LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-06-2017, 08:05 PM   #1
Vince129
LQ Newbie
 
Registered: Dec 2017
Posts: 6

Rep: Reputation: Disabled
How do I store 5 files into one file and send it once a week through email.


Secure log resets at 3am on Sunday. My project was to:
1. Find ip addresses that were trying to access the server as ROOT.
2. Put 5-10 different ip addresses in their own file
3. Make a weekly file that stores the total number of attacks.
4. Send the weekly report as an email with the total number of attacks happened by hacker's IP and the total number of attacks this week.

This is what I have so far in crontab -e:
0 2 * * * grep 182.100.67 /var/log/secure >> ~/hacker/hacker1
0 2 * * 0 grep 58.242.83 /var/log/secure >> ~/hacker/hacker2
0 2 * * 0 grep 46.63.20 /var/log/secure >> ~/hacker/hacker3
0 2 * * 0 grep 35.196.74 /var/log/secure >> ~/hacker/hacker4
0 2 * * 0 grep 119.5.40 /var/log/secure >> ~/hacker/hacker5
30 2 * * 0 cat ~/hacker/hacker1 ~/hacker/hacker2 ~/hacker/hacker3 ~/hacker/hacker4 ~/hacker/hacker5 >>weeklyfile
45 2 * * 0 sendmail ***********@gmail.com < wc -l ~/hacker/weeklyfile

I'm almost positive this won't work but I tried to do this with the best of my abilities. Also is there a way to just output just the total number of attacks instead of all the text that would come with it?

Last edited by Vince129; 12-06-2017 at 08:14 PM.
 
Old 12-07-2017, 03:50 AM   #2
j-ray
Senior Member
 
Registered: Jan 2002
Location: germany
Distribution: ubuntu, mint, suse
Posts: 1,551

Rep: Reputation: 139Reputation: 139
grep -c 182.100.67 /var/log/secure >> ~/hacker/hacker1
cat ~/hacker/hacker1 ~/hacker/hacker2 ~/hacker/hacker3 ~/hacker/hacker4 ~/hacker/hacker5 >>weeklyfile -> in which directory is weeklyfile?

I guess the sendmail command will not have the expected result.

Welcome to LQ Vince129!

Last edited by j-ray; 12-07-2017 at 03:56 AM.
 
2 members found this post helpful.
Old 12-07-2017, 04:31 AM   #3
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Ubuntu, Devuan, OpenBSD
Posts: 2,689
Blog Entries: 3

Rep: Reputation: 1166Reputation: 1166Reputation: 1166Reputation: 1166Reputation: 1166Reputation: 1166Reputation: 1166Reputation: 1166Reputation: 1166
Your script needs to call a mail client. So mail is the utility you are looking for. It's a mail client. In contrast, sendmail is a mail transfer agent (MTA) also called a mail server. You don't invoke sendmail for this nor qmail, exim, or postfix though your client might or might not be connecting to one of them.
 
1 members found this post helpful.
Old 12-07-2017, 05:26 AM   #4
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 5,447

Rep: Reputation: 420Reputation: 420Reputation: 420Reputation: 420Reputation: 420
What if an attack occurs at 2:59 on a Sunday?
 
1 members found this post helpful.
Old 12-07-2017, 05:36 AM   #5
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 2,402

Rep: Reputation: 970Reputation: 970Reputation: 970Reputation: 970Reputation: 970Reputation: 970Reputation: 970Reputation: 970
#1 as noted above, your crontab has not given a path for weeklyfile

#2 you need to be able to send weekly file as either the email contents, or as an attachment. I would use a script for either. The email client I would use is mutt, as it will handle both cases easily. If you only want to send a text email, almost any client will work (mail or mailx come to mind).

Last edited by wpeckham; 12-07-2017 at 05:38 AM.
 
1 members found this post helpful.
Old 12-07-2017, 05:51 AM   #6
michaelk
Moderator
 
Registered: Aug 2002
Posts: 16,412

Rep: Reputation: 1936Reputation: 1936Reputation: 1936Reputation: 1936Reputation: 1936Reputation: 1936Reputation: 1936Reputation: 1936Reputation: 1936Reputation: 1936Reputation: 1936
Welcome to LinuxQuestions.

