Current location

narf Source control manager Git

summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOlivier Mehani <shtrom@ssji.net>2017-07-22 13:11:21 +0200
committerOlivier Mehani <shtrom@ssji.net>2017-07-22 13:11:53 +0200
commitadd51fb4fbcf99f316c4498f80c658819bee746e (patch)
tree1078894ec9bb4b6060a5d5f57169ec4820aa7aef
parent93c82ccf926d112c9010fc8a2a496d0b6f9425ca (diff)
[denyhosts] Fix logic
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
-rwxr-xr-xopenbsd/denyhost.sh18
1 files changed, 12 insertions, 6 deletions
diff --git a/openbsd/denyhost.sh b/openbsd/denyhost.sh
index 4a149dc..ea82369 100755
--- a/openbsd/denyhost.sh
+++ b/openbsd/denyhost.sh
@@ -35,14 +35,18 @@ MAIL=mail
# Exit if another instance is already running.
if test -e ${PIDFILE} && kill -0 $(cat ${PIDFILE}) 2>/dev/null; then
- echo "$0 process already running ($(cat ${PIDFILE})), exiting" >&2
+ echo "${0} process already running ($(cat ${PIDFILE})), exiting" >&2
exit 0
else
- echo $$ > ${PIDFILE}
+ echo ${$} > ${PIDFILE}
fi
function process_ip
{
+ IP="${1}"
+ HTTP_FILTERED_LOG="${2}"
+ SSH_FILTERED_LOG="${3}"
+
HOST_FILE=$(mktemp ${TMP_DIR}/denyhost.host.XXXXXX)
host ${IP} > ${HOST_FILE}
HOSTS=$(gsed -n "s/.*\(:\|domain name pointer\) \(.\+\)/\2/p" ${HOST_FILE} | \
@@ -130,18 +134,20 @@ function extract_email
/search-ripe-ncc-not-arin@ripe.net/d; \
s/.*[^-+\._A-Za-z0-9]\([-+\._A-Za-z0-9]\+@\([-A-Za-z0-9]\+\.\)\+[A-Za-z]\+\).*/\1/p \
}" \
- $1 |
+ ${1} |
sort | uniq | gsed ':a N;s/\n/, /g; ta'
}
NEW_BLOCKERS_FILE=$(mktemp ${TMP_DIR}/denyhost.blockers.list.XXXXXX)
# HTTP exploiters
+HTTP_FILTERED_LOG=$(mktemp ${TMP_DIR}/denyhost.http.log.XXXXXX)
grep ${HTTP_PATTERN} ${HTTP_LOG} \
| cut -d" " -f 2 \
| sort \
| uniq \
- > ${NEW_BLOCKERS_FILE}
+ > ${HTTP_FILTERED_LOG}
+cat ${HTTP_FILTERED_LOG} > ${NEW_BLOCKERS_FILE}
# SSH exploiters
SSH_FILTERED_LOG=$(mktemp ${TMP_DIR}/denyhost.ssh.log.XXXXXX)
@@ -156,7 +162,7 @@ gsed -n " \
>> ${NEW_BLOCKERS_FILE}
for IP in $(cat ${NEW_BLOCKERS_FILE} | sort | uniq | grep -v -f ${BLOCKERS_FILE}); do
- process_ip ${IP}
+ process_ip ${IP} ${HTTP_FILTERED_LOG} ${SSH_FILTERED_LOG}
done
# Flush entries older than a week
@@ -166,5 +172,5 @@ pfctl -t kiddies -T expire ${EXPIRY} 1>/dev/null 2>&1
pfctl -t kiddies -Tadd -f ${NEW_BLOCKERS_FILE} 1>/dev/null 2>&1
pfctl -t kiddies -Tshow | sed 's/^ *//' > ${BLOCKERS_FILE}
-rm ${SSH_FILTERED_LOG} ${NEW_BLOCKERS_FILE}
+rm ${SSH_FILTERED_LOG} ${HTTP_FILTERED_LOG} ${NEW_BLOCKERS_FILE}
rm ${PIDFILE}