Current location

narf Source control manager Git

summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOlivier Mehani <shtrom@ssji.net>2017-06-03 06:15:02 +0200
committerOlivier Mehani <shtrom@ssji.net>2017-07-22 13:11:52 +0200
commit8a3c3cd9a5bebd9e66a4a95871a54d80e28ae846 (patch)
tree4bd3b61b90d0ffa3f37b2b461df04e1d27794ca2 /openbsd
parentdc63dfeba076396f0c5e0eb82db3edb6e5a4bb6e (diff)
[denyhosts] Avoid looping multiple times over large files
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
Diffstat (limited to 'openbsd')
-rwxr-xr-xopenbsd/denyhost.sh26
1 files changed, 14 insertions, 12 deletions
diff --git a/openbsd/denyhost.sh b/openbsd/denyhost.sh
index 06831f0..da59588 100755
--- a/openbsd/denyhost.sh
+++ b/openbsd/denyhost.sh
@@ -137,23 +137,25 @@ function extract_email
NEW_BLOCKERS_FILE=`mktemp ${TMP_DIR}/denyhost.blockers.list.XXXXXX`
# HTTP exploiters
-HTTP_FILTERED_LOG=`mktemp ${TMP_DIR}/denyhost.http.log.XXXXXX`
-grep -v -f ${BLOCKERS_FILE} ${HTTP_LOG} \
- > ${HTTP_FILTERED_LOG}
-grep ${HTTP_PATTERN} ${HTTP_FILTERED_LOG} | cut -d" " -f 2 | \
- uniq >> ${NEW_BLOCKERS_FILE}
+grep ${HTTP_PATTERN} ${HTTP_LOG} \
+ | cut -d" " -f 2 \
+ | sort \
+ | uniq \
+ > ${NEW_BLOCKERS_FILE}
# SSH exploiters
SSH_FILTERED_LOG=`mktemp ${TMP_DIR}/denyhost.ssh.log.XXXXXX`
-grep -v "Received disconnect" ${SSH_LOG} | \
- grep -v -f ${BLOCKERS_FILE} \
> ${SSH_FILTERED_LOG}
-gsed -n "s/${SSH_PATTERN}/\2/p" ${SSH_FILTERED_LOG} | \
- sort | uniq -c | \
- gsed "/^ *[1-$AUTHTRIES] */d;s/.* //" \
+gsed -n " \
+ /Received disconnect/d; \
+ s/${SSH_PATTERN}/\2/p \
+ " ${SSH_LOG} \
+ | sort \
+ | uniq -c \
+ | gsed "/^ *[1-$authtries] */d;s/.* //" \
>> ${NEW_BLOCKERS_FILE}
-for IP in `cat $NEW_BLOCKERS_FILE`; do
+for IP in `cat $NEW_BLOCKERS_FILE | sort | uniq | grep -v -f ${BLOCKERS_FILE}`; do
process_ip $IP
done
@@ -164,5 +166,5 @@ pfctl -t kiddies -T expire $EXPIRY 1>/dev/null 2>&1
pfctl -t kiddies -Tadd -f ${NEW_BLOCKERS_FILE} 1>/dev/null 2>&1
pfctl -t kiddies -Tshow | sed 's/^ *//' > ${BLOCKERS_FILE}
-rm ${HTTP_FILTERED_LOG} ${SSH_FILTERED_LOG} ${NEW_BLOCKERS_FILE}
+rm ${SSH_FILTERED_LOG} ${NEW_BLOCKERS_FILE}
rm ${PIDFILE}