RE: script needed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 
> #!/bin/bash
>  
> IPADDRLIST=`tail -50 /var/log/messages | grep "<line 
> pattern>" | awk '{print
> $<ip addr field number>}' | sort | uniq`
>  
> for IPADDR in $IPADDRLIST
> do
> 	IPADDRCNT=`tail -50 /var/log/messages | grep "<line 
> pattern>" | grep
> -c $IPADDR`
>  
> 	if [[ $IPADDRCNT -ge 10 ]]
> 	then
> 		EXISTS=`grep -c $IPADDR /etc/hosts.deny`
> 
> 		if [[ $EXISTS -eq 0 ]]
> 		then
> 			echo $IPADDR >> /etc/hosts.deny
> 		fi
> 	fi
> done

That looks good.  Oh, I've found a name for it too: JAIDS...

=> Just Another Intrusion Detection Script ;-)

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux