I am integrating the vyos with an incident response service.
The main idea is that when this second platform finds a suspicious connection, it can connect to the vyos via SSH and close that connection.
I tried with: tcpkill -i eth0 host x.x.x.x
But he does not recognize the command.
Any idea how I should do this?
Thank you!
chrisg
2
This worked for me.
vyos@vyos:~$ sudo bash
root@vyos:/home/vyos# who
vyos pts/0 Jun 29 19:31 (172.30.1.17)
hero pts/1 Jun 29 19:54 (172.30.1.17)
root@vyos:/home/vyos# ps -ef | grep pts/1 | grep ssh
hero 475 473 0 19:54 ? 00:00:00 sshd: hero@pts/1
root@vyos:/home/vyos# kill 475
Here’s a one liner:
kill $(ps -ef | grep ^hero | grep sshd | awk '{print $2}')