v4l3n71n/deployment-web
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

optimisation du script de blacklist

Browse Source
This commit is contained in:
Valentin CZERYBA 2023-02-08 21:17:11 +01:00
parent b7addc2aee
commit 8f07dc6185
2 changed files with 48 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
roles/deploy-web/files/blacklist.sh
View File

@ -3,58 +3,32 @@ MAIL=/tmp/mail
SERVER_LOG=/var/log/nginx SERVER_LOG=/var/log/nginx
HOST=($(cat /etc/sentinel/virtualhost)) HOST=($(cat /etc/sentinel/virtualhost))
BLACKLIST=/etc/sentinel/blacklist BLACKLIST=/etc/sentinel/blacklist
chain_count=$(iptables -L BLACKLIST | wc -l) chain_count=$(iptables -L BLACKLIST -n | wc -l)
if [ ${chain_count} -eq 0 ]; then if [ ${chain_count} -eq 0 ]; then
iptables -N BLACKLIST bash /usr/local/bin/sentinel/refill_blacklist.sh
iptables -A INPUT -p tcp -m tcp --dport 80 -j BLACKLIST
iptables -A INPUT -p tcp -m tcp --dport 443 -j BLACKLIST
fi
if [ ! -f ${BLACKLIST} ]; then
touch ${BLACKLIST}
fi
if [ ${chain_count} -gt 2 ]; then
chain_count=$(echo ${chain_count}-2 |bc)
iptables_ip=($(iptables -nvL BLACKLIST | tail -n ${chain_count} | awk '{print $8}'))
for i in $(cat ${BLACKLIST})
do
block_ip=1
for j in ${iptables_ip[@]}
do
if [ "${i}" == "${j}" ]; then
block_ip=0
fi
done
if [ ${block_ip} -eq 1 ]; then
iptables -A BLACKLIST -s ${i} -j DROP
fi
done
else
for i in $(cat ${BLACKLIST})
do
iptables -A BLACKLIST -s ${i} -j DROP
done
fi fi
for i in ${HOST[@]} for i in ${HOST[@]}
do do
log_access=${SERVER_LOG}/${i}_access.log log_access=${SERVER_LOG}/${i}_access.log
tail -n 50 $log_access | awk -F "|" '{ if($2 == "404") print $1}' > /tmp/404_$i tail -n 50 $log_access | awk -F "|" '{ if($2 == "400" || $2 == "404") print $0}' > /tmp/error_$i
tail -n 50 $log_access | awk -F "|" '{ if($2 == "400") print $1}' > /tmp/400_$i cat /tmp/error_$i | awk -F "|" '{ if($2 == "404") print $1}' > /tmp/404_$i
cat /tmp/error_$i | awk -F "|" '{ if($2 == "400") print $1}' > /tmp/400_$i
cat /tmp/404_$i | sort | uniq -c | awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_404 cat /tmp/404_$i | sort | uniq -c | awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_404
cat /tmp/400_$i |sort | uniq -c |awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_400 cat /tmp/400_$i |sort | uniq -c |awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_400
count=$(cat /tmp/blacklist_404 /tmp/blacklist_400 |grep -f ${BLACKLIST} -v |sort |uniq |wc -l) count=$(cat /tmp/blacklist_404 /tmp/blacklist_400 |grep -f ${BLACKLIST} -v |sort |uniq |wc -l)
if [ ${count} -ne 0 ]; then if [ ${count} -ne 0 ]; then
echo "Nouvelle IP blacklisté" > ${MAIL} echo "Nouvelle IP blacklisté" > ${MAIL}
list_ip=($(cat /tmp/blacklist_400 /tmp/blacklist_404 |grep -f ${BLACKLIST} -v |sort |uniq)) list_ip=($(cat /tmp/blacklist_400 /tmp/blacklist_404 |grep -f ${BLACKLIST} -v |sort |uniq))
for i in ${list_ip[@]} for j in ${list_ip[@]}
do do
echo ${i} >> ${MAIL} echo ${j} >> ${MAIL}
curl http://ipinfo.io/${i} >> ${MAIL} curl http://ipinfo.io/${j} >> ${MAIL}
echo "" >> ${MAIL} echo "" >> ${MAIL}
tail -n 50 $log_access | grep ${i} | awk -F "|" '{ if($2 == "400" || $2 == "404") print $0}' >> ${MAIL} cat /tmp/error_$i | grep ${j} >> ${MAIL}
echo "" >> ${MAIL} echo "" >> ${MAIL}
echo ${i} >> ${BLACKLIST} echo ${j} >> ${BLACKLIST}
iptables -A BLACKLIST -s ${j} -j DROP
done done
echo "IP dejà blacklisté : " >> ${MAIL} echo "IP dejà blacklisté : " >> ${MAIL}
cat ${BLACKLIST} >> ${MAIL} cat ${BLACKLIST} >> ${MAIL}

37
roles/deploy-web/files/refill_blacklist.sh Normal file
View File

@ -0,0 +1,37 @@
#!/bin/bash
BLACKLIST=/etc/sentinel/blacklist
chain_count=$(iptables -L BLACKLIST -n | wc -l)
if [ ${chain_count} -eq 0 ]; then
iptables -N BLACKLIST
iptables -A INPUT -p tcp -m tcp --dport 80 -j BLACKLIST
iptables -A INPUT -p tcp -m tcp --dport 443 -j BLACKLIST
fi
if [ ! -f ${BLACKLIST} ]; then
touch ${BLACKLIST}
fi
if [ ${chain_count} -gt 2 ]; then
chain_count=$(echo ${chain_count}-2 |bc)
iptables_ip=($(iptables -nvL BLACKLIST | tail -n ${chain_count} | awk '{print $8}'))
for i in $(cat ${BLACKLIST})
do
block_ip=1
for j in ${iptables_ip[@]}
do
if [ "${i}" == "${j}" ]; then
block_ip=0
fi
done
if [ ${block_ip} -eq 1 ]; then
iptables -A BLACKLIST -s ${i} -j DROP
fi
done
else
for i in $(cat ${BLACKLIST})
do
iptables -A BLACKLIST -s ${i} -j DROP
done
fi