SpecialistOff.NET / Вопросы / Статьи / Фрагменты кода / Резюме / Метки / Помощь / Файлы

bruteauth.sh

Метки:

Внимание
Использована утилита GeoIP

Файл:

/etc/bruteauth.sh

#!/bin/sh -

tmpbadguys=`mktemp /tmp/badguys_XXXXXXXXXXX`
tmpsortuniq=`mktemp /tmp/sortuniq_XXXXXXXXXXX`
whitelist="/etc/whiteip.list"
blacklist="/etc/blackip.list"

countbefore=`wc -l ${blacklist}`

# Вычищаем любителей брутфорса ssh
less /var/log/auth.log | grep -E -o '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sort -n | uniq > ${tmpbadguys}

authfiles=`ls -la /var/log/auth.log.*`
if [ `echo $?` == 0 ]; then
	authfiles=`ls -la /var/log/auth.log.* | awk '{print $9}'`
	for file in ${authfiles}
	do
#		echo ${file}
		zcat ${file} | grep -E -o '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sort -n | uniq >> ${tmpbadguys}
	done
fi

# Вычищаем астериск
for ip in `cat /var/log/asterisk/messages`
do
	if [ "$ip" != "0.0.0.0" ]; then
		country=`geoiplookup ${ip} | awk '{print $4}'`
		if [ "$country" != "RU," -a "$country" != "IP"  ] ; then
			echo ${ip} >> ${tmpbadguys}
		fi
	fi
done

less ${tmpbadguys} | uniq > ${tmpsortuniq}
rm ${tmpbadguys}

for ip in `cat $tmpsortuniq`
do
	isgray=`grep ${ip} ${whitelist}`
	if [ ${isgray} ]; then
		country=`geoiplookup ${ip} | awk '{print $4}'`
		if [ "$country" != "RU," -a "$country" != "IP"  ] ; then
			echo ${ip} >> ${blacklist}
		fi
	fi
done

/etc/badguys.sh

countafter=`wc -l ${blacklist}`

echo "Count before: "${countbefore}" Count after"${countafter}

rm ${tmpsortuniq}