Update 20.md

matt-kita · web-flow · commit c031d7ff8ca6 · 2025-02-19T20:44:11.000+01:00
Improved topattack script with additional coments in code.
diff --git a/docs/20.md b/docs/20.md
@@ -69,19 +69,41 @@ Once you're happy with a script, and want to have it easily available, you'll pr
 
 You can expand this script so that it requires a parameter and prints out some syntax help when you don't give one. There are a few new tricks in this, so it's worth studying:
 
-     #
-     ##   topattack - list the most persistent attackers
-     #
-     if [ -z "$1" ]; then
-     echo -e "\nUsage: `basename $0` <num> - Lists the top <num> attackers by IP"
-     exit 0
-     fi
-     echo " "
-     echo "Persistant recent attackers"
-     echo " "
-     echo "Attempts      IP "
-     echo "-----------------------"
-     grep "Disconnected from authenticating user root" /var/log/auth.log|cut -d: -f 4 | cut -d" " -f7|sort |uniq -c |sort -nr |head -$1
+```
+#!/usr/bin/env bash
+#
+#   topattack - list the most persistent attackers
+#
+# Ensure "graceful exit" in case the script was sourced.
+if [[ ${BASH_SOURCE[0]} != "$0" ]]; then
+        echo "Don't source this file. Execute it.";
+        return 1;
+fi;
+# Display usage hint if the script was executed with no/invalid argument.
+if [[ -z "$1" ]] || [[ ! "$1" =~ ^[0-9]+$ ]] || (( $1 < 1 )); then
+        echo -e "\nUsage:\n\t$(basename "${BASH_SOURCE:-$0}") <NUM>";
+        echo "Lists the top <NUM> attackers by their IP address.";
+        echo -e "(<NUM> can only be a natural number)\n";
+        exit 0;
+fi;
+# Make sure the log file is available for parsing by this user.
+if [[ ! -f "/var/log/auth.log" ]] || [[ ! -r "/var/log/auth.log" ]]; then
+        echo -e "\nI could not read the log file: '/var/log/auth.log'\n";
+        exit 2;
+fi;
+# Use 'cat' command and "here document" to avoid repeated 'echo' commands.
+cat << _EndOfHeader_
+
+Top $1 persistent recent attackers
+
+Attempts      IP
+-----------------------
+_EndOfHeader_
+# Too long command pipelines can be spanned over multiple lines with \
+# followed immediately by a newline character (i.e. ENTER, RETURN, '\n')
+grep 'Disconnected from authenticating user root' "/var/log/auth.log" \
+ | cut -d':' -f 4 | cut -d' ' -f 7 | sort | uniq -c | sort -nr | head -n "$1";
+```
 
 Again, use vim to create `"topattack"`, `chmod` to make it executable and `mv` to move it into _/usr/local/bin_ once you have it working correctly.
 
