Re: [Fail2ban-users] Fail2Ban persistent? Bash script : alpha

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Diego, nice to see you around here! I'll take a look at it, and I'm sure someone else will as
well. CYA!

On 11/03/2011 03:29 AM, Diego Sanchez wrote:
> Hello!
> 
> It is not the best bash script.
> It is not optimized, and can be improved (a lot)
> 
> Also, I do not know python, so bash is my friend.
> 
> If I my tests do not fail (I slept 8 hours in 3 days and see what time it is), this should work (at
> least in my home server).
> 
> I have it added for 1 hour in crontab, and do not receive error (only when I try to add the chain
> "Offenders")
> 
> Who can be so brave to try it at home, and discuss the weaknesses?
> 
> 
> That's is my basic testing: http://pastebin.com/GdwU7E68
> 
> And the bash script:
> 
> root@proxy:scripts# cat /root/scripts/f2b.sh
> #!/bin/bash
> 
> LOG='/var/log/fail2ban.log'
> CSV='/var/log/fail2ban.csv'
> CSV_TMP='/tmp/csv.csv'
> OFFENDERS='/tmp/offenders.txt'
> 
> DATE=`date +%Y-%m-%d-%H_%M_%S`
> 
> # --------------- CREATE BACKUP IPTABLES
> iptables-save > /root/iptables.$DATE
> # ----------------
> 
> /bin/grep Ban /var/log/fail2ban.log|awk {'print $7'}|sort --unique >> $CSV
> 
> #Delete duplicate
> sort --unique $CSV     > $CSV_TMP
> mv            $CSV_TMP   $CSV
> 
> #create a new chain
> #hmmm.. i guess should check if exist before to add, but...
> iptables -N Offenders
> 
> #GET content  from Offenders chain
> iptables -L Offenders -n --verbose --line-numbers|grep DROP |awk {'print $9'} >  $OFFENDERS
> 
> for i in `cat $CSV`; do
>  if grep -Fxq "$i" $OFFENDERS
>   then
>     echo "$i exists in Offenders Chain. Skipping =("
>   else
>     echo "Adding $i to Offenders Chain"
>     iptables -I Offenders -s $i -j DROP
>   fi
> done
> #iptables -L Offenders -n --verbose --line-numbers|grep DROP |awk {'print $9'}
> 
> 
> -- 
> Diego - Yo no soy paranoico! (pero que me siguen, me siguen) | http://about.me/diegors/bio
> 
> 
> 
> ------------------------------------------------------------------------------
> RSA(R) Conference 2012
> Save $700 by Nov 18
> Register now
> http://p.sf.net/sfu/rsa-sfdev2dev1
> 
> 
> 
> _______________________________________________
> Fail2ban-users mailing list
> Fai...@li...
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users

- -- 
⁂ Arturo "Buanzo" Busleiman ⁂ - http://soundcloud.com/no-carrier -
Independent Linux and Security Consultant - 16+y of IT exp. at your service .
OWASPer - http://www.buanzo.com.ar/pro/eng.html                             ..:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREKAAYFAk6yhUIACgkQAlpOsGhXcE2XugCfdCiqVciv1An4do9i7Fl1s15V
0DMAnjsZ+n0hs1a2FOuOHOZAae1pjslu
=vSsM
-----END PGP SIGNATURE-----