[TriLUG] Bash Script in cron job

William Sutton william at trilug.org
Wed Feb 22 15:41:38 EST 2006 

Maybe it's a permissions/ownership/environment problem where your user 
environment has something that's missing from the cron environment...

try changing your crontab entry to 

*/1 * * * *     root  /root/hosts.deny.sh >/var/tmp/deny_errors.txt

let it run for a few minutes (one run should be sufficient), and check the 
file...might give you a hint what to look for.

-- 
William Sutton


On Wed, 22 Feb 2006, Brian Blater (BBList) wrote:

> I've created a script that is to run every minute and monitor the
> /var/log/messages log for "Illegal user" messages from sshd and then
> write those addresses to the /etc/hosts.deny file. If I run the script
> from the command prompt, it works just fine and updates the hosts.deny
> file.
> 
> So, I edit the /etc/crontab file and added a new entry as below:
> */1 * * * *     root  /root/hosts.deny.sh
> I then see that every minute the script is run, however, the hosts.deny
> file is not updated and none of the IPs are inserted into the file. I
> thought maybe I had something wrong with the script but it works fine if
> I go to the command line and run hosts.deny.sh. Go figure. I'm sure
> there is some little thing I need to do, but I can't figure out what it
> is.
> 
> The script is as follows:
> #!/bin/bash
> LAST_IP=0.0.0.0
> COUNT=1
> 
> # Set MAXCOUNT to the maximum failures allowed before blacklisting
> MAXCOUNT=5
> 
> #
> # The three lines below put the leading lines in /etc/hosts.allow
> # Note: This script overwrites the entire /etc/hosts.allow file.
> #
> 
> echo '
> # /etc/hosts.deny
> # See `man tcpd? and `man 5 hosts_access? as well as /etc/hosts.allow
> # for a detailed description.
> http-rman : ALL EXCEPT LOCAL' > /etc/hosts.deny
> 
> #
> # Scan the /var/log/messages file for failed login attempts via ssh.
> # Parse out the IP address, and count the failure occurances from that
> IP
> # If the IP fails more than 5 times -  deny further access
> #
> 
> for IP in `/bin/grep sshd /var/log/messages|/bin/grep "Illegal
> user"|/bin/sed 's/^.*from//'|cut -f2 -d " "`; do
>   if [ ${LAST_IP} == ${IP} ] ; then
>      let COUNT=${COUNT}+1
>   else
>   if [ ${COUNT} -ge ${MAXCOUNT} ] ; then
>         echo "ALL: ${LAST_IP}/32" >> /etc/hosts.deny
>   fi
>      LAST_IP=${IP}
>      COUNT=1
>   fi
> done
> 
> Any help would be greatly appreciated.
> 
> Thanks,
> Brian
>

More information about the TriLUG mailing list