public inbox for speakup@linux-speakup.org
 help / color / mirror / Atom feed
* shell script request? possibly?
@  Littlefield, Tyler
   ` Travis Siegel
  0 siblings, 1 reply; 6+ messages in thread
From: Littlefield, Tyler @  UTC (permalink / raw)
  To: Speakup is a screen review system for Linux.

hello list,
Could I possibly bauther someone to tell me how to do this?
I have little to no experience with ssh scripting at all.
My idea is this:
I want to take the ip addresses from /etc/hosts.deny and put them in a file, or just do the following:
iptables -A INPUT -s x.x.x.x -j DROP
where x.x.x.x would be the IP found in the hosts.deny file.
I have a or will have a script in init.d that will add all the rules to iptables when it starts, so the script can be executed.
Any help with this would be appriciated.
Thanks,
~~TheCreator~~

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: shell script request? possibly?
   shell script request? possibly? Littlefield, Tyler
@  ` Travis Siegel
     ` Littlefield, Tyler
  0 siblings, 1 reply; 6+ messages in thread
From: Travis Siegel @  UTC (permalink / raw)
  To: Speakup is a screen review system for Linux.

If you want them in a file, why not just use the ip_deny file itself?
Why do you need to put them in a different file?


On May 19, 2007, at 5:29 PM, Littlefield, Tyler wrote:

> hello list,
> Could I possibly bauther someone to tell me how to do this?
> I have little to no experience with ssh scripting at all.
> My idea is this:
> I want to take the ip addresses from /etc/hosts.deny and put them in  
> a file, or just do the following:
> iptables -A INPUT -s x.x.x.x -j DROP
> where x.x.x.x would be the IP found in the hosts.deny file.
> I have a or will have a script in init.d that will add all the rules  
> to iptables when it starts, so the script can be executed.
> Any help with this would be appriciated.
> Thanks,
> ~~TheCreator~~
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup



^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: shell script request? possibly?
   ` Travis Siegel
@    ` Littlefield, Tyler
       ` Travis Siegel
  0 siblings, 1 reply; 6+ messages in thread
From: Littlefield, Tyler @  UTC (permalink / raw)
  To: Speakup is a screen review system for Linux.

I don't have an ip.deny file.
Second, I see: sshd: x.x.x.x and some more garble.
I don't think iptables would parse that very well, which was why I wanted to
go through a loop and do it.
Thanks,
----- Original Message ----- 
From: "Travis Siegel" <tsiegel@softcon.com>
To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca>
Sent: Saturday, May 19, 2007 5:06 PM
Subject: Re: shell script request? possibly?


> If you want them in a file, why not just use the ip_deny file itself?
> Why do you need to put them in a different file?
>
>
> On May 19, 2007, at 5:29 PM, Littlefield, Tyler wrote:
>
> > hello list,
> > Could I possibly bauther someone to tell me how to do this?
> > I have little to no experience with ssh scripting at all.
> > My idea is this:
> > I want to take the ip addresses from /etc/hosts.deny and put them in
> > a file, or just do the following:
> > iptables -A INPUT -s x.x.x.x -j DROP
> > where x.x.x.x would be the IP found in the hosts.deny file.
> > I have a or will have a script in init.d that will add all the rules
> > to iptables when it starts, so the script can be executed.
> > Any help with this would be appriciated.
> > Thanks,
> > ~~TheCreator~~
> > _______________________________________________
> > Speakup mailing list
> > Speakup@braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup



^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: shell script request? possibly?
     ` Littlefield, Tyler
@      ` Travis Siegel
         ` Littlefield, Tyler
  0 siblings, 1 reply; 6+ messages in thread
From: Travis Siegel @  UTC (permalink / raw)
  To: Speakup is a screen review system for Linux.

Ahh, I understand now.
It's not so much the fact that the file doesn't have the info, but  
that it's not in a format you can use right?
That is easy to fix.
Simply read in the file, and ignore all the fields except the one with  
the ip in it.
I've not done this for a while, so give me a few days.  I'll generate  
some code for you to use.  I'm assuming bash is your shell?
If not, I could work up something in perl for you to use.
Drop me a line with a copy of the ipdeny file, and what you want it to  
look like when it's done, and I'll see what I can do.


On May 19, 2007, at 6:20 PM, Littlefield, Tyler wrote:

> I don't have an ip.deny file.
> Second, I see: sshd: x.x.x.x and some more garble.
> I don't think iptables would parse that very well, which was why I  
> wanted to
> go through a loop and do it.
> Thanks,
> ----- Original Message -----
> From: "Travis Siegel" <tsiegel@softcon.com>
> To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca 
> >
> Sent: Saturday, May 19, 2007 5:06 PM
> Subject: Re: shell script request? possibly?
>
>
>> If you want them in a file, why not just use the ip_deny file itself?
>> Why do you need to put them in a different file?
>>
>>
>> On May 19, 2007, at 5:29 PM, Littlefield, Tyler wrote:
>>
>>> hello list,
>>> Could I possibly bauther someone to tell me how to do this?
>>> I have little to no experience with ssh scripting at all.
>>> My idea is this:
>>> I want to take the ip addresses from /etc/hosts.deny and put them in
>>> a file, or just do the following:
>>> iptables -A INPUT -s x.x.x.x -j DROP
>>> where x.x.x.x would be the IP found in the hosts.deny file.
>>> I have a or will have a script in init.d that will add all the rules
>>> to iptables when it starts, so the script can be executed.
>>> Any help with this would be appriciated.
>>> Thanks,
>>> ~~TheCreator~~
>>> _______________________________________________
>>> Speakup mailing list
>>> Speakup@braille.uwo.ca
>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>
>>
>> _______________________________________________
>> Speakup mailing list
>> Speakup@braille.uwo.ca
>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup



^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: shell script request? possibly?
       ` Travis Siegel
@        ` Littlefield, Tyler
           ` Doug Sutherland
  0 siblings, 1 reply; 6+ messages in thread
From: Littlefield, Tyler @  UTC (permalink / raw)
  To: Speakup is a screen review system for Linux.

exactly! :)
Sorry, Its late, and well, I'm tired, so my interaction skills are low at
the moment. :)
Anyway, I'll be sending it along, and yes, I use bash.
Thanks, I appriciate that.
Thanks,
~~TheCreator~~
----- Original Message ----- 
From: "Travis Siegel" <tsiegel@softcon.com>
To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca>
Sent: Saturday, May 19, 2007 8:50 PM
Subject: Re: shell script request? possibly?


> Ahh, I understand now.
> It's not so much the fact that the file doesn't have the info, but
> that it's not in a format you can use right?
> That is easy to fix.
> Simply read in the file, and ignore all the fields except the one with
> the ip in it.
> I've not done this for a while, so give me a few days.  I'll generate
> some code for you to use.  I'm assuming bash is your shell?
> If not, I could work up something in perl for you to use.
> Drop me a line with a copy of the ipdeny file, and what you want it to
> look like when it's done, and I'll see what I can do.
>
>
> On May 19, 2007, at 6:20 PM, Littlefield, Tyler wrote:
>
> > I don't have an ip.deny file.
> > Second, I see: sshd: x.x.x.x and some more garble.
> > I don't think iptables would parse that very well, which was why I
> > wanted to
> > go through a loop and do it.
> > Thanks,
> > ----- Original Message -----
> > From: "Travis Siegel" <tsiegel@softcon.com>
> > To: "Speakup is a screen review system for Linux."
<speakup@braille.uwo.ca
> > >
> > Sent: Saturday, May 19, 2007 5:06 PM
> > Subject: Re: shell script request? possibly?
> >
> >
> >> If you want them in a file, why not just use the ip_deny file itself?
> >> Why do you need to put them in a different file?
> >>
> >>
> >> On May 19, 2007, at 5:29 PM, Littlefield, Tyler wrote:
> >>
> >>> hello list,
> >>> Could I possibly bauther someone to tell me how to do this?
> >>> I have little to no experience with ssh scripting at all.
> >>> My idea is this:
> >>> I want to take the ip addresses from /etc/hosts.deny and put them in
> >>> a file, or just do the following:
> >>> iptables -A INPUT -s x.x.x.x -j DROP
> >>> where x.x.x.x would be the IP found in the hosts.deny file.
> >>> I have a or will have a script in init.d that will add all the rules
> >>> to iptables when it starts, so the script can be executed.
> >>> Any help with this would be appriciated.
> >>> Thanks,
> >>> ~~TheCreator~~
> >>> _______________________________________________
> >>> Speakup mailing list
> >>> Speakup@braille.uwo.ca
> >>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> >>
> >>
> >> _______________________________________________
> >> Speakup mailing list
> >> Speakup@braille.uwo.ca
> >> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> >
> >
> > _______________________________________________
> > Speakup mailing list
> > Speakup@braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup



^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: shell script request? possibly?
         ` Littlefield, Tyler
@          ` Doug Sutherland
  0 siblings, 0 replies; 6+ messages in thread
From: Doug Sutherland @  UTC (permalink / raw)
  To: Speakup is a screen review system for Linux.

Regarding ip_deny perhaps what was meant was the 
hosts.deny and hosts.allow files. These only relate to
tcpwrappers, the tcpd or inetd daemons which can 
control port access. I personally think such "super"
daemons are dangerous and do not run them at all.
One process, inetd, or similar, has the ability to open
any or all ports, seems like a great possible target to
compromise a system.

Using hosts.deny is not equivalent to the iptables, 
which will drop packets at the firewall, I think 
Tyler's intention is a good one, better than deny 
by the tcpwrapper process.

> I don't have an ip.deny file


^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~ UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
 shell script request? possibly? Littlefield, Tyler
 ` Travis Siegel
   ` Littlefield, Tyler
     ` Travis Siegel
       ` Littlefield, Tyler
         ` Doug Sutherland

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).