[ale] automating IP blocking on the firewall

[James P. Kinney III]

Run it from the firewall box.
At the top, setup a scp connection and grap the remote logs and dump
them into /tmp. The change the $log def to point the /tmp instead. If
you setup key authentication for ssh, you can run scp -B
user at remote:/var/log/httpd/error* /tmp/httpd/

Or an rsync process could be called to keep a copy of the remote logs
synched with the firewall box.

On Sun, 2002-06-30 at 10:58, Keith Hopkins wrote:
> James P. Kinney III wrote:
> > I wrote just the thing during the nimba worm heyday.
> > 
> > GPL'ed of course! Directions are in the header.
> > 
> > On Fri, 2002-06-28 at 23:16, Keith Hopkins wrote:
> > 
> >>  I'm still constantly getting hit on my web server (apache/linux) by the nimda viri.  I'd like to have my web server go over it's error logs occationally, and send a list of IP address to the firewall (iptables/linux).  Then I'd like to have the firewall block those IP on the incoming interface for N days.
> >>
> >>  Has anyone done anything like this, or know of a package that would make this easier to do?  Or, if I end up writing this myself, any suggestions on helpful perl routines?
> >>
> 
> Hi James,
> 
>    Thanks for the kickstart.  Now, I just have to hack it into two parts: one for the firewall machine, and one for web server.
> 
> -- 
> Lost in Tokyo,
>    Keith
> 
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
-- 
James P. Kinney III   \Changing the mobile computing world/
President and CEO      \          one Linux user         /
Local Net Solutions,LLC \           at a time.          /
770-493-8244             \.___________________________./

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 



 This is a digitally signed message part