[LA.pm] Spam:***, Re: little help??
FamiLink Admin
webmaster at familink.com
Wed Sep 28 16:35:43 PDT 2005
Bob,
Thank you for the help (no hardness taken)!... This is what I have now
(below and this time the whole thing): I think I have include all that you
talked about but I am not sure what to do about:
>Paranoia time: are you certain that $log doesn't contain anything dangerous
>that will make the shell misbehave? Probably not, but if you're putting
>this in a CGI script that takes $log as a parameter, it's something you
>need to think about.
Also, the sub scanlog does write the information to the files but it does
not return anything back to the main program and I also get the error:
Use of uninitialized value in split at ./test.pl line 9.
Also, is there a better way of counting the number of times each IP address
gets blocked with category PO? Each time I get to the blocklimit it writes
to the file but I really just want the max number of blocks over the limit.
It will write the same IP each time it gets over the blocklimit though.
------------------------------------------------------------------------------
#!/usr/bin/perl -w
require Mail::Send;
$|=1; # no buffering
use constant IP_LIST_FILE => "/etc/squid/iplist.txt";
use constant SUSPEND_FILE => "/etc/squid/SuspendIpList.txt";
use constant LOG_FILE => "/opt/n2h2/logs/filter_log";
my $sysop = "webmaster\@familink.com";
my $flag = "PO";
my $hour = (split, localtime)[2];
my $blocklimit = 5;
my $matches = 0;
my $matched = 0;
{
($matched,$ip,$hour,$time,$category,$url) =
&Scanlog($flag,$hour,$blocklimit,$matches,);
if($matched > $blocklimit){
$msg = new Mail::Send Subject=>'SuspendIpList', To=>"$sysop";
$fh = $msg->open;
print $fh "Someone has tried to access $matches banned sites
today\n";
print $fh "Their IP address ($ip) has been added to
/etc/squid/SuspendIpList.txt\n";
print $fh "To unblock them, remove their entry from the file and
run squid -k reconfigure\n";
print $fh "$matches, $ip, $hour, $time, $category, $url\n";
$fh->close; # complete the message and send it
$matched = 0;
}
else{
open my $output2, ">", SUSPEND_FILE or die "Can't write
@{[SUSPEND_FILE]}: $!";
print $output2 "10.0.0.252/32\n";
close $output2;
}
}
sub Scanlog {
my ($flag,$hour,$blocklimit,$matches,)=@_;
open my $slog, "-|", "tail -n 25000 @{[LOG_FILE]}" or die "Unable
to open $log:$!\n";
open my $output, ">", IP_LIST_FILE or die "Can't write
@{[IP_LIST_FILE]}: $!";
open my $output2, ">", SUSPEND_FILE or die "Can't write
@{[SUSPEND_FILE]}: $!";
while (my $line = <$slog>){ # assigns each line in turn to $line
#use an array slice to select the fields we want
my ($time, $ip, $url, $category) = (split " ", $line)[1,4,7,10];
my ($hr) = split /:/, $time;
if($flag eq $category and $hr eq $hour){
$matches += 1 ;
}
if($matches > $blocklimit){
print $output "$matches, $ip, $hour, $time, $category,
$url\n";
print $output2 "$ip/32\n";
$matched = $matches;
$matches = 0;
}
}
close $output;
close $output2;
return($matched,$ip,$hour,$time,$category,$url);
}
------------------------------------------------------------------
Ryan Lamberton
----- Original Message -----
From: "Bob Mathews" <bobmath at sbcglobal.net>
To: "FamiLink Admin" <webmaster at familink.com>
Cc: <losangeles-pm at pm.org>
Sent: Wednesday, September 28, 2005 2:07 PM
Subject: Spam:***, Re: [LA.pm] little help??
On Sep 28, 2005, at 10:14 AM, FamiLink Admin wrote:
> while (<$slog>){ # assigns each line in turn to $_
Oh, one other thing. Best practice dictates that you do a
local $_;
before assigning to $_, even the implicit assignment in a while loop.
(This is not needed with a foreach loop, because those do their own
localization.) That's kind of ugly, though, so if I want my code to be
pretty I just forgo the implicit $_ and write something like this:
while (my $line = <$slog>) { ... }
I got an off-list reply that thought I was being a little too hard on
you. Didn't really mean to be that way, so sorry if it seemed that way.
Good luck with your perl hacking!
-bob
More information about the Losangeles-pm
mailing list