Last active
December 17, 2015 04:28
-
-
Save opendevnet/5550480 to your computer and use it in GitHub Desktop.
Find country of origin for systems wanting access to your shell accounts.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env perl | |
use 5.14.0 ; | |
use Geo::IP::PurePerl; | |
use autodie ; | |
my $gi = Geo::IP::PurePerl->new(GEOIP_STANDARD); | |
# /tmp/ips.txt is created from firewall | |
# rules and/or /var/log/auth.log with e.g. | |
# the following for various BSD systems: | |
# cd /var/log | |
# bzcat auth.log.0.bz2 | perl -anE 'say $F[8] if /not allowed/ & $F[8]=~/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/; '| uniq | |
# bzcat auth.log.0.bz2 | perl -anE 'say $F[11] if /Did not receive identification string/ ; '| uniq | |
# bzcat auth.log.0.bz2 | perl -'MRegexp::Common RE_ALL' -anE 'say $F[8] if /not allowed/ & $F[8] =~ /^$RE{net}{IPv4}$/;'| uniq | |
# | |
# Add comments below to create a complete implementation in perl :-) | |
open(my $iplist, "<", "/tmp/ips.txt"); | |
while(my $line = <$iplist>) { | |
chomp $line ; | |
# $line =~ s/^\s+//; s/\s*$// ; # or | |
$line =~ s/^\s+|\s+$//g; | |
# look up IP address from iplist | |
my $country = $gi->country_code_by_addr($line); | |
say "IP: ".$line." = ".$country ; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment