| [ssfr] Pb avec un script recupere sur le net |
[ Thread Index |
Date Index
| More debianworld.org/shellscript-fr Archives
]
- To: shellscript-fr@xxxxxxxxxxxxxxx
- Subject: [ssfr] Pb avec un script recupere sur le net
- From: giggzounet <giggzounet@xxxxxxxxx>
- Date: Thu, 17 Jun 2010 22:16:37 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:content-type :content-transfer-encoding; bh=veBlrcCfpcwJE2nFj1tWs7anX9bU/xy5utuew8vYD8k=; b=bC4vPdUmXws5Huwiqo2kUtEtq37SPK2L7pP0txVoXLqTzFLa0F78QNnfdVgn2OWdZj PAcgB/pOfh4C/BJVrLc4LISqaVQDWNNY3LhijtBinqbvqBVthdZrCmT0v3crUrfB8vFI 6VnuFKU5xAdpx0DGRzMwg04xuV7MhDbqrTdYg=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=r4sbKU7C1k6KPEVdYdF6zEINH/48Uew5VfNJ2oIib5GyWD+sy4hokPR98usDbBVTLp R8uktktAgq4nJ0yFpBv0/DmVHnw5sbtU/cP5nCQCSn27xvfbZvwS94Akh1y+pNhIm8B8 OJGHsbTEAu6kjNTJQ2fAHs4oRkqhkSkHCmYuQ=
Bonjour,
j'ai récupéré un script sur le net qui parcoure les fichiers auth.log et
qui modifient hosts.deny en conséquence. Mais qd je le lance, parfois il
se finit, parfois il ne se finit jamais....avez vous une idée pourquoi ?
merci d'avance,
Guillaume
voici le script :
#!/bin/bash
# IPBLOCK v2
# v1 - First release
# v2 - All rules merged into 1 file
## PARAMETERS
# threshold parameters indicate the number of invalid attempt from an ip
before to be banned
log_ssh="${1:-/var/log/auth.log}"
log_ftp="${1:-/var/log/proftpd.log}"
log_http="${1:-/var/log/auth.log}"
#incorrect ssh user
threshold_ssh1=5
#incorrect ssh password
threshold_ssh2=5
#incorrect ftp user
threshold_ftp1=5
#incorrect ftp password
threshold_ftp2=5
#incorrect http user&password
threshold_http=5
## CHECKING
# Abort the script if the log file has not been modified since it has
been read.
builtin test ! -N "$log_ssh" && builtin test ! -N "$log_ftp" && builtin
test ! -N "$log_http" && exit 0
## SSH RULES
# RULE 1: invalid user
list=`grep 'invalid user' $log_ssh | cut -d' ' -f13`
echo "$list" | uniq -c | while read count ip
do
[ $count -le $threshold_ssh1 ] && continue
[ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
(printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal user
attempts via ssh)\n" "$ip" "$count") >> /etc/hosts.deny
done
# RULE 2: invalid password
list=`grep 'Failed password for root' $log_file | cut -d' ' -f11`
echo "$list" | uniq -c | while read count ip
do
[ $count -le $threshold_ssh2 ] && continue
[ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
(printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal password
attempts via ssh)\n" "$ip" "$count") >> /etc/hosts.deny
done
## FTP RULES
# RULE 1: invalid password
list=`grep 'no such user found' $log_ftp | cut -d' ' -f15`
echo "$list" | uniq -c | while read count ip
do
[ $count -le $threshold_ftp1 ] && continue
[ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
(printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal user
attempts via ftp)\n" "$ip" "$count") >> /etc/hosts.deny
done
# RULE 2: invalid password
list=`grep 'Incorrect password' $log_file | sed 's/\[/ /g' | sed 's/\]/
/g' | cut -d' ' -f10`
echo "$list" | uniq -c | while read count ip
do
[ $count -le $threshold_ftp2 ] && continue
[ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
(printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal password
attempts via ftp)\n" "$ip" "$count") >> /etc/hosts.deny
done
## HTTP RULES
# RULE 1: invalid user&password
list=`grep 'authentication failure' $log_http | sed 's/=/ /g' | cut -d'
' -f20`
echo "$list" | uniq -c | while read count ip
do
[ $count -le $threshold_http ] && continue
[ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
(printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal attempts
via http)\n" "$ip" "$count") >> /etc/hosts.deny
done