Getting info from array

Ruby
1

Hello there.
I would like to make script that gets failed logging attempt ip, when it
count that ip tried logging more than 5 times in row script will write
new
block rule with that ip to ipfilter in freebsd 8.
So I like to manage this by getting each line of file with logging
attempts
to arrays ( it makes array in array). I have a little problem with
obtaining array with word “Failed” and passing it to new array with ip’s
that i would like to block. Next I get every 13th element (which is ipv6
address) and write new rule after counting it with hash.
Can someone show me how to make it happend?

CODE:
#!/usr/local/bin/ruby19
filename = ‘/var/log/auth.log’
falo = String.new
File.open(filename) { |f| falo = f.read }
words = falo.split(‘\n’)

$ ruby19 -v
ruby 1.9.3p327 (2012-11-10 revision 37606) [amd64-freebsd8]
$ uname -a
FreeBSD mc.pl.eu.org 8.3-STABLE FreeBSD 8.3-STABLE #0 r130: Mon Apr 23
17:41:20 IRKST 2012
[email protected]:/root/src/roman-sys/amd64/compile/ISPSYSTEM
amd64

thanks in advance
Krzysztof K.

2

On Sat, Dec 8, 2012 at 7:35 PM, Krzysztof K. [email protected]
wrote:

FreeBSD mc.pl.eu.org 8.3-STABLE FreeBSD 8.3-STABLE #0 r130: Mon Apr 23
17:41:20 IRKST 2012
[email protected]:/root/src/roman-sys/amd64/compile/ISPSYSTEM
amd64

thanks in advance
Krzysztof K.

see fail2ban

3

I know that there is fail2ban but i would like to achieve it by my self
:slight_smile:

2012/12/9 tamouse mailing lists [email protected]

4

I have a little problem with obtaining array with word “Failed”
and passing it to new array with ip’s that i would like to block.

I am not sure what you want.

Your description is difficult to read.

If you need to scan for matches with the word Failed, try
.grep or .scan - these can give you the matches you want
to find.

Specific example see here:

How to search an array in Ruby? - Stack Overflow

5

On Sun, Dec 9, 2012 at 5:50 AM, Krzysztof K. [email protected]
wrote:

new

FreeBSD mc.pl.eu.org 8.3-STABLE FreeBSD 8.3-STABLE #0 r130: Mon Apr 23

I meant go look at the fail2ban code :slight_smile: (also, bottom post, please?)

6

Hello,

On 9 Δεκ 2012, at 12:50 , Krzysztof K. [email protected] wrote:

array with word “Failed” and passing it to new array with ip’s that i would

see fail2ban

You don’t really need fail2ban, you can use ‘pf’ to archive this easily
under FreeBSD.

However sometime ago I wrote a script that gets stats from fail2ban, I’m
sure you can do what you want by taking a look at the code[1].

Also, posting your domain name in mailing lists is not a good idea.

Cheers :slight_smile:

Panagiotis (atmosx) Atmatzidis

email: [email protected]
URL: http://www.convalesco.org
GnuPG ID: 0xE736C6A0
gpg --keyserver x-hkp://pgp.mit.edu --recv-keys 0xE736C6A0

7

On 10 Δεκ 2012, at 08:54 , Panagiotis A. [email protected]
wrote:

count that ip tried logging more than 5 times in row script will write new
filename = ‘/var/log/auth.log’
amd64

email: [email protected]
URL: http://www.convalesco.org
GnuPG ID: 0xE736C6A0
gpg --keyserver x-hkp://pgp.mit.edu --recv-keys 0xE736C6A0

The wise man said: “Never argue with an idiot. They bring you down to their
level and beat you with experience.”

sorry here’s the link [1]
https://github.com/atmosx/f2bread/blob/master/f2bread.rb

Panagiotis (atmosx) Atmatzidis

email: [email protected]
URL: http://www.convalesco.org
GnuPG ID: 0xE736C6A0
gpg --keyserver x-hkp://pgp.mit.edu --recv-keys 0xE736C6A0

8

On Sun, Dec 9, 2012 at 2:35 AM, Krzysztof K. [email protected]
wrote:

CODE:
#!/usr/local/bin/ruby19
filename = ‘/var/log/auth.log’
falo = String.new

That String creation is superfluous since the reference will be
overwritten anyway. You can instead do

falo = File.open(filename) { |f| f.read }

File.open(filename) { |f| falo = f.read }
words = falo.split(‘\n’)

words actually holds lines.

The whole code can be condensed to

words = File.readlines(filename).each(&:chomp!)

or

words = File.foreach(filename).map(&:chomp)

Kind regards

robert