GussRw/update-firewall.sh

## update-firewall.sh
# shellcheck disable=SC2006
# shellcheck disable=SC2013

warning=`tput setaf 1`
success=`tput setaf 2`
default=`tput sgr0`

grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' /var/log/auth.log | sort -u > /tmp/failed-unique-ips.log

current_ips=$(ufw status);

for ip in $(cat /tmp/failed-unique-ips.log)
do
  exists=$(echo "$current_ips" | grep -io "$ip")
  if test "$exists" != ""; then
    echo "${default}IP $ip is on UFW"
    continue
  fi

  key="ABUSEIPDB KEY"
  reports=$(curl -s -G https://api.abuseipdb.com/api/v2/check  --data-urlencode "ipAddress=$ip"  -d maxAgeInDays=90  -d verbose  -H "Key: $key"  -H "Accept: application/json" | jq -r '.data.totalReports')
  if test "$reports" = "0"; then
    echo "${success}IP $ip does not have reports"
  else
    echo "${warning}IP $ip has $reports reports, was added to UFW"
    ufw deny from "$ip"
  fi
done
rm   /tmp/failed-unique-ips.log
tput sgr0
	# shellcheck disable=SC2006
	# shellcheck disable=SC2013

	warning=`tput setaf 1`
	success=`tput setaf 2`
	default=`tput sgr0`

	grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' /var/log/auth.log \| sort -u > /tmp/failed-unique-ips.log

	current_ips=$(ufw status);

	for ip in $(cat /tmp/failed-unique-ips.log)
	do
	exists=$(echo "$current_ips" \| grep -io "$ip")
	if test "$exists" != ""; then
	echo "${default}IP $ip is on UFW"
	continue
	fi

	key="ABUSEIPDB KEY"
	reports=$(curl -s -G https://api.abuseipdb.com/api/v2/check --data-urlencode "ipAddress=$ip" -d maxAgeInDays=90 -d verbose -H "Key: $key" -H "Accept: application/json" \| jq -r '.data.totalReports')
	if test "$reports" = "0"; then
	echo "${success}IP $ip does not have reports"
	else
	echo "${warning}IP $ip has $reports reports, was added to UFW"
	ufw deny from "$ip"
	fi
	done
	rm /tmp/failed-unique-ips.log
	tput sgr0