Satan - Block SSH users from SSH

Repeatedly run top(1) and kill ssh(1) clients that are ran by "unauthorized" users. This will prevent anyone from ssh(1)ing into your server to use you as a proxy to do malicious things.

Last modified
Lines 23
Indexable No

Parent directory Download CGIread sitemap Main page

Quick links: (none)

  1. #!/bin/sh
  2. while : ; do
  3.     for evil in `top -bn1 | grep -vE '( oskar | guest | root )'\
  4.                     | grep 'ssh ' | cut -b -5`; do
  5.         wall << __EOF__
  6. Fear me, I am root@hell, I am Satan!
  7. Who dares to ssh here?  Who thinks I'm a fscking proxy?
  8. This incident will be reported.
  9. __EOF__
  10.         luser="`ps aux | grep $evil | grep -v grep | cut -d' ' -f1`"
  11.         echo "`date '+%F %H:%M:%S'`" " :: $luser RUNS 'ssh'" >> /var/log/satan
  12.         who | grep "$luser" >> /var/log/satan
  13.         kill -9 `echo "$evil"`  # Get rid of illegal whitespace.
  14.         echo "PID $evil has been murdered by Satan" >> /var/log/satan
  15.         echo "%" >> /var/log/satan
  16.         echo "%" >> /var/log/satan
  17.     done
  18.     #sleep 1
  19.     # top will be my delay
  20. done