[ssfr] Pb avec un script recupere sur le net

[ Thread Index | Date Index | More debianworld.org/shellscript-fr Archives ]


Bonjour,

j'ai récupéré un script sur le net qui parcoure les fichiers auth.log et
qui modifient hosts.deny en conséquence. Mais qd je le lance, parfois il
se finit, parfois il ne se finit jamais....avez vous une idée pourquoi  ?

merci d'avance,
Guillaume

voici le script :
#!/bin/bash
# IPBLOCK v2
# v1 - First release
# v2 - All rules merged into 1 file

## PARAMETERS
# threshold parameters indicate the number of invalid attempt from an ip
before to be banned
log_ssh="${1:-/var/log/auth.log}"
log_ftp="${1:-/var/log/proftpd.log}"
log_http="${1:-/var/log/auth.log}"
#incorrect ssh user
threshold_ssh1=5
#incorrect ssh password
threshold_ssh2=5
#incorrect ftp user
threshold_ftp1=5
#incorrect ftp password
threshold_ftp2=5
#incorrect http user&password
threshold_http=5


## CHECKING
# Abort the script if the log file has not been modified since it has
been read.
builtin test ! -N "$log_ssh" && builtin test ! -N "$log_ftp" && builtin
test ! -N "$log_http" && exit 0


## SSH RULES
# RULE 1: invalid user
list=`grep 'invalid user' $log_ssh | cut -d' ' -f13`
echo "$list" | uniq -c | while read count ip
do
  [ $count -le $threshold_ssh1 ] && continue
  [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
  (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal user
attempts via ssh)\n" "$ip" "$count") >> /etc/hosts.deny
done
# RULE 2: invalid password
list=`grep 'Failed password for root' $log_file | cut -d' ' -f11`
echo "$list" | uniq -c | while read count ip
do
  [ $count -le $threshold_ssh2 ] && continue
  [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
  (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal password
attempts via ssh)\n" "$ip" "$count") >> /etc/hosts.deny
done


## FTP RULES
# RULE 1: invalid password
list=`grep 'no such user found' $log_ftp | cut -d' ' -f15`
echo "$list" | uniq -c | while read count ip
do
  [ $count -le $threshold_ftp1 ] && continue
  [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
  (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal user
attempts via ftp)\n" "$ip" "$count") >> /etc/hosts.deny
done
# RULE 2: invalid password
list=`grep 'Incorrect password' $log_file | sed 's/\[/ /g' | sed 's/\]/
/g' | cut -d' ' -f10`
echo "$list" | uniq -c | while read count ip
do
  [ $count -le $threshold_ftp2 ] && continue
  [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
  (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal password
attempts via ftp)\n" "$ip" "$count") >> /etc/hosts.deny
done


## HTTP RULES
# RULE 1: invalid user&password
list=`grep 'authentication failure' $log_http  | sed 's/=/ /g' | cut -d'
' -f20`
echo "$list" | uniq -c | while read count ip
do
  [ $count -le $threshold_http ] && continue
  [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
  (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal attempts
via http)\n" "$ip" "$count") >> /etc/hosts.deny
done



Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/