| Re: [ssfr] Pb avec un script recupere sur le net |
[ Thread Index |
Date Index
| More debianworld.org/shellscript-fr Archives
]
Bonjour,
> list=`grep 'invalid user' $log_ssh | cut -d' ' -f13`
> echo "$list" | uniq -c | while read count ip
si "$list" est vide, le "read count ip" attend indéfiniment ... un but
de l'équipe de france
A+
Thierry
giggzounet a écrit :
> Bonjour,
>
> j'ai récupéré un script sur le net qui parcoure les fichiers auth.log et
> qui modifient hosts.deny en conséquence. Mais qd je le lance, parfois il
> se finit, parfois il ne se finit jamais....avez vous une idée pourquoi ?
>
> merci d'avance,
> Guillaume
>
> voici le script :
> #!/bin/bash
> # IPBLOCK v2
> # v1 - First release
> # v2 - All rules merged into 1 file
>
> ## PARAMETERS
> # threshold parameters indicate the number of invalid attempt from an ip
> before to be banned
> log_ssh="${1:-/var/log/auth.log}"
> log_ftp="${1:-/var/log/proftpd.log}"
> log_http="${1:-/var/log/auth.log}"
> #incorrect ssh user
> threshold_ssh1=5
> #incorrect ssh password
> threshold_ssh2=5
> #incorrect ftp user
> threshold_ftp1=5
> #incorrect ftp password
> threshold_ftp2=5
> #incorrect http user&password
> threshold_http=5
>
>
> ## CHECKING
> # Abort the script if the log file has not been modified since it has
> been read.
> builtin test ! -N "$log_ssh" && builtin test ! -N "$log_ftp" && builtin
> test ! -N "$log_http" && exit 0
>
>
> ## SSH RULES
> # RULE 1: invalid user
> list=`grep 'invalid user' $log_ssh | cut -d' ' -f13`
> echo "$list" | uniq -c | while read count ip
> do
> [ $count -le $threshold_ssh1 ] && continue
> [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
> (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal user
> attempts via ssh)\n" "$ip" "$count") >> /etc/hosts.deny
> done
> # RULE 2: invalid password
> list=`grep 'Failed password for root' $log_file | cut -d' ' -f11`
> echo "$list" | uniq -c | while read count ip
> do
> [ $count -le $threshold_ssh2 ] && continue
> [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
> (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal password
> attempts via ssh)\n" "$ip" "$count") >> /etc/hosts.deny
> done
>
>
> ## FTP RULES
> # RULE 1: invalid password
> list=`grep 'no such user found' $log_ftp | cut -d' ' -f15`
> echo "$list" | uniq -c | while read count ip
> do
> [ $count -le $threshold_ftp1 ] && continue
> [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
> (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal user
> attempts via ftp)\n" "$ip" "$count") >> /etc/hosts.deny
> done
> # RULE 2: invalid password
> list=`grep 'Incorrect password' $log_file | sed 's/\[/ /g' | sed 's/\]/
> /g' | cut -d' ' -f10`
> echo "$list" | uniq -c | while read count ip
> do
> [ $count -le $threshold_ftp2 ] && continue
> [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
> (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal password
> attempts via ftp)\n" "$ip" "$count") >> /etc/hosts.deny
> done
>
>
> ## HTTP RULES
> # RULE 1: invalid user&password
> list=`grep 'authentication failure' $log_http | sed 's/=/ /g' | cut -d'
> ' -f20`
> echo "$list" | uniq -c | while read count ip
> do
> [ $count -le $threshold_http ] && continue
> [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
> (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal attempts
> via http)\n" "$ip" "$count") >> /etc/hosts.deny
> done
>
>
>