[denyhosts] Avoid looping multiple times over large files

Signed-off-by: Olivier Mehani <shtrom@ssji.net>

1 files changed, 14 insertions, 12 deletions

diff --git a/openbsd/denyhost.sh b/openbsd/denyhost.sh
index 06831f0..da59588 100755
--- a/openbsd/denyhost.sh
+++ b/openbsd/denyhost.sh
@@ -137,23 +137,25 @@ function extract_email
 NEW_BLOCKERS_FILE=`mktemp ${TMP_DIR}/denyhost.blockers.list.XXXXXX`
 
 # HTTP exploiters
-HTTP_FILTERED_LOG=`mktemp ${TMP_DIR}/denyhost.http.log.XXXXXX`
-grep -v -f ${BLOCKERS_FILE} ${HTTP_LOG} \
-	> ${HTTP_FILTERED_LOG}
-grep ${HTTP_PATTERN} ${HTTP_FILTERED_LOG} | cut -d" " -f 2 | \
-	uniq >> ${NEW_BLOCKERS_FILE}
+grep ${HTTP_PATTERN} ${HTTP_LOG} \
+	| cut -d" " -f 2 \
+	| sort \
+	| uniq \
+	> ${NEW_BLOCKERS_FILE}
 
 # SSH exploiters
 SSH_FILTERED_LOG=`mktemp ${TMP_DIR}/denyhost.ssh.log.XXXXXX`
-grep -v "Received disconnect" ${SSH_LOG} | \
-	grep -v -f ${BLOCKERS_FILE} \
 	> ${SSH_FILTERED_LOG}
-gsed -n "s/${SSH_PATTERN}/\2/p" ${SSH_FILTERED_LOG} | \
-	sort | uniq -c | \
-	gsed "/^ *[1-$AUTHTRIES] */d;s/.* //" \
+gsed -n " \
+		/Received disconnect/d; \
+		s/${SSH_PATTERN}/\2/p \
+		" ${SSH_LOG} \
+	| sort \
+	| uniq -c \
+	| gsed "/^ *[1-$authtries] */d;s/.* //" \
 	>> ${NEW_BLOCKERS_FILE}
 
-for IP in `cat $NEW_BLOCKERS_FILE`; do
+for IP in `cat $NEW_BLOCKERS_FILE | sort | uniq | grep -v -f ${BLOCKERS_FILE}`; do
 	process_ip $IP
 done
 
@@ -164,5 +166,5 @@ pfctl -t kiddies -T expire $EXPIRY 1>/dev/null 2>&1
 pfctl -t kiddies -Tadd -f ${NEW_BLOCKERS_FILE} 1>/dev/null 2>&1
 pfctl -t kiddies -Tshow | sed 's/^ *//' > ${BLOCKERS_FILE}
 
-rm ${HTTP_FILTERED_LOG} ${SSH_FILTERED_LOG} ${NEW_BLOCKERS_FILE}
+rm ${SSH_FILTERED_LOG} ${NEW_BLOCKERS_FILE}
 rm ${PIDFILE}