Archive for July, 2009

grep in real time

July 1, 2009 4 comments

By combining tail and grep you can achieve something pretty cool. First let’s write this simple bash script:

[ $# -lt 2 ] && echo "$0 file \"pattern\"" && exit 0
tail -f $1|while read line; do echo $line|egrep --color "$2"; done

Save it as flowgrep, make it executable:

chmod +x flowgrep

The syntax is very easy, just ./flowgrep <log_file> <pattern>. Let’s monitor a growing log file for numbers:

./flowgrep event.log [0-9]+

This will output lines containing at least one 1-digit number and the number(s) will be in red. To terminate the script simply press Ctrl + C

Sample output:

123 is a good number

July 4th is a few days away.

I feel it’s 82 degrees right now.


Note: if pattern contains space(s), use double quotations (“) to enclose it. for example:

./flowgrep /var/log/messages "Too many login failures"

Categories: Bash, linux, Tip

Beautify your code with pygments

July 1, 2009 1 comment

Ever wonder how I colour-coded my code blocks with colours? CSS? That’s almost right. WordPress does not support css customisation for standard accounts, but you can get around with this limitation by using inline css. Here’s a good post talking about this technique:

Inspired by that post, here’s how I do to make my snippets colourful:
1. Download Pygments from [ the .tar.gz file. The pygments site seems to be down at this moment ]
2. Untar it and install it as root

tar xzf Pygments-1.0.tar.gz
cd Pygments-1.0
sudo python install

3. After the installation you are ready to style your code. Some examples:

pygmentize -f html -O noclasses
  outputs css-lized html to the screen
pygmentize -f html -O noclasses -l bash myscript
  outputs css-lized html to the screen, option -l bash is used to specify which lexer to use
pygmentize -f html -O noclasses -o myprog.html
  outputs css-lized html to file myprog.html

4. Copy and paste the html code from above step into the code block in your post. Preview it if needed. Then publish.

Categories: css, html, Tip

Stop ftp brute force attacks using simple bash script

July 1, 2009 1 comment

In one of the servers I am managing I’ve noticed a lot of ftp login attempts recently (server is running ncftp). The pattern of login failures is pretty straightforward hence I’m using tail -f combined with grep to monitor /var/log/messages real-time and add the bad ips to /etc/hosts.deny as soon as attacks are detected. It’s also a good idea to lower the maximum number of failure thread-hold in Ncftpd. This script has been tested on OpenSuSE but it should run with none or little modification on other Linux systems. Here’s the code, don’t forget to change the admin’s email address.


    while read line; do
    grep -q $line $DENY
    if [ $? -ne 0 ]; then
        if [ $DEBUG == 1 ]; then
            echo "will append $line to $DENY"
            echo "ALL:$line">>$DENY
            [ -n "$ADMIN" ] && echo $line | \
            mail -s "ftp attacks `hostname -f`:action taken" $ADMIN
    #change ALL to NcFTPd to block FTP access

tail -f $LOG|while read line; do echo $line |grep "Too many login failures from"|\
 awk 'BEGIN{FS="[ ;]+"} {print $11}'|ACTION; done &