Is this a school project? Have you learned anything about shell scripting? I would assume the assignment is to write a single script to find the IPs, count the number of occurrences and then email the results.
 
1 members found this post helpful.
Old 12-07-2017, 09:46 AM   #7
Vince129
LQ Newbie
 
Registered: Dec 2017
Posts: 6

Original Poster
Rep: Reputation: Disabled
j-ray
I added and (hopefully) fixed those additions. Soo grep -c is to count matching lines(based on a google search), does that more accurately count the number of attacks than wc? If so, is there a way I can send the mail through -c instead of wc -l and it would look better?

turbocapitalist
I can switch it to mail, I saw my professor use sendmail in class and wrote it in my notes, that's why I decided to use it.

keefaz
I made it closer... I was scared if I made it too close, one command would be running before the other or something.

wpeckham
I was thinking about that... but I don't really know how to do that, is the simplest way just to "mail < file" ? Or do I need to run commands in weeklyfile or something like that, or run some more commands in crontab?. I never heard of mutt and don't know how to use it.

michaelk
This is a school project and I have tried for a week to figure it out myself. It's extra credit so it's not a big deal but I want to give it my best shot. The only thing I know about scripting is that it lets you run a bunch of commands from a file somehow. I remember we did an in class assignment in which we were on bash_profile and got the server (He's using some amazon server) to run some commands when you first log in. The second sentence you have is spot on based on what my group interpreted it to be as.

Here is the crontab(script?) updated:

57 2 * * * grep -c 182.100.67 /var/log/secure >> ~/hacker/hacker1
57 2 * * 0 grep -c 58.242.83 /var/log/secure >> ~/hacker/hacker2
57 2 * * 0 grep -c 46.63.20 /var/log/secure >> ~/hacker/hacker3
57 2 * * 0 grep -c 35.196.74 /var/log/secure >> ~/hacker/hacker4
57 2 * * 0 grep -c 119.5.40 /var/log/secure >> ~/hacker/hacker5
58 2 * * 0 cat ~/hacker/hacker1 ~/hacker/hacker2 ~/hacker/hacker3 ~/hacker/hacker4 ~/hacker/hacker5 >> ~/hacker/weeklyfile
59 2 * * 0 mail profkim2220@gmail.com < wc -l ~/hacker/weeklyfile
 
Old 12-07-2017, 10:07 AM   #8
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 5,447

Rep: Reputation: 420Reputation: 420Reputation: 420Reputation: 420Reputation: 420
Quote:
Originally Posted by Vince129 View Post
keefaz
I made it closer... I was scared if I made it too close, one command would be running before the other or something.
The OS logging system is smart enough to make a backup (logrotate) when It resets. See secure* files in /var/log

In fact I would rather grep the most recent backup secure log, just after it resets so I could work with a finished backup, avoiding working with an opened file by another program.

Say at 3:01, I grep /var/log/secure.1

[edit] but for a log file, I think it's not important

Small notice: The dots in ips need escaping as dot means any character in regular expression
Code:
#match 12700a081 for example
grep '127.0.0.1'  file

#match only 127.0.0.1
grep '127\.0\.0\.1' file
Also you can grep all ips at once
Code:
# grep both 182.100.67 and 58.242.83
grep '182\.100\.67\|58\.242\.83' file

Last edited by keefaz; 12-07-2017 at 10:11 AM.
 
1 members found this post helpful.
Old 12-07-2017, 11:55 AM   #9
michaelk
Moderator
 
Registered: Aug 2002
Posts: 16,412

Rep: Reputation: 1936Reputation: 1936Reputation: 1936Reputation: 1936Reputation: 1936Reputation: 1936Reputation: 1936Reputation: 1936Reputation: 1936Reputation: 1936Reputation: 1936
A crontab entry is not a script. cron is a way to run a task at a scheduled time in the background. Normally one would put all the commands in one script file and then cron would execute the one script at the scheduled time.

As a reminder to all this is an extra credit project...
 
