diff options
author | Olivier Mehani <shtrom@ssji.net> | 2017-06-03 06:15:02 +0200 |
---|---|---|
committer | Olivier Mehani <shtrom@ssji.net> | 2017-07-22 13:11:52 +0200 |
commit | 8a3c3cd9a5bebd9e66a4a95871a54d80e28ae846 (patch) | |
tree | 4bd3b61b90d0ffa3f37b2b461df04e1d27794ca2 | |
parent | dc63dfeba076396f0c5e0eb82db3edb6e5a4bb6e (diff) |
[denyhosts] Avoid looping multiple times over large files
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
-rwxr-xr-x | openbsd/denyhost.sh | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/openbsd/denyhost.sh b/openbsd/denyhost.sh index 06831f0..da59588 100755 --- a/openbsd/denyhost.sh +++ b/openbsd/denyhost.sh @@ -137,23 +137,25 @@ function extract_email NEW_BLOCKERS_FILE=`mktemp ${TMP_DIR}/denyhost.blockers.list.XXXXXX` # HTTP exploiters -HTTP_FILTERED_LOG=`mktemp ${TMP_DIR}/denyhost.http.log.XXXXXX` -grep -v -f ${BLOCKERS_FILE} ${HTTP_LOG} \ - > ${HTTP_FILTERED_LOG} -grep ${HTTP_PATTERN} ${HTTP_FILTERED_LOG} | cut -d" " -f 2 | \ - uniq >> ${NEW_BLOCKERS_FILE} +grep ${HTTP_PATTERN} ${HTTP_LOG} \ + | cut -d" " -f 2 \ + | sort \ + | uniq \ + > ${NEW_BLOCKERS_FILE} # SSH exploiters SSH_FILTERED_LOG=`mktemp ${TMP_DIR}/denyhost.ssh.log.XXXXXX` -grep -v "Received disconnect" ${SSH_LOG} | \ - grep -v -f ${BLOCKERS_FILE} \ > ${SSH_FILTERED_LOG} -gsed -n "s/${SSH_PATTERN}/\2/p" ${SSH_FILTERED_LOG} | \ - sort | uniq -c | \ - gsed "/^ *[1-$AUTHTRIES] */d;s/.* //" \ +gsed -n " \ + /Received disconnect/d; \ + s/${SSH_PATTERN}/\2/p \ + " ${SSH_LOG} \ + | sort \ + | uniq -c \ + | gsed "/^ *[1-$authtries] */d;s/.* //" \ >> ${NEW_BLOCKERS_FILE} -for IP in `cat $NEW_BLOCKERS_FILE`; do +for IP in `cat $NEW_BLOCKERS_FILE | sort | uniq | grep -v -f ${BLOCKERS_FILE}`; do process_ip $IP done @@ -164,5 +166,5 @@ pfctl -t kiddies -T expire $EXPIRY 1>/dev/null 2>&1 pfctl -t kiddies -Tadd -f ${NEW_BLOCKERS_FILE} 1>/dev/null 2>&1 pfctl -t kiddies -Tshow | sed 's/^ *//' > ${BLOCKERS_FILE} -rm ${HTTP_FILTERED_LOG} ${SSH_FILTERED_LOG} ${NEW_BLOCKERS_FILE} +rm ${SSH_FILTERED_LOG} ${NEW_BLOCKERS_FILE} rm ${PIDFILE} |