Can anyone spot my booboo - it is driving me mad. It seems to do exactly what I want except the if block is not running when it should be :(
echo ------------------------------------------------------------------
echo Grabbing list of currently blocked IPs
cat /etc/hosts.deny | grep "ALL:" | sed "s/ALL: //" | sort | uniq > /var/tmp/worms.blocked
echo Updating IP list using access_log
egrep -i "(cmd.exe|root.exe|default.ida|_vti_bin)" /var/log/httpd/access_log | awk '{print $1}' | sort -n | uniq |
while read host
do
if (! fgrep -x $host /var/tmp/worms.blocked) then
echo Adding $host to blocked sites
echo $host>> /var/tmp/worms.blocked
/sbin/ipchains -I input -s $host -j DENY -l
fi
done
echo Done!
I've tried echoing $host inside the while loop and it is working fine but it seems the fgrep is not working for some reason and so the ipchains command is never called.
I've tried the fgrep on its own from my ssh account and that works when I manually enter an IP to match
Code:
echo Try to block people who are spreading CodeRed/Nimda echo ------------------------------------------------------------------
echo Grabbing list of currently blocked IPs
cat /etc/hosts.deny | grep "ALL:" | sed "s/ALL: //" | sort | uniq > /var/tmp/worms.blocked
echo Updating IP list using access_log
egrep -i "(cmd.exe|root.exe|default.ida|_vti_bin)" /var/log/httpd/access_log | awk '{print $1}' | sort -n | uniq |
while read host
do
if (! fgrep -x $host /var/tmp/worms.blocked) then
echo Adding $host to blocked sites
echo $host>> /var/tmp/worms.blocked
/sbin/ipchains -I input -s $host -j DENY -l
fi
done
echo Done!
I've tried echoing $host inside the while loop and it is working fine but it seems the fgrep is not working for some reason and so the ipchains command is never called.
I've tried the fgrep on its own from my ssh account and that works when I manually enter an IP to match