Crontab
I placed the below script in /root/scripts
I can run the script manually from scripts folder by typing: source proxyban.sh
#!/bin/bash
IPTABLES_TARGET="DROP"
IPTABLES_CHAINNAME="TOR"
WORKING_DIR="/tmp/"
# get IP address of eth0 network interface
IP_ADDRESS=$(ifconfig eth0 | awk '/inet addr/ {split ($2,A,":"); print A[2]}')
if ! iptables -L "$IPTABLES_CHAINNAME" -n >/dev/null 2>&1 ; then #If chain doesn't exist
iptables -N "$IPTABLES_CHAINNAME" >/dev/null 2>&1 #Create it
fi
cd $WORKING_DIR
wget -q -O - http://proxy.org/tor_blacklist.txt -U NoSuchBrowser/1.0 > temp_tor_list1
sed -i 's|RewriteCond %{REMOTE_ADDR} \^||g' temp_tor_list1
sed -i 's|\$.*$||g' temp_tor_list1
sed -i 's|\\||g' temp_tor_list1
sed -i 's|Rewrite.*$||g' temp_tor_list1
wget -q -O - "https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$IP_ADDRESS&port=80" -U NoSuchBrowser/1.0 > temp_tor_list2
wget -q -O - "https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$IP_ADDRESS&port=5746" -U NoSuchBrowser/1.0 >> temp_tor_list2
sed -i 's|^#.*$||g' temp_tor_list2
iptables -F "$IPTABLES_CHAINNAME"
CMD=$(cat temp_tor_list1 temp_tor_list2 | uniq | sort)
for IP in $CMD; do
let COUNT=COUNT+1
iptables -A "$IPTABLES_CHAINNAME" -s $IP -j $IPTABLES_TARGET
done
iptables -A "$IPTABLES_CHAINNAME" -j RETURN
rm temp_tor*
In /root/scripts I type: nano proxyban.cron
I enter: 0 */2 * * * /root/scripts/proxyban
There is a proxyban.cron file in scripts folder now, but the script doesn’t run every two hours.
Also can it be made to write to a log when it runs so I can tell as I don’t have email setup on the server?
Thanks
7 Replies
# export EDITOR=nano
# export VISUAL=nano
Then edit your crontab by running crontab -e - this will start up your editor. Type in the line that you saved in proxyban.cron. Save the file and exit the editor.
You can use crontab -l (that's a lowercase L) to see the current contents of your crontab. You will probably have to use chmod a+x /root/scripts/proxyban to make your script executable (I can't remember if cron cares about this or not).
To make sure the job is running, you can check the log file /var/log/cron.log. This will show all jobs that have been run but not the output of your cron jobs. To capture the results of the cron job, you need to redirect its output somewhere, for example with a crontab line like:
0 */2 * * * /root/scripts/proxyban >> /path/to/log/file 2>&1
I would recommend adding a date command to the beginning of your script, otherwise you'll have no idea which run the output belongs to.
You don't have to do this, but if you don't, there's a good chance you'll end up getting vi* to edit your crontab. Not that there's anything wrong with that.
crontab -e brings up GNU nano 2.2.4
I hit Inset on the keyboard.
I type in: 0 */2 * * * /root/scripts/proxyban
I get this error: [ "0 */2 * * * /root/scripts/proxyban" not found ]
I also tried: 0 */2 * * * /root/scripts/proxyban.sh
I get this error: [ "0 */2 * * * /root/scripts/proxyban.sh" not found ]
@sarah:
I hit Inset on the keyboard.
The Insert key is not useful here. When you run crontab -e and the nano editor starts, simply type in the crontab line. Use Ctrl-x to exit nano.
/root/scripts
/etc/cron.d
/etc/cron.daily
/etc/cron.hourly
/etc/cron.monthly
/etc/cron.weekly
I did Google and read that i could put the script in /etc/cron.hourly and it would run hourly so I did that.
I do see the below entries in var/log/syslog each hour so i guess its running?
Jul 23 08:17:01 /USR/SBIN/CRON[24761]: (root) CMD ( cd / && run-parts –report /etc/cron.hourly)
Jul 23 09:17:01 /USR/SBIN/CRON[24782]: (root) CMD ( cd / && run-parts –report /etc/cron.hourly)
Jul 23 10:17:01 /USR/SBIN/CRON[24842]: (root) CMD ( cd / && run-parts –report /etc/cron.hourly)
I guess every hour is ok though i wanted it to run every two.
Thanks for taking the time to help a newbie.
Yes, as you noted you can put the script in cron.hourly and have it run every hour. Note that if the filename has characters other than upper and lower case letters, digits, underscores, and hyphens it will probably be ignored. See the man page for run-parts.
Sorry for any confusion about the log files. I was looking at an Ubuntu system and assumed logs on Debian were organized the same way. Your syslog shows that the hourly run-parts job is running, but does not give the details or show the output of the script.
You could alter your script to make it log its output to a file you specify. Place the following line at the beginning of the script, after the #!/bin/bash line:
exec 1>> /path/to/log/file 2>&1
I created a new folder in scripts folder called: proxylog with permissions 0755
I created a blank file called proxy.log with permmisions 0755
I removed the script from cron.hourly and placed it back in the /root/scripts folder
and crontab –e does show that the cron was created.
below #!/bin/bash
I added this to the script: exec 1>> /root/scripts/proxylog/proxy.log 2>&1
Nothing is being written to the file.
It does log to file when I run it manually. I will be away for a week or two and will try to sort it more and report back.
Thanks for all the help so far.