Block all brute force attacks in realtime (IPv4/SSH)

inotifywait -r -q --format %w /var/log/auth.log|grep -i "Failed pass"|tail -n 1|grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}';iptables -I INPUT -i eth0 -s "$(cat /var/log/auth.log|grep "authentication failure; l"|awk -Frhost= '{print $2}'|tail -n 1)" -j DROP
Was to long with a loop, use a while loop for have it running 24/7

By: wuziduzi
2019-07-28 18:42:23

What Others Think

This is what happens on my machine ... >> root > inotifywait -r -q --format %w /var/log/auth.log|grep -i "Failed pass"|tail -n 1|grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}';iptables -I INPUT -i eth0 -s "$(cat /var/log/auth.log|grep "authentication failure; l"|awk -Frhost= '{print $2}'|tail -n 1)" -j DROP iptables v1.6.0: host/network `user=XXXXXX' not found Try `iptables -h' or 'iptables --help' for more information. Probably, what is happening here, is that I do not have iptables properly configured right now. Either that, or the auth.log info is different on my distro. OR, finally, that the cmd line here needs to be modified. Occam's razor and the Axiom of Choice. :) Oh this is fun for a non-hangover Saturday morning post-coffee chase!
LyscmdFUer · 129 weeks and 1 day ago
really learned alot here thanks. but this one is abit outdated. are there any recent updates with
looneyhans · 60 weeks and 6 days ago
Can you tell me a bit more, please? guitar lessons tulsa
aegyjingoo · 42 weeks and 2 days ago
There are a lot of information that I can get from here. It is always interesting for me to get some idea on the codes that are shared here for me. It is a good way for me to know about this one. the page here
zaiyamariya · 37 weeks and 2 days ago
I'll apply this cryo facial corpus christ
geebranz · 36 weeks and 4 days ago

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this? is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.


Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: