ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
In my webhosting company, we had users supply invalid passwords (accidentally), and consequently showed up in our daily logwatch. To prevent them from being seen, and consiquently blocked by mistake, we made ascript in /opt/scripts that went like this:
Quote:
#!/bin/bash
# This script will check your logwatch file to
# see if any IPs that tried to do anonymous FTP are allowed to,
# and make sure that they are not mistakenly blocked by removing
# them from the logwatch file.
# Make a tmp folder for ipblock
rm -rf /tmp/ipblock
TMP=/tmp/ipblock
mkdir $TMP
OPT=/opt/scripts
cd /opt/scripts
PERMUSERS=`cat $OPT/ipblock_permusers.txt`
PERMADD=`cat $OPT/ipblock_donotblock.txt`
# Take the permitted users from the logwatch file
grep -vf $OPT/ipblock_permusers.txt /tmp/logwatch > $TMP/step1
# Take the permitted IP addresses from the file
grep -vf $OPT/ipblock_donotblock.txt $TMP/step1 > $TMP/step2
#Mail it out to the sysadmins
mail -s "Logwatch Server 4" my_email_address < $TMP/step2
That will just strip out the IPs. However, if you want to add a little logic (and not have a permitted user list), you can use this:
Quote:
#!/bin/bash
# This script will check your logwatch file to
# see if any IPs that tried to do anonymous FTP are allowed to,
# and make sure that they are not mistakenly blocked by removing
# them from the logwatch file.
# Make a tmp folder for ipblock
rm -rf /tmp/ipblock
TMP=/tmp/ipblock
mkdir $TMP
OPT=/opt/scripts
cd /opt/scripts
PERMUSERS=`cat $OPT/ipblock_permusers.txt`
PERMADD=`cat $OPT/ipblock_donotblock.txt`
# Take the permitted users from the logwatch file
grep -vf $OPT/ipblock_permusers.txt /tmp/logwatch > $TMP/step1
# Take the permitted IP addresses from the file
grep -vf $OPT/ipblock_donotblock.txt $TMP/step1 > $TMP/step2
#Mail it out to the sysadmins
mail -s "Logwatch Server 6" my_email_address < $TMP/step2
exit
#Ignore everything after this. It no longer
#functions properly, and is here
#merely for reference purposes.
#I reconstructed it above once I realized
#I didn't need any logic to do this.
# Use a regular expression to find the violating IPs in the logwatch using rhost= as a unique i
dentifyer
# grep -Eo '(rhost=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} : [0-9]{1,4} Time\(s\)|rhost=
[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} user=ftp: [0-9]{1,4} Time\(s\))' /tmp/logwatch
> $TMP/output
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.