[TriLUG] Bash Script in cron job

Alan Porter porter at trilug.org
Wed Feb 22 18:19:42 EST 2006


>Any help would be greatly appreciated.
>  
>

If you get sick of debugging yours, then I have one that
I wrote over a year ago that seems to be doing a good job
(on a Red Hat 7.2 -based system). The only reason I did
not use DenyHosts on that machine is that I could not find
a suitable version of python that would run DenyHosts
properly.

Reduce, re-use, recycle!

Alan


--


#!/bin/sh

threshold=3

msgline_file="/tmp/$$.1"
ipaddr_file="/tmp/$$.2"
damned_file="/tmp/$$.3"
staging_file="/tmp/$$.4"

#This will parse the messages file and extract the sshd lines
cat /var/log/messages /var/log/messages.[0-9] | grep sshd | grep 
"authentication failure" > $msgline_file

#This line will cut only the IP addresses out of that file
cat $msgline_file | sed -e 's/^.*rhost=//g' | sed -e 's/[ 
\t]*user=.*$//g' > $ipaddr_file

touch $damned_file
for ip in `cat $ipaddr_file` ; do
if [ `grep -c $ip $ipaddr_file` -gt $threshold ] ; then
echo "ALL: $ip" >> $damned_file
fi
done

note="# NOTE - THIS FILE IS AUTOMATICALLY MODIFIED BY '$0'"
echo $note > $staging_file
cat /etc/hosts.deny | grep "^ *#" | grep -v "$note" >> $staging_file
cat /etc/hosts.deny $damned_file | grep -v "^ *#" | sort -u | grep -v 
"^$" >> $staging_file
cat $staging_file > /etc/hosts.deny

rm $msgline_file $ipaddr_file $damned_file $staging_file

--









More information about the TriLUG mailing list