This file is indexed.

/usr/sbin/shield-trigger-iptables is in libpam-shield 0.9.2-3.2.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#! /bin/sh
#
#	shield-trigger.sh	WJ107
#
#   pam_shield 0.9.2  WJ107
#   Copyright (C) 2007  Walter de Jong <walter@heiho.net>
#
#   This program is free software; you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 2 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program; if not, write to the Free Software
#   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#

run_iptables() {
#
#	louzy detection of IPv4 or IPv6 address
#
	IPT=`echo "$2" | sed 's/[0-9\.]//g'`
	if [ -z "$IPT" ]
	then
		IPT=iptables
	else
		IPT=ip6tables
	fi

#
#	CUSTOMIZE THIS RULE
#
#	$1 is the iptables command: -A or -D
#	$2 is the IP number
#
#	* put in the correct chain name (pam_shield or INPUT)
#	* put in the correct network interface name (eth0)
#	* put in the correct port number (22 is ssh)
#	* add additional rules for additional services as needed
#
	"$IPT" "$1" INPUT -p tcp -s "$2" --destination-port 22 -j pam_shield

#	mail -s "[security] pam_shield blocked $2" root <<EOF
#Another monkey kept off our backs ...
#EOF
}


### usually no editing is needed beyond this point ###


usage() {
	echo "shield-trigger.sh WJ107"
	echo "usage: ${0##*/} [add|del] <IP number>"
	echo
	echo "shield-trigger.sh is normally called by the pam_shield PAM module"
	exit 1
}


PATH=/sbin:/usr/sbin:/bin:/usr/bin

if [ -z "$2" ]
then
	usage
fi

case "$1" in
	add)
		logger -i -t shield-trigger -p auth.info "blocking $2"

		CMD="-A"
		IP=$2
		;;

	del)
		logger -i -t shield-trigger -p auth.info "unblocking $2"

		CMD="-D"
		IP=$2
		;;

	*)
		usage
		;;
esac

run_iptables "$CMD" "$IP"

# EOB