Make the port configurable, defaulting to 443.

This commit is contained in:
Manuel Friedli 2020-09-15 13:51:03 +02:00
parent 6ca00b6bc6
commit 131f847d6a

View file

@ -38,8 +38,6 @@
# Set the host's own IP address. So far, only an IPv4 address is supported. # Set the host's own IP address. So far, only an IPv4 address is supported.
MY_IP="94.199.214.20" MY_IP="94.199.214.20"
# Set the desired port to monitor.
MY_PORT="443"
# After this point, no editing is required. # After this point, no editing is required.
start=$(date +%s) start=$(date +%s)
@ -104,6 +102,9 @@ Usage: $(basename $0) -d FILE [OPTION...]
- 3 or 24 for class C networks (X.X.X.0/24) - 3 or 24 for class C networks (X.X.X.0/24)
- 4 or 32 for class D networks (X.X.X.X/32) - 4 or 32 for class D networks (X.X.X.X/32)
-p, --port=PORT The desired port to monitor.
Defaults to 443 (https).
-h, --help Show this help message -h, --help Show this help message
Mandatory or optional arguments to long options are also mandatory or optional Mandatory or optional arguments to long options are also mandatory or optional
@ -130,6 +131,7 @@ function filter() {
# subnet suffix, e.g. "/16" # subnet suffix, e.g. "/16"
suffix="$3" suffix="$3"
rm -f "${filtered}" rm -f "${filtered}"
touch "${filtered}"
# Reject already banned addresses # Reject already banned addresses
while read -r -u3 address ; do while read -r -u3 address ; do
@ -144,7 +146,7 @@ function filter() {
} }
function parse_command_line_args() { function parse_command_line_args() {
TEMP=$(getopt -o 'a::,c:,d:,j:,n:,h' -l 'auto::,country:,database:,jail:,netmask:,help' -- "$@") TEMP=$(getopt -o 'a::,c:,d:,j:,n:,p:,h' -l 'auto::,country:,database:,jail:,netmask:,port:,help' -- "$@")
if [ $? -ne 0 ] ; then if [ $? -ne 0 ] ; then
echo 'Error parsing command line options. Terminating. Invoke with --help for help.' >&2 echo 'Error parsing command line options. Terminating. Invoke with --help for help.' >&2
@ -204,6 +206,10 @@ function parse_command_line_args() {
esac esac
shift shift
;; ;;
'-p'|'--port')
port="$2"
shift
;;
'-h'|'--help') '-h'|'--help')
print_help print_help
exit exit
@ -388,6 +394,7 @@ netmask=0
jail="apache-auth" jail="apache-auth"
bancountry="CN" bancountry="CN"
database= database=
port=443
parse_command_line_args "$@" parse_command_line_args "$@"
@ -410,7 +417,7 @@ banned="$(exec_as_root fail2ban-client get "${jail}" banip)"
# Determine the current connections to the desired port; store the raw data in # Determine the current connections to the desired port; store the raw data in
# $fileraw. # $fileraw.
netstat -nt | grep "${MY_IP}:${MY_PORT}" | tr -s '[:blank:]' | cut -d' ' -f5 \ netstat -nt | grep "${MY_IP}:${port}" | tr -s '[:blank:]' | cut -d' ' -f5 \
| cut -d: -f1 | sort > "${fileraw}" | cut -d: -f1 | sort > "${fileraw}"
# Group and sort the data into the subnet-specific files. # Group and sort the data into the subnet-specific files.