cd /
;
apropos
;
find *
;
less /var/log/prx
;
Download nono.tgz:
This is a tool to parse logs and ban ip when they have inappropriate behaviour.
First, you need to setup pf and create a table of banned ip:
block in quick on egress from <bot> to any
If you don't want to run nono as root (it's probably better), create a dedicated user:
# useradd -s /sbin/nologin -m -d /var/empty _nono
Then, setup doas so _nono don't need to enter its password:
permit nopass _nono cmd /sbin/pfctl
Once ready, you can pipe with ''tail -f'' any logs to nono:
tail -f /var/log/authlog /var/log/maillog | nono.awk
An example ''nono.sh'' is included. It can be started at boot in ''/etc/rc.local'' or edit root's crontab:
# crontab -e @reboot /usr/local/bin/nono.sh
Set options with flags ''-v var=something''. Available options are:
You may want to set a cron task to release IP after some time :
pfctl -t bot -T expire "$(( 60 * 60 * 24 * $EXPIRE_DAYS ))"
Previous attempt to build such tool was named vilain:
https://framagit.org/prx/vilain
Original idea by solene:
https://dataswamp.org/~solene/2023-06-22-opensmtpd-block-attempts.html