#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <stdarg.h>
#include <syslog.h>int
main(int ac, char **av)
{
char buf[1024];
char *str;
int n1;
int n2;
int n3;
int n4;
openlog("sshlockout", LOG_PID|LOG_CONS, LOG_AUTH);
syslog(LOG_ERR, "sshlockout starting up");
freopen("/dev/null", "w", stdout);
freopen("/dev/null", "w", stderr);
while (fgets(buf, sizeof(buf), stdin) != NULL) {
if (strstr(buf, "sshd") == NULL)
continue;
if (strstr(buf, "Failed password") == NULL)
continue;
if ((str = strstr(buf, "Failed password for root from")) != NULL ||
(str = strstr(buf, "Failed password for admin from")) != NULL
) {
while (*str && (*str < '0' || *str > '9'))
++str;
if (sscanf(str, "%d.%d.%d.%d", &n1, &n2, &n3, &n4) == 4) {
syslog(LOG_ERR, "Detected ssh password login attempt for root, locking out %d.%d.%d.%d\n", n1, n2, n3, n4);
snprintf(buf, sizeof(buf), "ipfw add 2100 deny tcp from %d.%d.%d.%d to me 22", n1, n2, n3, n4);
system(buf);
}
continue;
}
if ((str = strstr(buf, "Failed password for invalid user")) != NULL) {
str += 32;
while (*str == ' ')
++str;
while (*str && *str != ' ')
++str;
if (strncmp(str, " from", 5) == 0 &&
sscanf(str + 5, "%d.%d.%d.%d", &n1, &n2, &n3, &n4) == 4) {
syslog(LOG_ERR, "Detected ssh password login attempt for an invalid user, locking out %d.%d.%d.%d\n", n1, n
2, n3, n4);
snprintf(buf, sizeof(buf), "ipfw add 2100 deny tcp from %d.%d.%d.%d to me 22", n1, n2, n3, n4);
system(buf);
}
}
}
syslog(LOG_ERR, "sshlockout exiting");
return(0);
}