2023-01-25 20:09:19 +01:00
|
|
|
#!/bin/bash
|
|
|
|
|
MAIL=/tmp/mail
|
|
|
|
|
SERVER_LOG=/var/log/nginx
|
|
|
|
|
HOST=($(cat /etc/sentinel/virtualhost))
|
2023-02-02 23:35:06 +01:00
|
|
|
BLACKLIST=/etc/sentinel/blacklist
|
2023-02-26 22:28:47 +01:00
|
|
|
|
2023-02-04 18:38:19 +01:00
|
|
|
|
2023-02-28 11:04:30 +01:00
|
|
|
chain_count=$(iptables -L BLACKLIST -n | wc -l)
|
|
|
|
|
if [ ${chain_count} -eq 0 ]; then
|
|
|
|
|
bash /usr/local/bin/sentinel/refill_blacklist.sh
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
for i in ${HOST[@]}
|
|
|
|
|
do
|
|
|
|
|
log_access=${SERVER_LOG}/${i}_access.log
|
|
|
|
|
tail -n 50 $log_access | awk -F "|" '{ if($2 == "400" || $2 == "404") print $0}' > /tmp/error_$i
|
|
|
|
|
cat /tmp/error_$i | awk -F "|" '{ if($2 == "404") print $1}' > /tmp/404_$i
|
|
|
|
|
cat /tmp/error_$i | awk -F "|" '{ if($2 == "400") print $1}' > /tmp/400_$i
|
|
|
|
|
cat /tmp/404_$i | sort | uniq -c | awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_404
|
|
|
|
|
cat /tmp/400_$i |sort | uniq -c |awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_400
|
|
|
|
|
count=$(cat /tmp/blacklist_404 /tmp/blacklist_400 |grep -f ${BLACKLIST} -v |sort |uniq |wc -l)
|
|
|
|
|
if [ ${count} -ne 0 ]; then
|
|
|
|
|
echo "Nouvelle IP blacklisté" > ${MAIL}
|
|
|
|
|
list_ip=($(cat /tmp/blacklist_400 /tmp/blacklist_404 |grep -f ${BLACKLIST} -v |sort |uniq))
|
|
|
|
|
for j in ${list_ip[@]}
|
|
|
|
|
do
|
|
|
|
|
echo ${j} >> ${MAIL}
|
|
|
|
|
curl http://ipinfo.io/${j} >> ${MAIL}
|
|
|
|
|
echo "" >> ${MAIL}
|
|
|
|
|
cat /tmp/error_$i | grep ${j} >> ${MAIL}
|
|
|
|
|
echo "" >> ${MAIL}
|
|
|
|
|
echo ${j} >> ${BLACKLIST}
|
|
|
|
|
iptables -A BLACKLIST -s ${j} -j DROP
|
|
|
|
|
done
|
|
|
|
|
echo "IP dejà blacklisté : " >> ${MAIL}
|
|
|
|
|
cat ${BLACKLIST} >> ${MAIL}
|
|
|
|
|
cat ${MAIL} |mail -s "Blacklist IP ${i}" valczebackup@gmail.com
|
2023-01-25 20:09:19 +01:00
|
|
|
fi
|
2023-02-28 11:04:30 +01:00
|
|
|
done
|
2023-02-26 22:28:47 +01:00
|
|
|
|
