kosztik/suhosinFirewall.sh

## suhosinFirewall.sh
#!/bin/bash
# run screen; screen -r; watch /root/suhsoinFirewall.sh
#

ip=tail -1 /var/log/syslog| grep suhosin |grep ALERT | grep -v memory_limit|grep "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o -E


#__END__                      <- below only examples and notes

: '

#cat /var/log/syslog| grep suhosin|grep ALERT |grep "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o -E
# ip=`tail -1 /usr/local/assp/logs/maillog.txt | grep unsupported_AUTH| cut -f4 -d' '`


for i in `cat /var/log/syslog| grep suhosin|grep ALERT |grep "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o -E|sort|uniq`; do echo -n $i "---> "; geoiplookup $i; done| grep HU


sqlite3 /root/countmail.db "create table cm (id INTEGER PRIMARY KEY, domain TEXT, datum TEXT, mailbox INTEGER, szerzodesben INTEGER);"

sqlite3 /root/countmail.db "insert into cm (domain, datum, mailbox) VALUES ('$i', '`date`', '"`cmailbox $i`"');"


for i in `mysql -N -s -r -e "select domain from mail_domain" -p$pass -D dbispconfig -t| sed -e 's/|//g'|grep -e [a-z]`
do
###    echo -e $i:' --- '`cmailbox $i`
    sqlite3 /root/countmail.db "insert into cm (domain, datum, mailbox) VALUES ('$i', '`date`', '"`cmailbox $i`"');"
done


for i in `mysql -N -s -r -e "select domain from mail_domain" -p$pass -D dbispconfig -t| sed -e 's/|//g'|grep -e [a-z]`
do
    d=`sqlite3 /root/countmail.db "SELECT mailbox,szerzodesben FROM cm WHERE domain LIKE '$i';"`
    d1=`echo $d|sed -e 's/|1/\\\033[0;31m!\\\033[0m/g'`
#    d2=`echo $d|sed -e 's/|//g'`
    echo -e ${YELLOW}$i${NC}: $d1

done


# iptables -N punish_assp_noauth


if [ $ip  ]; then
# csak az ip cimet adja vissza:
vanTarolvaIp=`mysql -u root -D rendszergazda -e "select ip from punish_assp_noauth where ip like '$ip'\g"|grep .|grep -v ip`
echo $vanTarolvaIp
if [ $vanTarolvaIp ]; then
    # van
    echo "Ismetlodo ip"
else
    # nincs, beirjuk
    echo $ip
    mysql -u root -D rendszergazda -e "insert into punish_assp_noauth (ip, datum) values ('$ip', now() )"
    echo "beirva"
    iptables -A punish_assp_noauth -s $ip -j DROP
fi

'
	#!/bin/bash
	# run screen; screen -r; watch /root/suhsoinFirewall.sh
	#

	ip=tail -1 /var/log/syslog\| grep suhosin \|grep ALERT \| grep -v memory_limit\|grep "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o -E








	#__END__ <- below only examples and notes

	: '

	#cat /var/log/syslog\| grep suhosin\|grep ALERT \|grep "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o -E
	# ip=`tail -1 /usr/local/assp/logs/maillog.txt \| grep unsupported_AUTH\| cut -f4 -d' '`


	for i in `cat /var/log/syslog\| grep suhosin\|grep ALERT \|grep "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o -E\|sort\|uniq`; do echo -n $i "---> "; geoiplookup $i; done\| grep HU


	sqlite3 /root/countmail.db "create table cm (id INTEGER PRIMARY KEY, domain TEXT, datum TEXT, mailbox INTEGER, szerzodesben INTEGER);"

	sqlite3 /root/countmail.db "insert into cm (domain, datum, mailbox) VALUES ('$i', '`date`', '"`cmailbox $i`"');"


	for i in `mysql -N -s -r -e "select domain from mail_domain" -p$pass -D dbispconfig -t\| sed -e 's/\|//g'\|grep -e [a-z]`
	do
	### echo -e $i:' --- '`cmailbox $i`
	sqlite3 /root/countmail.db "insert into cm (domain, datum, mailbox) VALUES ('$i', '`date`', '"`cmailbox $i`"');"
	done



	for i in `mysql -N -s -r -e "select domain from mail_domain" -p$pass -D dbispconfig -t\| sed -e 's/\|//g'\|grep -e [a-z]`
	do
	d=`sqlite3 /root/countmail.db "SELECT mailbox,szerzodesben FROM cm WHERE domain LIKE '$i';"`
	d1=`echo $d\|sed -e 's/\|1/\\\033[0;31m!\\\033[0m/g'`
	# d2=`echo $d\|sed -e 's/\|//g'`
	echo -e ${YELLOW}$i${NC}: $d1

	done


	# iptables -N punish_assp_noauth


	if [ $ip ]; then
	# csak az ip cimet adja vissza:
	vanTarolvaIp=`mysql -u root -D rendszergazda -e "select ip from punish_assp_noauth where ip like '$ip'\g"\|grep .\|grep -v ip`
	echo $vanTarolvaIp
	if [ $vanTarolvaIp ]; then
	# van
	echo "Ismetlodo ip"
	else
	# nincs, beirjuk
	echo $ip
	mysql -u root -D rendszergazda -e "insert into punish_assp_noauth (ip, datum) values ('$ip', now() )"
	echo "beirva"
	iptables -A punish_assp_noauth -s $ip -j DROP
	fi

	'