On Fri, 2006-08-04 at 14:46 +0200, D. Bolliger wrote:
> Tim Wolak am Freitag, 4. August 2006 14:07:
>
> Hello Tim
>
> > On Thu, 2006-08-03 at 15:26 -0700, John W. Krahn wrote:
> > > Rob Dixon wrote:
> > > > Tim Wolak wrote:
> > > >> if($box =~ m/"$tim"/){
> > > >
> > > > Do you intend the quotes? If the lines from the original hosts.deny
> > > > file (in @boxes) have IP addresses in quotes then you're OK, but
> > > > otherwise take them out. This is my best guess as to why your code
> > > > isn't working. Also, you really need to escape the dots in $tim,
> > > > otherwise they'll match any character instead of literal dots.
> > > >
> > > > if ($box =~ /\Q$tim/) {
> > >
> > > That won't work correctly either. If $box contains '1.2.3.45' and $tim
> > > contains '1.2.3.4' then they will "match" although they aren't the same
> > > IP address.
> > >
> > >
> > > John
> > > --
> > > use Perl;
> > > program
> > > fulfillment
> >
> > John is patially right, it will match but if its close it will match it
> > also. Another problem if I try to print the IP to a file it does not do
> > that either.
> >
> > #!/usr/bin/perl -w
> >
> > use strict;
> > use IO::Handle;
>
> Do you need to import this module?
>
> > my $logfile = "/var/log/messages";
> > my $secv = "/var/log/secv";
> > my $hosts = "/etc/hosts.deny";
> > my $cody = "/etc/hosts.txt";
>
> Single quotes are sufficient, there's nothing to interpolate into the strings.
>
> > my @boxes;
> > my $box;
> >
> > open(LOG, $logfile) || die "Cannot open logfile for reading: $!";
> > open(SEC, ">$secv") || die "Can't open file!: $!";
> > open(HOST, $hosts) || die "Can't open file!: $!";
> > open(DENY, ">$cody") || die "Can't open file!: $!";
> >
> > foreach (<HOST>) {
> > push @boxes, $1 if /(\d+\.\d+\.\d+\.\d+)/;
>
> You put IP addresses in @boxes,
>
> > }
> > close HOST;
> >
> > while (<LOG>){
> > next unless /Failed password for invalid/;
> > print SEC "Invalied user logon attempt!:$_\n";
> > next unless /(\d+\.\d+\.\d+\.\d+)/;
> > my $tim = $1;
>
> $tim also contains an IP address,
>
> > foreach $box (@boxes) {
> > if ($box =~ /$tim/){
>
> so you can avoid the problem pointed out by JWK by replacing the regex by
>
> if ($box eq $tim) {
>
> > print DENY;
>
> print DENY $_, "\n";
>
> otherwise you'll get a one line file containing something like
> 11.22.33.4455.66.77.881.2.3.4 etc..
>
> > } else {
> > next;
> > }
> > }
> > }
> > close SEC;
> > close DENY;
> > close LOG;
>
> I think that the nested open/close of files is not the best way. Keep actions
> as local as possible, as a general rule.
>
> [UNTESTED]:
>
> #!/usr/bin/perl # <--
>
> use strict;
> use warnings; # <--
>
> #use IO::Handle;
>
> my $logfile = '/var/log/messages';
> my $secv = '/var/log/secv';
> my $hosts = '/etc/hosts.deny';
> my $cody = '/etc/hosts.txt';
>
> my (@boxes, $box);
>
>
> open HOST, '<', $hosts or die "Can't open file!: $!";
>
> push @boxes, $1 if /(\d+\.\d+\.\d+\.\d+)/
> for <HOST>;
>
> close HOST or die $!;
>
>
> open LOG, '<', $logfile or die "Can't open logfile for reading: $!";
> open SEC, '>', $secv or die "Can't open file!: $!";
> open DENY, '>', $cody or die "Can't open file!: $!";
>
> while (<LOG>){
> if (/Failed password for invalid/) {
> print SEC "Invalid user logon attempt!: $_\n";
> next;
> }
>
> /(\d+\.\d+\.\d+\.\d+)/ or next;
> my $tim = $1;
>
> foreach $box (@boxes) {
> ($box eq $tim)
> ? print DENY "$_\n"
> : next;
> }
> }
>
> close SEC or die $!;
> close DENY or die $!;
> close LOG or die $!;
>
> __END__
>
> Dani
>
Thanks Dani,
I have modified the code however its still not writting to the file....
Not sure what is going on, I have tried different ideas to get it to
pint to the file but so far no go. Does anyone have any ideas?
#!/usr/bin/perl -w
use strict;
use warnings;
my $logfile = '/var/log/messages';
my $secv = '/var/log/secv';
my $hosts = '/etc/hosts.deny';
my $cody = '/etc/hosts.txt';
my @boxes;
my $box;
open(LOG, $logfile) || die "Cannot open logfile for reading: $!";
open(SEC, '>$secv') || die "Can't open file!: $!";
open(HOST, $hosts) || die "Can't open file!: $!";
open(DENY, '>>$cody') || die "Can't open file!: $!";
foreach (<HOST>) {
push @boxes, $1 if /(\d+\.\d+\.\d+\.\d+)/;
}
close HOST or die $!;
while (<LOG>){
next unless /Failed password for invalid/;
print SEC "Invalied user logon attempt!:$_\n";
next unless /(\d+\.\d+\.\d+\.\d+)/;
my $tim = $1;
foreach $box (@boxes) {
if ($box eq /$tim/){
next;
} else {
print DENY "$tim\n";
}
}
}
close SEC or die $!;
close DENY or die $!;
close LOG or die $!;
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
