script needed
Shaw, Marco
Marco.Shaw at aliant.ca
Fri Aug 5 11:30:58 UTC 2005
> I'd say something like this should work:
>
> #!/bin/bash
>
> IPADDRLIST=`tail -50 /var/log/messages | grep "<line
> pattern>" | awk '{print $<ip addr field number>}' | sort | uniq`
>
> for IPADDR in $IPADDRLIST
> do
> IPADDRCNT=`tail -50 /var/log/messages | grep "<line
> pattern>" | grep -c $IPADDR`
>
> if [[ $IPADDRCNT -ge 10 ]]
> then
> echo $IPADDR >> /etc/hosts.deny
> fi
> done
For that last if statement, before echo'ing to the hosts.deny file, I'd
make sure the address(es) isn't/aren't already listed. Otherwise, you
file
could grow and grow with the same IPs.
Marco
More information about the redhat-list
mailing list