optimisation du script de blacklist

2023-02-08 21:17:11 +01:00 · 2023-02-08 21:17:11 +01:00 · 8f07dc6185
commit 8f07dc6185
parent b7addc2aee
2 changed files with 48 additions and 37 deletions
--- a/roles/deploy-web/files/blacklist.sh
+++ b/roles/deploy-web/files/blacklist.sh
@ -3,58 +3,32 @@ MAIL=/tmp/mail
 SERVER_LOG=/var/log/nginx
 HOST=($(cat /etc/sentinel/virtualhost))
 BLACKLIST=/etc/sentinel/blacklist
-chain_count=$(iptables -L BLACKLIST | wc -l)
+chain_count=$(iptables -L BLACKLIST -n | wc -l)
 if [ ${chain_count} -eq 0 ]; then
-	iptables -N BLACKLIST
-	iptables -A INPUT -p tcp -m tcp --dport 80 -j BLACKLIST
-	iptables -A INPUT -p tcp -m tcp --dport 443 -j BLACKLIST
-
-fi
-if [ ! -f ${BLACKLIST} ]; then
-	touch ${BLACKLIST}
-fi
-if [ ${chain_count} -gt 2 ]; then
-	chain_count=$(echo ${chain_count}-2 |bc)
-	iptables_ip=($(iptables -nvL BLACKLIST | tail -n ${chain_count}  | awk '{print $8}'))
-	for i in $(cat ${BLACKLIST})
-	do
-		block_ip=1
-		for j in ${iptables_ip[@]}
-		do
-			if [ "${i}" == "${j}" ]; then
-				block_ip=0
-			fi
-		done
-		if [ ${block_ip} -eq 1 ]; then
-			iptables -A BLACKLIST -s ${i} -j DROP
-		fi
-	done
-else
-	for i in $(cat ${BLACKLIST})
-	do
-		iptables -A BLACKLIST -s ${i} -j DROP
-	done
+	bash /usr/local/bin/sentinel/refill_blacklist.sh
 fi

 for i in ${HOST[@]}
 do
 	log_access=${SERVER_LOG}/${i}_access.log
-	tail -n 50 $log_access | awk -F "|" '{ if($2 == "404") print $1}' > /tmp/404_$i
-	tail -n 50 $log_access | awk -F "|" '{ if($2 == "400") print $1}' > /tmp/400_$i
+	tail -n 50 $log_access | awk -F "|" '{ if($2 == "400" || $2 == "404") print $0}' > /tmp/error_$i
+	cat /tmp/error_$i | awk -F "|" '{ if($2 == "404") print $1}' > /tmp/404_$i
+	cat /tmp/error_$i | awk -F "|" '{ if($2 == "400") print $1}' > /tmp/400_$i
 	cat /tmp/404_$i | sort | uniq -c | awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_404
 	cat /tmp/400_$i |sort | uniq -c |awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_400
 	count=$(cat /tmp/blacklist_404 /tmp/blacklist_400 |grep -f ${BLACKLIST} -v |sort |uniq |wc -l)
 	if [ ${count} -ne 0 ]; then
 		echo "Nouvelle IP blacklisté" > ${MAIL}
 		list_ip=($(cat /tmp/blacklist_400 /tmp/blacklist_404 |grep -f ${BLACKLIST} -v  |sort |uniq))
-		for i in ${list_ip[@]}
+		for j in ${list_ip[@]}
 		do
-			echo ${i} >> ${MAIL}
-			curl http://ipinfo.io/${i} >> ${MAIL}
+			echo ${j} >> ${MAIL}
+			curl http://ipinfo.io/${j} >> ${MAIL}
 			echo "" >> ${MAIL}
-			tail -n 50 $log_access | grep ${i} | awk -F "|" '{ if($2 == "400" || $2 == "404") print $0}' >> ${MAIL} 
+			cat /tmp/error_$i | grep ${j} >> ${MAIL} 
 			echo "" >> ${MAIL}
-			echo ${i} >> ${BLACKLIST}
+			echo ${j} >> ${BLACKLIST}
+			iptables -A BLACKLIST -s ${j} -j DROP
 		done
 		echo "IP dejà blacklisté : " >> ${MAIL}
 		cat ${BLACKLIST} >> ${MAIL}
--- a/roles/deploy-web/files/refill_blacklist.sh
+++ b/roles/deploy-web/files/refill_blacklist.sh
@ -0,0 +1,37 @@
+#!/bin/bash
+
+BLACKLIST=/etc/sentinel/blacklist
+chain_count=$(iptables -L BLACKLIST -n | wc -l)
+if [ ${chain_count} -eq 0 ]; then
+	iptables -N BLACKLIST
+	iptables -A INPUT -p tcp -m tcp --dport 80 -j BLACKLIST
+	iptables -A INPUT -p tcp -m tcp --dport 443 -j BLACKLIST
+
+fi
+if [ ! -f ${BLACKLIST} ]; then
+	touch ${BLACKLIST}
+fi
+if [ ${chain_count} -gt 2 ]; then
+	chain_count=$(echo ${chain_count}-2 |bc)
+	iptables_ip=($(iptables -nvL BLACKLIST | tail -n ${chain_count}  | awk '{print $8}'))
+	for i in $(cat ${BLACKLIST})
+	do
+		block_ip=1
+		for j in ${iptables_ip[@]}
+		do
+			if [ "${i}" == "${j}" ]; then
+				block_ip=0
+			fi
+		done
+		if [ ${block_ip} -eq 1 ]; then
+			iptables -A BLACKLIST -s ${i} -j DROP
+		fi
+	done
+else
+	for i in $(cat ${BLACKLIST})
+	do
+		iptables -A BLACKLIST -s ${i} -j DROP
+	done
+fi
+
+