Register
It is currently Wed Jul 30, 2014 9:20 pm

Need to write a file before a process is killed


All times are UTC - 6 hours


Post new topic Reply to topic  [ 2 posts ] 
Author Message
 PostPosted: Sat Jul 02, 2011 10:08 pm   

Joined: Sat Jul 02, 2011 8:56 pm
Posts: 2
I'm tying to do a script that detects and blocks DoS attacks. Everything works but the file "file" is empty. That's because I kill the process before writes the output to file. I need a way to write the output to file in real time. Here is the script:

#!/bin/bash

MYIP=`ifconfig ${iface} | grep 'inet' | cut -d: -f2 | cut -d " " -f1 | grep -v 127`
tcpdump -tn | awk -F "." '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -nr | awk '$1 > 250' | grep -v "$MYIP" > file &
sleep 10
pkill tcpdump
AUX=`cat file`
if [ "$AUX" ]
then
i=0
for IP in $AUX
do
if [ $i -eq 2 ]
then
iptables -I INPUT -s $IP -j DROP
i=0
else
i=`expr $i + 1`
fi
done
echo "DoS attack from:"
echo $AUX
echo "Sources blocked."
rm file
exit 2
else
rm file
exit 0
fi


Top
 Profile  
 PostPosted: Fri Jul 08, 2011 9:03 pm   

Joined: Sat Jul 02, 2011 8:56 pm
Posts: 2
It's solved, thanks anyway. Here is the solution:

#!/bin/bash

MYIP=`ifconfig ${iface} | grep 'inet' | cut -d: -f2 | cut -d " " -f1 | grep -v 127`
tcpdump -tn > file &
sleep 10
pkill tcpdump
AUX=`cat file | awk -F "." '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -nr | awk '$1 > 250' | grep -v "$MYIP"`
if [ "$AUX" ]
then
i=0
for IP in $AUX
do
if [ $i -eq 2 ]
then
iptables -I INPUT -s $IP -j DROP
i=0
else
i=`expr $i + 1`
fi
done
echo "DoS attack from:"
echo $AUX
echo "Sources blocked."
rm file
exit 2
else
rm file
exit 0
fi


Top
 Profile  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: Bing [Bot] and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron


BashScripts | Promote Your Page Too
Powered by phpBB © 2011 phpBB Group
© 2003 - 2011 USA LINUX USERS GROUP