Re: [shell-script] Ajuda - Ler um arquivo de log e executar uma tarefa

Sun, 21 Feb 2010 03:28:42 -0800 

Você conhece a ferramenta de segurança oSSEC? http://www.ossec.net/

Ela faz isso que você quer, e monitora vários serviços e diretórios. Ah, e
também tem versão em português !


[]'s
Alexandre Gorges
http://www.google.com.br/profiles/algorges
MSN/Gtalk/iCHAT/Skype/Jabber: algor...@gmail.com
ICQ: 2031408





From: ricardoscript <ricardoscr...@yahoo.com.br>
Reply-To: Lista Shell Script <shell-script@yahoogrupos.com.br>
Date: Sun, 21 Feb 2010 00:25:59 -0000
To: Lista Shell Script <shell-script@yahoogrupos.com.br>
Subject: [shell-script] Ajuda - Ler um arquivo de log e executar uma tarefa

 
 
 
   

Pessoal, estou precisando de um script que leia meu arquivo mail.log e ao
encontrar a palavra "LOGIN FAILED" vindo de um mesmo IP por mais de 6 vezes
ele execute o comando iptables -A INPUT -s xxx.xxx.xxx.xxx(IP atacante) -j
DROP

Segue corte de meu mail.log onde se observa a tentativa de brute-force
Por qualquer ajudo, estou desde já agradecido.

Feb 20 09:20:35 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:20:35 matrix pop3d: LOGIN FAILED, user=staff,
ip=[::ffff:189.126.109.221]
Feb 20 09:20:40 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:20:40 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:20:40 matrix pop3d: LOGIN FAILED, user=humberto,
ip=[::ffff:189.126.109.221]
Feb 20 09:20:45 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:20:45 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:20:45 matrix pop3d: LOGIN FAILED, user=humberto,
ip=[::ffff:189.126.109.221]
Feb 20 09:20:50 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:20:50 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:20:50 matrix pop3d: LOGIN FAILED, user=ian,
ip=[::ffff:189.126.109.221]
Feb 20 09:20:56 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:20:56 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:20:56 matrix pop3d: LOGIN FAILED, user=ian,
ip=[::ffff:189.126.109.221]
Feb 20 09:21:01 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:21:01 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:21:01 matrix pop3d: LOGIN FAILED, user=iasmin,
ip=[::ffff:189.126.109.221]
Feb 20 09:21:06 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:21:06 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:21:06 matrix pop3d: LOGIN FAILED, user=iasmin,
ip=[::ffff:189.126.109.221]
Feb 20 09:21:11 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:21:11 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:21:11 matrix pop3d: LOGIN FAILED, user=iasser,
ip=[::ffff:189.126.109.221]
Feb 20 09:21:16 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:21:16 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:21:16 matrix pop3d: LOGIN FAILED, user=iasser,
ip=[::ffff:189.126.109.221]
Feb 20 09:21:21 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:21:21 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:21:22 matrix pop3d: LOGIN FAILED, user=ibraim,
ip=[::ffff:189.126.109.221]
Feb 20 09:21:27 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:21:27 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:21:27 matrix pop3d: LOGIN FAILED, user=ibraim,
ip=[::ffff:189.126.109.221]
Feb 20 09:21:32 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:21:32 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:21:32 matrix pop3d: LOGIN FAILED, user=ibsen,
ip=[::ffff:189.126.109.221]

 
   





[As partes desta mensagem que não continham texto foram removidas]

Responder a