- Joined
- Sep 9, 2021
- Messages
- 9,697
- Reaction score
- 5,256
- Awards
- 33
I have a chain of scripts Im working with,
Script one - gathers and concatenates all logfiles into IFile
Script two - greps IP addresses and builds a blacklist OFile
Script three takes blacklist, does network info gathering on the IP nd does an iptables drop
Script four does a CIS audit and hardens the OS and networking
Script five does a tar collection of the filesystem and sends it to a remote address via SSH
Can anyone tell me how to get non decimal IP addresses/FQDNs read from a file in a bash script?
Bonus/Extra Credit:
How to get accurate IP addresses from NGINX and Apache? How to make NGINX a honeypot?
How to write a script to tar the filesystem and send it to a remote destination via SSH welcome as well.
Any advice on how to build a reliable security monitor via bash or python welcome.
Note:
fail2ban is used to prevent SSH brute forcing
portsentry or sad will be used to prevent port knocking
So, any advice welcome.
Well, an update - I found the entire script was a problem, mostly from lack of coherent thought put into a logic flow, and found two primary problems, the file loop and the whitelist conditional checks. This is not going where Id like it to go. May have to go back to the KISS method on this script.
Well, scripts are working so far.
Lots of progress tonight.
Script 1 gathers all logs and writes a input file for script 2 and calls script 2
Script 2 pattern matches IPv4 addresses and writes a blacklist file
Script 3 sorts through blacklist and drops them on firewall after gathering network info on the hosts.
Lots of attacks came from Brazil and Southeast Asia. Supposedly.
@SkullTraill .... this can be closed unless people want to see my embarrassing shell scripts.
All the questions havent been answered, but at least now they work. At least the first three scripts.
Will work on audit/hardening script when back. Beginning of a devops process.
Post automatically merged: 41 minutes ago
Missions accomplished. Now back home chillin. Got 30 new colored candles (4 colors).
Post automatically merged: 4 minutes ago
Running a fresh round of the scripts. Will hand it over to my business partner to see if he wants to try to prosecute the attackers.
Post automatically merged: 1 minute ago
From the SANS CISO Mind Map poster, Ive accomplished by this one or two items out of many. Im just getting started. Next reading is Linux Independent Distribution CIS audit document, and craft a script out of it in Python. Then research psad and nftables. Then there are the WebServer and Database auditing as well. Then testing and penetration testing.
Script one - gathers and concatenates all logfiles into IFile
Script two - greps IP addresses and builds a blacklist OFile
Script three takes blacklist, does network info gathering on the IP nd does an iptables drop
Script four does a CIS audit and hardens the OS and networking
Script five does a tar collection of the filesystem and sends it to a remote address via SSH
Can anyone tell me how to get non decimal IP addresses/FQDNs read from a file in a bash script?
Bonus/Extra Credit:
How to get accurate IP addresses from NGINX and Apache? How to make NGINX a honeypot?
How to write a script to tar the filesystem and send it to a remote destination via SSH welcome as well.
Any advice on how to build a reliable security monitor via bash or python welcome.
Note:
fail2ban is used to prevent SSH brute forcing
portsentry or sad will be used to prevent port knocking
So, any advice welcome.
Post automatically merged:
Well, an update - I found the entire script was a problem, mostly from lack of coherent thought put into a logic flow, and found two primary problems, the file loop and the whitelist conditional checks. This is not going where Id like it to go. May have to go back to the KISS method on this script.
Post automatically merged:
Well, scripts are working so far.
Lots of progress tonight.
Script 1 gathers all logs and writes a input file for script 2 and calls script 2
Script 2 pattern matches IPv4 addresses and writes a blacklist file
Script 3 sorts through blacklist and drops them on firewall after gathering network info on the hosts.
Lots of attacks came from Brazil and Southeast Asia. Supposedly.
Post automatically merged:
@SkullTraill .... this can be closed unless people want to see my embarrassing shell scripts.
Post automatically merged:
All the questions havent been answered, but at least now they work. At least the first three scripts.
Post automatically merged:
Will work on audit/hardening script when back. Beginning of a devops process.
Post automatically merged: 41 minutes ago
Missions accomplished. Now back home chillin. Got 30 new colored candles (4 colors).
Post automatically merged: 4 minutes ago
Running a fresh round of the scripts. Will hand it over to my business partner to see if he wants to try to prosecute the attackers.
Post automatically merged: 1 minute ago
From the SANS CISO Mind Map poster, Ive accomplished by this one or two items out of many. Im just getting started. Next reading is Linux Independent Distribution CIS audit document, and craft a script out of it in Python. Then research psad and nftables. Then there are the WebServer and Database auditing as well. Then testing and penetration testing.
Last edited: