Last active
August 7, 2019 04:41
-
-
Save kosztik/6837f92ee07094df6c0206b980b6ddc7 to your computer and use it in GitHub Desktop.
punishment based on suhosin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# run screen; screen -r; watch /root/suhsoinFirewall.sh | |
# | |
ip=tail -1 /var/log/syslog| grep suhosin |grep ALERT | grep -v memory_limit|grep "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o -E | |
#__END__ <- below only examples and notes | |
: ' | |
#cat /var/log/syslog| grep suhosin|grep ALERT |grep "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o -E | |
# ip=`tail -1 /usr/local/assp/logs/maillog.txt | grep unsupported_AUTH| cut -f4 -d' '` | |
for i in `cat /var/log/syslog| grep suhosin|grep ALERT |grep "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o -E|sort|uniq`; do echo -n $i "---> "; geoiplookup $i; done| grep HU | |
sqlite3 /root/countmail.db "create table cm (id INTEGER PRIMARY KEY, domain TEXT, datum TEXT, mailbox INTEGER, szerzodesben INTEGER);" | |
sqlite3 /root/countmail.db "insert into cm (domain, datum, mailbox) VALUES ('$i', '`date`', '"`cmailbox $i`"');" | |
for i in `mysql -N -s -r -e "select domain from mail_domain" -p$pass -D dbispconfig -t| sed -e 's/|//g'|grep -e [a-z]` | |
do | |
### echo -e $i:' --- '`cmailbox $i` | |
sqlite3 /root/countmail.db "insert into cm (domain, datum, mailbox) VALUES ('$i', '`date`', '"`cmailbox $i`"');" | |
done | |
for i in `mysql -N -s -r -e "select domain from mail_domain" -p$pass -D dbispconfig -t| sed -e 's/|//g'|grep -e [a-z]` | |
do | |
d=`sqlite3 /root/countmail.db "SELECT mailbox,szerzodesben FROM cm WHERE domain LIKE '$i';"` | |
d1=`echo $d|sed -e 's/|1/\\\033[0;31m!\\\033[0m/g'` | |
# d2=`echo $d|sed -e 's/|//g'` | |
echo -e ${YELLOW}$i${NC}: $d1 | |
done | |
# iptables -N punish_assp_noauth | |
if [ $ip ]; then | |
# csak az ip cimet adja vissza: | |
vanTarolvaIp=`mysql -u root -D rendszergazda -e "select ip from punish_assp_noauth where ip like '$ip'\g"|grep .|grep -v ip` | |
echo $vanTarolvaIp | |
if [ $vanTarolvaIp ]; then | |
# van | |
echo "Ismetlodo ip" | |
else | |
# nincs, beirjuk | |
echo $ip | |
mysql -u root -D rendszergazda -e "insert into punish_assp_noauth (ip, datum) values ('$ip', now() )" | |
echo "beirva" | |
iptables -A punish_assp_noauth -s $ip -j DROP | |
fi | |
' | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment