If country = CN and source = APNIC, show a red alert message.

This commit is contained in:
Manuel Friedli 2020-07-21 21:37:43 +02:00
parent d27842fa4e
commit c97d3172aa
2 changed files with 12 additions and 25 deletions

View file

@ -1,24 +0,0 @@
#!/bin/sh
input_files=/var/log/apache2/access_*.log
date="20/Jun/2020:18"
tmpdir=$(mktemp -d)
cd "${tmpdir}"
grep -h "${date}" ${input_files} | cut -d' ' -f1 | sort > all.txt
grep ':' all.txt > raw-ipv6.txt
grep -v ':' all.txt > raw-ipv4.txt
uniq -c raw-ipv6.txt | sort -n > sorted-ipv6.txt
uniq -c raw-ipv4.txt | sort -n > sorted-ipv4-32.txt
cut -d. -f1-3 raw-ipv4.txt | sort | uniq -c | sort -n > sorted-ipv4-24.txt
cut -d. -f1-2 raw-ipv4.txt | sort | uniq -c | sort -n > sorted-ipv4-16.txt
cut -d. -f1 raw-ipv4.txt | sort | uniq -c | sort -n > sorted-ipv4-8.txt
chmod o+rx "${tmpdir}"
echo "Have fun in ${tmpdir}!"
grep -E '^ *[0-9]{4,5} ' "${tmpdir}/sorted-ipv4-32.txt" |tr -s '[:blank:]' | cut -d' ' -f3

View file

@ -30,6 +30,8 @@ file24="sorted-http-24.txt"
file32="sorted-http-32.txt" file32="sorted-http-32.txt"
# This file will contain the addresses to be banned. # This file will contain the addresses to be banned.
banlist="banlist.txt" banlist="banlist.txt"
# This file contains the output of the last invocation of whois
whoisoutput="whois.txt"
# These suffixes must be appended to the respective addresses and subnets. # These suffixes must be appended to the respective addresses and subnets.
ext8=".0.0.0/8" ext8=".0.0.0/8"
@ -185,6 +187,8 @@ function processFile () {
local addr='' local addr=''
local banaction='' local banaction=''
local nline=1 local nline=1
local country_cn=1
local source_apnic=1
# Read the contents from filedescriptor 3 (important: Don's use the # Read the contents from filedescriptor 3 (important: Don's use the
# standard filedescriptor because we need to handle user input from # standard filedescriptor because we need to handle user input from
# within the loop). # within the loop).
@ -193,7 +197,14 @@ function processFile () {
count="$(echo "${line}" | cut -d' ' -f2)" count="$(echo "${line}" | cut -d' ' -f2)"
addr="$(echo "${line}" | cut -d' ' -f3-)${ext}" addr="$(echo "${line}" | cut -d' ' -f3-)${ext}"
setHilite "${count}" setHilite "${count}"
whois "${addr}" whois "${addr}" | tee "${whoisoutput}"
grep -iq "^country: *cn$" "${whoisoutput}"
country_cn=$?
grep -iq "^source: *apnic$" "${whoisoutput}"
source_apnic=$?
if [[ ${country_cn} -eq 0 && ${source_apnic} -eq 0 ]] ; then
echo -e "${red}Country = CN and source = APNIC!${reset}"
fi
echo -en "Address ${bold}$((nline++)) of ${nlines}${reset}: \ echo -en "Address ${bold}$((nline++)) of ${nlines}${reset}: \
Found '${blue}${addr}${reset}' ${hilite}${count}${reset} times. Ban [y/N/s=No, \ Found '${blue}${addr}${reset}' ${hilite}${count}${reset} times. Ban [y/N/s=No, \
and skip remaining]? " and skip remaining]? "