Tsukiji Systems
RSS1.0


googleで
サイト内検索
このブログ
を検索!
  help

巻き戻し中。

2012年
3月
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31


2012-03-04(日) 久しぶりに [長年日記]

_ 更新ですよw

2週間ぶり。

また、少しずつ巻き戻して追記するかも。

_ PC clamav-milter

去年の5月にclamav-milterの0.95以降に対応するためのツールを作ったけど、仕様変更。

どういう訳か最初のトリガをspamassassinの[SPAM]ってSubjectをアテにしてた。

正しく「qquarantined by clamav-milter」で引っ掛けて移動。

【こんな感じ】

#!/bin/sh
##################################################################
# This is tool for Clam-AV/Clam-milter to count by tools.
# V1.10 2012.03.04
##################################################################
BASEDIR="/var/spool/mqamavis"
DISTDIR="/var/spool/quarantine"
YEAR_LONG=`date +%Y`
YEAR_SHORT=`date +%y`
if [ ! -d $BASEDIR/done ];then
mkdir $BASEDIR/done
fi
cd $BASEDIR
# grep 'Subject: \[SPAM\]' hf* | awk -F: '{print $1}' |awk '{
grep -H 'qquarantined by clamav-milter' hf* | awk -F: '{print $1}' |awk '{
printf $1" ";system("grep ''H??Date:'' "$1);\
printf "";system("grep ''\"X-Virus-Status: Infected\"'' "$1)}' | awk '{if ( NF == 8) {printf $0;NR = NR + 1};\
 if ( $2 == "Infected" ) {print " "$3}}' | awk '{\
if ( $5 == "Dec" ) {MONN = "12"};if ( $5 == "Nov" ) {MONN = "11"};if ( $5 == "Oct" ) {MONN = "10"};\
if ( $5 == "Sep" ) {MONN = "09"};if ( $5 == "Aug" ) {MONN = "08"};if ( $5 == "Jul" ) {MONN = "07"};\
if ( $5 == "Jun" ) {MONN = "06"};if ( $5 == "May" ) {MONN = "05"};if ( $5 == "Apr" ) {MONN = "04"};\
if ( $5 == "Mar" ) {MONN = "03"};if ( $5 == "Feb" ) {MONN = "02"};if ( $5 == "Jan" ) {MONN = "01"};\
printf $1" ";printf "%02s", $4;print" "MONN" "$6" "$9}' | awk -F'(' '{print $1" "$2}' | awk -F')' '{\
print $1" "$2}' | /usr/local/bin/gawk '{printf $0;printf substr($1,4)" ";printf substr($4,3);print "\n"}' >$BASEDIR/file_list
# cat file_list
awk '{print $4}' $BASEDIR/file_list |sort -u | awk -v DISTDIR=`echo $DISTDIR` '{if ($1 != "" ) {\
print "if [ ! -d "DISTDIR"/"$1" ];then\nmkdir "DISTDIR"/"$1"\n fi"} }' > $BASEDIR/mkdir-year.sh
/bin/sh $BASEDIR/mkdir-year.sh
awk -v DISTDIR=`echo $DISTDIR` -v BASEDIR=`echo $BASEDIR` -v YEAR_LONG=`echo $YEAR_LONG` '{if ($1 != "" ) {\
if ($4 != YEAR_LONG) {\
print "if [ ! -d "DISTDIR"/"$4"/"$7$3$2" ]; then\n mkdir "DISTDIR"/"$4"/"$7$3$2"\nfi";\
print "cat "BASEDIR"/"$1" >"DISTDIR"/"$4"/"$7$3$2"/m"$6"."$5;\
print "cat "BASEDIR"/d\?\?"$6" >>"DISTDIR"/"$4"/"$7$3$2"/m"$6"."$5;\
print "mv "BASEDIR"/"$1" "BASEDIR"/done";\
print "mv "BASEDIR"/d\?\?"$6" "BASEDIR"/done";\
print "\n"} \
else {print "if [ ! -d "DISTDIR"/"$7$3$2" ]; then\n mkdir "DISTDIR"/"$7$3$2"\nfi";\
print "cat "BASEDIR"/"$1" >"DISTDIR"/"$7$3$2"/m"$6"."$5;\
print "cat "BASEDIR"/d\?\?"$6" >>"DISTDIR"/"$7$3$2"/m"$6"."$5;\
print "mv "BASEDIR"/"$1" "BASEDIR"/done";\
print "mv "BASEDIR"/d\?\?"$6" "BASEDIR"/done";\
print "\n"} \
}}' $BASEDIR/file_list > $BASEDIR/process.sh
# cat $BASEDIR/process.sh
/bin/sh $BASEDIR/process.sh
rm $BASEDIR/file_list
rm $BASEDIR/mkdir-year.sh
rm $BASEDIR/process.sh

_ PC ブラックリスト

sshのブルートフォース系のブラックリスト、そろそろ他にも使えるようにしてみようか。

ずっと蓄積するだけじゃアレなので、レコードに期限付けてみるとか?

まぁ、ちょっと考えるかね。



アクセスカウンター!
累計:
本日:
昨日:
最近のツッコミ