Last active
August 19, 2021 01:29
-
-
Save apolopena/4d87616e1d88191faee2ffa20f199e2a to your computer and use it in GitHub Desktop.
Dump or report on unauthorized server access attempts. Requires sudo.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # SPDX-License-Identifier: MIT | |
| # Copyright © 2021 Apolo Pena | |
| # | |
| # File: badips.sh | |
| # Author: Apolo Pena | |
| # Description: | |
| # Dumps a unique list of unauthorized ips to a file, | |
| # or reports information to stdout about the unauthorized attempts | |
| # The dump file will be relative to this script and named badips.dump | |
| # The dump file will be timestamped by default. | |
| # Accepts a single long option at a time: | |
| # --no-stamp: Omit the timestamp on the dump file. | |
| # --not-unique: Omits the timestamp and includes duplicate ip's. Good for getting a total count of all unauthorized attempts. | |
| # --count-uniques: Outputs the total number of unique unauthorized attempts | |
| # --count-all: Outputs the total number of ALL unauthorized attempts | |
| # --help: Outputs usage | |
| # | |
| # Example Usage, run unique unauthorized ip addresses through a sh command: | |
| # ./badips.sh --no-stamp && cat badips.dump | xargs -n1 -I{} sh -c 'ip=$1; echo "Ban this ip: $ip"' xargs-sh {} | |
| #-- Quick and dirty error handling | |
| [[ $# -gt 1 ]] && echo "ERROR: Illegal number of arguments, expected 0 or 1, received $#" && exit 1 | |
| [[ -n $1 ]] && { | |
| [[ $1 != '--help' && $1 != '--no-stamp' && $1 != '--not-unique' && $1 != '--count-uniques' && $1 != '--count-all' ]] && { | |
| echo "ERROR: Illegal argument or option $1" | |
| exit 1 | |
| } | |
| } | |
| #--Begin | |
| [[ $1 == '--help' ]] && { | |
| echo " | |
| badips.sh: help | |
| You may only use a single long option at a time | |
| Options: | |
| --no-stamp: Omit the timestamp on the dump file. | |
| --not-unique: Omits the timestamp and includes duplicate ip's. Good for getting a total count of all unauthorized attempts. | |
| --count-uniques: Outputs the total number of unique unauthorized attempts | |
| --count-all: Outputs the total number of ALL unauthorized attempts | |
| --help: Outputs usage | |
| Example usage, run unique unauthorized ip addresses through a sh command: | |
| ./badips.sh --no-stamp && cat badips.dump | xargs -n1 -I{} sh -c 'ip=\$1; echo \"Ban this ip: \$ip\"' xargs-sh {} | |
| " | |
| exit | |
| } | |
| ip_regex='\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' | |
| dump_file="badips_$(date "+%Y.%m.%d-%H.%M.%S").dump" | |
| [[ $1 == '--no-stamp' ]] && dump_file="badips.dump" | |
| [[ $1 == '--not-unique' ]] && { | |
| dump_file="badips.dump" | |
| sudo cat /var/log/auth.log | grep invalid | grep -oE "$ip_regex" > "$dump_file" && | |
| echo "Dumpfile created at $(dirname "${BASH_SOURCE[0]}")/$dump_file" | |
| exit | |
| } | |
| [[ $1 == '--count-uniques' ]] && { | |
| dump_file="badips.dump" | |
| sudo cat /var/log/auth.log | grep invalid | grep -oE --only-matching "$ip_regex" | sort --unique > "$dump_file" && | |
| echo "$(wc -l < badips.dump) unique unauthorized attempts" | |
| rm "$dump_file" | |
| exit | |
| } | |
| [[ $1 == '--count-all' ]] && { | |
| dump_file="badips.dump" | |
| sudo cat /var/log/auth.log | grep invalid | grep -oE "$ip_regex" > "$dump_file" && | |
| echo "$(wc -l < badips.dump) total unauthorized attempts" | |
| rm "$dump_file" | |
| exit | |
| } | |
| sudo cat /var/log/auth.log | grep invalid | grep -oE --only-matching "$ip_regex" | sort --unique > "$dump_file" && | |
| echo "Dumpfile created at $(dirname "${BASH_SOURCE[0]}")/$dump_file" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment