Without getting too fancy, here’s a way that you can run a command on multiple servers at once. We’ll use an example of blocking a bad IP in CSF on each machine..
Let’s say you have 5 Linux servers:
192.168.0.5
192.168.0.6
192.168.0.7
192.168.0.8
192.168.0.9
We’ll also say that we have already set up SSH keys for each of them from our ‘key’ server, which we’ll use to run the script.
Now, let’s say that we noticed someone trying to brute force their way in on another server.. their ip address is: 123.123.123.123.
Copy the script below into something like /usr/local/bin/block_bad_guy.sh
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
#!/bin/bash # This script will add the IP listed at the bottom to the CSF block list on the remote server. # Server list servers=( 192.168.0.5 192.168.0.6 192.168.0.7 192.168.0.8 192.168.0.9 ) # Do the Block for server in ${servers[@]} do echo $server && ssh $server 'csf -d 123.123.123.123' done |
You will get something like this:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
192.168.0.5 Adding 123.123.123.123 to csf.deny and iptables DROP... DROP all opt -- in !lo out * 123.123.123.123 -> 0.0.0.0/0 LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 123.123.123.123 192.168.0.6 Adding 123.123.123.123 to csf.deny and iptables DROP... DROP all opt -- in !lo out * 123.123.123.123 -> 0.0.0.0/0 LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 123.123.123.123 192.168.0.7 Adding 123.123.123.123 to csf.deny and iptables DROP... DROP all opt -- in !lo out * 123.123.123.123 -> 0.0.0.0/0 LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 123.123.123.123 192.168.0.8 Adding 123.123.123.123 to csf.deny and iptables DROP... DROP all opt -- in !lo out * 123.123.123.123 -> 0.0.0.0/0 LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 123.123.123.123 192.168.0.9 Adding 123.123.123.123 to csf.deny and iptables DROP... DROP all opt -- in !lo out * 123.123.123.123 -> 0.0.0.0/0 LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 123.123.123.123 |
You can also do other commands of course.. like check the time/date on each one:
Change the 2nd to last line to:
|
1 |
echo $server && ssh $server 'date' |
And you get something like:
|
1 2 3 4 5 6 7 8 9 10 |
192.168.0.5 Thu Oct 22 08:49:13 EDT 2015 192.168.0.6 Thu Oct 22 08:49:16 EDT 2015 192.168.0.7 Thu Oct 22 08:49:12 EDT 2015 192.168.0.8 Thu Oct 22 08:49:14 EDT 2015 192.168.0.9 Thu Oct 22 08:49:15 EDT 2015 |
Have fun with it!





