SSH ochrana před roboty: Porovnání verzí
Z Wiki UnArt Slavičín
Skočit na navigaciSkočit na vyhledávání
(Nová stránka: #!/bin/bash DIR="var/log" DAY=`date |awk '{print $1}'` FILE="auth_$DAY.log" EMAIL="muj@mail.cz" POKUS=10 # uklid na zacatek rm -f /$DIR/auth/$FILE touch /$DIR/auth/tmp #...) |
Bez shrnutí editace |
||
| Řádek 1: | Řádek 1: | ||
#!/bin/bash | #!/bin/bash | ||
DIR="var/log" | DIR="var/log" | ||
DAY=`date |awk '{print $1}'` | DAY=`date |awk '{print $1}'` | ||
| Řádek 6: | Řádek 5: | ||
EMAIL="muj@mail.cz" | EMAIL="muj@mail.cz" | ||
POKUS=10 | POKUS=10 | ||
# uklid na zacatek | # uklid na zacatek | ||
rm -f /$DIR/auth/$FILE | rm -f /$DIR/auth/$FILE | ||
touch /$DIR/auth/tmp | touch /$DIR/auth/tmp | ||
# zaloha auth.log | # zaloha auth.log | ||
cat /$DIR/auth.log >> /$DIR/auth/$FILE | cat /$DIR/auth.log >> /$DIR/auth/$FILE | ||
#rm -f /$DIR/auth.log | #rm -f /$DIR/auth.log | ||
#touch /$DIR/auth.log | #touch /$DIR/auth.log | ||
# unikatni IP ze souboru + pridani do block_ip | # unikatni IP ze souboru + pridani do block_ip | ||
grep "Invalid user" /$DIR/auth/$FILE |awk '{print $10}' |uniq > /$DIR/auth/tmp; | grep "Invalid user" /$DIR/auth/$FILE |awk '{print $10}' |uniq > /$DIR/auth/tmp; | ||
cat /$DIR/auth/tmp >> /$DIR/auth/block_ip | cat /$DIR/auth/tmp >> /$DIR/auth/block_ip | ||
# blokovani nalezenych IP | # blokovani nalezenych IP | ||
SIZE=`wc -l /$DIR/auth/tmp |awk '{print $1}'`; | SIZE=`wc -l /$DIR/auth/tmp |awk '{print $1}'`; | ||
| Řádek 37: | Řádek 32: | ||
fi | fi | ||
done | done | ||
#mail | #mail | ||
cat /$DIR/auth/tmp |mail -s "Blokovane IP" $EMAIL | cat /$DIR/auth/tmp |mail -s "Blokovane IP" $EMAIL | ||
Verze z 10. 5. 2008, 17:02
#!/bin/bash
DIR="var/log"
DAY=`date |awk '{print $1}'`
FILE="auth_$DAY.log"
EMAIL="muj@mail.cz"
POKUS=10
# uklid na zacatek
rm -f /$DIR/auth/$FILE
touch /$DIR/auth/tmp
# zaloha auth.log
cat /$DIR/auth.log >> /$DIR/auth/$FILE
#rm -f /$DIR/auth.log
#touch /$DIR/auth.log
# unikatni IP ze souboru + pridani do block_ip
grep "Invalid user" /$DIR/auth/$FILE |awk '{print $10}' |uniq > /$DIR/auth/tmp;
cat /$DIR/auth/tmp >> /$DIR/auth/block_ip
# blokovani nalezenych IP
SIZE=`wc -l /$DIR/auth/tmp |awk '{print $1}'`;
SIZE=`expr $SIZE + 1`;
I=1
while test $I -lt $SIZE
do
IP=`sed -n "$I"p /$DIR/auth/tmp`; I=`expr $I + 1`;
POCET=`cat /$DIR/auth/$FILE |grep $IP |wc -l |awk '{print $1}'`;
if [ $POCET -gt $POKUS ] ; then echo $POCET # iptables -A INPUT -s $IP -j DROP echo $IP fi
done #mail cat /$DIR/auth/tmp |mail -s "Blokovane IP" $EMAIL
