If country = CN and source = APNIC, show a red alert message.
This commit is contained in:
parent
d27842fa4e
commit
c97d3172aa
2 changed files with 12 additions and 25 deletions
|
|
@ -1,24 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
input_files=/var/log/apache2/access_*.log
|
||||
date="20/Jun/2020:18"
|
||||
tmpdir=$(mktemp -d)
|
||||
|
||||
cd "${tmpdir}"
|
||||
|
||||
grep -h "${date}" ${input_files} | cut -d' ' -f1 | sort > all.txt
|
||||
|
||||
grep ':' all.txt > raw-ipv6.txt
|
||||
grep -v ':' all.txt > raw-ipv4.txt
|
||||
|
||||
uniq -c raw-ipv6.txt | sort -n > sorted-ipv6.txt
|
||||
uniq -c raw-ipv4.txt | sort -n > sorted-ipv4-32.txt
|
||||
cut -d. -f1-3 raw-ipv4.txt | sort | uniq -c | sort -n > sorted-ipv4-24.txt
|
||||
cut -d. -f1-2 raw-ipv4.txt | sort | uniq -c | sort -n > sorted-ipv4-16.txt
|
||||
cut -d. -f1 raw-ipv4.txt | sort | uniq -c | sort -n > sorted-ipv4-8.txt
|
||||
|
||||
chmod o+rx "${tmpdir}"
|
||||
echo "Have fun in ${tmpdir}!"
|
||||
|
||||
grep -E '^ *[0-9]{4,5} ' "${tmpdir}/sorted-ipv4-32.txt" |tr -s '[:blank:]' | cut -d' ' -f3
|
||||
|
||||
|
|
@ -30,6 +30,8 @@ file24="sorted-http-24.txt"
|
|||
file32="sorted-http-32.txt"
|
||||
# This file will contain the addresses to be banned.
|
||||
banlist="banlist.txt"
|
||||
# This file contains the output of the last invocation of whois
|
||||
whoisoutput="whois.txt"
|
||||
|
||||
# These suffixes must be appended to the respective addresses and subnets.
|
||||
ext8=".0.0.0/8"
|
||||
|
|
@ -185,6 +187,8 @@ function processFile () {
|
|||
local addr=''
|
||||
local banaction=''
|
||||
local nline=1
|
||||
local country_cn=1
|
||||
local source_apnic=1
|
||||
# Read the contents from filedescriptor 3 (important: Don's use the
|
||||
# standard filedescriptor because we need to handle user input from
|
||||
# within the loop).
|
||||
|
|
@ -193,7 +197,14 @@ function processFile () {
|
|||
count="$(echo "${line}" | cut -d' ' -f2)"
|
||||
addr="$(echo "${line}" | cut -d' ' -f3-)${ext}"
|
||||
setHilite "${count}"
|
||||
whois "${addr}"
|
||||
whois "${addr}" | tee "${whoisoutput}"
|
||||
grep -iq "^country: *cn$" "${whoisoutput}"
|
||||
country_cn=$?
|
||||
grep -iq "^source: *apnic$" "${whoisoutput}"
|
||||
source_apnic=$?
|
||||
if [[ ${country_cn} -eq 0 && ${source_apnic} -eq 0 ]] ; then
|
||||
echo -e "${red}Country = CN and source = APNIC!${reset}"
|
||||
fi
|
||||
echo -en "Address ${bold}$((nline++)) of ${nlines}${reset}: \
|
||||
Found '${blue}${addr}${reset}' ${hilite}${count}${reset} times. Ban [y/N/s=No, \
|
||||
and skip remaining]? "
|
||||
|
|
|
|||
Loading…
Reference in a new issue