Re: [shell-script] Ajuda - Ler um arquivo de log e executar uma tarefa

[Julio C. Neves]

Fala Ricardo,
vc está agradecendo pela ajuda, mas está mesmo é pedindo que façamos por vc.
Ajuda significa mostrar o que vc já fez e darmos uma "ajuda" para vc
terminar. Fazer para vc é consultoria, e consultoria é paga.

Abraços,
Julio
Cursos de Shell e Zenity em 2 fins de semana?
- SP turma de Shell em 29/03 - ligue (11)2125-4747;
- Floripa turma Shell 12/04 http://www.seventreinamentos.com.br;
- DF turma de Shell em 17/04 - ligue (61) 3223-3000;
- Aracaju turma de Shell em 12/05 - address@hidden;
- RJ turma de Shell em 14/06 - ligue (21)2210-6061;
- Turmas fechadas em outras cidades ligue (21)  8112-9988.


Em 20 de fevereiro de 2010 22:25, ricardoscript
<address@hidden>escreveu:

>
>
> Pessoal, estou precisando de um script que leia meu arquivo mail.log e ao
> encontrar a palavra "LOGIN FAILED" vindo de um mesmo IP por mais de 6 vezes
> ele execute o comando iptables -A INPUT -s xxx.xxx.xxx.xxx(IP atacante) -j
> DROP
>
> Segue corte de meu mail.log onde se observa a tentativa de brute-force
> Por qualquer ajudo, estou desde já agradecido.
>
> Feb 20 09:20:35 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
> Feb 20 09:20:35 matrix pop3d: LOGIN FAILED, user=staff,
> ip=[::ffff:189.126.109.221]
> Feb 20 09:20:40 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
> Feb 20 09:20:40 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
> Feb 20 09:20:40 matrix pop3d: LOGIN FAILED, user=humberto,
> ip=[::ffff:189.126.109.221]
> Feb 20 09:20:45 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
> Feb 20 09:20:45 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
> Feb 20 09:20:45 matrix pop3d: LOGIN FAILED, user=humberto,
> ip=[::ffff:189.126.109.221]
> Feb 20 09:20:50 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
> Feb 20 09:20:50 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
> Feb 20 09:20:50 matrix pop3d: LOGIN FAILED, user=ian,
> ip=[::ffff:189.126.109.221]
> Feb 20 09:20:56 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
> Feb 20 09:20:56 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
> Feb 20 09:20:56 matrix pop3d: LOGIN FAILED, user=ian,
> ip=[::ffff:189.126.109.221]
> Feb 20 09:21:01 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
> Feb 20 09:21:01 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
> Feb 20 09:21:01 matrix pop3d: LOGIN FAILED, user=iasmin,
> ip=[::ffff:189.126.109.221]
> Feb 20 09:21:06 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
> Feb 20 09:21:06 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
> Feb 20 09:21:06 matrix pop3d: LOGIN FAILED, user=iasmin,
> ip=[::ffff:189.126.109.221]
> Feb 20 09:21:11 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
> Feb 20 09:21:11 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
> Feb 20 09:21:11 matrix pop3d: LOGIN FAILED, user=iasser,
> ip=[::ffff:189.126.109.221]
> Feb 20 09:21:16 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
> Feb 20 09:21:16 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
> Feb 20 09:21:16 matrix pop3d: LOGIN FAILED, user=iasser,
> ip=[::ffff:189.126.109.221]
> Feb 20 09:21:21 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
> Feb 20 09:21:21 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
> Feb 20 09:21:22 matrix pop3d: LOGIN FAILED, user=ibraim,
> ip=[::ffff:189.126.109.221]
> Feb 20 09:21:27 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
> Feb 20 09:21:27 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
> Feb 20 09:21:27 matrix pop3d: LOGIN FAILED, user=ibraim,
> ip=[::ffff:189.126.109.221]
> Feb 20 09:21:32 matrix pop3d: Disconnected, ip=[::ffff:189.126.109.221]
> Feb 20 09:21:32 matrix pop3d: Connection, ip=[::ffff:189.126.109.221]
> Feb 20 09:21:32 matrix pop3d: LOGIN FAILED, user=ibsen,
> ip=[::ffff:189.126.109.221]
>
>  
>


[As partes desta mensagem que não continham texto foram removidas]