script needed
Michael Velez
mikev777 at hotmail.com
Fri Aug 5 11:46:00 UTC 2005
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Shaw, Marco
> Sent: Friday, August 05, 2005 7:31 AM
> To: General Red Hat Linux discussion list
> Subject: RE: script needed
>
> > I'd say something like this should work:
> >
> > #!/bin/bash
> >
> > IPADDRLIST=`tail -50 /var/log/messages | grep "<line
> > pattern>" | awk '{print $<ip addr field number>}' | sort | uniq`
> >
> > for IPADDR in $IPADDRLIST
> > do
> > IPADDRCNT=`tail -50 /var/log/messages | grep "<line
> > pattern>" | grep -c $IPADDR`
> >
> > if [[ $IPADDRCNT -ge 10 ]]
> > then
> > echo $IPADDR >> /etc/hosts.deny
> > fi
> > done
>
> For that last if statement, before echo'ing to the hosts.deny
> file, I'd make sure the address(es) isn't/aren't already
> listed. Otherwise, you file could grow and grow with the same IPs.
>
> Marco
Thanks Marco for that (and for reminding me to bottom-post),
Good point. I've changed it below.
#!/bin/bash
IPADDRLIST=`tail -50 /var/log/messages | grep "<line pattern>" | awk '{print
$<ip addr field number>}' | sort | uniq`
for IPADDR in $IPADDRLIST
do
IPADDRCNT=`tail -50 /var/log/messages | grep "<line pattern>" | grep
-c $IPADDR`
if [[ $IPADDRCNT -ge 10 ]]
then
EXISTS=`grep -c $IPADDR /etc/hosts.deny`
if [[ $EXISTS -eq 0 ]]
then
echo $IPADDR >> /etc/hosts.deny
fi
fi
done
More information about the redhat-list
mailing list