> #!/bin/bash
>
> IPADDRLIST=`tail -50 /var/log/messages | grep "<line
> pattern>" | awk '{print
> $<ip addr field number>}' | sort | uniq`
>
> for IPADDR in $IPADDRLIST
> do
> IPADDRCNT=`tail -50 /var/log/messages | grep "<line
> pattern>" | grep
> -c $IPADDR`
>
> if [[ $IPADDRCNT -ge 10 ]]
> then
> EXISTS=`grep -c $IPADDR /etc/hosts.deny`
>
> if [[ $EXISTS -eq 0 ]]
> then
> echo $IPADDR >> /etc/hosts.deny
> fi
> fi
> done
That looks good. Oh, I've found a name for it too: JAIDS...
=> Just Another Intrusion Detection Script ;-)
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
