deployment-web/roles/deploy-web/files/blacklist.sh

#!/bin/bash
MAIL=/tmp/mail
SERVER_LOG=/var/log/nginx
HOST=($(cat /etc/sentinel/virtualhost))
BLACKLIST=/etc/sentinel/blacklist
EXCLUDE=/etc/sentinel/exclude
SENDER=/etc/sentinel/ip
SSH=$(cat /etc/sentinel/ssh_port)
IP=$(hostname -I |awk '{print $1}')
chain_count=$(/usr/sbin/iptables -L BLACKLIST -n | wc -l)
if [ ${chain_count} -eq 0 ]; then
	bash /usr/local/bin/sentinel/refill_blacklist.sh
fi

list_sender=($(cat ${SENDER}))

for i in ${list_sender[@]}
do
	if [ -f /tmp/blacklist_${i} ]; then
		count_ip=$(cat ${BLACKLIST} /tmp/blacklist_${i} |grep -f ${EXCLUDE} -v |sort |uniq -ui |wc -l) 
		cat ${BLACKLIST} /tmp/blacklist_${i} |grep -f ${EXCLUDE} -v |sort |uniq -u >> ${BLACKLIST}
		if [ ${count_ip} -ne 0 ]; then
			bash /usr/local/bin/sentinel/refill_blacklist.sh
		fi
	fi
done

for i in ${HOST[@]}
do
	log_access=${SERVER_LOG}/${i}_access.log
	tail -n 50 $log_access | awk -F "|" '{ if($2 == "400" || $2 == "404") print $0}' > /tmp/error_$i
	cat /tmp/error_$i | awk -F "|" '{ if($2 == "404") print $1}' > /tmp/404_$i
	cat /tmp/error_$i | awk -F "|" '{ if($2 == "400") print $1}' > /tmp/400_$i
	cat /tmp/404_$i | sort | uniq -c | awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_404
	cat /tmp/400_$i |sort | uniq -c |awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_400
	count=$(cat /tmp/blacklist_404 /tmp/blacklist_400 |grep -f ${BLACKLIST} -v |grep -f ${EXCLUDE} -v |sort |uniq |wc -l)
	if [ ${count} -ne 0 ]; then
		echo "Nouvelle IP blacklisté" > ${MAIL}
		list_ip=($(cat /tmp/blacklist_400 /tmp/blacklist_404 |grep -f ${BLACKLIST} -v  |grep -f ${EXCLUDE} -v |sort |uniq))
		for j in ${list_ip[@]}
		do
			echo ${j} >> ${MAIL}
			curl http://ipinfo.io/${j} >> ${MAIL}
			echo "" >> ${MAIL}
			cat /tmp/error_$i | grep ${j} >> ${MAIL} 
			echo "" >> ${MAIL}
			echo ${j} >> ${BLACKLIST}
			/usr/sbin/iptables -A BLACKLIST -s ${j} -j DROP
		done
		for j in ${list_sender}
		do
			scp -i /home/valentin/.ssh-blacklist/id_rsa -P ${SSH} ${BLACKLIST} blacklist_user@${j}:/tmp/blacklist_${IP}
		done
		echo "IP dejà blacklisté : " >> ${MAIL}
		cat ${BLACKLIST} >> ${MAIL}
		cat ${MAIL} |mail -s "Blacklist IP ${i}" valczebackup@gmail.com
	fi
done
add blacklist sh 2023-01-25 20:09:19 +01:00			`#!/bin/bash`
			`MAIL=/tmp/mail`
			`SERVER_LOG=/var/log/nginx`
			`HOST=($(cat /etc/sentinel/virtualhost))`
variable files blacklist 2023-02-02 23:35:06 +01:00			`BLACKLIST=/etc/sentinel/blacklist`
add exclude ip 2023-03-04 10:53:37 +01:00			`EXCLUDE=/etc/sentinel/exclude`
multi-clustering blacklist 2023-03-12 22:36:59 +01:00			`SENDER=/etc/sentinel/ip`
			`SSH=$(cat /etc/sentinel/ssh_port)`
			`IP=$(hostname -I \|awk '{print $1}')`
fix path iptables executable 2023-03-03 19:45:51 +01:00			`chain_count=$(/usr/sbin/iptables -L BLACKLIST -n \| wc -l)`
remove if 2023-02-28 11:04:30 +01:00			`if [ ${chain_count} -eq 0 ]; then`
			`bash /usr/local/bin/sentinel/refill_blacklist.sh`
			`fi`

multi-clustering blacklist 2023-03-12 22:36:59 +01:00			`list_sender=($(cat ${SENDER}))`

