Re: Security using ipf to block IP's run in cron

From: Jean-Pierre Radley <jpr@xxxxxxx>
Date: Sat, 10 May 2008 16:15:58 -0400

Boyd Lynn Gerber typed (on Mon, May 05, 2008 at 06:09:41PM -0600):
| Hello,
|
| I just finished a program that I run in cron every 15 minutes to add block
| rules to IPF for attacks in syslog. You this at your own risk. It is
| licensed under the GPL.
|
| ftp://ftp.zenez.com/pub/zenez/prgms/scan-syslog-4-ipf-block-ips
|
| Please send any feedback or changes to me.

Shouldn't you be able to consolidate several of those awk scans of the
syslog into one run of awk?

I make every effort here to unclutter the syslog file; I think it
affords far easier parsing by scripts, let alone by human eyes, to
effect logging into diverse files. To that end, my /etc/syslog.conf
file contains:

# @(#) syslog.conf on jpradley.jpr.com
#
# *.debug;*.info /var/adm/syslog
# above is sole line originally shipped in this file from SCO.

*.info;daemon,local0,local3,local4,local5,local6,local7,mail,news.none\
/var/adm/syslog
daemon.err /var/adm/syslog

## SCO's mqueue compiled to use Facility = mail
## SCO's popper compiled to use Facility = local0
mail,local0.notice /var/adm/maillog

## cpqasm facility=local1 in /etc/cevtdl.conf
local1.info /var/adm/cpqasm.log

## tcp-wrappers I compiled it to use Facility=local3
local3.notice /var/adm/tcplog

## HylaFax Facility=local5 in /usr/local/spool/hylafax/etc/config
local5.* /var/adm/hylafaxlog

## sshd SyslogFacility=local6 in /etc/ssh/sshd_config
local6.* /var/adm/sshdlog

... and more pertaining to my Usenet news feed.

--
JP
.

Follow-Ups:
- Re: Security using ipf to block IP's run in cron
  - From: Boyd Lynn Gerber

References:
- Security using ipf to block IP's run in cron
  - From: Boyd Lynn Gerber

Prev by Date: Re: Is anyone here playing with Xen, and care to compare notes?
Next by Date: Re: Security using ipf to block IP's run in cron
Previous by thread: Re: Security using ipf to block IP's run in cron
Next by thread: Re: Security using ipf to block IP's run in cron
Index(es):
- Date
- Thread

Relevant Pages

Re: Security using ipf to block IPs run in cron
... On Sat, 10 May 2008, Jean-Pierre Radley wrote: ... |> Shouldn't you be able to consolidate several of those awk scans of the ... pretty large syslog file several times is just a greater burden on your ... does take the script 3-5 seconds to run. ...
(comp.unix.sco.misc)
Re: Security using ipf to block IPs run in cron
... |> | rules to IPF for attacks in syslog. ... |> Shouldn't you be able to consolidate several of those awk scans of the ... | search on multiple files if I split them up. ... only sshd messages. ...
(comp.unix.sco.misc)
Re: Addition within bash script
... > I'm using the following to extract connect times from syslog: ... > How can the output digits be added together?. ... use awk ...
(comp.os.linux.misc)
Parse a syslog to get the size
... I've a syslog with thousands of entries as listed below. ... I can do this by awk like: ... will work fine but if it does, then awk '' fails to grab ...
(comp.unix.shell)
Re: Syslog Setup
... switch in order to log remote udp packages your other nw devices send to ... syslog has eight facilities for things u intend to use ... ... addresed to particular facility ... ... further config will probably take u to logrotate configuration ...
(comp.os.linux)