0

I have a script which parses a varnish varnishncsa log file. The purpose of the script is that if anyone accesses a certain url on the server, it adds their ip address to iptables to lock them out.

In my script I have a statement which ignores my static office ip address (so that I dont lock myself out of the server).

I am trying to add more ip addresses to exclude them from being locked out, but when I do, it seems to break the script.

#!/bin/bash


for address in `cat /var/log/brute.txt | grep -v -f /var/log/applied_brute.txt`; do
/bin/echo $address >> /var/log/applied_brute.txt

if [ "$address" != "my.of.fi.ce.ip" ]; then
IPTABLE=`echo $address | awk '{ print "/sbin/iptables -A INPUT -s "$0" -j DROP -m state --state NEW,ESTABLISHED,RELATED\n"}'`
fi


echo $IPTABLE
$IPTABLE
done


unset address
unset IPTABLE

What I would like is where the statement 

if [ "$address" != "my.of.fi.ce.ip" ]; then

to add a few more ip addresses to it.

Improve this question

4 Answers 4

Reset to default
1

How about:

#!/bin/bash

for address in `grep -v -f /var/log/applied_brute.txt < /var/log/brute.txt`; do
    echo $address >> /var/log/applied_brute.txt
    if ! grep -q -F -x $address /etc/my-office-addresses.txt; then
        IPTABLE="/sbin/iptables -A INPUT -s "$address" -j DROP -m state --state NEW,ESTABLISHED,RELATED"
        echo $IPTABLE
        $IPTABLE
    fi
done

Store your office addresses in /etc/my-office-addresses.txt

grep options used:

-F : Fixed strings (treat pattern literally, not as regex. This option is not really required in this case, since the input data in all the files used is assumed to be in standard format.)
-x : line match (address = 192.168.0.1 would have matched line = 192.168.0.100 , if this option is missed.)
-q : Do not print result to stdout.
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Note a slight change in the answer. I had forgotten a few options.
Sorry, I noticed NOW, that answer by Basile is also using the same approach.
1

You could use grep or fgrep and have

 if fgrep -q "$address" /etc/files-of-addresses-to-avoid ; then
   # $address should be avoided
 else
   # $address should not be avoided
 fi

(Perhaps you want /var/log/brute.txt instead of /etc/files-of-addresses-to-avoid etc...)

You may be interested by fail2ban which does what you want to achieve.

Improve this answer

1 Comment

Thank you. Fail to ban works like a dream, but it need python, which I don't have on this particular box :-(. I like your idea of having a lists file, did not even think about it. Will play with it a bit and post results. Given you a +1 as the idea is spot on what i'm looking for
1

If you have a very limited amount of ip addresses, you can use a AND:

if [ "$address" != "my.of.fi.ce.ip" -a "$address" != "my.other.of.fi.ce.ip" -a "$address" != "my.la.st.ip" ]; then
Improve this answer

Comments

0

how about creating an Array of local ip addresses, and then go through them in a inner "for loop".

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.