LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   How to get a list of all the IP Adresses accessing your server... (https://www.linuxquestions.org/questions/linux-networking-3/how-to-get-a-list-of-all-the-ip-adresses-accessing-your-server-436624/)

socceroos 04-19-2006 12:30 AM
How to get a list of all the IP Adresses accessing your server...
 
Hello All,

I was asked by my boss to create him a web-page that would give him a list of all the IP Addresses currently connected to our FreeBSD server and possibly give him the option of killing certain connections.

I know that you can view current connections through 'netstat -a' but is there a solution to the problem mentioned above? If so, could you show me where to start?

I have been Googling for a while now but have not come accross any solutions.

Your help is greatly appreciated.

Socceroos

jschiwal 04-19-2006 12:44 AM
What kind of server are you talking about. If it is a web server, I think you could extract the ip addresses from the logs.

Poetics 04-19-2006 12:47 AM
The dangerous thing about having a "kill" button is that you need root (or similar) permissions to do such a thing ... I have no doubt your boss wants to have a single button he can click to kill a connection; that's some pretty insecure scriptwork, though it is possible through some 'exec' commands (depending on your programming language of choice, PHP most likely)

paragn 04-19-2006 12:51 AM
hi,
Does netstat -at will answer to your question?

socceroos 04-19-2006 01:18 AM
I agree, having the 'kill' button leaves a huge hole in security.

Forget having a 'kill' button for the moment: is it possible to use php or perl to get a list of the CURRENTLY active IP Addresses on the Server (using Apache 2.2).

While I COULD use some sophisticated perl to parse the log files and glean IP Addresses - this still wouldn't tell me who was still ACTIVELY connected (ESTABLISHED).

socceroos 04-20-2006 12:11 AM
So, noone knows of any solutions to this problem?

I need to be able to display a list of currently connected IP Addresses IN A WEB PAGE - prefferably written in PHP or PERL.

gilead 04-20-2006 03:58 AM
Have you had a look at http://www.phildev.net/iptstate/? You can display all of the iptables connection states - it's not too hard to take that output and format it for a web page. I haven't checked to see if it runs under BSD though (do you use iptables?)...

socceroos 04-20-2006 06:51 PM
Gilead:

I have looked at the program your reccommended and, although it looks good, it doesn't actually compile on FreeBSD 5.4.

iptstate.cc: In function `int main(int, char**)':
iptstate.cc:385: error: `AF_INET' undeclared (first use this function)

I've had a look at the source code and tried hashing out the AF_NET variable - which makes it compile correctly - but it doesn't work (AF_NET must be an essential part of the program).

Thanks for your help

ataraxia 04-20-2006 07:12 PM
Can't you have your Perl or PHP script shell out, run netstat -a, and parse it in your script? This is quick and dirty, but it should work:
Code:
#!/usr/bin/env perl

print "<html><head><title>Current connections</title></head>\n";
print "<body><h1>Current connections</h1></pre>\n";

@Conns = `netstat -a`;

for $conn (@Conns) {
  print "$conn\n";
}

print "</pre></body></html>\n";
(And yes, since iptstate depends on iptables, it only works on Linux.)

ZST 04-20-2006 10:26 PM
suexec-apache might be what your looking for, google for that.

If that does not help solve your problem, you can look for patterns in the IP's that access your site, and have a cron job add the ip's to the drop list in pf filter for bsd, and have another cron job remove them when they meet a certain requirement.

I set this up on a bank website for brute force attacks. Its not really hard, it may or may not work for you. Let me know.

socceroos 04-21-2006 12:54 AM
This is what I've got so far...

Any improvements? (Much appreciated)

Thankyou!


Code:

#!/usr/bin/env perl

print "Content-type: text/html\n\n";
print "<html><head><title>Current connections</title>\n<link rel='stylesheet' type='text/css' href='../htdocs/main/style.css' />
</head>\n";
print "<font class='title'>Active Internet Connections</font>";
print "<table>";
print "<tr>";
print "<td>Protocol</td><td>Recv-Q</td><td>Send-Q</td><td>Local Address</td><td>Remote Address</td><td>(state)</td>\n";
print "</tr>\n";


@Conns = `netstat -aW | tr -s " "`;
$i=0;


open(infile,">conn.tmp");
print infile @Conns;
close(infile);


open(outfile,"<conn.tmp");
@current=<outfile>;
 foreach $line (@current) {
  ($proto,$recv,$send,$ladd,$radd,$state)=split(/ /,$line);
  if ($i <= 1)
    {
    }
  else
    {
    print "<tr>\n";
    print "<td>$proto</td>\n";
    print "<td>$recv</td>\n";
    print "<td>$send</td>\n";
    print "<td>$ladd</td>\n";
    print "<td>$radd</td>\n";
    print "<td>$state</td>\n";
    print "</tr>\n";
    }
    $i++;
 }
close(outfile);


print "</table>";
print "</body></html>\n";

ataraxia 04-21-2006 08:36 PM
Only a couple of comments:
  • What's with the tempfile?
  • Suggest using "th" tags rather than "td" for the table headers. Blind folks with screenreaders appreciate it, anyway.

socceroos 04-23-2006 05:44 PM
Yeah, I realise I don't need the tempfile. :S

But since only me and my fellow SysOps are going to be viewing this page I'm not sure I'll need to change the td tags, except to encourage good habbit.

ataraxia 04-23-2006 06:13 PM
"th" tags also have the effect of bolding the text for you, which (at least to me) makes it easier to read.


All times are GMT -5. The time now is 01:42 PM.