Getting info from array

Krzysztof_Kowalski · 9 December 2012 01:35

Hello there.
I would like to make script that gets failed logging attempt ip, when it
count that ip tried logging more than 5 times in row script will write new
block rule with that ip to ipfilter in freebsd 8.
So I like to manage this by getting each line of file with logging attempts
to arrays ( it makes array in array). I have a little problem with
obtaining array with word "Failed" and passing it to new array with ip's
that i would like to block. Next I get every 13th element (which is ipv6
address) and write new rule after counting it with hash.
Can someone show me how to make it happend?

CODE:
#!/usr/local/bin/ruby19
filename = '/var/log/auth.log'
falo = String.new
File.open(filename) { |f| falo = f.read }
words = falo.split('\n')

$ ruby19 -v
ruby 1.9.3p327 (2012-11-10 revision 37606) [amd64-freebsd8]
$ uname -a
FreeBSD mc.pl.eu.org 8.3-STABLE FreeBSD 8.3-STABLE #0 r130: Mon Apr 23
17:41:20 IRKST 2012
root@freebsd8-amd64.ispsystem.net:/root/src/roman-sys/amd64/compile/ISPSYSTEM
amd64

thanks in advance
Krzysztof Kowalski

Tamara_Temple1 · 9 December 2012 06:48

see fail2ban

···

On Sat, Dec 8, 2012 at 7:35 PM, Krzysztof Kowalski <krisik28@gmail.com> wrote:

Hello there.
I would like to make script that gets failed logging attempt ip, when it
count that ip tried logging more than 5 times in row script will write new
block rule with that ip to ipfilter in freebsd 8.
So I like to manage this by getting each line of file with logging attempts
to arrays ( it makes array in array). I have a little problem with obtaining
array with word "Failed" and passing it to new array with ip's that i would
like to block. Next I get every 13th element (which is ipv6 address) and
write new rule after counting it with hash.
Can someone show me how to make it happend?

CODE:
#!/usr/local/bin/ruby19
filename = '/var/log/auth.log'
falo = String.new
File.open(filename) { |f| falo = f.read }
words = falo.split('\n')

$ ruby19 -v
ruby 1.9.3p327 (2012-11-10 revision 37606) [amd64-freebsd8]
$ uname -a
FreeBSD mc.pl.eu.org 8.3-STABLE FreeBSD 8.3-STABLE #0 r130: Mon Apr 23
17:41:20 IRKST 2012
root@freebsd8-amd64.ispsystem.net:/root/src/roman-sys/amd64/compile/ISPSYSTEM
amd64

thanks in advance
Krzysztof Kowalski

7stud2 · 9 December 2012 18:28

I have a little problem with obtaining array with word "Failed"
and passing it to new array with ip's that i would like to block.

I am not sure what you want.

Your description is difficult to read.

If you need to scan for matches with the word Failed, try
.grep or .scan - these can give you the matches you want
to find.

Specific example see here:

How to search an array in Ruby? - Stack Overflow

···

--
Posted via http://www.ruby-forum.com/\.

Panagiotis_Atmatzidi · 10 December 2012 07:54

Hello,

I know that there is fail2ban but i would like to achieve it by my self

> Hello there.
> I would like to make script that gets failed logging attempt ip, when it
> count that ip tried logging more than 5 times in row script will write new
> block rule with that ip to ipfilter in freebsd 8.
> So I like to manage this by getting each line of file with logging attempts
> to arrays ( it makes array in array). I have a little problem with obtaining
> array with word "Failed" and passing it to new array with ip's that i would
> like to block. Next I get every 13th element (which is ipv6 address) and
> write new rule after counting it with hash.
> Can someone show me how to make it happend?
>
> CODE:
> #!/usr/local/bin/ruby19
> filename = '/var/log/auth.log'
> falo = String.new
> File.open(filename) { |f| falo = f.read }
> words = falo.split('\n')
>
> $ ruby19 -v
> ruby 1.9.3p327 (2012-11-10 revision 37606) [amd64-freebsd8]
> $ uname -a
> FreeBSD mc.pl.eu.org 8.3-STABLE FreeBSD 8.3-STABLE #0 r130: Mon Apr 23
> 17:41:20 IRKST 2012
> root@freebsd8-amd64.ispsystem.net:/root/src/roman-sys/amd64/compile/ISPSYSTEM
> amd64
>
> thanks in advance
> Krzysztof Kowalski

see fail2ban

You don't really need fail2ban, you can use 'pf' to archive this easily under FreeBSD.

However sometime ago I wrote a script that gets stats from fail2ban, I'm sure you can do what you want by taking a look at the code[1].

Also, posting your domain name in mailing lists is not a good idea.

Cheers

Panagiotis (atmosx) Atmatzidis

email: atma@convalesco.org
URL: http://www.convalesco.org
GnuPG ID: 0xE736C6A0
gpg --keyserver x-hkp://pgp.mit.edu --recv-keys 0xE736C6A0

···

On 9 Δεκ 2012, at 12:50 , Krzysztof Kowalski <krisik28@gmail.com> wrote:

2012/12/9 tamouse mailing lists <tamouse.lists@gmail.com>
On Sat, Dec 8, 2012 at 7:35 PM, Krzysztof Kowalski <krisik28@gmail.com> wrote:

--
The wise man said: "Never argue with an idiot. They bring you down to their level and beat you with experience."

Robert_K1 · 10 December 2012 12:24

Hello there.
I would like to make script that gets failed logging attempt ip, when it
count that ip tried logging more than 5 times in row script will write new
block rule with that ip to ipfilter in freebsd 8.
So I like to manage this by getting each line of file with logging attempts
to arrays ( it makes array in array). I have a little problem with obtaining
array with word "Failed" and passing it to new array with ip's that i would
like to block. Next I get every 13th element (which is ipv6 address) and
write new rule after counting it with hash.
Can someone show me how to make it happend?

CODE:
#!/usr/local/bin/ruby19
filename = '/var/log/auth.log'
falo = String.new

That String creation is superfluous since the reference will be
overwritten anyway. You can instead do

falo = File.open(filename) { |f| f.read }

File.open(filename) { |f| falo = f.read }
words = falo.split('\n')

words actually holds lines.

The whole code can be condensed to

words = File.readlines(filename).each(&:chomp!)

or

words = File.foreach(filename).map(&:chomp)

Kind regards

robert

···

On Sun, Dec 9, 2012 at 2:35 AM, Krzysztof Kowalski <krisik28@gmail.com> wrote:

--
remember.guy do |as, often| as.you_can - without end
http://blog.rubybestpractices.com/

Krzysztof_Kowalski · 9 December 2012 11:50

I know that there is fail2ban but i would like to achieve it by my self

···

2012/12/9 tamouse mailing lists <tamouse.lists@gmail.com>

On Sat, Dec 8, 2012 at 7:35 PM, Krzysztof Kowalski <krisik28@gmail.com> > wrote:
> Hello there.
> I would like to make script that gets failed logging attempt ip, when it
> count that ip tried logging more than 5 times in row script will write
new
> block rule with that ip to ipfilter in freebsd 8.
> So I like to manage this by getting each line of file with logging
attempts
> to arrays ( it makes array in array). I have a little problem with
obtaining
> array with word "Failed" and passing it to new array with ip's that i
would
> like to block. Next I get every 13th element (which is ipv6 address) and
> write new rule after counting it with hash.
> Can someone show me how to make it happend?
>
> CODE:
> #!/usr/local/bin/ruby19
> filename = '/var/log/auth.log'
> falo = String.new
> File.open(filename) { |f| falo = f.read }
> words = falo.split('\n')
>
> $ ruby19 -v
> ruby 1.9.3p327 (2012-11-10 revision 37606) [amd64-freebsd8]
> $ uname -a
> FreeBSD mc.pl.eu.org 8.3-STABLE FreeBSD 8.3-STABLE #0 r130: Mon Apr 23
> 17:41:20 IRKST 2012
> root@freebsd8-amd64.ispsystem.net:
/root/src/roman-sys/amd64/compile/ISPSYSTEM
> amd64
>
> thanks in advance
> Krzysztof Kowalski

see fail2ban

Panagiotis_Atmatzidi · 10 December 2012 08:11

sorry here's the link [1] https://github.com/atmosx/f2bread/blob/master/f2bread.rb

Panagiotis (atmosx) Atmatzidis

email: atma@convalesco.org
URL: http://www.convalesco.org
GnuPG ID: 0xE736C6A0
gpg --keyserver x-hkp://pgp.mit.edu --recv-keys 0xE736C6A0

···

On 10 Δεκ 2012, at 08:54 , Panagiotis Atmatzidis <atma@convalesco.org> wrote:

Hello,

On 9 Δεκ 2012, at 12:50 , Krzysztof Kowalski <krisik28@gmail.com> wrote:

