使用 WHILE DO GREP
我正在努力使这项工作有效,但没有输出。我在这里尝试做的是从一个具有多个名称的 txt 文件中进行 grep 并导出与用户名匹配的 IP 地址。并将继续循环读取每一行并导出到 BadIP.out 有帮助吗?
#!/bin/sh
cat /Badusers.txt
while IFS= read -r LINE
do
grep '"$LINE"' /var/log/test.log
awk -F" " '{print $8}'
grep -o '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > /badIP.out
done </badIP.out
更新:
让我从头开始,因为我只发布了目前遇到问题的地方。
我有一台服务器运行两个相同的程序。我为我的客户提供 2 个连接,让每个程序从一台设备进行连接。最近我注意到其中一些是单独使用它们的,所以我不得不从日志中发明一些东西。
该程序会记录自己的数据,例如 IP、用户名和 NODEID。从节点 ID 中,您可以验证是否不同,表明用户正在作弊。我想比较每个程序的日志并匹配提取数据以进行匹配。如果匹配则表示一切正常,如果 NodeID 失败则表示作弊。所以我所做的是这样的
1)我通过匹配用户的 NodeID 来抓取程序的两个日志 2)然后将它们导出到该日志中的另一个日志我必须将用户与nodeid分开,因为日志将它们作为一个带有“@”连接的完整单词 3)将用户名与NodeID分开(导出到txt文件) 4) 使用脚本循环读取 TXT 文件,并在日志中获取与用户名匹配的 IP 地址,并将其导出到 BadIP.out 5)然后使用循环读取 BADIP.out 来禁止使用
我创建的这些文件的 IPtables 的用户 IP。 PS 我不是开发人员:)
这是我运行的程序
#!/bin/bash
./cam.sh
./cam2.sh
diff -i -b -B -q cam.txt cam2.txt
if [ ! $? -eq 0 ]; then
echo "**** File has changed*****"
diff <(sort /cam.txt) <(sort /cam2.txt)|awk '/^</{print $5>"temp1.out"}/^>/{print $5>"temp2.out"}'
#awk -F "@" 'BEGIN{while(getline<"temp1.out") a [$1]=1 } ; a[$1] !=2 {print $1}' temp2.out
awk -F'@' 'BEGIN{while(getline<"cam.txt") a[$2,$3]=1};a[$2,$3]!=1' cam2.txt >> /notify.txt
#diff -i -b -B -y temp1.out temp2.out >> /diff.txt
grep 'client' /notify.txt | awk -F" " '{print $4}' | cut -d@ -f1 >> /Badusers.txt
grep 'client' /notify.txt | awk -F" " '{print $4}' | cut -d@ -f2 | awk -F "," '{print $1}' >> /Badnodeid.txt
./mail.sh
#rm *.txt
#rm *.out
else
echo "same"
fi
这个程序从program1读取到log1
cam.sh
#!/bin/bash
for filename in /var/log/test.log; do
if [ "$(grep "xyz" $filename)" ]; then
awk '/xyz/ && $8 == version' $filename >> /cam.txt
else
echo "$time Boo!! Failure.."
fi
done
这个程序从program2读取到log2
cam2.sh
#!/bin/bash
for filename in /var/log/test2.log; do
if [ "$(grep "xyz" $filename)" ]; then
awk '/xyz/ && $8 == version' $filename >> /cam2.txt
else
echo "$time Boo!! Failure.."
fi
done
这个程序用于向用户发送电子邮件
mail.sh
#!/bin/bash
mutt -s "Test mail" -a /notify.txt *****@gmail.com < /notify.txt
日志示例
cam.txt & cam2.txt
03:00:08.818 Prg: client xyz661s@e15279f57cc56c7f, running Prg 2.1.4
03:00:08.942 Prg: client xyz886s@1c8f2a6efe3963d7, running Prg 2.2.1
03:00:09.576 Prg: client xyz502s@165e25ac273d4751, running Prg 2.1.4
03:00:10.235 Prg: client xyz852s@6a16130252dea90a, running Prg 2.1.4
03:00:11.677 Prg: client xyz808s@ed52ddf03f1e7111, running Prg 2.1.3
03:00:11.685 Prg: client xyz034s@63007fd8e9591501, running Prg 2.1.4
03:00:11.687 Prg: client xyz885s@84ac60cf204e94a2, running Prg 2.2.1
03:00:11.796 Prg: client xyz687s@f6492af984a26f37, running Prg 2.1.4
03:00:11.818 Prg: client xyz584s@6b70bcc9670dd4f4, running Prg 2.1.1
03:00:11.891 Prg: client xyz544s@5c3284516ab8e072, running Prg 2.2.1
03:00:11.895 Prg: client xyz529s@f9c0fc6756d62f4f, running Prg 2.1.4
03:00:11.912 Prg: client xyz509s@dfb6da96a35a3022, running Prg 2.1.4
03:00:11.915 Prg: client xyz581s@6d7512ee647d3441, running Prg 2.1.2
badusers.txt
xyz712s
xyz553s
xyz500s
xyz676s
xyz553s
xyz712s
xyz697s
badnodeid.txt
403a8a9fe084b6cb
d6fe8f201e4d854e
5a7321d7b49cef9b
6da486276fafe5f5
d6fe8f201e4d854e
notify.txt
03:00:11.715 Prg: client xyz712s@403a8a9fe084b6cb, running Prg 2.1.3
03:00:13.674 Prg: client xyz553s@d6fe8f201e4d854e, running Prg 2.2.1
03:00:16.260 Prg: client xyz500s@5a7321d7b49cef9b, running Prg 2.1.4
10:02:42.961 Prg: client xyz676s@6da486276fafe5f5, running Prg 2.2.1
10:53:55.374 Prg: client xyz553s@d6fe8f201e4d854e, running Prg 2.2.1
12:36:32.885 Prg: client xyz712s@403a8a9fe084b6cb, running Prg 2.1.3
