0
I'm using a Script that would automatically do a dump of the attack as soon as it exceeds a threshold. The scripts looks like the following:
interface=eth0
dumpdir=/tmp/
while /bin/true; do
pkt_old=`grep $interface: /proc/net/dev | cut -d : -f2 | awk '{ print $2 }'`
sleep 1
pkt_new=`grep $interface: /proc/net/dev | cut -d : -f2 | awk '{ print $2 }'`
pkt=$(( $pkt_new - $pkt_old ))
echo -ne "\r$pkt packets/s\033[0K"
if [ $pkt -gt 10000 ]; then
echo -e "\n`date` Under attack, dumping packets."
tcpdump -nn -s0 -c 2000 -w $dumpdir/dump.`date +"%Y%m%d-%H%M%S"`.cap
echo "`date` Packets dumped, sleeping now."
sleep 300
fi
done
I want the same Script to send an Email to a specified address to notify the Admin if the server was attacked. How should we achieve this?
Asad Moeen
Posted 2013-08-16T18:17:18.823
Reputation: 357
1man mail: mail -s "Subejct" <Text> <User> – l1zard – 2013-08-16T18:23:59.680
I tried "echo Hey | mail -s Test Test@mail.com" but nothing was received. – Asad Moeen – 2013-08-16T18:33:14.423
In /var/mail/mail I got this " Mailing to remote domains not supported" – Asad Moeen – 2013-08-16T18:35:07.243
@AsadMoeen Then please delete this question or provide your own answer and mark it as accepted, if you do not it will keep popping to the front page as a open question with no accepted answer. – Scott Chamberlain – 2013-08-16T22:09:25.580