search

robzr / bearDropper

Busybox ash based log examination script w/ iptables firewall rule generation response (fail2ban for OpenWRT)
90 stars 34 forks source link

LEDE running latest dropbear, some log can not trigger iptable ban #9

Open Cye3s opened 7 years ago

Cye3s commented 7 years ago

LEDE 17.01.2 dropbear 2017.75-3 with option '-T' , can set max auth tries

my config config bearDropper option defaultMode entire option attemptCount 5 option attemptPeriod 12h

Need to add log scanning regexs?

Mon Sep 18 05:56:48 2017 authpriv.info dropbear[29286]: Child connection from 14.17.121.130:43422 Mon Sep 18 05:56:48 2017 authpriv.info dropbear[29286]: Exit before auth (user 'root', 1 fails): Exited normally Mon Sep 18 05:56:48 2017 authpriv.info dropbear[29295]: Child connection from 14.17.121.130:45913 Mon Sep 18 05:56:49 2017 authpriv.info dropbear[29295]: Exit before auth (user 'root', 1 fails): Exited normally Mon Sep 18 05:56:49 2017 authpriv.info dropbear[29302]: Child connection from 14.17.121.130:47965 Mon Sep 18 05:56:50 2017 authpriv.info dropbear[29302]: Exit before auth (user 'root', 1 fails): Exited normally Mon Sep 18 05:56:50 2017 authpriv.info dropbear[29311]: Child connection from 14.17.121.130:52259 Mon Sep 18 05:56:51 2017 authpriv.info dropbear[29311]: Exit before auth (user 'root', 1 fails): Exited normally Mon Sep 18 05:56:51 2017 authpriv.info dropbear[29320]: Child connection from 14.17.121.130:54620 Mon Sep 18 05:56:52 2017 authpriv.info dropbear[29327]: Child connection from 14.17.121.130:56559 Mon Sep 18 05:56:52 2017 authpriv.info dropbear[29320]: Exit before auth (user 'root', 1 fails): Exited normally Mon Sep 18 05:56:53 2017 authpriv.info dropbear[29336]: Child connection from 14.17.121.130:57249 Mon Sep 18 05:56:53 2017 authpriv.info dropbear[29327]: Exit before auth (user 'root', 1 fails): Exited normally Mon Sep 18 05:56:53 2017 authpriv.info dropbear[29336]: Exit before auth (user 'root', 1 fails): Exited normally Mon Sep 18 05:56:53 2017 authpriv.info dropbear[29348]: Child connection from 14.17.121.130:60785 Mon Sep 18 05:56:54 2017 authpriv.info dropbear[29348]: Exit before auth (user 'root', 1 fails): Exited normally Mon Sep 18 05:56:54 2017 authpriv.info dropbear[29358]: Child connection from 14.17.121.130:34012 Mon Sep 18 05:56:55 2017 authpriv.info dropbear[29363]: Child connection from 14.17.121.130:36250 Mon Sep 18 05:56:55 2017 authpriv.info dropbear[29358]: Exit before auth (user 'root', 1 fails): Exited normally Mon Sep 18 05:56:55 2017 authpriv.info dropbear[29363]: Exit before auth (user 'root', 1 fails): Exited normally Mon Sep 18 05:56:55 2017 authpriv.info dropbear[29374]: Child connection from 14.17.121.130:37629 Mon Sep 18 05:56:56 2017 authpriv.info dropbear[29374]: Exit before auth (user 'root', 1 fails): Exited normally

br101 commented 6 years ago

that should be fixed in my pull request https://github.com/robzr/bearDropper/pull/7

Cye3s commented 6 years ago

@br101 Thanks, I will test your pull request