Re: [ssfr] Pb avec un script recupere sur le net

[giggzounet <giggzounet@xxxxxxxxx>]

2010/6/18 giggzounet <giggzounet@xxxxxxxxx>

2010/6/17 Thierry Voyat <Thierry.Voyat@xxxxxxxxxxxx>

giggzounet a écrit :

> Le 17/06/2010 23:06, Thierry Voyat a écrit :
>> Bonjour,
>>
>>> list=`grep 'invalid user' $log_ssh | cut -d' ' -f13`
>>> echo "$list" | uniq -c | while read count ip
>> si "$list" est vide, le "read count ip" attend indéfiniment ... un but
>> de l'équipe de france
>>
>> A+
>> Thierry
>>
>
> ah ok! et comment je fais pour corriger ça proprement ???

par exemple remplacer les

echo "$list" | uniq -c | while read count ip

par des
echo "$list" | uniq -c | while [ -n $list ] && read count ip
mais y'a sans doute plus propre.

>

ça ne marche pas. le script reste encore blocké... :'(
 

super! je teste ça dès que mon NAS "se réveille"!
Si qqn a d'autres propositions, je suis tout ouï! mon NAS n'ayant qu'un processeur à 280Mhz je cherche à avoir le script le plus "optimisé" possible.

> merci de ta réponse!
> et allons regarder le rugby...

intéressons-nous plutôt à la réforme des retraites ;)
A+
Thierry

ou alors comment faire couler nos "nouvelles" lois internet.

Bye
 

>
>> giggzounet a écrit :
>>> Bonjour,
>>>
>>> j'ai récupéré un script sur le net qui parcoure les fichiers auth.log et
>>> qui modifient hosts.deny en conséquence. Mais qd je le lance, parfois il
>>> se finit, parfois il ne se finit jamais....avez vous une idée pourquoi  ?
>>>
>>> merci d'avance,
>>> Guillaume
>>>
>>> voici le script :
>>> #!/bin/bash
>>> # IPBLOCK v2
>>> # v1 - First release
>>> # v2 - All rules merged into 1 file
>>>
>>> ## PARAMETERS
>>> # threshold parameters indicate the number of invalid attempt from an ip
>>> before to be banned
>>> log_ssh="${1:-/var/log/auth.log}"
>>> log_ftp="${1:-/var/log/proftpd.log}"
>>> log_http="${1:-/var/log/auth.log}"
>>> #incorrect ssh user
>>> threshold_ssh1=5
>>> #incorrect ssh password
>>> threshold_ssh2=5
>>> #incorrect ftp user
>>> threshold_ftp1=5
>>> #incorrect ftp password
>>> threshold_ftp2=5
>>> #incorrect http user&password
>>> threshold_http=5
>>>
>>>
>>> ## CHECKING
>>> # Abort the script if the log file has not been modified since it has
>>> been read.
>>> builtin test ! -N "$log_ssh" && builtin test ! -N "$log_ftp" && builtin
>>> test ! -N "$log_http" && exit 0
>>>
>>>
>>> ## SSH RULES
>>> # RULE 1: invalid user
>>> list=`grep 'invalid user' $log_ssh | cut -d' ' -f13`
>>> echo "$list" | uniq -c | while read count ip
>>> do
>>>   [ $count -le $threshold_ssh1 ] && continue
>>>   [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
>>>   (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal user
>>> attempts via ssh)\n" "$ip" "$count") >> /etc/hosts.deny
>>> done
>>> # RULE 2: invalid password
>>> list=`grep 'Failed password for root' $log_file | cut -d' ' -f11`
>>> echo "$list" | uniq -c | while read count ip
>>> do
>>>   [ $count -le $threshold_ssh2 ] && continue
>>>   [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
>>>   (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal password
>>> attempts via ssh)\n" "$ip" "$count") >> /etc/hosts.deny
>>> done
>>>
>>>
>>> ## FTP RULES
>>> # RULE 1: invalid password
>>> list=`grep 'no such user found' $log_ftp | cut -d' ' -f15`
>>> echo "$list" | uniq -c | while read count ip
>>> do
>>>   [ $count -le $threshold_ftp1 ] && continue
>>>   [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
>>>   (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal user
>>> attempts via ftp)\n" "$ip" "$count") >> /etc/hosts.deny
>>> done
>>> # RULE 2: invalid password
>>> list=`grep 'Incorrect password' $log_file | sed 's/\[/ /g' | sed 's/\]/
>>> /g' | cut -d' ' -f10`
>>> echo "$list" | uniq -c | while read count ip
>>> do
>>>   [ $count -le $threshold_ftp2 ] && continue
>>>   [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
>>>   (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal password
>>> attempts via ftp)\n" "$ip" "$count") >> /etc/hosts.deny
>>> done
>>>
>>>
>>> ## HTTP RULES
>>> # RULE 1: invalid user&password
>>> list=`grep 'authentication failure' $log_http  | sed 's/=/ /g' | cut -d'
>>> ' -f20`
>>> echo "$list" | uniq -c | while read count ip
>>> do
>>>   [ $count -le $threshold_http ] && continue
>>>   [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
>>>   (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal attempts
>>> via http)\n" "$ip" "$count") >> /etc/hosts.deny
>>> done
>>>
>>>
>>>
>>
>>
>
>
>
>