security
Добавлено: 2007-01-14 15:01:17
Настроил по статье лиса скрипт http://www.lissyara.su/?id=1069 но он почему то не отрабатывает. Пишет /usr/local/script/block_host : Permission denied.
Раз не осталось живых, значит мертвые — Встать!
https://forum.lissyara.su/
Код: Выделить всё
#!/bin/sh
if [ `date +%H` -eg 02 ]
then
/sbin/ipfw delete 1 >/dev/null 2>&1
fi
day=`date +%d`
month=`date +%m`
year=`date +%Y`
log_dir="/var/old_log/${year}/${month}"
mkdir -p ${log_dir}
log_file="${log_dir}/${day}_auth_log"
cat /var/log/auth.log > /tmp/auth.log
cat /dev/null > /var/log/auth.log
cat /tmp/auth.log >> ${log_file}
cat /tmp/auth.log | grep illegal | awk '{print $10}' | sort | uniq -c | sort |
{
while read count_IP
do
count_deny=`echo ${count_IP} | awk '{print $1}'`
IP=`echo ${count_IP} | awk '{print $2}'`
if [ ${count_deny} -ge 10 ]
then
/sbin/ipfw add 1 deny ip from ${IP} to me > /dev/null 2>&1
fi
done
}
cat /tmp/auth.log | grep "Failed password" | awk '{print $11}' | sort | uniq -c | sort |
{
while read count_IP
do
count_deny=`echo ${count_IP} | awk '{print $1}'`
IP=`echo ${count_IP} | awk '{print $2}'`
if [ ${count_deny} -ge 5 ]
then
/sbin/ipfw add 1 deny ip from ${IP} to me >/dev/null 2>&1
fi
done
}
Код: Выделить всё
#!/bin/sh -xv
Код: Выделить всё
block-host: Can't open block-host: No such file or directory
Код: Выделить всё
#!/bin/sh -xv
if [ `date +%H` -eg 02 ]
then
/sbin/ipfw delete 1 >/dev/null 2>&1
fi
+ date +%H
+ [ 09 -eg 02 ]
[: 09: unexpected operator
day=`date +%d`
+ date +%d
+ day=15
month=`date +%m`
+ date +%m
+ month=01
year=`date +%Y`
+ date +%Y
+ year=2007
log_dir="/var/old_log/${year}/${month}"
+ log_dir=/var/old_log/2007/01
mkdir -p ${log_dir}
+ mkdir -p /var/old_log/2007/01
log_file="${log_dir}/${day}_auth_log"
+ log_file=/var/old_log/2007/01/15_auth_log
cat /var/log/auth.log > /tmp/auth.log
+ cat /var/log/auth.log
cat /dev/null > /var/log/auth.log
+ cat /dev/null
cat /tmp/auth.log >> ${log_file}
+ cat /tmp/auth.log
cat /tmp/auth.log | grep illegal | awk '{print $10}' | sort | uniq -c | sort |
{
while read count_IP
do
count_deny=`echo ${count_IP} | awk '{print $1}'`
IP=`echo ${count_IP} | awk '{print $2}'`
if [ ${count_deny} -ge 10 ]
then
/sbin/ipfw add 1 deny ip from ${IP} to me > /dev/null 2>&1
fi
done
}
+ cat+ grep+ awk+ sort+ uniq+ sort /tmp/auth.log illegal {print $10}
-c
+ read count_IP
cat /tmp/auth.log | grep "Failed password" | awk '{print $11}' | sort | uniq -c | sort |
{
while read count_IP
do
count_deny=`echo ${count_IP} | awk '{print $1}'`
IP=`echo ${count_IP} | awk '{print $2}'`
if [ ${count_deny} -ge 5 ]
then
/sbin/ipfw add 1 deny ip from ${IP} to me >/dev/null 2>&1
fi
done
}+ cat+ grep+ awk+ sort+ uniq+ sort+ read /tmp/auth.log Failed password {print $11}
-c
count_IP
Код: Выделить всё
+ [ 09 -eg 02 ]