Tim Wolak am Freitag, 4. August 2006 14:07:
Hello Tim
> On Thu, 2006-08-03 at 15:26 -0700, John W. Krahn wrote:
> > Rob Dixon wrote:
> > > Tim Wolak wrote:
> > >> if($box =~ m/"$tim"/){
> > >
> > > Do you intend the quotes? If the lines from the original hosts.deny
> > > file (in @boxes) have IP addresses in quotes then you're OK, but
> > > otherwise take them out. This is my best guess as to why your code
> > > isn't working. Also, you really need to escape the dots in $tim,
> > > otherwise they'll match any character instead of literal dots.
> > >
> > > if ($box =~ /\Q$tim/) {
> >
> > That won't work correctly either. If $box contains '1.2.3.45' and $tim
> > contains '1.2.3.4' then they will "match" although they aren't the same
> > IP address.
> >
> >
> > John
> > --
> > use Perl;
> > program
> > fulfillment
>
> John is patially right, it will match but if its close it will match it
> also. Another problem if I try to print the IP to a file it does not do
> that either.
>
> #!/usr/bin/perl -w
>
> use strict;
> use IO::Handle;
Do you need to import this module?
> my $logfile = "/var/log/messages";
> my $secv = "/var/log/secv";
> my $hosts = "/etc/hosts.deny";
> my $cody = "/etc/hosts.txt";
Single quotes are sufficient, there's nothing to interpolate into the strings.
> my @boxes;
> my $box;
>
> open(LOG, $logfile) || die "Cannot open logfile for reading: $!";
> open(SEC, ">$secv") || die "Can't open file!: $!";
> open(HOST, $hosts) || die "Can't open file!: $!";
> open(DENY, ">$cody") || die "Can't open file!: $!";
>
> foreach (<HOST>) {
> push @boxes, $1 if /(\d+\.\d+\.\d+\.\d+)/;
You put IP addresses in @boxes,
> }
> close HOST;
>
> while (<LOG>){
> next unless /Failed password for invalid/;
> print SEC "Invalied user logon attempt!:$_\n";
> next unless /(\d+\.\d+\.\d+\.\d+)/;
> my $tim = $1;
$tim also contains an IP address,
> foreach $box (@boxes) {
> if ($box =~ /$tim/){
so you can avoid the problem pointed out by JWK by replacing the regex by
if ($box eq $tim) {
> print DENY;
print DENY $_, "\n";
otherwise you'll get a one line file containing something like
11.22.33.4455.66.77.881.2.3.4 etc..
> } else {
> next;
> }
> }
> }
> close SEC;
> close DENY;
> close LOG;
I think that the nested open/close of files is not the best way. Keep actions
as local as possible, as a general rule.
[UNTESTED]:
#!/usr/bin/perl # <--
use strict;
use warnings; # <--
#use IO::Handle;
my $logfile = '/var/log/messages';
my $secv = '/var/log/secv';
my $hosts = '/etc/hosts.deny';
my $cody = '/etc/hosts.txt';
my (@boxes, $box);
open HOST, '<', $hosts or die "Can't open file!: $!";
push @boxes, $1 if /(\d+\.\d+\.\d+\.\d+)/
for <HOST>;
close HOST or die $!;
open LOG, '<', $logfile or die "Can't open logfile for reading: $!";
open SEC, '>', $secv or die "Can't open file!: $!";
open DENY, '>', $cody or die "Can't open file!: $!";
while (<LOG>){
if (/Failed password for invalid/) {
print SEC "Invalid user logon attempt!: $_\n";
next;
}
/(\d+\.\d+\.\d+\.\d+)/ or next;
my $tim = $1;
foreach $box (@boxes) {
($box eq $tim)
? print DENY "$_\n"
: next;
}
}
close SEC or die $!;
close DENY or die $!;
close LOG or die $!;
__END__
Dani
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
