multi-clustering blacklist

roles/deploy-web/files/blacklist.sh

@@ -4,12 +4,27 @@ SERVER_LOG=/var/log/nginx
 HOST=($(cat /etc/sentinel/virtualhost))
 BLACKLIST=/etc/sentinel/blacklist
 EXCLUDE=/etc/sentinel/exclude
-
+SENDER=/etc/sentinel/ip
+SSH=$(cat /etc/sentinel/ssh_port)
+IP=$(hostname -I |awk '{print $1}')
 chain_count=$(/usr/sbin/iptables -L BLACKLIST -n | wc -l)
 if [ ${chain_count} -eq 0 ]; then
 	bash /usr/local/bin/sentinel/refill_blacklist.sh
 fi
 
+list_sender=($(cat ${SENDER}))
+
+for i in ${list_sender[@]}
+do
+	if [ -f /tmp/blacklist_${i} ]; then
+		count_ip=$(cat ${BLACKLIST} /tmp/blacklist_${i} |grep -f ${EXCLUDE} -v |sort |uniq -ui |wc -l) 
+		cat ${BLACKLIST} /tmp/blacklist_${i} |grep -f ${EXCLUDE} -v |sort |uniq -u >> ${BLACKLIST}
+		if [ ${count_ip} -ne 0 ]; then
+			bash /usr/local/bin/sentinel/refill_blacklist.sh
+		fi
+	fi
+done
+
 for i in ${HOST[@]}
 do
 	log_access=${SERVER_LOG}/${i}_access.log
@@ -32,6 +47,10 @@ do
 			echo ${j} >> ${BLACKLIST}
 			/usr/sbin/iptables -A BLACKLIST -s ${j} -j DROP
 		done
+		for j in ${list_sender}
+		do
+			scp -i /home/valentin/.ssh-blacklist/id_rsa -P ${SSH} ${BLACKLIST} blacklist_user@${j}:/tmp/blacklist_${IP}
+		done
 		echo "IP dejà blacklisté : " >> ${MAIL}
 		cat ${BLACKLIST} >> ${MAIL}
 		cat ${MAIL} |mail -s "Blacklist IP ${i}" valczebackup@gmail.com

roles/deploy-web/templates/exclude.j2

@@ -0,0 +1,3 @@
+{% for host in ip_exclude_blacklist %}
+{{ host }}
+{% endfor %}

roles/deploy-web/templates/ip.j2

@@ -0,0 +1,3 @@
+{% for host in ip_sender_blacklist %}
+{{ host }}
+{% endfor %}

roles/deploy-web/templates/ssh_port.j2

@@ -0,0 +1 @@
+{{ ssh_port_blacklist }}

roles/deploy-web/templates/virtualhost.j2

@@ -1,3 +1,3 @@
 {% for host in virtualhosts %}
-    {{ host }}
+{{ host }}
 {% endfor %}