Script year_month_day_hour_minute with fail2ban


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Script year_month_day_hour_minute with fail2ban
# 1  
Old 03-05-2014
[SOLVED] Script year_month_day_hour_minute with fail2ban

Hello,

What I would like to do is a shell script which will read a database file, then it will compare the current date/hour/minute in each line existing in the database file.
Today is 20140305 (year_month_day) & assume that the time is 15:11 at the moment.

under /var/log/
database.txt
Code:
ssh1 ##201403051511
ssh2 ##201403051510
ssh3 ##201403051509
ssh4 ##201403051508
ssh5 ##201403051531
ssh6 ##201403051541
ssh6 ##201403051542
ssh6 ##201403051543

When the script is started it will create a new txt file such as:

under /var/log/
filtered.txt
Code:
ssh2 ##201403051510
ssh3 ##201403051509
ssh4 ##201403051508

Then it will look up related usernames in /var/log/syslog file, grep each user's ip address and send them to fail2ban to block the connection.

In this example, connection of usernames ssh2-ssh3-ssh4 will be broken.

I appreciate your valuable support.

PS: I have found given below iptables command but I do not know how to integrate this into my database file

Code:
iptables -I INTPUT -s xxx.xxx.xxx.xxx -m time --utc --datestart 2013-09-09T15:00 --datestop 2013-09-09T15:30 -j DROP

Thanks
Boris

Last edited by baris35; 03-10-2014 at 10:36 PM..
# 2  
Old 03-05-2014
I suggest giving a better example. It's not clear what you're comparing each time value in the text file. You state

"then it will compare the current date/hour/minute in each line existing in the database file"

and then you say something about the current date and assume the current time is something...

"Today is 20140305 (year_month_day) & assume that the time is 15:11 at the moment."

Are you selecting records that are earlier than the current time. If so, won't all records in this file always be selected?

It's also not clear what you mean when you say "integrate into your database"
# 3  
Old 03-06-2014
Hello Blackrageous,

-Objective: What I would like to accomplish is to terminate an account automatically if that account is expired.

-What does "then it will compare the current date/hour/minute in each line existing in the database file" mean?

When the script is started in any given time, it will print "system date" (year_month_day_hour_min) and compare the value shown in database.txt file

-Are you selecting records that are earlier than the current time?
That's exactly right!

-To make it more understandable, i changed database.txt file as shown below

under /var/log/
database.txt:

Code:
sophie.bextor ##201403011017
dido ##201403251049
ray.charles ##201403290159
freddie.mercury ##201404012200
madonna ##201403050900

Output file will be filtered.txt as shown below:

Code:
sophie.bextor ##201403011017
madonna ##201403050900

sophie's account expired on 2014.03.01 time: 10:17
madonna's account expired on 2014.03.05 time: 09:00 (expired)

sophie.bextor & madonna has expired accounts so that those usernames will be looked up in /var/log/syslog file and the script will grab related ip addresses and send them to iptables so that they can not be logged in to the system.

Thanks for your time
Boris
# 4  
Old 03-07-2014
Save perl script below to say "filter_accts.pl" and run it on the command line $ filter_accts.pl database.txt this will output all expired user accounts to filtered.txt...
Code:
#!/usr/bin/perl

use Time::Local;
open outf, "> filtered.txt";

while (<>) {
    @f = split /#/, $_;
    $yr = substr($f[2], 0, 4);
    $mo = substr($f[2], 4, 2);
    $dy = substr($f[2], 6, 2);
    $hr = substr($f[2], 8, 2);
    $mi = substr($f[2], 10, 2);
    print outf if time > timelocal(0, $mi, $hr, $dy, $mo-1, $yr-1900);
}

This User Gave Thanks to shamrock For This Post:
# 5  
Old 03-10-2014
Hello Shamrock,
Thanks for your reply.
It gives correct result!

Thank you so much!
Boris
# 6  
Old 03-10-2014
Similar GNU awk approach
Code:
gawk -F'##' '
  {
    then=mktime(substr($2,1,4)" "substr($2,5,2)" "substr($2,7,2)" "substr($2,9,2)" "substr($2,11,2)" 0")
  }
  now > then
' now=$(date '+%s') database.txt

This User Gave Thanks to ahamed101 For This Post:
Login or Register to Ask a Question

Previous Thread | Next Thread

7 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Shell script works fine as a standalone script but not as part of a bigger script

Hello all, I am facing a weird issue while executing a code below - #!/bin/bash cd /wload/baot/home/baotasa0/sandboxes_finance/ext_ukba_bde/pset sh UKBA_publish.sh UKBA 28082015 3 if then echo "Param file conversion for all the areas are completed, please check in your home directory"... (2 Replies)
Discussion started by: ektubbe
2 Replies

2. Cybersecurity

Fail2ban ERROR Unable to contact server. Is it running?

Hello, my fail2ban service is running (ps aux) When i do: fail2ban-client status it returns: ERROR Unable to contact server. Is it running? same message on fail2ban restart. In /etc/fail2ban/fail2ban.conf i see this line: socket = /var/run/fail2ban/fail2ban.sock but this file does... (1 Reply)
Discussion started by: postcd
1 Replies

3. UNIX for Dummies Questions & Answers

Calling a script from master script to get value from called script

I am trying to call a script(callingscript.sh) from a master script(masterscript.sh) to get string type value from calling script to master script. I have used scripts mentioned below. #masterscript.sh ./callingscript.sh echo $fileExist #callingscript.sh echo "The script is called"... (2 Replies)
Discussion started by: Raj Roy
2 Replies

4. Shell Programming and Scripting

Read file, grab ip with fail2ban

Solved with iptables. Many thanks... Hello, Objective: What I would like to accomplish is : - To read file1 line by line and search each word in file2. - To grab corresponding ip addresses found in file2 - To send related ip addresses to fail2ban (not iptables) By this way, when I... (5 Replies)
Discussion started by: baris35
5 Replies

5. Windows & DOS: Issues & Discussions

Fail2ban: email notifications and banning ssh IP logins

Hi all. I am using Cygwin in Windows 7 and am trying to setup fail2ban so that I can ban foreign IP addresses under SSH, also getting email notifications. I downloaded fail2ban and installed it. I then created jail.local copy from jail.conf and changed some values in jail.local. Now when I try to... (2 Replies)
Discussion started by: synthesis
2 Replies

6. Shell Programming and Scripting

Script will keep checking running status of another script and also restart called script at night

I am using blow script :-- #!/bin/bash FIND=$(ps -elf | grep "snmp_trap.sh" | grep -v grep) #check snmp_trap.sh is running or not if then # echo "process found" exit 0; else echo "process not found" exec /home/Ketan_r /snmp_trap.sh 2>&1 & disown -h ... (1 Reply)
Discussion started by: ketanraut
1 Replies

7. Shell Programming and Scripting

create a shell script that calls another script and and an awk script

Hi guys I have a shell script that executes sql statemets and sends the output to a file.the script takes in parameters executes sql and sends the result to an output file. #!/bin/sh echo " $2 $3 $4 $5 $6 $7 isql -w400 -U$2 -S$5 -P$3 << xxx use $4 go print"**Changes to the table... (0 Replies)
Discussion started by: magikminox
0 Replies
Login or Register to Ask a Question