The purpose of this exercise is to write a number of for loops to be able to understand how to implement them effectively.
1. Create a script called defense.sh in /opt/scripts
The purpose of the script is to configure the firewall to drop known zombie networks.
[sourcecode language=”bash”]
#!/bin/bash
IP=/opt/scripts/banned
for i in $(awk ‘{print}’ < "$IP" )
do
echo $i
iptables -A INPUT -p tcp -s $i -j DROP
done
exit 0
[/sourcecode]
The script takes a list of IP Addresses in a file and uses awk to print each IP from the file into the variable $i. Then an iptables command employs the “$i” variable to drop each of the IP Addresses on the INPUT chain. The “-p tcp” limits the drop to TCP protocol and the “-s” indicates the source. The IP is dropped with the jump “-j” to DROP.
Create a file with known zombie networks. This file is actually maintained by Spamhaus.org (http://www.spamhaus.org/xbl/). This is a short sample.
banned file with IPs
24.190.78.101
38.101.148.126
41.206.45.202
58.0.0.0/8
59.107.0.0/17
59.108.0.0/15
59.110.0.0/15
59.151.0.0/17
59.155.0.0/16
59.172.0.0/15
Test the script output with :
iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all – 0.0.0.0/0 0.0.0.0/0
DROP tcp – 24.190.78.101 0.0.0.0/0
DROP tcp – 38.101.148.126 0.0.0.0/0
DROP tcp – 41.206.45.202 0.0.0.0/0
DROP tcp – 58.0.0.0/8 0.0.0.0/0
DROP tcp – 59.107.0.0/17 0.0.0.0/0
DROP tcp – 59.108.0.0/15 0.0.0.0/0
DROP tcp – 59.110.0.0/15 0.0.0.0/0
DROP tcp – 59.151.0.0/17 0.0.0.0/0
DROP tcp – 59.155.0.0/16 0.0.0.0/0
DROP tcp – 59.172.0.0/15 0.0.0.0/0
2. List executable files in a directory, create a file called dir.sh
[sourcecode language=”bash”]
#!/bin/bash
for i in *
do
if [ -f "$i" -a -x "$i" ]
then
echo "Executable file $i "
fi
done
[/sourcecode]
This script will list executable files in a directory. Note the for loop will loop through all files and only print those which are files “-f” and “-a” are executable “-x”.