stackoom
  简体   繁体   中英

pipe tcpdump grep into perl

 原文  2012-02-02 19:21:49       linux/ perl/ grep/ pipe

Question

In order to thwart a persistent hacker I have developed a tcpdump command which prints failed authentications plus the preceding 4 lines to the console. Since sometimes I have to sleep, I would like to write a program to automatically add the IP to the firewall when the failed login is printed.

simplified example: 

tcpdump [options] | grep [username] | perl -en [
    isolate username using regex;
    if username is the target username,
        examine previous lines looping until IP is detected;
    append properly formatted firewall command to firewall file;
    run firewall file]

I've got the tcpdump and the grep working. I know enough about Perl to program this in a script file but the command line Perl has me stumped.

1 answers

solution1
 2  2012-02-02 19:30:28

For what you're trying to do, I would suggest another route, and install a service such as denyhosts , which can detect repeated failed login attempts, log them, and automatically block them.

denyhosts is available from http://denyhosts.sourceforge.net - or is likely available on the repositories for your flavour of Linux.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Pipe to a grep program in C Case insensitive GREP in Perl tcpdump piped through grep written to file. (Weird number 16) Using perl instead of grep how to make python read .pcap data captured by tcpdump with pipe on linux? Pipe grep matches to less (or similar) How to pipe sorted results to grep? Linux unzip to a pipe and grep filename Grep function not stopping with head pipe grep with continuous pipe does not work
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM