[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Ajuda - Ler um arquivo de log e executar uma tarefa
|
From: |
ricardoscript |
|
Subject: |
Ajuda - Ler um arquivo de log e executar uma tarefa |
|
Date: |
Sun, 21 Feb 2010 00:25:59 -0000 |
|
User-agent: |
eGroups-EW/0.82 |
Pessoal, estou precisando de um script que leia meu arquivo mail.log e ao
encontrar a palavra "LOGIN FAILED" vindo de um mesmo IP por mais de 6 vezes ele
execute o comando iptables -A INPUT -s xxx.xxx.xxx.xxx(IP atacante) -j DROP
Segue corte de meu mail.log onde se observa a tentativa de brute-force
Por qualquer ajudo, estou desde já agradecido.
Feb 20 09:20:35 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:20:35 matrix pop3d: LOGIN FAILED, user=staff,
ip=[::ffff:189.126.109.221]
Feb 20 09:20:40 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:20:40 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:20:40 matrix pop3d: LOGIN FAILED, user=humberto,
ip=[::ffff:189.126.109.221]
Feb 20 09:20:45 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:20:45 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:20:45 matrix pop3d: LOGIN FAILED, user=humberto,
ip=[::ffff:189.126.109.221]
Feb 20 09:20:50 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:20:50 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:20:50 matrix pop3d: LOGIN FAILED, user=ian,
ip=[::ffff:189.126.109.221]
Feb 20 09:20:56 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:20:56 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:20:56 matrix pop3d: LOGIN FAILED, user=ian,
ip=[::ffff:189.126.109.221]
Feb 20 09:21:01 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:21:01 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:21:01 matrix pop3d: LOGIN FAILED, user=iasmin,
ip=[::ffff:189.126.109.221]
Feb 20 09:21:06 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:21:06 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:21:06 matrix pop3d: LOGIN FAILED, user=iasmin,
ip=[::ffff:189.126.109.221]
Feb 20 09:21:11 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:21:11 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:21:11 matrix pop3d: LOGIN FAILED, user=iasser,
ip=[::ffff:189.126.109.221]
Feb 20 09:21:16 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:21:16 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:21:16 matrix pop3d: LOGIN FAILED, user=iasser,
ip=[::ffff:189.126.109.221]
Feb 20 09:21:21 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:21:21 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:21:22 matrix pop3d: LOGIN FAILED, user=ibraim,
ip=[::ffff:189.126.109.221]
Feb 20 09:21:27 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:21:27 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:21:27 matrix pop3d: LOGIN FAILED, user=ibraim,
ip=[::ffff:189.126.109.221]
Feb 20 09:21:32 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
Feb 20 09:21:32 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
Feb 20 09:21:32 matrix pop3d: LOGIN FAILED, user=ibsen,
ip=[::ffff:189.126.109.221]
- Ajuda - Ler um arquivo de log e executar uma tarefa,
ricardoscript <=