diff options
| author | Olivier Mehani <shtrom@ssji.net> | 2017-07-22 13:11:21 +0200 |
|---|---|---|
| committer | Olivier Mehani <shtrom@ssji.net> | 2017-07-22 13:11:53 +0200 |
| commit | add51fb4fbcf99f316c4498f80c658819bee746e (patch) | |
| tree | 1078894ec9bb4b6060a5d5f57169ec4820aa7aef | |
| parent | 93c82ccf926d112c9010fc8a2a496d0b6f9425ca (diff) | |
[denyhosts] Fix logic
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
| -rwxr-xr-x | openbsd/denyhost.sh | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/openbsd/denyhost.sh b/openbsd/denyhost.sh index 4a149dc..ea82369 100755 --- a/openbsd/denyhost.sh +++ b/openbsd/denyhost.sh @@ -35,14 +35,18 @@ MAIL=mail # Exit if another instance is already running. if test -e ${PIDFILE} && kill -0 $(cat ${PIDFILE}) 2>/dev/null; then - echo "$0 process already running ($(cat ${PIDFILE})), exiting" >&2 + echo "${0} process already running ($(cat ${PIDFILE})), exiting" >&2 exit 0 else - echo $$ > ${PIDFILE} + echo ${$} > ${PIDFILE} fi function process_ip { + IP="${1}" + HTTP_FILTERED_LOG="${2}" + SSH_FILTERED_LOG="${3}" + HOST_FILE=$(mktemp ${TMP_DIR}/denyhost.host.XXXXXX) host ${IP} > ${HOST_FILE} HOSTS=$(gsed -n "s/.*\(:\|domain name pointer\) \(.\+\)/\2/p" ${HOST_FILE} | \ @@ -130,18 +134,20 @@ function extract_email /search-ripe-ncc-not-arin@ripe.net/d; \ s/.*[^-+\._A-Za-z0-9]\([-+\._A-Za-z0-9]\+@\([-A-Za-z0-9]\+\.\)\+[A-Za-z]\+\).*/\1/p \ }" \ - $1 | + ${1} | sort | uniq | gsed ':a N;s/\n/, /g; ta' } NEW_BLOCKERS_FILE=$(mktemp ${TMP_DIR}/denyhost.blockers.list.XXXXXX) # HTTP exploiters +HTTP_FILTERED_LOG=$(mktemp ${TMP_DIR}/denyhost.http.log.XXXXXX) grep ${HTTP_PATTERN} ${HTTP_LOG} \ | cut -d" " -f 2 \ | sort \ | uniq \ - > ${NEW_BLOCKERS_FILE} + > ${HTTP_FILTERED_LOG} +cat ${HTTP_FILTERED_LOG} > ${NEW_BLOCKERS_FILE} # SSH exploiters SSH_FILTERED_LOG=$(mktemp ${TMP_DIR}/denyhost.ssh.log.XXXXXX) @@ -156,7 +162,7 @@ gsed -n " \ >> ${NEW_BLOCKERS_FILE} for IP in $(cat ${NEW_BLOCKERS_FILE} | sort | uniq | grep -v -f ${BLOCKERS_FILE}); do - process_ip ${IP} + process_ip ${IP} ${HTTP_FILTERED_LOG} ${SSH_FILTERED_LOG} done # Flush entries older than a week @@ -166,5 +172,5 @@ pfctl -t kiddies -T expire ${EXPIRY} 1>/dev/null 2>&1 pfctl -t kiddies -Tadd -f ${NEW_BLOCKERS_FILE} 1>/dev/null 2>&1 pfctl -t kiddies -Tshow | sed 's/^ *//' > ${BLOCKERS_FILE} -rm ${SSH_FILTERED_LOG} ${NEW_BLOCKERS_FILE} +rm ${SSH_FILTERED_LOG} ${HTTP_FILTERED_LOG} ${NEW_BLOCKERS_FILE} rm ${PIDFILE} |