1 members found this post helpful.
Old 12-07-2017, 12:48 PM   #10
rhubarbdog
Member
 
Registered: Apr 2015
Location: Yorkshire, England
Distribution: Linux Mint
Posts: 114

Rep: Reputation: Disabled
Just a note you cat 5 files into weeklyfile. Is that what you want, you no longer have 5 files you have 1 massive file. Perhaps tar would be a better command than cat
 
1 members found this post helpful.
Old 12-07-2017, 02:55 PM   #11
Vince129
LQ Newbie
 
Registered: Dec 2017
Posts: 6

Original Poster
Rep: Reputation: Disabled
keefaz
He explicitly said, "Create a file associated to each IP address you are tracking". I don't think I would be able to search them all and put them in one file, it sounds to me like they should be separate. I will add the apostrophes and the forward slashes though thank you. And I do see some backups but this is an intro course and I have no idea if I could automate backups.

michaelk
Yep, only extra credit so he just has to see effort. But you know... 5 points is 5 points

rhubarbdog
He MENTIONED the tar command in class... I just looked it up and it does look like compressing large files would be helpful, I don't believe it will be necessary now but in the future I'm sure I will need to know that for more data intensive projects.

Any extra additions are appreciated, I will turn it in at 7 and declare it solved around that time
 
Old 12-07-2017, 04:09 PM   #12
rhubarbdog
Member
 
Registered: Apr 2015
Location: Yorkshire, England
Distribution: Linux Mint
Posts: 114

Rep: Reputation: Disabled
tar doesn't do compression it creates a 'tape archive' it's more of a backup tool
Something like
Code:
tar -cf weeklyfile hacker1 hacker2 hacker3
 
1 members found this post helpful.
Old 12-07-2017, 05:51 PM   #13
Vince129
LQ Newbie
 
Registered: Dec 2017
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by rhubarbdog View Post
tar doesn't do compression it creates a 'tape archive' it's more of a backup tool
Something like
Code:
tar -cf weeklyfile hacker1 hacker2 hacker3
So I can replace the cat line with this a line similiar to this and it would do the same thing just more efficiently? What would change? I researched it a bit and it looks like it creates a tar archive (backup) file and gives it the file name type...

Edit: now that I look at it again I think I see, it creates a backup for when you modify a large amount of data so nothing goes wrong, but maybe I interpreted this wrong.

Last edited by Vince129; 12-07-2017 at 05:59 PM.
 
Old 12-07-2017, 05:59 PM   #14
rhubarbdog
Member
 
Registered: Apr 2015
Location: Yorkshire, England
Distribution: Linux Mint
Posts: 114

Rep: Reputation: Disabled
You can extract files hacker1 etc back out of the weeklyfile at present your cat statement just creates a mega-file which would need manual intervention to break back up into each component. Tar also compresses the input before storage if you give it the correct options
 
1 members found this post helpful.
Old 12-07-2017, 06:02 PM   #15
Vince129
LQ Newbie
 
Registered: Dec 2017
Posts: 6

Original Poster
Rep: Reputation: Disabled
Like this?:

57 2 * * * grep -c '182\.100\.67' /var/log/secure >> ~/hacker/hacker1
57 2 * * 0 grep -c \58\.242\.83' /var/log/secure >> ~/hacker/hacker2
57 2 * * 0 grep -c '46\.63\.20' /var/log/secure >> ~/hacker/hacker3
57 2 * * 0 grep -c '35\.196\.74' /var/log/secure >> ~/hacker/hacker4
57 2 * * 0 grep -c '119\.5\.40' /var/log/secure >> ~/hacker/hacker5
58 2 * * 0 tar -cf weeklyfile hacker1 hacker2 hacker3 hacker4 hacker5
58 2 * * 0 cat ~/hacker/hacker1 ~/hacker/hacker2 ~/hacker/hacker3 ~/hacker/hacker4 ~/hacker/hacker5 >> ~/hacker/weeklyfile
59 2 * * 0 sendmail profkim2220@gmail.com < wc -l ~/hacker/weeklyfile

Edit: forgot to add times

Last edited by Vince129; 12-07-2017 at 06:12 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Read a file, and send an email to the users inside the file karthikbhuvanagiri Programming 7 03-19-2013 07:01 PM
Really simple cron to send an email every week to confirm mail is working stardotstar Linux - Newbie 3 03-01-2012 08:55 PM
using cron to send files via email aditaa Linux - Server 5 04-21-2009 05:03 AM
Is there a way to send files to a friend, similar to MSN send file protocol? pablom Linux - Networking 1 05-07-2007 11:16 PM
slack store email problem. cant send to them. xushi Slackware 4 04-14-2004 03:25 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration