Reputation: 1361
pipe tcpdump grep into perl
In order to thwart a persistent hacker I have developed a tcpdump command which prints failed authentications plus the preceding 4 lines to the console. Since sometimes I have to sleep, I would like to write a program to automatically add the IP to the firewall when the failed login is printed.
simplified example:
tcpdump [options] | grep [username] | perl -en [
isolate username using regex;
if username is the target username,
examine previous lines looping until IP is detected;
append properly formatted firewall command to firewall file;
run firewall file]
I've got the tcpdump and the grep working. I know enough about Perl to program this in a script file but the command line Perl has me stumped.
Upvotes: 0
Views: 1149
Answers (1)
Reputation: 2046
For what you're trying to do, I would suggest another route, and install a service such as denyhosts, which can detect repeated failed login attempts, log them, and automatically block them.
denyhosts is available from http://denyhosts.sourceforge.net - or is likely available on the repositories for your flavour of Linux.
Upvotes: 2
Related Questions
- Sending linux commands in Perl - Grep piped to grep
- How can I pipe the results of grep to a perl one liner?
- Grep http response in a perl object
- pipe tcpdump output to grep multiline pattern
- exec perl regexp one liner from tclsh
- Append output of grep filter to a file
- How to output tcpdump with grep expression to stdout / file?
- Grep using perl
- Greping a tcpdump with tshark
- how to include grep in a regex in perl