From: Arturo 'B. B. <bu...@bu...> - 2011-11-03 12:13:05
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Diego, nice to see you around here! I'll take a look at it, and I'm sure someone else will as well. CYA! On 11/03/2011 03:29 AM, Diego Sanchez wrote: > Hello! > > It is not the best bash script. > It is not optimized, and can be improved (a lot) > > Also, I do not know python, so bash is my friend. > > If I my tests do not fail (I slept 8 hours in 3 days and see what time it is), this should work (at > least in my home server). > > I have it added for 1 hour in crontab, and do not receive error (only when I try to add the chain > "Offenders") > > Who can be so brave to try it at home, and discuss the weaknesses? > > > That's is my basic testing: http://pastebin.com/GdwU7E68 > > And the bash script: > > root@proxy:scripts# cat /root/scripts/f2b.sh > #!/bin/bash > > LOG='/var/log/fail2ban.log' > CSV='/var/log/fail2ban.csv' > CSV_TMP='/tmp/csv.csv' > OFFENDERS='/tmp/offenders.txt' > > DATE=`date +%Y-%m-%d-%H_%M_%S` > > # --------------- CREATE BACKUP IPTABLES > iptables-save > /root/iptables.$DATE > # ---------------- > > /bin/grep Ban /var/log/fail2ban.log|awk {'print $7'}|sort --unique >> $CSV > > #Delete duplicate > sort --unique $CSV > $CSV_TMP > mv $CSV_TMP $CSV > > #create a new chain > #hmmm.. i guess should check if exist before to add, but... > iptables -N Offenders > > #GET content from Offenders chain > iptables -L Offenders -n --verbose --line-numbers|grep DROP |awk {'print $9'} > $OFFENDERS > > for i in `cat $CSV`; do > if grep -Fxq "$i" $OFFENDERS > then > echo "$i exists in Offenders Chain. Skipping =(" > else > echo "Adding $i to Offenders Chain" > iptables -I Offenders -s $i -j DROP > fi > done > #iptables -L Offenders -n --verbose --line-numbers|grep DROP |awk {'print $9'} > > > -- > Diego - Yo no soy paranoico! (pero que me siguen, me siguen) | http://about.me/diegors/bio > > > > ------------------------------------------------------------------------------ > RSA(R) Conference 2012 > Save $700 by Nov 18 > Register now > http://p.sf.net/sfu/rsa-sfdev2dev1 > > > > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users - -- ⁂ Arturo "Buanzo" Busleiman ⁂ - http://soundcloud.com/no-carrier - Independent Linux and Security Consultant - 16+y of IT exp. at your service . OWASPer - http://www.buanzo.com.ar/pro/eng.html ..: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAk6yhUIACgkQAlpOsGhXcE2XugCfdCiqVciv1An4do9i7Fl1s15V 0DMAnjsZ+n0hs1a2FOuOHOZAae1pjslu =vSsM -----END PGP SIGNATURE----- |