12:36:54.283 Prg: client xyz697s@51724d66fec8da4c, running Prg 2.1.4
12:37:21.052 Prg: client xyz712s@403a8a9fe084b6cb, running Prg 2.1.3
temp1.out
xyz661s@e15279f57cc56c7f,
xyz886s@1c8f2a6efe3963d7,
xyz502s@165e25ac273d4751,
xyz852s@6a16130252dea90a,
xyz808s@ed52ddf03f1e7111,
xyz034s@63007fd8e9591501,
temp2.out
xyz661s@e15279f57cc56c7f,
xyz886s@1c8f2a6efe3963d7,
xyz502s@165e25ac273d4751,
xyz852s@6a16130252dea90a,
xyz021s@1ad450e34bc26dc7,
xyz712s@403a8a9fe084b6cb,
xyz544s@5c3284516ab8e072,
现在剩下的就是为上面的脚本创建 while 循环,从 test.log 中获取用户并找到他们的 IP,将它们导出到 BadIP.out那么我需要这样的东西来禁止
$logdir/badIP.out > $logdir/badIP.block
while IFS= read -r EachLine
do
command="iptables -A INPUT -s "$EachLine" -j DROP"
echo $command
$command
done < $logdir/badIP.block
rm $logdir/badIP.block
if [ -s $logdir/illegaluser.txt ] ; then
iptables-save -c > $logdir/iptables-save.new
I am trying to make this work but no output. What I'm trying to do here is from a txt file which has multiple names will be grep and export the ip address which match to the username. and will continue to loop for each line read and export to BadIP.out Any help?
#!/bin/sh
cat /Badusers.txt
while IFS= read -r LINE
do
grep '"$LINE"' /var/log/test.log
awk -F" " '{print $8}'
grep -o '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > /badIP.out
done </badIP.out
Update:
Let me start from scratch since I have only posted where I have problems at this point.
I have a server running a 2 same programs. I am giving my clients 2 connections for each program to connect from one device. Lately I noticed that there are some of them which are using them separately so I had to invent something from the logs.
The program logs itself data like IP, username, and NODEID. From the nodeID you can verify if different that the user is cheating. I want to compare logs from each program and match extracting data to match. If it match it means everything is ok, if NodeID fails means cheating. So what I did is this
1) I grabbed both logs of the program by matching the NodeID of the user
2) then export them to another log from that log I have to separate the user from the nodeid as the log keeps them as a whole word with an "@" conjunction them
3) Separate the username from the NodeID (export to a txt file)
4) Using a script to read the TXT file using loop and fetch into the logs for an IP address that match the username and export them to BadIP.out
5) then using a loop read BADIP.out to ban the user IPs using IPtables
I have created these files. P.S. Im not a developer :)
this is the program I run
#!/bin/bash
./cam.sh
./cam2.sh
diff -i -b -B -q cam.txt cam2.txt
if [ ! $? -eq 0 ]; then
echo "**** File has changed*****"
diff <(sort /cam.txt) <(sort /cam2.txt)|awk '/^</{print $5>"temp1.out"}/^>/{print $5>"temp2.out"}'
#awk -F "@" 'BEGIN{while(getline<"temp1.out") a [$1]=1 } ; a[$1] !=2 {print $1}' temp2.out
awk -F'@' 'BEGIN{while(getline<"cam.txt") a[$2,$3]=1};a[$2,$3]!=1' cam2.txt >> /notify.txt
#diff -i -b -B -y temp1.out temp2.out >> /diff.txt
grep 'client' /notify.txt | awk -F" " '{print $4}' | cut -d@ -f1 >> /Badusers.txt
grep 'client' /notify.txt | awk -F" " '{print $4}' | cut -d@ -f2 | awk -F "," '{print $1}' >> /Badnodeid.txt
./mail.sh
#rm *.txt
#rm *.out
else
echo "same"
fi
This one reads from program1 to log1
cam.sh
#!/bin/bash
for filename in /var/log/test.log; do
if [ "$(grep "xyz" $filename)" ]; then
awk '/xyz/ && $8 == version' $filename >> /cam.txt
else
echo "$time Boo!! Failure.."
