Has someone modified the Dshield.org reporting script so that it runs on
EigerStein? Out of the box I don't have all of the commands installed (it
throws its first errors on WC and TR). Any suggestions?
-Liam
#!/bin/sh
# DShield bash client. V 0.0.1
#
# Parameters
#
# your dshield userid. leave '0' to submit anonymous logs.
userid=0
# your return email address. leave 'none' to submit anonymous logs.
email=none
# where to send logs to. replace with your own e-mail address for testing.
[EMAIL PROTECTED]
# what lines to grep for. 'input DENY' should get it
# change if you are logging differently (e.g. different chain name or
# redirect/reject instead of deny
filter="input DENY"
# temp. file to remember length of log file between runs.
state=/var/tmp/dshield
# name of log file.
logfile=/var/log/messages
# where to find your 'mail' program.
mail='/bin/mail'
# setup a temp file name.
tmp=/tmp/dshield.$$.tmp
#
# the 'logic part'. Try to avoid changing this part.
#
last_count=0
# read length of file from 'state'
if [ -e $state ] ; then
last_count=`cat $state | tr -d "\n"`
fi
# get current length of log file
length=`wc -l $logfile | sed 's/[^0-9]//g' | tr -d "\n"`
# if the new length is short than the old length,
# we assume a new log file was opened. Take it all.
if [ "$length" -lt "$last_count" ] ; then
last_count=0
fi
#calculate how many lines where written since we ran last.
count=$[length-last_count]
# get the new lines from the log file and write them to $tmp
tail -$count $logfile | grep "$filter" > $tmp
# only send an e-mail if the $tmp file is not empty
if [ -s $tmp ] ; then
$mail -s "FORMAT LINUX USERID $userid" $to < $tmp
fi
#delete tmp file.
rm /tmp/dshield.$$.tmp
#remember new length of log file.
echo $length > $state
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
