Re: array and hash patter matching

Mon, 07 May 2007 11:14:06 -0700 

> Morning all,
>
> I am working on a script that reads in /var/log/auth.log,, takes the ip
> addresses puts them into a hash keeping track of how many times it finds
> that address and compare it to addresses found in /etc/hosts.deny and
> only write the addresses that are new in the file.  So far I can get the
> addresses from the log file no problem and write them to the deny file,
> however I am struggling on how to compare the hash with an array for any
> duplicate addresses.  What is the best approach to take with this?

I guess you mean the following part:

> while (<DENY>) {
>         if ($_ =~ /Invalid user/ || /Failed password for/) {
>                push @origDeny, $_;
>        }
>                 foreach $orig (@origDeny) {
>                         if ($off =~ /((\d+)\.(\d+)\.(\d+)\.(\d+))/) {
>                            push @hosts, $1;
>                                 }
>                 }
> }
> close DENY;


You could change that to something like:
while (<DENY>) {
        if ($_ =~ /Invalid user/ || /Failed password for/) {
               push @origDeny, $_;
       }
                foreach $orig (@origDeny) {
                        if ($off =~ /((\d+)\.(\d+)\.(\d+)\.(\d+))/) {
                          # BAD
                           #push @hosts, $1;

                          #GOOD {tm}:
                          # Put every host as KEY into a hash with a TRUE
pseudo-values
                          # so it is DEFINED ;-)
                          $badHost{$1} = 1;

                                }
                }
}
close DENY;

Now, every host is unique. Then:

open (DENY, ">>/etc/hosts.deny") or die "Can't open log file: $!\n";
while (<LOGFILE>) {
        if ($_ =~ /Invalid user/ || /Failed password for/) {
                if ($off =~ /((\d+)\.(\d+)\.(\d+)\.(\d+))/) {
                        $host = $1;
                        if(!defined($badHost{$host}) {
                           $badHost{$host} = 1; # Remember the baddy
                           print DENY "$host\n";
                       }
                }
        }
}
close DENY

Btw: use strict and use warnings and don't use barewords...

LLAP & LG
Rene

-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1    Visit <http://www.ebb.org/ungeek/> to decode
GCS d- s:- a-- C++$ UBLA*++++$ P++++$ L+$ !E !W+++$ N+ o+ K--?
w++$ !O M+ V-- PS PE Y+ PGP+ t+ 5 X- !R tv b+++ DI-- D++ G e h-- r-- y+
------END GEEK CODE BLOCK------


-----------------------------------------
This E-Mail was sent through MagicMail

Download our Jump'n'Run "BlinkenSisters":
    http://www.blinkensisters.org


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/

Reply via email to