Current location

narf Source control manager Git

summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOlivier Mehani <shtrom@ssji.net>2017-06-03 06:15:02 +0200
committerOlivier Mehani <shtrom@ssji.net>2017-06-03 06:15:02 +0200
commit7bc2809bbac5dd7d9336d254a7511a0dc1749c8d (patch)
tree70bf83fda0ad02e735d128804258b420bbbe998a
parent91a521f9e153a791379a24c952ef4a2004a9f46d (diff)
[denyhosts] Avoid looping multiple times over large files
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
-rwxr-xr-xopenbsd/denyhost.sh26
1 files changed, 14 insertions, 12 deletions
diff --git a/openbsd/denyhost.sh b/openbsd/denyhost.sh
index 06831f0..da59588 100755
--- a/openbsd/denyhost.sh
+++ b/openbsd/denyhost.sh
@@ -137,23 +137,25 @@ function extract_email
NEW_BLOCKERS_FILE=`mktemp ${TMP_DIR}/denyhost.blockers.list.XXXXXX`
# HTTP exploiters
-HTTP_FILTERED_LOG=`mktemp ${TMP_DIR}/denyhost.http.log.XXXXXX`
-grep -v -f ${BLOCKERS_FILE} ${HTTP_LOG} \
- > ${HTTP_FILTERED_LOG}
-grep ${HTTP_PATTERN} ${HTTP_FILTERED_LOG} | cut -d" " -f 2 | \
- uniq >> ${NEW_BLOCKERS_FILE}
+grep ${HTTP_PATTERN} ${HTTP_LOG} \
+ | cut -d" " -f 2 \
+ | sort \
+ | uniq \
+ > ${NEW_BLOCKERS_FILE}
# SSH exploiters
SSH_FILTERED_LOG=`mktemp ${TMP_DIR}/denyhost.ssh.log.XXXXXX`
-grep -v "Received disconnect" ${SSH_LOG} | \
- grep -v -f ${BLOCKERS_FILE} \
> ${SSH_FILTERED_LOG}
-gsed -n "s/${SSH_PATTERN}/\2/p" ${SSH_FILTERED_LOG} | \
- sort | uniq -c | \
- gsed "/^ *[1-$AUTHTRIES] */d;s/.* //" \
+gsed -n " \
+ /Received disconnect/d; \
+ s/${SSH_PATTERN}/\2/p \
+ " ${SSH_LOG} \
+ | sort \
+ | uniq -c \
+ | gsed "/^ *[1-$authtries] */d;s/.* //" \
>> ${NEW_BLOCKERS_FILE}
-for IP in `cat $NEW_BLOCKERS_FILE`; do
+for IP in `cat $NEW_BLOCKERS_FILE | sort | uniq | grep -v -f ${BLOCKERS_FILE}`; do
process_ip $IP
done
@@ -164,5 +166,5 @@ pfctl -t kiddies -T expire $EXPIRY 1>/dev/null 2>&1
pfctl -t kiddies -Tadd -f ${NEW_BLOCKERS_FILE} 1>/dev/null 2>&1
pfctl -t kiddies -Tshow | sed 's/^ *//' > ${BLOCKERS_FILE}
-rm ${HTTP_FILTERED_LOG} ${SSH_FILTERED_LOG} ${NEW_BLOCKERS_FILE}
+rm ${SSH_FILTERED_LOG} ${NEW_BLOCKERS_FILE}
rm ${PIDFILE}