			`for i in ${list_sender[@]}`
			`do`
			`if [ -f /tmp/blacklist_${i} ]; then`
			`count_ip=$(cat ${BLACKLIST} /tmp/blacklist_${i} \|grep -f ${EXCLUDE} -v \|sort \|uniq -ui \|wc -l)`
			`cat ${BLACKLIST} /tmp/blacklist_${i} \|grep -f ${EXCLUDE} -v \|sort \|uniq -u >> ${BLACKLIST}`
			`if [ ${count_ip} -ne 0 ]; then`
			`bash /usr/local/bin/sentinel/refill_blacklist.sh`
			`fi`
			`fi`
			`done`

remove if 2023-02-28 11:04:30 +01:00			`for i in ${HOST[@]}`
			`do`
			`log_access=${SERVER_LOG}/${i}_access.log`
			`tail -n 50 $log_access \| awk -F "\|" '{ if($2 == "400" \|\| $2 == "404") print $0}' > /tmp/error_$i`
			`cat /tmp/error_$i \| awk -F "\|" '{ if($2 == "404") print $1}' > /tmp/404_$i`
			`cat /tmp/error_$i \| awk -F "\|" '{ if($2 == "400") print $1}' > /tmp/400_$i`
			`cat /tmp/404_$i \| sort \| uniq -c \| awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_404`
			`cat /tmp/400_$i \|sort \| uniq -c \|awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_400`
add redirect page 2023-03-08 20:40:22 +01:00			`count=$(cat /tmp/blacklist_404 /tmp/blacklist_400 \|grep -f ${BLACKLIST} -v \|grep -f ${EXCLUDE} -v \|sort \|uniq \|wc -l)`
remove if 2023-02-28 11:04:30 +01:00			`if [ ${count} -ne 0 ]; then`
			`echo "Nouvelle IP blacklisté" > ${MAIL}`
add exclude ip 2023-03-04 10:53:37 +01:00			`list_ip=($(cat /tmp/blacklist_400 /tmp/blacklist_404 \|grep -f ${BLACKLIST} -v \|grep -f ${EXCLUDE} -v \|sort \|uniq))`
remove if 2023-02-28 11:04:30 +01:00			`for j in ${list_ip[@]}`
			`do`
			`echo ${j} >> ${MAIL}`
			`curl http://ipinfo.io/${j} >> ${MAIL}`
			`echo "" >> ${MAIL}`
			`cat /tmp/error_$i \| grep ${j} >> ${MAIL}`
			`echo "" >> ${MAIL}`
			`echo ${j} >> ${BLACKLIST}`
fix path iptables executable 2023-03-03 19:45:51 +01:00			`/usr/sbin/iptables -A BLACKLIST -s ${j} -j DROP`
remove if 2023-02-28 11:04:30 +01:00			`done`
multi-clustering blacklist 2023-03-12 22:36:59 +01:00			`for j in ${list_sender}`
			`do`
			`scp -i /home/valentin/.ssh-blacklist/id_rsa -P ${SSH} ${BLACKLIST} blacklist_user@${j}:/tmp/blacklist_${IP}`
			`done`
remove if 2023-02-28 11:04:30 +01:00			`echo "IP dejà blacklisté : " >> ${MAIL}`
			`cat ${BLACKLIST} >> ${MAIL}`
			`cat ${MAIL} \|mail -s "Blacklist IP ${i}" valczebackup@gmail.com`
add blacklist sh 2023-01-25 20:09:19 +01:00			`fi`
remove if 2023-02-28 11:04:30 +01:00			`done`
gestion des process 2023-02-26 22:28:47 +01:00