fi
done
This one reads from program2 to log2
cam2.sh
#!/bin/bash
for filename in /var/log/test2.log; do
if [ "$(grep "xyz" $filename)" ]; then
awk '/xyz/ && $8 == version' $filename >> /cam2.txt
else
echo "$time Boo!! Failure.."
fi
done
This one to send an email with the users
mail.sh
#!/bin/bash
mutt -s "Test mail" -a /notify.txt *****@gmail.com < /notify.txt
logs sample
cam.txt & cam2.txt
03:00:08.818 Prg: client xyz661s@e15279f57cc56c7f, running Prg 2.1.4
03:00:08.942 Prg: client xyz886s@1c8f2a6efe3963d7, running Prg 2.2.1
03:00:09.576 Prg: client xyz502s@165e25ac273d4751, running Prg 2.1.4
03:00:10.235 Prg: client xyz852s@6a16130252dea90a, running Prg 2.1.4
03:00:11.677 Prg: client xyz808s@ed52ddf03f1e7111, running Prg 2.1.3
03:00:11.685 Prg: client xyz034s@63007fd8e9591501, running Prg 2.1.4
03:00:11.687 Prg: client xyz885s@84ac60cf204e94a2, running Prg 2.2.1
03:00:11.796 Prg: client xyz687s@f6492af984a26f37, running Prg 2.1.4
03:00:11.818 Prg: client xyz584s@6b70bcc9670dd4f4, running Prg 2.1.1
03:00:11.891 Prg: client xyz544s@5c3284516ab8e072, running Prg 2.2.1
03:00:11.895 Prg: client xyz529s@f9c0fc6756d62f4f, running Prg 2.1.4
03:00:11.912 Prg: client xyz509s@dfb6da96a35a3022, running Prg 2.1.4
03:00:11.915 Prg: client xyz581s@6d7512ee647d3441, running Prg 2.1.2
badusers.txt
xyz712s
xyz553s
xyz500s
xyz676s
xyz553s
xyz712s
xyz697s
badnodeid.txt
403a8a9fe084b6cb
d6fe8f201e4d854e
5a7321d7b49cef9b
6da486276fafe5f5
d6fe8f201e4d854e
notify.txt
03:00:11.715 Prg: client xyz712s@403a8a9fe084b6cb, running Prg 2.1.3
03:00:13.674 Prg: client xyz553s@d6fe8f201e4d854e, running Prg 2.2.1
03:00:16.260 Prg: client xyz500s@5a7321d7b49cef9b, running Prg 2.1.4
10:02:42.961 Prg: client xyz676s@6da486276fafe5f5, running Prg 2.2.1
10:53:55.374 Prg: client xyz553s@d6fe8f201e4d854e, running Prg 2.2.1
12:36:32.885 Prg: client xyz712s@403a8a9fe084b6cb, running Prg 2.1.3
12:36:54.283 Prg: client xyz697s@51724d66fec8da4c, running Prg 2.1.4
12:37:21.052 Prg: client xyz712s@403a8a9fe084b6cb, running Prg 2.1.3
temp1.out
xyz661s@e15279f57cc56c7f,
xyz886s@1c8f2a6efe3963d7,
xyz502s@165e25ac273d4751,
xyz852s@6a16130252dea90a,
xyz808s@ed52ddf03f1e7111,
xyz034s@63007fd8e9591501,
temp2.out
xyz661s@e15279f57cc56c7f,
xyz886s@1c8f2a6efe3963d7,
xyz502s@165e25ac273d4751,
xyz852s@6a16130252dea90a,
xyz021s@1ad450e34bc26dc7,
xyz712s@403a8a9fe084b6cb,
xyz544s@5c3284516ab8e072,
Whats left now is to make the while loop for script above to fetch for users from the test.log and find their IP's, export them to BadIP.out then I need something like this to BAN
$logdir/badIP.out > $logdir/badIP.block
while IFS= read -r EachLine
do
command="iptables -A INPUT -s "$EachLine" -j DROP"
echo $command
$command
done < $logdir/badIP.block
rm $logdir/badIP.block
if [ -s $logdir/illegaluser.txt ] ; then
iptables-save -c > $logdir/iptables-save.new
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您正在从 /badIP.out 读取,然后在 while read 循环内,第二个 grep 命令缺少文件输入。另外,为什么重定向回 badIP.out?使用不同的文件名。
you are reading from /badIP.out and then inside the while read loop, the second grep command is missing a file input. Also, why redirect back to badIP.out? use a different file name.
看起来您需要使用以下之一:
除非您的 /badIP.out 文件非常大,否则这将非常有效。您可能决定对输出进行排序,以便单个“坏 IP”的数据都集中在输出中,但可靠地做到这一点需要了解文件格式。
Looks like you need to use one of:
Unless your /badIP.out file is extraordinarily large, this will work pretty effectively. You might decide you want to sort the output so that the data for a single 'bad IP' is all together in the output, but doing that reliably requires knowledge of the file format.