[TriLUG] Bash Script in cron job
William Sutton
william at trilug.org
Wed Feb 22 15:41:38 EST 2006
Maybe it's a permissions/ownership/environment problem where your user
environment has something that's missing from the cron environment...
try changing your crontab entry to
*/1 * * * * root /root/hosts.deny.sh >/var/tmp/deny_errors.txt
let it run for a few minutes (one run should be sufficient), and check the
file...might give you a hint what to look for.
--
William Sutton
On Wed, 22 Feb 2006, Brian Blater (BBList) wrote:
> I've created a script that is to run every minute and monitor the
> /var/log/messages log for "Illegal user" messages from sshd and then
> write those addresses to the /etc/hosts.deny file. If I run the script
> from the command prompt, it works just fine and updates the hosts.deny
> file.
>
> So, I edit the /etc/crontab file and added a new entry as below:
> */1 * * * * root /root/hosts.deny.sh
> I then see that every minute the script is run, however, the hosts.deny
> file is not updated and none of the IPs are inserted into the file. I
> thought maybe I had something wrong with the script but it works fine if
> I go to the command line and run hosts.deny.sh. Go figure. I'm sure
> there is some little thing I need to do, but I can't figure out what it
> is.
>
> The script is as follows:
> #!/bin/bash
> LAST_IP=0.0.0.0
> COUNT=1
>
> # Set MAXCOUNT to the maximum failures allowed before blacklisting
> MAXCOUNT=5
>
> #
> # The three lines below put the leading lines in /etc/hosts.allow
> # Note: This script overwrites the entire /etc/hosts.allow file.
> #
>
> echo '
> # /etc/hosts.deny
> # See `man tcpd? and `man 5 hosts_access? as well as /etc/hosts.allow
> # for a detailed description.
> http-rman : ALL EXCEPT LOCAL' > /etc/hosts.deny
>
> #
> # Scan the /var/log/messages file for failed login attempts via ssh.
> # Parse out the IP address, and count the failure occurances from that
> IP
> # If the IP fails more than 5 times - deny further access
> #
>
> for IP in `/bin/grep sshd /var/log/messages|/bin/grep "Illegal
> user"|/bin/sed 's/^.*from//'|cut -f2 -d " "`; do
> if [ ${LAST_IP} == ${IP} ] ; then
> let COUNT=${COUNT}+1
> else
> if [ ${COUNT} -ge ${MAXCOUNT} ] ; then
> echo "ALL: ${LAST_IP}/32" >> /etc/hosts.deny
> fi
> LAST_IP=${IP}
> COUNT=1
> fi
> done
>
> Any help would be greatly appreciated.
>
> Thanks,
> Brian
>
More information about the TriLUG
mailing list