I am trying to make this work but no output. What I'm trying to do here is from a txt file which has multiple names will be grep and export the ip address which match to the username. and will continue to loop for each line read and export to BadIP.out Any help?
#!/bin/sh
cat /Badusers.txt
while IFS= read -r LINE
do
grep '"$LINE"' /var/log/test.log
awk -F" " '{print $8}'
grep -o '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > /badIP.out
done </badIP.out
Update:
Let me start from scratch since I have only posted where I have problems at this point.
I have a server running a 2 same programs. I am giving my clients 2 connections for each program to connect from one device. Lately I noticed that there are some of them which are using them separately so I had to invent something from the logs.
The program logs itself data like IP, username, and NODEID. From the nodeID you can verify if different that the user is cheating. I want to compare logs from each program and match extracting data to match. If it match it means everything is ok, if NodeID fails means cheating. So what I did is this
1) I grabbed both logs of the program by matching the NodeID of the user 2) then export them to another log from that log I have to separate the user from the nodeid as the log keeps them as a whole word with an "@" conjunction them 3) Separate the username from the NodeID (export to a txt file) 4) Using a script to read the TXT file using loop and fetch into the logs for an IP address that match the username and export them to BadIP.out 5) then using a loop read BADIP.out to ban the user IPs using IPtables
I have created these files. P.S. Im not a developer :)
this is the program I run
#!/bin/bash
./cam.sh
./cam2.sh
diff -i -b -B -q cam.txt cam2.txt
if [ ! $? -eq 0 ]; then
echo "**** File has changed*****"
diff <(sort /cam.txt) <(sort /cam2.txt)|awk '/^</{print $5>"temp1.out"}/^>/{print $5>"temp2.out"}'
#awk -F "@" 'BEGIN{while(getline<"temp1.out") a [$1]=1 } ; a[$1] !=2 {print $1}' temp2.out
awk -F'@' 'BEGIN{while(getline<"cam.txt") a[$2,$3]=1};a[$2,$3]!=1' cam2.txt >> /notify.txt
#diff -i -b -B -y temp1.out temp2.out >> /diff.txt
grep 'client' /notify.txt | awk -F" " '{print $4}' | cut -d@ -f1 >> /Badusers.txt
grep 'client' /notify.txt | awk -F" " '{print $4}' | cut -d@ -f2 | awk -F "," '{print $1}' >> /Badnodeid.txt
./mail.sh
#rm *.txt
#rm *.out
else
echo "same"
fi
This one reads from program1 to log1
cam.sh
#!/bin/bash
for filename in /var/log/test.log; do
if [ "$(grep "xyz" $filename)" ]; then
awk '/xyz/ && $8 == version' $filename >> /cam.txt
else
echo "$time Boo!! Failure.."
fi
done
This one reads from program2 to log2
cam2.sh
#!/bin/bash
for filename in /var/log/test2.log; do
if [ "$(grep "xyz" $filename)" ]; then
awk '/xyz/ && $8 == version' $filename >> /cam2.txt
else
echo "$time Boo!! Failure.."
fi
done
This one to send an email with the users
mail.sh
#!/bin/bash
mutt -s "Test mail" -a /notify.txt *****@gmail.com < /notify.txt
logs sample
cam.txt & cam2.txt
03:00:08.818 Prg: client xyz661s@e15279f57cc56c7f, running Prg 2.1.4
03:00:08.942 Prg: client xyz886s@1c8f2a6efe3963d7, running Prg 2.2.1
03:00:09.576 Prg: client xyz502s@165e25ac273d4751, running Prg 2.1.4
03:00:10.235 Prg: client xyz852s@6a16130252dea90a, running Prg 2.1.4
03:00:11.677 Prg: client xyz808s@ed52ddf03f1e7111, running Prg 2.1.3
03:00:11.685 Prg: client xyz034s@63007fd8e9591501, running Prg 2.1.4
03:00:11.687 Prg: client xyz885s@84ac60cf204e94a2, running Prg 2.2.1
03:00:11.796 Prg: client xyz687s@f6492af984a26f37, running Prg 2.1.4
03:00:11.818 Prg: client xyz584s@6b70bcc9670dd4f4, running Prg 2.1.1
03:00:11.891 Prg: client xyz544s@5c3284516ab8e072, running Prg 2.2.1
03:00:11.895 Prg: client xyz529s@f9c0fc6756d62f4f, running Prg 2.1.4
03:00:11.912 Prg: client xyz509s@dfb6da96a35a3022, running Prg 2.1.4
03:00:11.915 Prg: client xyz581s@6d7512ee647d3441, running Prg 2.1.2
badusers.txt
xyz712s
xyz553s
xyz500s
xyz676s
xyz553s
xyz712s
xyz697s
badnodeid.txt
403a8a9fe084b6cb
d6fe8f201e4d854e
5a7321d7b49cef9b
6da486276fafe5f5
d6fe8f201e4d854e
notify.txt
03:00:11.715 Prg: client xyz712s@403a8a9fe084b6cb, running Prg 2.1.3
03:00:13.674 Prg: client xyz553s@d6fe8f201e4d854e, running Prg 2.2.1
03:00:16.260 Prg: client xyz500s@5a7321d7b49cef9b, running Prg 2.1.4
10:02:42.961 Prg: client xyz676s@6da486276fafe5f5, running Prg 2.2.1
10:53:55.374 Prg: client xyz553s@d6fe8f201e4d854e, running Prg 2.2.1
12:36:32.885 Prg: client xyz712s@403a8a9fe084b6cb, running Prg 2.1.3
12:36:54.283 Prg: client xyz697s@51724d66fec8da4c, running Prg 2.1.4
12:37:21.052 Prg: client xyz712s@403a8a9fe084b6cb, running Prg 2.1.3
temp1.out
xyz661s@e15279f57cc56c7f,
xyz886s@1c8f2a6efe3963d7,
xyz502s@165e25ac273d4751,
xyz852s@6a16130252dea90a,
xyz808s@ed52ddf03f1e7111,
xyz034s@63007fd8e9591501,
temp2.out
xyz661s@e15279f57cc56c7f,
xyz886s@1c8f2a6efe3963d7,
xyz502s@165e25ac273d4751,
xyz852s@6a16130252dea90a,
xyz021s@1ad450e34bc26dc7,
xyz712s@403a8a9fe084b6cb,
xyz544s@5c3284516ab8e072,
Whats left now is to make the while loop for script above to fetch for users from the test.log and find their IP's, export them to BadIP.out then I need something like this to BAN
$logdir/badIP.out > $logdir/badIP.block
while IFS= read -r EachLine
do
command="iptables -A INPUT -s "$EachLine" -j DROP"
echo $command
$command
done < $logdir/badIP.block
rm $logdir/badIP.block
if [ -s $logdir/illegaluser.txt ] ; then
iptables-save -c > $logdir/iptables-save.new
