Make the port configurable, defaulting to 443.
This commit is contained in:
parent
6ca00b6bc6
commit
131f847d6a
1 changed files with 11 additions and 4 deletions
|
|
@ -38,8 +38,6 @@
|
|||
|
||||
# Set the host's own IP address. So far, only an IPv4 address is supported.
|
||||
MY_IP="94.199.214.20"
|
||||
# Set the desired port to monitor.
|
||||
MY_PORT="443"
|
||||
|
||||
# After this point, no editing is required.
|
||||
start=$(date +%s)
|
||||
|
|
@ -104,6 +102,9 @@ Usage: $(basename $0) -d FILE [OPTION...]
|
|||
- 3 or 24 for class C networks (X.X.X.0/24)
|
||||
- 4 or 32 for class D networks (X.X.X.X/32)
|
||||
|
||||
-p, --port=PORT The desired port to monitor.
|
||||
Defaults to 443 (https).
|
||||
|
||||
-h, --help Show this help message
|
||||
|
||||
Mandatory or optional arguments to long options are also mandatory or optional
|
||||
|
|
@ -130,6 +131,7 @@ function filter() {
|
|||
# subnet suffix, e.g. "/16"
|
||||
suffix="$3"
|
||||
rm -f "${filtered}"
|
||||
touch "${filtered}"
|
||||
|
||||
# Reject already banned addresses
|
||||
while read -r -u3 address ; do
|
||||
|
|
@ -144,7 +146,7 @@ function filter() {
|
|||
}
|
||||
|
||||
function parse_command_line_args() {
|
||||
TEMP=$(getopt -o 'a::,c:,d:,j:,n:,h' -l 'auto::,country:,database:,jail:,netmask:,help' -- "$@")
|
||||
TEMP=$(getopt -o 'a::,c:,d:,j:,n:,p:,h' -l 'auto::,country:,database:,jail:,netmask:,port:,help' -- "$@")
|
||||
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo 'Error parsing command line options. Terminating. Invoke with --help for help.' >&2
|
||||
|
|
@ -204,6 +206,10 @@ function parse_command_line_args() {
|
|||
esac
|
||||
shift
|
||||
;;
|
||||
'-p'|'--port')
|
||||
port="$2"
|
||||
shift
|
||||
;;
|
||||
'-h'|'--help')
|
||||
print_help
|
||||
exit
|
||||
|
|
@ -388,6 +394,7 @@ netmask=0
|
|||
jail="apache-auth"
|
||||
bancountry="CN"
|
||||
database=
|
||||
port=443
|
||||
|
||||
parse_command_line_args "$@"
|
||||
|
||||
|
|
@ -410,7 +417,7 @@ banned="$(exec_as_root fail2ban-client get "${jail}" banip)"
|
|||
|
||||
# Determine the current connections to the desired port; store the raw data in
|
||||
# $fileraw.
|
||||
netstat -nt | grep "${MY_IP}:${MY_PORT}" | tr -s '[:blank:]' | cut -d' ' -f5 \
|
||||
netstat -nt | grep "${MY_IP}:${port}" | tr -s '[:blank:]' | cut -d' ' -f5 \
|
||||
| cut -d: -f1 | sort > "${fileraw}"
|
||||
|
||||
# Group and sort the data into the subnet-specific files.
|
||||
|
|
|
|||
Loading…
Reference in a new issue