scripting fun
Cameron Hutchison
lists at xdna.net
Fri Jun 6 22:51:06 UTC 2008
Bart Silverstrim <bsilver at chrononomicon.com> writes:
>So to be clear, the script I'm now using is...
>**********
>#!/bin/bash
>join -v2 \
> <(iptables -L INPUT -n | grep DROP | awk '{print $4}' | sort -u) \
> <(grep -i slurp /var/log/apache-perl/access.log |awk '{print $1}' |
>sort -u) | \
>egrep '^([[:digit:]]+[.]){3}[[:digit:]]+$' |\
>while read ip; do
> iptables -A INPUT -s $ip -j DROP
>done
>***********
One more refinement I can see - grep piped into awk is redundant most of
the time.
The command pipeline:
grep DROP | awk '{print $4}'
can be replaced with
awk '/DROP/ {print $4}'
The second one:
grep -i slurp .../access.log | awk '{print $1}'
is a little trickier since awk does not have a non-verbose
case-insensitive switch, so you have to do one of these:
awk '/[Ss][Ll][Uu][Rr][Pp]/ {print $1}' .../access.log
awk '/slurp/ {print $1}' IGNORECASE=1 .../access.log
.
More information about the ubuntu-users
mailing list