[TAG] please help!
diana
ephrondiana at gmail.com
Fri Nov 2 16:19:57 MSK 2007
Hello,
I was directed to you through talkback of the site
-http://linuxgazette.net/137/takefuji.html.i got the following script
from this site.but i am getting
ERROR message: "sed: -e expression #1, char 0: no previous regular
expression Bad argument `DROP' Try `iptables -h' or 'iptables --help'
for more information."while running that script manuall.
But i am getting the output from logs as dropped ip in my
/etc/sysconfig/iptables.I am not sure of this error :'( .please help
me.......
############################################################################################################################
#!/bin/bash
rm -f ttt
touch tmp
# disabled IPs can be obtained from /etc/sysconfig/iptables
grep DROP /etc/sysconfig/iptables|awk '{print $5}' >tmp
# ------------------------ DoS attacks rule -------------------------
#identity mismatch in secure
grep Did /var/log/secure|awk '{print $12}' >>tmp
#Invalid user
grep "Invalid user" /var/log/secure|awk '{print $10}' >>tmp
# Maximum login
grep "Maximum login" /var/log/secure|awk '{print $7}'|sed 's/.*\[\(.*\)\])/\1/g' >>tmp
#
# ------------------ reduce redundant IPs from tmp file -------------
size=`/usr/bin/wc tmp|awk '{print $1}'`
i=0
while test $i -lt $size
do
us=`sed -n 1p tmp`
sed /$us/d tmp >tmps
echo $us >>ttt
cp -f tmps tmp
size=`/usr/bin/wc tmp|awk '{print $1}'`
done
rm -f tmp tmps temp0 temp
#
# ------------------ activate detected IPs --------------------------
size=`wc ttt|awk '{print $1}'`
size=`expr $size + 1`
/sbin/iptables -F
i=1
while test $i -lt $size
do
ip=`sed -n "$i"p ttt`
i=`expr $i + 1`
/sbin/iptables -A INPUT -s $ip -j DROP
done
# -----------------end of shell script test -------------------------
############################################################################################################################
Thanks,
Diana.K.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linuxgazette.net/mailman/private/tag/attachments/20071102/c8797f77/attachment.htm
More information about the TAG
mailing list