[TAG] Talkback: 137/takefuji.html
takefuji
takefuji at sfc.keio.ac.jp
Sat Nov 3 04:08:29 MSK 2007
Dear Diana
Instead of running the shell script, run every line manually in order to
identify the line causing the errors.
/var/log format is different depending on the log system version.
Regards,
Yoshiyasu Takefuji
Professor of Keio University
-----Original Message-----
From: Ben Okopnik [mailto:ben at linuxgazette.net]
To: TAG <tag at lists.linuxgazette.net>
Sent: Friday, November 02, 2007 10:38 PM
To: takefuji at sfc.keio.ac.jp
Subject: Talkback: 137/takefuji.html
Hi -
We just had a reader comment on your article. If you reply, please
include tag at lists.linuxgazette.net in the CC list, since we'd like to
have the discusson/solution available to the Linux community. Thanks!
----- Forwarded message from diana <ephrondiana at gmail.com> -----
Date: Fri, 02 Nov 2007 18:49:57 +0530
From: diana <ephrondiana at gmail.com>
To: TAG <tag at lists.linuxgazette.net>
To: tag at lists.linuxgazette.net, ephrondiana at gmail.com
Reply-To: The Answer Gang <tag at lists.linuxgazette.net>
Sender: tag-bounces at lists.linuxgazette.net
Subject: [TAG] please help!
Hello,
I was directed to you through talkback of the site
-http://linuxgazette.net/137/takefuji.html.i got the following script
from
this site.but i am getting
ERROR message: "sed: -e expression #1, char 0: no previous regular
expression Bad argument `DROP' Try `iptables -h' or 'iptables --help' for
more information."while running that script manuall.
But i am getting the output from logs as dropped ip in my
/etc/sysconfig/iptables.I am not sure of this error :'( .please help
me.......
############################################################################
################################################
#!/bin/bash
rm -f ttt
touch tmp
# disabled IPs can be obtained from /etc/sysconfig/iptables
grep DROP /etc/sysconfig/iptables|awk '{print $5}' >tmp
# ------------------------ DoS attacks rule -------------------------
#identity mismatch in secure
grep Did /var/log/secure|awk '{print $12}' >>tmp
#Invalid user
grep "Invalid user" /var/log/secure|awk '{print $10}' >>tmp
# Maximum login
grep "Maximum login" /var/log/secure|awk '{print $7}'|sed
's/.*\[\(.*\)\])/\1/g' >>tmp
#
# ------------------ reduce redundant IPs from tmp file -------------
size=`/usr/bin/wc tmp|awk '{print $1}'`
i=0
while test $i -lt $size
do
us=`sed -n 1p tmp`
sed /$us/d tmp >tmps
echo $us >>ttt
cp -f tmps tmp
size=`/usr/bin/wc tmp|awk '{print $1}'`
done
rm -f tmp tmps temp0 temp
#
# ------------------ activate detected IPs --------------------------
size=`wc ttt|awk '{print $1}'`
size=`expr $size + 1`
/sbin/iptables -F
i=1
while test $i -lt $size
do
ip=`sed -n "$i"p ttt`
i=`expr $i + 1`
/sbin/iptables -A INPUT -s $ip -j DROP
done
# -----------------end of shell script test -------------------------
############################################################################
################################################
Thanks,
Diana.K.
+-+--------------------------------------------------------------------+-+
You've asked a question of The Answer Gang, so you've been sent the reply
directly as a courtesy. The TAG list has also been copied. Please send
all replies to tag at lists.linuxgazette.net, so that we can help our other
readers by publishing the exchange in our monthly Web magazine:
Linux Gazette (http://linuxgazette.net/)
+-+--------------------------------------------------------------------+-+
_______________________________________________
TAG mailing list
TAG at lists.linuxgazette.net
http://lists.linuxgazette.net/mailman/listinfo/tag
----- End forwarded message -----
--
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *
More information about the TAG
mailing list