>
>> giggzounet a écrit :
>>> Bonjour,
>>>
>>> j'ai récupéré un script sur le net qui parcoure les fichiers auth.log et
>>> qui modifient hosts.deny en conséquence. Mais qd je le lance, parfois il
>>> se finit, parfois il ne se finit jamais....avez vous une idée pourquoi ?
>>>
>>> merci d'avance,
>>> Guillaume
>>>
>>> voici le script :
>>> #!/bin/bash
>>> # IPBLOCK v2
>>> # v1 - First release
>>> # v2 - All rules merged into 1 file
>>>
>>> ## PARAMETERS
>>> # threshold parameters indicate the number of invalid attempt from an ip
>>> before to be banned
>>> log_ssh="${1:-/var/log/auth.log}"
>>> log_ftp="${1:-/var/log/proftpd.log}"
>>> log_http="${1:-/var/log/auth.log}"
>>> #incorrect ssh user
>>> threshold_ssh1=5
>>> #incorrect ssh password
>>> threshold_ssh2=5
>>> #incorrect ftp user
>>> threshold_ftp1=5
>>> #incorrect ftp password
>>> threshold_ftp2=5
>>> #incorrect http user&password
>>> threshold_http=5
>>>
>>>
>>> ## CHECKING
>>> # Abort the script if the log file has not been modified since it has
>>> been read.
>>> builtin test ! -N "$log_ssh" && builtin test ! -N "$log_ftp" && builtin
>>> test ! -N "$log_http" && exit 0
>>>
>>>
>>> ## SSH RULES
>>> # RULE 1: invalid user
>>> list=`grep 'invalid user' $log_ssh | cut -d' ' -f13`
>>> echo "$list" | uniq -c | while read count ip
>>> do
>>> [ $count -le $threshold_ssh1 ] && continue
>>> [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
>>> (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal user
>>> attempts via ssh)\n" "$ip" "$count") >> /etc/hosts.deny
>>> done
>>> # RULE 2: invalid password
>>> list=`grep 'Failed password for root' $log_file | cut -d' ' -f11`
>>> echo "$list" | uniq -c | while read count ip
>>> do
>>> [ $count -le $threshold_ssh2 ] && continue
>>> [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
>>> (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal password
>>> attempts via ssh)\n" "$ip" "$count") >> /etc/hosts.deny
>>> done
>>>
>>>
>>> ## FTP RULES
>>> # RULE 1: invalid password
>>> list=`grep 'no such user found' $log_ftp | cut -d' ' -f15`
>>> echo "$list" | uniq -c | while read count ip
>>> do
>>> [ $count -le $threshold_ftp1 ] && continue
>>> [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
>>> (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal user
>>> attempts via ftp)\n" "$ip" "$count") >> /etc/hosts.deny
>>> done
>>> # RULE 2: invalid password
>>> list=`grep 'Incorrect password' $log_file | sed 's/\[/ /g' | sed 's/\]/
>>> /g' | cut -d' ' -f10`
>>> echo "$list" | uniq -c | while read count ip
>>> do
>>> [ $count -le $threshold_ftp2 ] && continue
>>> [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
>>> (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal password
>>> attempts via ftp)\n" "$ip" "$count") >> /etc/hosts.deny
>>> done
>>>
>>>
>>> ## HTTP RULES
>>> # RULE 1: invalid user&password
>>> list=`grep 'authentication failure' $log_http | sed 's/=/ /g' | cut -d'
>>> ' -f20`
>>> echo "$list" | uniq -c | while read count ip
>>> do
>>> [ $count -le $threshold_http ] && continue
>>> [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
>>> (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal attempts
>>> via http)\n" "$ip" "$count") >> /etc/hosts.deny
>>> done
>>>
>>>
>>>
>>
>>
>
>
>
>