[TriLUG] Bash Script in cron job
Alan Porter
porter at trilug.org
Wed Feb 22 18:19:42 EST 2006
>Any help would be greatly appreciated.
>
>
If you get sick of debugging yours, then I have one that
I wrote over a year ago that seems to be doing a good job
(on a Red Hat 7.2 -based system). The only reason I did
not use DenyHosts on that machine is that I could not find
a suitable version of python that would run DenyHosts
properly.
Reduce, re-use, recycle!
Alan
--
#!/bin/sh
threshold=3
msgline_file="/tmp/$$.1"
ipaddr_file="/tmp/$$.2"
damned_file="/tmp/$$.3"
staging_file="/tmp/$$.4"
#This will parse the messages file and extract the sshd lines
cat /var/log/messages /var/log/messages.[0-9] | grep sshd | grep
"authentication failure" > $msgline_file
#This line will cut only the IP addresses out of that file
cat $msgline_file | sed -e 's/^.*rhost=//g' | sed -e 's/[
\t]*user=.*$//g' > $ipaddr_file
touch $damned_file
for ip in `cat $ipaddr_file` ; do
if [ `grep -c $ip $ipaddr_file` -gt $threshold ] ; then
echo "ALL: $ip" >> $damned_file
fi
done
note="# NOTE - THIS FILE IS AUTOMATICALLY MODIFIED BY '$0'"
echo $note > $staging_file
cat /etc/hosts.deny | grep "^ *#" | grep -v "$note" >> $staging_file
cat /etc/hosts.deny $damned_file | grep -v "^ *#" | sort -u | grep -v
"^$" >> $staging_file
cat $staging_file > /etc/hosts.deny
rm $msgline_file $ipaddr_file $damned_file $staging_file
--
More information about the TriLUG
mailing list