I know that there is fail2ban but i would like to achieve it by my self

2012/12/9 tamouse mailing lists <tamouse.lists@gmail.com>
On Sat, Dec 8, 2012 at 7:35 PM, Krzysztof Kowalski <krisik28@gmail.com> wrote:
> Hello there.
> I would like to make script that gets failed logging attempt ip, when it
> count that ip tried logging more than 5 times in row script will write new
> block rule with that ip to ipfilter in freebsd 8.
> So I like to manage this by getting each line of file with logging attempts
> to arrays ( it makes array in array). I have a little problem with obtaining
> array with word "Failed" and passing it to new array with ip's that i would
> like to block. Next I get every 13th element (which is ipv6 address) and
> write new rule after counting it with hash.
> Can someone show me how to make it happend?
>
> CODE:
> #!/usr/local/bin/ruby19
> filename = '/var/log/auth.log'
> falo = String.new
> File.open(filename) { |f| falo = f.read }
> words = falo.split('\n')
>
> $ ruby19 -v
> ruby 1.9.3p327 (2012-11-10 revision 37606) [amd64-freebsd8]
> $ uname -a
> FreeBSD mc.pl.eu.org 8.3-STABLE FreeBSD 8.3-STABLE #0 r130: Mon Apr 23
> 17:41:20 IRKST 2012
> root@freebsd8-amd64.ispsystem.net:/root/src/roman-sys/amd64/compile/ISPSYSTEM
> amd64
>
> thanks in advance
> Krzysztof Kowalski

see fail2ban

You don't really need fail2ban, you can use 'pf' to archive this easily under FreeBSD.

However sometime ago I wrote a script that gets stats from fail2ban, I'm sure you can do what you want by taking a look at the code[1].

Also, posting your domain name in mailing lists is not a good idea.

Cheers

Panagiotis (atmosx) Atmatzidis

email: atma@convalesco.org
URL: http://www.convalesco.org
GnuPG ID: 0xE736C6A0
gpg --keyserver x-hkp://pgp.mit.edu --recv-keys 0xE736C6A0
--
The wise man said: "Never argue with an idiot. They bring you down to their level and beat you with experience."

--
The wise man said: "Never argue with an idiot. They bring you down to their level and beat you with experience."

Tamara_Temple1 · 10 December 2012 02:41

I meant go look at the fail2ban code (also, bottom post, please?)

···

On Sun, Dec 9, 2012 at 5:50 AM, Krzysztof Kowalski <krisik28@gmail.com> wrote:

I know that there is fail2ban but i would like to achieve it by my self

2012/12/9 tamouse mailing lists <tamouse.lists@gmail.com>

On Sat, Dec 8, 2012 at 7:35 PM, Krzysztof Kowalski <krisik28@gmail.com> >> wrote:
> Hello there.
> I would like to make script that gets failed logging attempt ip, when it
> count that ip tried logging more than 5 times in row script will write
> new
> block rule with that ip to ipfilter in freebsd 8.
> So I like to manage this by getting each line of file with logging
> attempts
> to arrays ( it makes array in array). I have a little problem with
> obtaining
> array with word "Failed" and passing it to new array with ip's that i
> would
> like to block. Next I get every 13th element (which is ipv6 address) and
> write new rule after counting it with hash.
> Can someone show me how to make it happend?
>
> CODE:
> #!/usr/local/bin/ruby19
> filename = '/var/log/auth.log'
> falo = String.new
> File.open(filename) { |f| falo = f.read }
> words = falo.split('\n')
>
> $ ruby19 -v
> ruby 1.9.3p327 (2012-11-10 revision 37606) [amd64-freebsd8]
> $ uname -a
> FreeBSD mc.pl.eu.org 8.3-STABLE FreeBSD 8.3-STABLE #0 r130: Mon Apr 23
> 17:41:20 IRKST 2012
>
> root@freebsd8-amd64.ispsystem.net:/root/src/roman-sys/amd64/compile/ISPSYSTEM
> amd64
>
> thanks in advance
> Krzysztof Kowalski

see fail2ban

Topic		Replies	Views
Awk to ruby 1.9 ruby-talk	11	129	7 December 2009
Unwanted scan() method behavior ruby-talk	7	111	16 August 2011
Some noob questions ruby-talk	28	154	15 February 2010
(noob) need help parsing Apache log file ruby-talk	5	180	3 March 2004
Searching Stings with Arrays? ruby-talk	13	106	25 December 2006

Getting info from array

Related topics