If country = CN and source = APNIC, show a red alert message.
This commit is contained in:
parent
d27842fa4e
commit
c97d3172aa
2 changed files with 12 additions and 25 deletions
|
@ -1,24 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
input_files=/var/log/apache2/access_*.log
|
|
||||||
date="20/Jun/2020:18"
|
|
||||||
tmpdir=$(mktemp -d)
|
|
||||||
|
|
||||||
cd "${tmpdir}"
|
|
||||||
|
|
||||||
grep -h "${date}" ${input_files} | cut -d' ' -f1 | sort > all.txt
|
|
||||||
|
|
||||||
grep ':' all.txt > raw-ipv6.txt
|
|
||||||
grep -v ':' all.txt > raw-ipv4.txt
|
|
||||||
|
|
||||||
uniq -c raw-ipv6.txt | sort -n > sorted-ipv6.txt
|
|
||||||
uniq -c raw-ipv4.txt | sort -n > sorted-ipv4-32.txt
|
|
||||||
cut -d. -f1-3 raw-ipv4.txt | sort | uniq -c | sort -n > sorted-ipv4-24.txt
|
|
||||||
cut -d. -f1-2 raw-ipv4.txt | sort | uniq -c | sort -n > sorted-ipv4-16.txt
|
|
||||||
cut -d. -f1 raw-ipv4.txt | sort | uniq -c | sort -n > sorted-ipv4-8.txt
|
|
||||||
|
|
||||||
chmod o+rx "${tmpdir}"
|
|
||||||
echo "Have fun in ${tmpdir}!"
|
|
||||||
|
|
||||||
grep -E '^ *[0-9]{4,5} ' "${tmpdir}/sorted-ipv4-32.txt" |tr -s '[:blank:]' | cut -d' ' -f3
|
|
||||||
|
|
|
@ -30,6 +30,8 @@ file24="sorted-http-24.txt"
|
||||||
file32="sorted-http-32.txt"
|
file32="sorted-http-32.txt"
|
||||||
# This file will contain the addresses to be banned.
|
# This file will contain the addresses to be banned.
|
||||||
banlist="banlist.txt"
|
banlist="banlist.txt"
|
||||||
|
# This file contains the output of the last invocation of whois
|
||||||
|
whoisoutput="whois.txt"
|
||||||
|
|
||||||
# These suffixes must be appended to the respective addresses and subnets.
|
# These suffixes must be appended to the respective addresses and subnets.
|
||||||
ext8=".0.0.0/8"
|
ext8=".0.0.0/8"
|
||||||
|
@ -185,6 +187,8 @@ function processFile () {
|
||||||
local addr=''
|
local addr=''
|
||||||
local banaction=''
|
local banaction=''
|
||||||
local nline=1
|
local nline=1
|
||||||
|
local country_cn=1
|
||||||
|
local source_apnic=1
|
||||||
# Read the contents from filedescriptor 3 (important: Don's use the
|
# Read the contents from filedescriptor 3 (important: Don's use the
|
||||||
# standard filedescriptor because we need to handle user input from
|
# standard filedescriptor because we need to handle user input from
|
||||||
# within the loop).
|
# within the loop).
|
||||||
|
@ -193,7 +197,14 @@ function processFile () {
|
||||||
count="$(echo "${line}" | cut -d' ' -f2)"
|
count="$(echo "${line}" | cut -d' ' -f2)"
|
||||||
addr="$(echo "${line}" | cut -d' ' -f3-)${ext}"
|
addr="$(echo "${line}" | cut -d' ' -f3-)${ext}"
|
||||||
setHilite "${count}"
|
setHilite "${count}"
|
||||||
whois "${addr}"
|
whois "${addr}" | tee "${whoisoutput}"
|
||||||
|
grep -iq "^country: *cn$" "${whoisoutput}"
|
||||||
|
country_cn=$?
|
||||||
|
grep -iq "^source: *apnic$" "${whoisoutput}"
|
||||||
|
source_apnic=$?
|
||||||
|
if [[ ${country_cn} -eq 0 && ${source_apnic} -eq 0 ]] ; then
|
||||||
|
echo -e "${red}Country = CN and source = APNIC!${reset}"
|
||||||
|
fi
|
||||||
echo -en "Address ${bold}$((nline++)) of ${nlines}${reset}: \
|
echo -en "Address ${bold}$((nline++)) of ${nlines}${reset}: \
|
||||||
Found '${blue}${addr}${reset}' ${hilite}${count}${reset} times. Ban [y/N/s=No, \
|
Found '${blue}${addr}${reset}' ${hilite}${count}${reset} times. Ban [y/N/s=No, \
|
||||||
and skip remaining]? "
|
and skip remaining]? "
|
||||||
|
|
Loading…
Reference in a new issue