#!/bin/bash
MAIL=/tmp/mail
SERVER_LOG=/var/log/nginx
HOST=($(cat /etc/sentinel/virtualhost))
if [ ! -f /tmp/blacklist ]; then
	touch /tmp/blacklist
fi
for i in ${HOST[@]}
do
	log_access=${SERVER_LOG}/${i}_access.log
	tail -n 50 $log_access | awk -F "|" '{ if($2 == "404") print $1}' > /tmp/404_$i
	tail -n 50 $log_access | awk -F "|" '{ if($2 == "400") print $1}' > /tmp/400_$i
	cat /tmp/404_$i | sort | uniq -c | awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_404
	cat /tmp/400_$i |sort | uniq -c |awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_400
	count=$(cat /tmp/blacklist_404 /tmp/blacklist_400 |grep -f /tmp/blacklist -v |sort |uniq |wc -l)
	if [ ${count} -ne 0 ]; then
		cat /tmp/blacklist_400 /tmp/blacklist_404 |grep -f /tmp/blacklist -v  |sort |uniq >> /tmp/blacklist
		echo "IP blacklisté : " > ${MAIL}
		cat /tmp/blacklist >> ${MAIL}
		cat ${MAIL} |mail -s "Blacklist IP ${i}" valczebackup@gmail.com
	fi
	#rm $directory_host/*
done