On 2017-06-17 Sat 14:56 PM |, Peter N. M. Hansteen wrote: > > Examples in the most recent PF tutorial start at > https://home.nuug.no/~peter/pftutorial/#44 and there is a oneliner that > would be an easy starting point for adapting to your needs at the bottom > of https://home.nuug.no/~peter/pftutorial/#46 - that one is taken from a > cron job I run somewhere that will not ever need a wordpress install. >
Thanks Peter. This script has awk do the pattern matching, rather than piping from grep. It is manually run serveral times a week on a dual-homed static only web server, but could likewise easily be adapted & automated for other tasks. (NOTE: it needs a private $TMPDIR, in this case for the 'webmaster' user it is /tmp/webmaster/) #!/bin/ksh -r # # $Id: error-log-parser,v 1.13 2017/03/23 13:00:22 craig Exp $ # #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- # # Copyright (c) 2015-2017 Craig R. Skinner <[email protected]> # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- # if [[ -f $1 ]] then log=$1 [[ ${log} == *.gz ]] { cp ${log} ${TMPDIR} || exit log=${TMPDIR}/${log##*/} gunzip ${log} || exit log=${log%.*} rm_log='true' } else log='/var/www/logs/error.log' fi ips=$(mktemp) awk -F , '/\.php|\.cgi|\/wp-content\/|\/wordpress\/|w00tw00t|\/joomla\/|\/phpMyAdmin|\.jsp|\.action|\.asp|\.esp|\/cgi-bin\/|"\/htdocs\/server-status"|"\/htdocs\/rom-0"/ { if($2 !~ "192.168.1.") split($2, client, " "); print client[2] }' ${log} | sort -u -o ${ips} [[ -n ${rm_log} ]] && rm ${log} [[ -s ${ips} ]] || { print 'No pattern matches.' rm ${ips} exit } vi ${ips} mv ${ips} /tmp print "you$ sudo pfctl -v -t scanners -T add \$(< /tmp/${ips##*/})" -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
