Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
punishment based on suhosin
#!/bin/bash
# run screen; screen -r; watch /root/suhsoinFirewall.sh
#
ip=tail -1 /var/log/syslog| grep suhosin |grep ALERT | grep -v memory_limit|grep "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o -E
#__END__ <- below only examples and notes
: '
#cat /var/log/syslog| grep suhosin|grep ALERT |grep "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o -E
# ip=`tail -1 /usr/local/assp/logs/maillog.txt | grep unsupported_AUTH| cut -f4 -d' '`
for i in `cat /var/log/syslog| grep suhosin|grep ALERT |grep "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o -E|sort|uniq`; do echo -n $i "---> "; geoiplookup $i; done| grep HU
sqlite3 /root/countmail.db "create table cm (id INTEGER PRIMARY KEY, domain TEXT, datum TEXT, mailbox INTEGER, szerzodesben INTEGER);"
sqlite3 /root/countmail.db "insert into cm (domain, datum, mailbox) VALUES ('$i', '`date`', '"`cmailbox $i`"');"
for i in `mysql -N -s -r -e "select domain from mail_domain" -p$pass -D dbispconfig -t| sed -e 's/|//g'|grep -e [a-z]`
do
### echo -e $i:' --- '`cmailbox $i`
sqlite3 /root/countmail.db "insert into cm (domain, datum, mailbox) VALUES ('$i', '`date`', '"`cmailbox $i`"');"
done
for i in `mysql -N -s -r -e "select domain from mail_domain" -p$pass -D dbispconfig -t| sed -e 's/|//g'|grep -e [a-z]`
do
d=`sqlite3 /root/countmail.db "SELECT mailbox,szerzodesben FROM cm WHERE domain LIKE '$i';"`
d1=`echo $d|sed -e 's/|1/\\\033[0;31m!\\\033[0m/g'`
# d2=`echo $d|sed -e 's/|//g'`
echo -e ${YELLOW}$i${NC}: $d1
done
# iptables -N punish_assp_noauth
if [ $ip ]; then
# csak az ip cimet adja vissza:
vanTarolvaIp=`mysql -u root -D rendszergazda -e "select ip from punish_assp_noauth where ip like '$ip'\g"|grep .|grep -v ip`
echo $vanTarolvaIp
if [ $vanTarolvaIp ]; then
# van
echo "Ismetlodo ip"
else
# nincs, beirjuk
echo $ip
mysql -u root -D rendszergazda -e "insert into punish_assp_noauth (ip, datum) values ('$ip', now() )"
echo "beirva"
iptables -A punish_assp_noauth -s $ip -j DROP
fi
'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.