Last active
August 25, 2018 22:29
-
-
Save em92/795db8b67a87725a32122b36ada71115 to your computer and use it in GitHub Desktop.
abuseipdb report scripts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # make sure to put ABUSE_API_KEY into ~/.profile | |
| 0 1 * * * . ~/.profile; ~/abuse/ssh_report_all.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| sudo cat /var/log/auth.log | grep "`LC_ALL=en_US.utf8 date -d 'yesterday' '+%b %e'`" | grep "Failed password for invalid" | sed -r 's/.*Failed password for invalid user (|[A-Za-z0-9_-]+) from ([0-9\.]+).*/\2/m' | sort | uniq |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| sudo cat /var/log/auth.log | grep $1 | grep "Failed password for invalid" | sed -e "s/ih953426/***/" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| for ip in `~/abuse/ssh_failed_ips.sh` | |
| do | |
| ~/abuse/ssh_report_one.sh $ip | |
| echo | |
| done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ~/abuse/ssh_ip_comment.sh $1 | curl "https://www.abuseipdb.com/report/json?key=$ABUSE_API_KEY&category=18,22&ip=$1" --data-urlencode comment@- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for sharing. This works like a charm. Just need a tweak to mask the server name but I’ll work to tweak that.