The Planet Forums > BFD Webmin rule?

The Planet Forums > System Administration > General Support Questions

ntburchf

Jul 17 2006, 09:47 PM

Trying to get this rule working (copied it from the sshd rule / proftpd rules).

/var/webmin/miniserv.error

CODE

[14/Jul/2006:12:40:26 -0500] [64.246.22.25] Bad Request

[16/Jul/2006:10:17:19 -0500] [66.221.227.98] /session_login.cgi : Access denied for 66.221.227.98. The host has been blocked because of too many authentication failures.

[16/Jul/2006:10:50:27 -0500] [66.221.227.98] /session_login.cgi : Access denied for 66.221.227.98. The host has been blocked because of too many authentication failures.

[16/Jul/2006:11:05:14 -0500] [66.221.227.98] /session_login.cgi : Access denied for 66.221.227.98. The host has been blocked because of too many authentication failures.

[16/Jul/2006:11:24:27 -0500] [66.221.227.98] /session_login.cgi : Access denied for 66.221.227.98. The host has been blocked because of too many authentication failures.

[16/Jul/2006:11:43:21 -0500] [66.221.227.98] /session_login.cgi : Access denied for 66.221.227.98. The host has been blocked because of too many authentication failures.

[16/Jul/2006:12:06:05 -0500] [66.221.227.98] /session_login.cgi : Access denied for 66.221.227.98. The host has been blocked because of too many authentication failures.

[16/Jul/2006:12:57:06 -0500] [66.221.227.98] /session_login.cgi : Access denied for 66.221.227.98. The host has been blocked because of too many authentication failures.

[16/Jul/2006:13:31:50 -0500] [66.221.227.98] /session_login.cgi : Access denied for 66.221.227.98. The host has been blocked because of too many authentication failures.

[16/Jul/2006:13:48:35 -0500] [66.221.227.98] /session_login.cgi : Access denied for 66.221.227.98. The host has been blocked because of too many authentication failures.

[16/Jul/2006:14:13:00 -0500] [66.221.227.98] /session_login.cgi : Access denied for 66.221.227.98. The host has been blocked because of too many authentication failures.

[16/Jul/2006:14:13:32 -0500] [66.221.227.98] Access denied for 66.221.227.98

[16/Jul/2006:14:13:33 -0500] [66.221.227.98] Access denied for 66.221.227.98

[16/Jul/2006:14:39:30 -0500] [66.221.227.98] /session_login.cgi : Access denied for 66.221.227.98. The host has been blocked because of too many authentication failures.

trying to use this

CODE

| grep -iwf /usr/local/bfd/pattern.auth | tr '[]' ' ' | tr -d '()' | awk '{print$7""}' | grep -E '[0-9]+'

which shows the IP from the command line, but can not get it to add to the deny_hosts.rules for apf

CODE

REQ="/usr/sbin/sshd"

if [ -f "$REQ" ]; then

LP="/var/webmin/miniserv.error"

TLOG_TF="webmin"

TRIG="3"

TMP="/usr/local/bfd/tmp"

## webmin

ARG_VAL1=`$TLOGP $LP $TLOG_TF.5 | grep -iwf /usr/local/bfd/pattern.auth | tr '[]' ' ' | tr -d '()' | awk '{print$7""}' | grep -E '[0-9]+' >> $TMP/.webmin`

ARG_VAL=`cat $TMP/.webmin`

fi

what am i missing / doing wrong here

thanks!

was also trying to get it to read this line in the /var/webmin/miniserv.error but no luck either

CODE

[17/Jul/2006:08:39:03 -0500] [216.9.34.173] /unauthenticated/../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../..//etc/shadow : File not found

[17/Jul/2006:08:39:07 -0500] [216.9.34.173] /unauthenticated/../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../..//etc/shadow : File not found

again
Thanks!!

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.