PacSci
January 28th, 2009, 03:17 PM
I'm in the process of securing my server (it runs Hardy), and as part of it, I came up with the idea to create one or two "trap" accounts that, when logged in to, would run a script that would notify me and block their IP address, before immediately logging them out.
How would I go about setting up such a system? Would I just write a script that would do what I needed and then exit with a status of 1, then set that as the trap accounts' shell? (And is it possible to see the IP that an SSHing person is using from inside a script?)
How would I go about setting up such a system? Would I just write a script that would do what I needed and then exit with a status of 1, then set that as the trap accounts' shell? (And is it possible to see the IP that an SSHing person is using from inside a script?)