From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SilverFox@rgantd.ru>
From: Anatoliy Lisjutin <SilverFox@rgantd.ru>
Organization: RGANTD
To: ALT Linux Community <community@lists.altlinux.org>
Subject: Re: [Comm] =?koi8-r?b?/tTPINPExczB1Ng=?= ,
	=?koi8-r?b?3tTPIMLZIM7FIMzPzcnMydPYINcg2sHL0tnU1cA=?=
	=?koi8-r?b?IMTXxdLYPw==?=
Date: Wed, 30 Nov 2005 23:08:01 +0300
User-Agent: KMail/1.6.2
References: <200511301525.17971.SilverFox@rgantd.ru>
	<200511301635.52476.SilverFox@rgantd.ru>
	<200511301737.44835.SilverFox@rgantd.ru>
In-Reply-To: <200511301737.44835.SilverFox@rgantd.ru>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: Multipart/Mixed;
  boundary="Boundary-00=_hagjD3rsi3+wtPS"
Message-Id: <200511302308.01688.SilverFox@rgantd.ru>
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on main.rgantd.ru
X-Spam-Level: 
X-Spam-Status: No, score=-102.6 required=6.0 tests=BAYES_00, USER_IN_WHITELIST 
	autolearn=ham version=3.0.1
X-BeenThere: community@lists.altlinux.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: SilverFox@rgantd.ru,
	ALT Linux Community <community@lists.altlinux.org>
List-Id: ALT Linux Community <community.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/community>,
	<mailto:community-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/community>
List-Post: <mailto:community@lists.altlinux.org>
List-Help: <mailto:community-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/community>,
	<mailto:community-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2005 20:08:19 -0000
Archived-At: <http://lore.altlinux.org/community/200511302308.01688.SilverFox@rgantd.ru/>
List-Archive: <http://lore.altlinux.org/community/>
List-Post: <mailto:mandrake-russian@linuxteam.iplabs.ru>


--Boundary-00=_hagjD3rsi3+wtPS
Content-Type: text/plain;
  charset="koi8-r"
Content-Transfer-Encoding: base64
Content-Disposition: inline

9yDTz8/C3cXOyckgz9QgMzAg7s/RwtLYIDIwMDUgMTc6MzcgQW5hdG9saXkgTGlzanV0aW4gzsHQ
ydPBzChhKToKPiAgYXdzZWN1cmUK79vJwsvBINfZ28zBICwg08/S0sksIHJ3c2VjdXJlCvfP1CDU
wcvPyiDawdLBws/UwcwuIPcgwdTUwd7FLgrhINcg0s/Ezs/NINDB0sHNxdTS2SDLz9TP0tnFIMLZ
zMkg1SBzZWQg0SDXz8/C3cUgzsUg0M/O0cwuLgog4SDXz8/C3cUg3NTBINrBxMHey8Egy8HL1M8g
0M8gy9LB08nXxcogzsUg0sXbwcXU09E/IPcg7TIuNCDEzNEg3NTPx88g3tTPIArOycLVxNggxdPU
2D8K98/Q0s/TIM/T1MHF1NPRLiAgCgoKLS0gClN5c3RlbSBhZG1pbmlzdHJhdG9yIFJHQU5URApB
bmF0b2xpeSBMaXNqdXRpbgpodHRwOi8vcmdhbnRkLnJ1IGh0dHA6Ly9ydXNhcmNoaXZlcy5ydSBo
dHRwOi8vdmljdG9yeS5ydXNhcmNoaXZlcy5ydQpTaWx2ZXJGb3hAcmdhbnRkLnJ1Cg==

--Boundary-00=_hagjD3rsi3+wtPS
Content-Type: text/plain;
  charset="koi8-r";
  name="rwsecure"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="rwsecure"

#
# rwsecure parses the /var/log/auth/all file for Invalid usernames or 
# Failed password.  If more than 3 invalid or failed attempts by one 
# IP, it will add that IP to your /etc/hosts.deny file.
#


file=`awk '/Invalid|Failed password/' /var/log/auth/all | sed s/.*from./""/ | sed s/port.*/""/| awk '{print $1}' | sort | uniq -c | sort -n | awk '{if ($1>3){print $2}else{}}'`

for i in $file
	do
		x=`grep $i /etc/hosts.deny | sed 's/.#.*//'`
		if [ "$x" ]
		then
			y=0
		else
			echo -en "ALL: "$i "\t# Added by rwsecure on "`date | awk '{print $2 " " $3 " " $4 " " $6}'`"\n" >> /etc/hosts.deny 
		fi

	done

--Boundary-00=_hagjD3rsi3+wtPS--