From 8f07dc6185c029e13e814413e5185e66fe0f37ed Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Wed, 8 Feb 2023 21:17:11 +0100 Subject: [PATCH] optimisation du script de blacklist --- roles/deploy-web/files/blacklist.sh | 48 +++++----------------- roles/deploy-web/files/refill_blacklist.sh | 37 +++++++++++++++++ 2 files changed, 48 insertions(+), 37 deletions(-) create mode 100644 roles/deploy-web/files/refill_blacklist.sh diff --git a/roles/deploy-web/files/blacklist.sh b/roles/deploy-web/files/blacklist.sh index d1d5f46..2d2fc72 100755 --- a/roles/deploy-web/files/blacklist.sh +++ b/roles/deploy-web/files/blacklist.sh @@ -3,58 +3,32 @@ MAIL=/tmp/mail SERVER_LOG=/var/log/nginx HOST=($(cat /etc/sentinel/virtualhost)) BLACKLIST=/etc/sentinel/blacklist -chain_count=$(iptables -L BLACKLIST | wc -l) +chain_count=$(iptables -L BLACKLIST -n | wc -l) if [ ${chain_count} -eq 0 ]; then - iptables -N BLACKLIST - iptables -A INPUT -p tcp -m tcp --dport 80 -j BLACKLIST - iptables -A INPUT -p tcp -m tcp --dport 443 -j BLACKLIST - -fi -if [ ! -f ${BLACKLIST} ]; then - touch ${BLACKLIST} -fi -if [ ${chain_count} -gt 2 ]; then - chain_count=$(echo ${chain_count}-2 |bc) - iptables_ip=($(iptables -nvL BLACKLIST | tail -n ${chain_count} | awk '{print $8}')) - for i in $(cat ${BLACKLIST}) - do - block_ip=1 - for j in ${iptables_ip[@]} - do - if [ "${i}" == "${j}" ]; then - block_ip=0 - fi - done - if [ ${block_ip} -eq 1 ]; then - iptables -A BLACKLIST -s ${i} -j DROP - fi - done -else - for i in $(cat ${BLACKLIST}) - do - iptables -A BLACKLIST -s ${i} -j DROP - done + bash /usr/local/bin/sentinel/refill_blacklist.sh fi for i in ${HOST[@]} do log_access=${SERVER_LOG}/${i}_access.log - tail -n 50 $log_access | awk -F "|" '{ if($2 == "404") print $1}' > /tmp/404_$i - tail -n 50 $log_access | awk -F "|" '{ if($2 == "400") print $1}' > /tmp/400_$i + tail -n 50 $log_access | awk -F "|" '{ if($2 == "400" || $2 == "404") print $0}' > /tmp/error_$i + cat /tmp/error_$i | awk -F "|" '{ if($2 == "404") print $1}' > /tmp/404_$i + cat /tmp/error_$i | awk -F "|" '{ if($2 == "400") print $1}' > /tmp/400_$i cat /tmp/404_$i | sort | uniq -c | awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_404 cat /tmp/400_$i |sort | uniq -c |awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_400 count=$(cat /tmp/blacklist_404 /tmp/blacklist_400 |grep -f ${BLACKLIST} -v |sort |uniq |wc -l) if [ ${count} -ne 0 ]; then echo "Nouvelle IP blacklisté" > ${MAIL} list_ip=($(cat /tmp/blacklist_400 /tmp/blacklist_404 |grep -f ${BLACKLIST} -v |sort |uniq)) - for i in ${list_ip[@]} + for j in ${list_ip[@]} do - echo ${i} >> ${MAIL} - curl http://ipinfo.io/${i} >> ${MAIL} + echo ${j} >> ${MAIL} + curl http://ipinfo.io/${j} >> ${MAIL} echo "" >> ${MAIL} - tail -n 50 $log_access | grep ${i} | awk -F "|" '{ if($2 == "400" || $2 == "404") print $0}' >> ${MAIL} + cat /tmp/error_$i | grep ${j} >> ${MAIL} echo "" >> ${MAIL} - echo ${i} >> ${BLACKLIST} + echo ${j} >> ${BLACKLIST} + iptables -A BLACKLIST -s ${j} -j DROP done echo "IP dejà blacklisté : " >> ${MAIL} cat ${BLACKLIST} >> ${MAIL} diff --git a/roles/deploy-web/files/refill_blacklist.sh b/roles/deploy-web/files/refill_blacklist.sh new file mode 100644 index 0000000..058e4ae --- /dev/null +++ b/roles/deploy-web/files/refill_blacklist.sh @@ -0,0 +1,37 @@ +#!/bin/bash + +BLACKLIST=/etc/sentinel/blacklist +chain_count=$(iptables -L BLACKLIST -n | wc -l) +if [ ${chain_count} -eq 0 ]; then + iptables -N BLACKLIST + iptables -A INPUT -p tcp -m tcp --dport 80 -j BLACKLIST + iptables -A INPUT -p tcp -m tcp --dport 443 -j BLACKLIST + +fi +if [ ! -f ${BLACKLIST} ]; then + touch ${BLACKLIST} +fi +if [ ${chain_count} -gt 2 ]; then + chain_count=$(echo ${chain_count}-2 |bc) + iptables_ip=($(iptables -nvL BLACKLIST | tail -n ${chain_count} | awk '{print $8}')) + for i in $(cat ${BLACKLIST}) + do + block_ip=1 + for j in ${iptables_ip[@]} + do + if [ "${i}" == "${j}" ]; then + block_ip=0 + fi + done + if [ ${block_ip} -eq 1 ]; then + iptables -A BLACKLIST -s ${i} -j DROP + fi + done +else + for i in $(cat ${BLACKLIST}) + do + iptables -A BLACKLIST -s ${i} -j DROP + done +fi + +