You are not logged in.

#1 2013-01-23 12:32:36

Jebususu
Member
Registered: 2011-02-27
Posts: 74

Any way I can improve this bash script?

r3s

Last edited by Jebususu (2013-02-04 16:43:58)

Offline

#2 2013-01-23 12:36:48

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,441
Website

Re: Any way I can improve this bash script?

It might help if you said what you actually wanted it to do.

Without knowing the goals, the main thing that jumps out at me is a long awkward series of greps, seds, and awks followed by a loop through each matching element that does some counting and prints out some information.  *ALL* that should be replaced by a single awk invocation.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#3 2013-01-23 12:38:31

digirium
Member
Registered: 2012-11-15
Posts: 51

Re: Any way I can improve this bash script?

Using the builtin test [[ rather than [ which is an executable will may be speed the script up. Also, have you thought about using fail2ban instead? It is a python script that runs a daemon and does the same thing.

Offline

#4 2013-01-23 12:42:27

tomk
Forum Fellow
From: Ireland
Registered: 2004-07-21
Posts: 9,839

Re: Any way I can improve this bash script?

Arch hasn't used tcp_wrappers for a long time, so this script is redundant. Adapt it to use iptables instead.

Offline

#5 2013-01-23 22:18:49

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: Any way I can improve this bash script?

echo '
# /etc/hosts.deny
# See "man tcpd" and "man 5 hosts_access" as well as /etc/hosts.allow
# for a detailed description.
#Ian Morris
ALL: xx.xx.xx.xx' > /etc/hosts.deny

Use cat with here docs instead of multi-line echos

cat > /etc/hosts.deny <<EOT
# /etc/hosts.deny
# See "man tcpd" and "man 5 hosts_access" as well as /etc/hosts.allow
# for a detailed description.
#Ian Morris
ALL: xx.xx.xx.xx
EOT

Offline

#6 2013-01-23 22:23:21

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: Any way I can improve this bash script?

echo '
# /etc/hosts.deny
# See "man tcpd" and "man 5 hosts_access" as well as /etc/hosts.allow
# for a detailed description.
#Ian Morris
ALL: xx.xx.xx.xx' > /etc/hosts.deny

Use cat with here docs instead of multi-line echos

cat > /etc/hosts.deny <<EOT
# /etc/hosts.deny
# See "man tcpd" and "man 5 hosts_access" as well as /etc/hosts.allow
# for a detailed description.
#Ian Morris
ALL: xx.xx.xx.xx
EOT
for IP in `/bin/grep sshd /var/log/secure|/bin/grep "Failed password"|awk -F" port" '{print $1}'|awk -F"from " '{print $2}'` 0.0.0.0; do

Either use a proper subshell or a while loop instead.

for IP in $(/bin/grep sshd /var/log/secure|/bin/grep "Failed password"|awk -F" port" '{print $1}'|awk -F"from " '{print $2}') 0.0.0.0; do

or

/bin/grep sshd /var/log/secure|/bin/grep "Failed password"|awk -F" port" '{print $1}'|awk -F"from " '{print $2}') | while read IP ; do

(Not sure why you have 0.0.0.0 in there too though, the second method can't use that)

Lastly, there's no sorting in there, so if an IP is seen multiple times, but with other IP's in between, you won't count them more than once.

Offline

#7 2013-01-24 12:17:17

schalox
Member
From: Finland
Registered: 2011-05-10
Posts: 21

Re: Any way I can improve this bash script?

You can replace the for-loop with something like this:

awk -v max_count="$MAXCOUNT" '
    $6=="Failed" && $7=="password" && $NF=="ssh2" {
        array[$11]++
    }
    END {
        for(ip in array) {
            if(array[ip] >= max_count) {
                print "ALL:", ip
            }
        }
    }' /var/log/secure.log >> /etc/hosts.deny

Offline

Board footer

Powered by FluxBB