script needed
Shaw, Marco
Marco.Shaw at aliant.ca
Fri Aug 5 12:06:31 UTC 2005
> #!/bin/bash
>
> IPADDRLIST=`tail -50 /var/log/messages | grep "<line
> pattern>" | awk '{print
> $<ip addr field number>}' | sort | uniq`
>
> for IPADDR in $IPADDRLIST
> do
> IPADDRCNT=`tail -50 /var/log/messages | grep "<line
> pattern>" | grep
> -c $IPADDR`
>
> if [[ $IPADDRCNT -ge 10 ]]
> then
> EXISTS=`grep -c $IPADDR /etc/hosts.deny`
>
> if [[ $EXISTS -eq 0 ]]
> then
> echo $IPADDR >> /etc/hosts.deny
> fi
> fi
> done
That looks good. Oh, I've found a name for it too: JAIDS...
=> Just Another Intrusion Detection Script ;-)
More information about the redhat-list
mailing list