Forum: Ruby Getting info from array

Hello there.
I would like to make script that gets failed logging attempt ip, when it
count that ip tried logging more than 5 times in row script will write 
new
block rule with that ip to ipfilter in freebsd 8.
So I like to manage this by getting each line of file with logging 
attempts
to arrays ( it makes array in array). I have a little problem with
obtaining array with word "Failed" and passing it to new array with ip's
that i would like to block. Next I get every 13th element (which is ipv6
address) and write new rule after counting it with hash.
Can someone show me how to make it happend?

CODE:
#!/usr/local/bin/ruby19
filename = '/var/log/auth.log'
falo = String.new
File.open(filename) { |f| falo = f.read }
words = falo.split('\n')

$ ruby19 -v
ruby 1.9.3p327 (2012-11-10 revision 37606) [amd64-freebsd8]
$ uname -a
FreeBSD mc.pl.eu.org 8.3-STABLE FreeBSD 8.3-STABLE #0 r130: Mon Apr 23
17:41:20 IRKST 2012
root@freebsd8-amd64.ispsystem.net:/root/src/roman-sys/amd64/compile/ISPSYSTEM
 amd64

thanks in advance
Krzysztof Kowalski

On Sat, Dec 8, 2012 at 7:35 PM, Krzysztof Kowalski <krisik28@gmail.com> 
wrote:
>
> FreeBSD mc.pl.eu.org 8.3-STABLE FreeBSD 8.3-STABLE #0 r130: Mon Apr 23
> 17:41:20 IRKST 2012
> root@freebsd8-amd64.ispsystem.net:/root/src/roman-sys/amd64/compile/ISPSYSTEM
> amd64
>
> thanks in advance
> Krzysztof Kowalski

see fail2ban

I know that there is fail2ban but i would like to achieve it by my self 
:)

2012/12/9 tamouse mailing lists <tamouse.lists@gmail.com>

> I have a little problem with obtaining array with word "Failed"
> and passing it to new array with ip's that i would like to block.

I am not sure what you want.

Your description is difficult to read.

If you need to scan for matches with the word Failed, try
.grep or .scan - these can give you the matches you want
to find.

http://ruby-doc.org/core-1.9.3/Enumerable.html#method-i-grep

Specific example see here:

  http://stackoverflow.com/questions/3937431/how-to-...

On Sun, Dec 9, 2012 at 5:50 AM, Krzysztof Kowalski <krisik28@gmail.com> 
wrote:
>> > new
>> >
>> > FreeBSD mc.pl.eu.org 8.3-STABLE FreeBSD 8.3-STABLE #0 r130: Mon Apr 23
>
I meant go look at the fail2ban code :) (also, bottom post, please?)

Hello,

On 9 Δεκ 2012, at 12:50 , Krzysztof Kowalski <krisik28@gmail.com> wrote:

> > array with word "Failed" and passing it to new array with ip's that i would
> >
>
> see fail2ban
>
>


You don't really need fail2ban, you can use 'pf' to archive this easily 
under FreeBSD.

However sometime ago I wrote a script that gets stats from fail2ban, I'm 
sure you can do what you want by taking a look at the code[1].

Also, posting your domain name in mailing lists is not a good idea.

Cheers :-)



Panagiotis (atmosx) Atmatzidis

email:  atma@convalesco.org
URL:  http://www.convalesco.org
GnuPG ID: 0xE736C6A0
gpg --keyserver x-hkp://pgp.mit.edu --recv-keys 0xE736C6A0

On 10 Δεκ 2012, at 08:54 , Panagiotis Atmatzidis <atma@convalesco.org> 
wrote:

>> > count that ip tried logging more than 5 times in row script will write new
>> > filename = '/var/log/auth.log'
>> > amd64
>
> email:  atma@convalesco.org
> URL:  http://www.convalesco.org
> GnuPG ID: 0xE736C6A0
> gpg --keyserver x-hkp://pgp.mit.edu --recv-keys 0xE736C6A0
> --
> The wise man said: "Never argue with an idiot. They bring you down to their 
level and beat you with experience."
>


sorry here's the link [1] 
https://github.com/atmosx/f2bread/blob/master/f2bread.rb

Panagiotis (atmosx) Atmatzidis

email:  atma@convalesco.org
URL:  http://www.convalesco.org
GnuPG ID: 0xE736C6A0
gpg --keyserver x-hkp://pgp.mit.edu --recv-keys 0xE736C6A0

On Sun, Dec 9, 2012 at 2:35 AM, Krzysztof Kowalski <krisik28@gmail.com> 
wrote:
>
> CODE:
> #!/usr/local/bin/ruby19
> filename = '/var/log/auth.log'
> falo = String.new

That String creation is superfluous since the reference will be
overwritten anyway.  You can instead do

falo = File.open(filename) { |f| f.read }

> File.open(filename) { |f| falo = f.read }
> words = falo.split('\n')

words actually holds lines.

The whole code can be condensed to

words = File.readlines(filename).each(&:chomp!)

or

words = File.foreach(filename).map(&:chomp)

Kind regards

robert