0

I do have an output as shown below. My plan is to get the first column and do a if statement greater than n value it will get the IP second column and drop the connection. 

cat file| egrep "invalid|password" | egrep -v "Accepted|preauth" | awk '{print $13}' |sort | uniq -c

   6 61.177.172.35
4083 61.177.172.22
   3 69.28.94.192
  10 80.2.33.180

I can extract the first column and do the if statement but don't know how can attribute the value with a corresponding IP.

Rui F Ribeiro
  • 55,929
  • 26
  • 146
  • 227
hasslefree
  • 1
  • 4
  • What do you want to do with the `if` statement part ? Just print depending on `n` value ? If that's so, I think what you want can be done in just one awk line instead of several pipes – Sergiy Kolodyazhnyy Feb 02 '18 at 03:40
  • 1
    *"Can someone guide me on what is the best approach?"* Please **look into `iptables`** as you're reinventing the wheel. With iptables you can set up maximum connections per IP address quite easily; for a starting point, see https://unix.stackexchange.com/q/139285/135943 – Wildcard Feb 02 '18 at 03:47
  • @Wildcard thanks but I am not using iptables instead its firewall-cmd – hasslefree Feb 02 '18 at 05:32

1 Answers1

0

Try this : 

#!/bin/bash

value=1 # to be defined

egrep "invalid|password" file |
egrep -v "Accepted|preauth" |
awk '{print $13}' |
sort |
uniq -c | 
while read -r num ip; do
    if ((num > value)); then
        doSomethingWith "$ip"
    fi
done
Gilles Quénot
  • 31,569
  • 7
  • 64
  • 82