Re: [ssfr] Pb avec un script recupere sur le net

[ Thread Index | Date Index | More debianworld.org/shellscript-fr Archives ]

To: shellscript-fr@xxxxxxxxxxxxxxx
Subject: Re: [ssfr] Pb avec un script recupere sur le net
From: giggzounet <giggzounet@xxxxxxxxx>
Date: Thu, 17 Jun 2010 23:11:57 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=NVjJvF6gQfvZYnlzJHdy/zNH7Deyj1t56VBa3z9dVU0=; b=NzjgBXpl/oGmfC3z5HiWvSnXdii4zNv+8csHIP+TmGNOPDbpXB7HqHml/i/Yj39btq VTb8tpo0N2tZifrSc8ScEduIgsbl3wolFc3AUM9mJcdzULpswEdsGxiHH/r+MXjTDa9z +QJ9WgezPjAb5P333Ssgb0j1ED4Y3njZc+Rp8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=YSO3n8OSWE3Kxp8IC+fIg0j/BZyExMqMY+aJisisZlGA5p6AlamQEuluTsXYo0EWYX +YVqLZenQIT9eOQqMIvmStvjCEB8RjhypTkIgxscB1znpFx7pV2BvrjekNBVqj44ynHM RmIwpKOGpAd/QdncRjsraglP9ifzDkdxYliik=

Le 17/06/2010 23:06, Thierry Voyat a écrit :
> Bonjour,
> 
>> list=`grep 'invalid user' $log_ssh | cut -d' ' -f13`
>> echo "$list" | uniq -c | while read count ip
> 
> si "$list" est vide, le "read count ip" attend indéfiniment ... un but
> de l'équipe de france
> 
> A+
> Thierry
> 

ah ok! et comment je fais pour corriger ça proprement ???

merci de ta réponse!
et allons regarder le rugby...

> giggzounet a écrit :
>> Bonjour,
>>
>> j'ai récupéré un script sur le net qui parcoure les fichiers auth.log et
>> qui modifient hosts.deny en conséquence. Mais qd je le lance, parfois il
>> se finit, parfois il ne se finit jamais....avez vous une idée pourquoi  ?
>>
>> merci d'avance,
>> Guillaume
>>
>> voici le script :
>> #!/bin/bash
>> # IPBLOCK v2
>> # v1 - First release
>> # v2 - All rules merged into 1 file
>>
>> ## PARAMETERS
>> # threshold parameters indicate the number of invalid attempt from an ip
>> before to be banned
>> log_ssh="${1:-/var/log/auth.log}"
>> log_ftp="${1:-/var/log/proftpd.log}"
>> log_http="${1:-/var/log/auth.log}"
>> #incorrect ssh user
>> threshold_ssh1=5
>> #incorrect ssh password
>> threshold_ssh2=5
>> #incorrect ftp user
>> threshold_ftp1=5
>> #incorrect ftp password
>> threshold_ftp2=5
>> #incorrect http user&password
>> threshold_http=5
>>
>>
>> ## CHECKING
>> # Abort the script if the log file has not been modified since it has
>> been read.
>> builtin test ! -N "$log_ssh" && builtin test ! -N "$log_ftp" && builtin
>> test ! -N "$log_http" && exit 0
>>
>>
>> ## SSH RULES
>> # RULE 1: invalid user
>> list=`grep 'invalid user' $log_ssh | cut -d' ' -f13`
>> echo "$list" | uniq -c | while read count ip
>> do
>>   [ $count -le $threshold_ssh1 ] && continue
>>   [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
>>   (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal user
>> attempts via ssh)\n" "$ip" "$count") >> /etc/hosts.deny
>> done
>> # RULE 2: invalid password
>> list=`grep 'Failed password for root' $log_file | cut -d' ' -f11`
>> echo "$list" | uniq -c | while read count ip
>> do
>>   [ $count -le $threshold_ssh2 ] && continue
>>   [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
>>   (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal password
>> attempts via ssh)\n" "$ip" "$count") >> /etc/hosts.deny
>> done
>>
>>
>> ## FTP RULES
>> # RULE 1: invalid password
>> list=`grep 'no such user found' $log_ftp | cut -d' ' -f15`
>> echo "$list" | uniq -c | while read count ip
>> do
>>   [ $count -le $threshold_ftp1 ] && continue
>>   [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
>>   (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal user
>> attempts via ftp)\n" "$ip" "$count") >> /etc/hosts.deny
>> done
>> # RULE 2: invalid password
>> list=`grep 'Incorrect password' $log_file | sed 's/\[/ /g' | sed 's/\]/
>> /g' | cut -d' ' -f10`
>> echo "$list" | uniq -c | while read count ip
>> do
>>   [ $count -le $threshold_ftp2 ] && continue
>>   [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
>>   (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal password
>> attempts via ftp)\n" "$ip" "$count") >> /etc/hosts.deny
>> done
>>
>>
>> ## HTTP RULES
>> # RULE 1: invalid user&password
>> list=`grep 'authentication failure' $log_http  | sed 's/=/ /g' | cut -d'
>> ' -f20`
>> echo "$list" | uniq -c | while read count ip
>> do
>>   [ $count -le $threshold_http ] && continue
>>   [ 0 -ne `grep -c "$ip" /etc/hosts.deny` ] && continue
>>   (printf "ALL: %12s # added `date +"%Y-%m-%d %R"` (%s Illegal attempts
>> via http)\n" "$ip" "$count") >> /etc/hosts.deny
>> done
>>
>>
>>
> 
> 
>

Follow-Ups:
- Re: [ssfr] Pb avec un script recupere sur le net
  - From: Thierry Voyat

References:
- [ssfr] Pb avec un script recupere sur le net
  - From: giggzounet
- Re: [ssfr] Pb avec un script recupere sur le net
  - From: Thierry Voyat

Messages sorted by: [ date | thread ]
Prev by Date: Re: [ssfr] Pb avec un script recupere sur le net
Next by Date: Re: [ssfr] Pb avec un script recupere sur le net
Previous by thread: Re: [ssfr] Pb avec un script recupere sur le net
Next by thread: Re: [ssfr] Pb avec un script recupere sur le net

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/