Any way I can improve this bash script?

Jebususu · 2013-01-23 12:32:36

r3s

Last edited by Jebususu (2013-02-04 16:43:58)

Trilby · 2013-01-23 12:36:48

It might help if you said what you actually wanted it to do.

Without knowing the goals, the main thing that jumps out at me is a long awkward series of greps, seds, and awks followed by a loop through each matching element that does some counting and prints out some information. *ALL* that should be replaced by a single awk invocation.

digirium · 2013-01-23 12:38:31

Using the builtin test [[ rather than [ which is an executable will may be speed the script up. Also, have you thought about using fail2ban instead? It is a python script that runs a daemon and does the same thing.

tomk · 2013-01-23 12:42:27

Arch hasn't used tcp_wrappers for a long time, so this script is redundant. Adapt it to use iptables instead.

fukawi2 · 2013-01-23 22:18:49

echo '
# /etc/hosts.deny
# See "man tcpd" and "man 5 hosts_access" as well as /etc/hosts.allow
# for a detailed description.
#Ian Morris
ALL: xx.xx.xx.xx' > /etc/hosts.deny

Use cat with here docs instead of multi-line echos

cat > /etc/hosts.deny <<EOT
# /etc/hosts.deny
# See "man tcpd" and "man 5 hosts_access" as well as /etc/hosts.allow
# for a detailed description.
#Ian Morris
ALL: xx.xx.xx.xx
EOT

fukawi2 · 2013-01-23 22:23:21

echo '
# /etc/hosts.deny
# See "man tcpd" and "man 5 hosts_access" as well as /etc/hosts.allow
# for a detailed description.
#Ian Morris
ALL: xx.xx.xx.xx' > /etc/hosts.deny

Use cat with here docs instead of multi-line echos

cat > /etc/hosts.deny <<EOT
# /etc/hosts.deny
# See "man tcpd" and "man 5 hosts_access" as well as /etc/hosts.allow
# for a detailed description.
#Ian Morris
ALL: xx.xx.xx.xx
EOT

for IP in `/bin/grep sshd /var/log/secure|/bin/grep "Failed password"|awk -F" port" '{print $1}'|awk -F"from " '{print $2}'` 0.0.0.0; do

Either use a proper subshell or a while loop instead.

for IP in $(/bin/grep sshd /var/log/secure|/bin/grep "Failed password"|awk -F" port" '{print $1}'|awk -F"from " '{print $2}') 0.0.0.0; do

or

/bin/grep sshd /var/log/secure|/bin/grep "Failed password"|awk -F" port" '{print $1}'|awk -F"from " '{print $2}') | while read IP ; do

(Not sure why you have 0.0.0.0 in there too though, the second method can't use that)

Lastly, there's no sorting in there, so if an IP is seen multiple times, but with other IP's in between, you won't count them more than once.

schalox · 2013-01-24 12:17:17

You can replace the for-loop with something like this:

awk -v max_count="$MAXCOUNT" '
    $6=="Failed" && $7=="password" && $NF=="ssh2" {
        array[$11]++
    }
    END {
        for(ip in array) {
            if(array[ip] >= max_count) {
                print "ALL:", ip
            }
        }
    }' /var/log/secure.log >> /etc/hosts.deny

Arch Linux

#1 2013-01-23 12:32:36

Any way I can improve this bash script?

#2 2013-01-23 12:36:48

Re: Any way I can improve this bash script?

#3 2013-01-23 12:38:31

Re: Any way I can improve this bash script?

#4 2013-01-23 12:42:27

Re: Any way I can improve this bash script?

#5 2013-01-23 22:18:49

Re: Any way I can improve this bash script?

#6 2013-01-23 22:23:21

Re: Any way I can improve this bash script?

#7 2013-01-24 12:17:17

Re: Any way I can improve this bash script?

Board footer