Shell Script to Render alert, then write to file
» >
»
» View previous topic :: View next topic  
Will the following successfully render an alert message, then write the IP Address in $TARGET to the /etc/hosts.deny file? Platform Linux Ubuntu, 12.04. All variables will be passed as arguments.


Code:
#!/bin/bash

dialog --ascii-lines --infobox "PortSentry Alert: Port Scan Detected.\nPort: ",$PORT,"; Mode: ",$MODE,"; from IP Address ",$TARGET,"\nThe attacker's IP Address has been automatically logged and blacklisted.\n" 5 90
echo $TARGET >> /etc/hosts.deny
Assuming dialog works like that:

Code:

dialog --ascii-lines --infobox "PortSentry Alert: Port Scan Detected.\nPort: $PORT Mode: $MODE from IP Address $TARGET \nThe attacker's IP Address has been automatically logged and blacklisted.\n" 5 90
echo $TARGET >> /etc/hosts.deny

I just put the variables inside the quote.
CALCnet Tournament-38%


deviantArt
Ok, yeah. Never mind. I got it set up to do what I want.

What I would like to happen is to set up a cron job to run a shell script every hour. I know that means I need to use the /etc/cron.hourly directory.

I would like the shell script to look at the contents of a log file, for all entries associated with the process portsentry, with the label "attackalert". But how do I basically get the shell script to know what was in the file last time, and to only show a dialog if there is new content?

The Dialog should basically display the NEW contents of the log file, related to portsentry|attackalert on the screen.

Edit: Here's the script I started on, but I can only imagine whats wrong with it. It syntaxes..


Code:
#!/bin/bash

my $file = new Logfile::Tail('/var/log/messages', {autocommit => 0});
while read line; do
my $line = $file->getline();
   if ['echo $line | grep -c "attackalert"' -gt 0]
   then
      dialog --ascii-lines --infobox "PortSentry Alert: The system logs indicate one or more port scans were launched against this computer since this script was last executed. See [the log] for details.\n" 7 80;
   fi
done
$file->commit();
exit(0);
bump
Well, to start off, you wrote half-Perl, half-Bash code. Pick one or the other (Or at least mix them correctly). Assuming all your code's logic is correct, here is how it would look in Bash:
Code:
#!/bin/bash
# Disclaimer: I didn't test this.

tail -f /var/log/messages | grep "attackalert" | xargs -I {} dialog --ascii-lines --infobox "PortSentry Alert: The system logs indicate one or more port scans were launched against this computer since this script was last executed. See [the log] for details.\n" 7 80
Or in Perl:
Code:
#!/usr/bin/perl
# Again: didn't test this.

use File::Tail;
my $file = new File::Tail('/var/log/messages');  # See: http://stackoverflow.com/questions/5568524/how-do-i-tail-a-log-file-without-locking-in-perl
my $line;
while (defined($line = $file->read)) {
  if ($line =~ /attackalert/) {
    system("dialog", "--ascii-lines", "--infobox", "PortSentry Alert: The system logs indicate one or more port scans were launched against this computer since this script was last executed. See [the log] for details.\n", 7, 80);
  }
}
Both of those should work and accomplish the same thing you were trying to do.
http://tanner.myserverathome.com
Ok, so I found on Google that the "|" operator means "or". So to execute grep on two strings, you would do


Code:
grep 'attackalert|UFW BLOCK'


I would be willing to execute the two greps separately, but the problem is that I also use the tail command and if I use tail in one command, then call it again, won't it be pointing to the end of the log from the first call?

Edit: I posted in SAX (after looking on the 'man dialogue' page and searching in google Wink ) this question, but had to run... about invoking the "dialog" command from a cron job, with no terminal windows open. Would this open a terminal window to render the dialog GUI, or just do nothing? I see nothing about configuring a "no-terminal" setting for dialog, but I need a pop-up to occur, regardless of whether a terminal is open or not.
Did you actually try dialog from a cron job before asking, your post doesn't make that clear.

You know trying things yourself before asking if it'll work would save everyone a heck of a lot of time.

