A glance at the security logs of any of the machines I'm responsible for reveals daily brute force attacks from various sources (argentina, taiwan, germany, japan, china, etc. etc. etc.)
Here I am again asking for some software that I'm not sure exists or not... but this time, I'm nearly certain this could be made without too much cleverness or hairpulling, and I'm surprised if it isn't in existence and already extremely popular...
here is something
that is, I believe, a front end for the whois db. But I'd like something wider in scope and somewhat more automated.
The software I want will look in the logs I tell it (generally speaking, /var/log/secure.log), extracts every IP that failed authorization on an attempted login ('simple' parsing, right? tasks for perl or python?), looks up all these IP's in whois db, and for each IP extracts the abuse reporting email address (if it exists), and drafts emails for each IP (or range) to send to these abuse reporting email addresses (and maybe even extrapolates some cool graphed data on the number of attempts/port of attack/anything else one can think of).
I don't code... but this sounds developable to me...
1) does this software exist?
2) if not, will you please whip this one up ASAP?
(seriously, if this sounds viable, or like a good idea, please post approval or desire with due haste, and lets all start bugging the coders we personally know)