Difference: IP_Block ( vs. 1)

Revision 12010-03-25 - GunmoRyu

 
META TOPICPARENT name="2010March"
#!/usr/bin/env python

import os, urllib

os.system("cat /var/log/secure | grep 'Failed' > /root/failed.log")
os.system("cat /var/log/secure | grep 'Invalid user' > /root/invalid.log")

file = open('/root/invalid.log')

number_of_limit = 30

invalid = file.readlines()

list_of_ip = {}

for line in invalid :
    line= line.strip()
    tt = line.split(' from ')[-1]
    if list_of_ip.has_key( tt ) is False :
        list_of_ip[tt] = 1
    else :
        list_of_ip[tt] = list_of_ip[tt]+1


file.close()

file = open('/root/failed.log')

failed = file.readlines()

for line in failed :
    line = line.strip()
    tt = line.split(' from ')[-1]
    tt = tt.split(' port ')[0]

    if list_of_ip.has_key( tt ) is False :
        list_of_ip[tt] = 1
    else :
        list_of_ip[tt] = list_of_ip[tt]+1


for list in list_of_ip.keys() :
    if list_of_ip[list]> number_of_limit :
        print list, list_of_ip[list]
        cmd = '/sbin/iptables -A INPUT -s '+list+' -j DROP'
        os.system(cmd)


os.system("service iptables save")

-- GunmoRyu - 25 Mar 2010

 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding KoreaCmsWiki? Send feedback