"Always code as if the person who will maintain your code is a maniac serial killer that knows where you live" -Unknown

"If you've done something right no one will know that you've done anything at all" -Futurama

"Have a nice day, or not, the choice is yours." Tom Steiner

<Michael_V> or create a Borg collective and call it The 83+
<Michael_V> Lower your slide cases and prepare to be silent linked. Memory clears are futile.
cron has no idea what the "current" user session is (indeed, multiple sessions may be active simultaneously, or even no user session may be active at any given time), so it cannot open a terminal in an active user session. cron is not particularly useful for interactive tasks like the one you're trying to do.
Christopher Williams
TheStorm wrote:
Did you actually try dialog from a cron job before asking, your post doesn't make that clear.

You know trying things yourself before asking if it'll work would save everyone a heck of a lot of time.


I wouldn't have asked if I was able to get it working in a cron job. Smile It didn't work. Is there another alternative? I thought of maybe trying to invoke the Ubuntu notification system, but it seems complicated. I'll try the Ubuntu forums for that.
I am trying to write a script for Linux, that takes one argument, and will mount my Mac partition, then set permissions to me if the argument was --mount. If the argument was --unmount, the partition is unmounted from that mount point. I am posting to see if I'm going about it right.


Code:
!#/bin/bash

if ($# > 1) then
echo 'Only 1 argument may be supplied.';
fi

if ($1 = "mount") then
mkdir /media/Macintosh\ HD;
mount -t hfsplus /dev/sda2 /media/Macintosh\ HD;
chmod anthony /media/Macintosh\ HD;
fi

if ($1= "unmount") then
unmount  [not sure how to use this really];
delete /media/Macintosh\ HD;

fi

if $1 is not equal to mount or unmount, quit and say invalid.
Looks like you haven't tested that at all, since some things are blatantly wrong (chmod will puke when given a username, and it's 'umount', not 'unmount').

I feel like you'd be better served by a simple fstab entry and static mount point (configured such that you get desired permissions on it), or perhaps autofs.

Anyhow, here's how I might approach this script..
Code:
#!/bin/sh

PART=/dev/sda2
TARGET="/media/Macintosh HD"
USER=anthony
MOUNTOPTS="-t hfsplus"

case $1 in
    --mount)
        mkdir -p "$TARGET"
        chown $USER "$TARGET"
        mount $MOUNTOPTS "$PART" "$TARGET"
        ;;
    --unmount) umount "$TARGET" ;;
    *) echo "Unrecognized option: $1" ;;
esac
This is pretty fragile, though, which is why I recommend one of the nicer solutions I mentioned at the top of this post.
タリ ·· Ask questions the smart way ·· digipres.club
Let me play with that a bit.

Edit: It mounts read-only but thats a file system on the OS X side issue. And I have no issue with that. I moved the chown command to after the mount (for some reason that seems to work better). Also, I added a deletion of the media/Macintosh HD directory after the umount command, just to clean up after myself. Lastly, I popped in a 'gksudo nautilus' to open the file viewer as root, so I can view the partition without encountering permission issues with viewing files.


Code:
#!/bin/sh

PART=/dev/sda2
TARGET="/media/Macintosh HD"
USER=anthony
MOUNTOPTS="-t hfsplus"

case $1 in
   --mount)
      mkdir -p "$TARGET"
      mount $MOUNTOPTS "$PART" "$TARGET"
      chown $USER "$TARGET"
      ;;
   --unmount)
      umount "$TARGET"
      rm -rf   "$TARGET"
      ;;
   --view)
      gksudo nautilus "$TARGET"
      ;;
   *) echo "Unrecognized option: $1" ;;
esac
  
Register to Join the Conversation
Have your own thoughts to add to this or any other topic? Want to ask a question, offer a suggestion, share your own programs and projects, upload a file to the file archives, get help with calculator and computer programming, or simply chat with like-minded coders and tech and calculator enthusiasts via the site-wide AJAX SAX widget? Registration for a free Cemetech account only takes a minute.

» Go to Registration page
Shell Script to Render alert, then write to file
»
» View previous topic :: View next topic  
Page 1 of 1
» All times are UTC - 5 Hours
 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

 

Advertisement