#!/bin/sh

# Block unauthorised login attempts using only system tools
# Inspired by Hubert Freyer's 'challenge' to write a script that just used
# tail to do the work
# (c) Ian Spray and Hubert Fyerer, 2006

# Use it for what you will: no restrictions, and no warranty

TAIL=/usr/bin/tail
SED=/usr/bin/sed
IPF=/sbin/ipf
CMD_PERM='/usr/bin/tee -a /etc/ipf.conf | '
LOG_FILE='/var/log/authlog'
SED_PAT=ip.sed

# uncomment the following line if you want bans to be temporary
# CMD_PERM=''

${TAIL} -F ${LOG_FILE} | while read LOG_LINE
do
	echo ${LOG_LINE} \
	| ${SED} \
		-e '/127\.0\.0\.1/d' \
		-e '/192\.168\.0\./d' \
		-e '/Failed password .* from/!d' \
		-e 's/.*Failed password .* from \([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\)\.\([0-9]\{1,3\}\).*/block in log quick from \1.\2.\3.\4 to any/' \
	| ${CMD_PERM} ${IPF} -A -f -
done