scripting fun
Mike Bird
mgb-ubuntu at yosemite.net
Thu Jun 5 18:41:15 UTC 2008
#!/bin/bash
join -v2 \
<(iptables -L INPUT -n | grep DROP | awk '{print $4}' |
sort -n | uniq ) \
<(grep -i slurp /var/log/apache-perl/access.log |awk '{print $1}' |
sort -n | uniq) |
egrep '^([[:digit:]]+[.]){3}[[:digit:]]+$' |
while read ip; do
iptables -A INPUT -s $ip -j DROP
done
Notes:
(1) There are bashims so we use "#!/bin/bash" rather than "#!/bin/sh".
(2) We avoid temp file creation subject to symlink security attacks.
(3) For uniq IPs we need "sort -n | uniq" rather than "sort -nu".
(4) We check for plausible IP addresses to avoid injection attacks.
--Mike Bird
More information about the ubuntu-users
mailing list