  Furthermore, it may be smart
to put a line like this in /etc/hosts.deny :
sshd: EXCEPT 127.0.0.1 local.ip other.ip
include a lists of IPs that will not be blocked by tcp wrappers under any
circumstances


* LICENSE *

This script is Free Software, check the source for further details.

* EOF *

