dropbear-offenders (bans ip that try and access ssh without proper credentials)

[Goobi]

Is there anyway to have this script also search for these entries and place their ips in the blacklist offenders file:

Mar 24 20:11:32 dropbear[21211]: Login attempt for nonexistent user from 162.144.102.19:59860

I got ssh password login disabled so the only entries I see are like the above, but it appears this script is tailored to look for bad password attempts.

 

[swetoast]

sure thing, added in git just update your script

 

[Cat]

I saved "S81dropbear-offenders" to /opt/etc/init.d/.
where to save "dropbear_offenders" file?

if i set use_whitelist_lan="enabled", my local ips are whitelisted automatically by script? or i should make it manually.
I look into contents of ur script but I couldn't understand most of linux scripts.

If I make an empty file by "touch /jffs/offenders.whitelist", my local ip/cidr is processed by ur script automatically?
sorry for many question. I'm a linux novice.

required step by step tutorial.
where to save files?

 

[Sebastien Bougie]

Someone have a copy of that script? The GIT is closed