spamassassin question [with blacklist question]
Brian Densmore
DensmoreB at ctbsonline.com
Tue Oct 26 10:28:33 CDT 2004
Well you were right about sed. Not something I could do with sed.
I wound up using awk, and temporarily putting the addresses in a separate file
until I feel comfortable it won't jack up my firewall.
#!/bin/sh
# list of ip address to allow always
MYIP=yyy.yyy.yyy.yyy
MYIP2=xxx.xxx.xxx.xxx
# name of logfile to scan - need to variablize so I can call it with an alternate
# logfile and default to this
lfl=/var/log/auth.log
# ugly all on one line, but it works
cat $lfl | grep -i failed\ password | awk '{ print $11 }' |uniq | grep -v $MYIP | grep -v $MYIP2 >> /etc/illegalips.txt
# still to do add commands to extract ips from above file
# and add to actual blacklist and call firewall restart
> -----Original Message-----
> From: Jeremy Turner
>
> > So I guess it's time
> > to pull out the sed pocket reference I have and learn
> > something in there to help.
>
> Nah... you're crying out for Perl =)
>
> #---------------------------------------------------------------
> #!/usr/bin/perl
>
> $my_ip = "192.168.0.1";
> %seen = ();
>
> # get input from stdin
> while (<>) {
>
> # illegal = no username
> # failed = wrong password
> if (/Failed/ || /Illegal/) {
>
> # match an ip address
> /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/;
>
> if ($my_ip !~ $1) {
> $seen{$1}++;
> }
> }
> }
> @ips = sort keys %seen;
> foreach (@ips) {
> print "$_\n";
> }
> #-----------------------------------------------------------
>
> The "Failed" and "Illegal" words are lines you would check to
> contain IP
> addresses. The hash table is to knock out duplicate IP addresses.
>
> Jeremy
>
> --
> Jeremy Turner <jeremy at linuxwebguy.com>
> Linux Tips and News! ---> http://linuxwebguy.com
>
> _______________________________________________
> Kclug mailing list
> Kclug at kclug.org
> http://kclug.org/mailman/listinfo/kclug
>
More information about the Kclug
mailing list