#!/bin/sh #mon ip de chez moi monipdev="AAA.BBB.CCC.DDD.EEE" # l'ip publique du serveur monipserv=$(curl http://ifconfig.me/) ifcpath=`whereis ifconfig | cut -d: -f2 | xargs | cut -d" " -f1` if [ -f "$ifcpath" ]; then ip61=`$ifcpath | grep inet6 | cut -d"p" -f1 | cut -d"6" -f2 | xargs | cut -d" " -f1` ip62=$($ifcpath | grep inet6 | cut -d"p" -f1 | cut -d"6" -f2 | xargs | cut -d" " -f2) ip63=$($ifcpath | grep inet6 | cut -d"p" -f1 | cut -d"6" -f2 | xargs | cut -d" " -f3) else ip61="" ip62="" ip63="" fi #nombre maxi de tentatives nmax=3 #les tentatives remontant à une heure, ont dans les fichiers de log, une date heure qui commence ainsi : ddeb=$(date -d '1 hour ago' "+%d/%b/%Y:%H:") echo "---------------------------------------------------------" echo "bannissement automatique par lecture des fichiers access " echo "donnant lieu a un http 404 ou 403 " echo "ou d'accès à chell, env, XDEBUG_SESSION_START xmlrps.php plus de ""$nmax"" fois" echo "exception faite de ""$monipdev"",""$monipserv" if [ "$ip61" == "" ]; then ip61="zzzzzzzzzzzz" else echo "$ip61" fi if [ "$ip62" == "" ]; then ip62="zzzzzzzzzzzz" else echo "$ip62" fi if [ "$ip63" == "" ]; then ip63="zzzzzzzzzzzz" else echo "$ip63" fi echo "et sur ""$ddeb""XX" echo "---------------------------------------------------------" dir="/var/log/httpd/" ist="" rule="apache-auth" for nom in `ls $dir | grep "access\|log" ` do list="$dir""$nom"" ""$list" done #echo $list F404="/tmp/404access.txt" F403="/tmp/403access.txt" FXMLRPC="/tmp/xmlrpcaccess.txt" FSHELL="/tmp/shellaccess.txt" FDEBUG="/tmp/debugaccess.txt" FENV="/tmp/envaccess.txt" FBAN="/tmp/banaccess.txt" FIP="/tmp/listip.txt" FIPC="/tmp/listippays.txt" alreadybanned="/tmp/alreadybanned.txt" cmdbanfile="/tmp/autobancmd.txt" cat $list | grep "$ddeb" | grep "\" 404 " | grep -v "$monipdev" | grep -v "$monipserv" | grep -v "127.0.0.1" | grep -v "$ip61" | grep -v "$ip62" | grep -v "$ip63" | cut -d" " -f1 | grep -v ":" | sort | uniq -c > $F404 cat $list | grep "$ddeb" | grep "\" 403 " | grep -v "$monipdev" | grep -v "$monipserv" | grep -v "127.0.0.1" | grep -v "$ip61" | grep -v "$ip62" | grep -v "$ip63" | cut -d" " -f1 | grep -v ":" | sort | uniq -c > $F403 cat $list | grep "$ddeb" | grep "POST /xmlrpc.php" | grep -v "$monipdev" | grep -v "$monipserv" | grep -v "127.0.0.1" | grep -v "$ip61" | grep -v "$ip62" | grep -v "$ip63" | cut -d" " -f1 | grep -v ":" | sort | uniq -c > $FXMLRPC cat $list | grep "$ddeb" | grep "GET /shell" | grep -v "$monipdev" | grep -v "$monipserv" | grep -v "127.0.0.1" | grep -v "$ip61" | grep -v "$ip62" | grep -v "$ip63" | cut -d" " -f1 | grep -v ":" | sort | uniq -c > $FSHELL cat $list | grep "$ddeb" | grep "GET /?XDEBUG_SESSION_START" | grep -v "$monipdev" | grep -v "$monipserv" | grep -v "127.0.0.1" | grep -v "$ip61" | grep -v "$ip62" | grep -v "$ip63" | cut -d" " -f1 | grep -v ":" | sort | uniq -c > $FDEBUG cat $list | grep "$ddeb" | grep "/.env " | grep -v "$monipdev" | grep -v "$monipserv" | grep -v "127.0.0.1" | grep -v "$ip61" | grep -v "$ip62" | grep -v "$ip63" | cut -d" " -f1 | grep -v ":" | sort | uniq -c > $FENV cat $F404 $F403 $FXMLRPC $FSHELL $FDEBUG $FENV > $FBAN rm -f $F404 rm -f $F403 rm -f $FXMLRPC rm -f $FSHELL rm -f $FDEBUG rm -f $FENV rm -f "$FIP" touch "$FIP" ban="" i=0 while IFS=" " read c ip do if [ $c -ge $nmax ]; then echo "$ip" >> "$FIP" echo "Bannir $ip"" (vue ""$c"" fois)" fi done < "$FBAN" cat "$FIP" rm -f "$FIPC" python3 /opt/autoban/getipcountry.py "$FIP" "$FIPC" r=$? if [ $r -ne 0 ]; then exit 99 fi rm -f "$FIP" cat "$FIPC" rm -f "$alreadybanned" echo "---------------------------------------" echo "Contruction fichier des IP déjà bannies" echo "---------------------------------------" firewall-cmd --zone=public --list-rich-rules | grep "rule family=\"ipv4\"" >> "$alreadybanned" cat "$alreadybanned" rm -f "$cmdbanfile" echo "---------------------------------------" echo "Préparation fichier de banissement" echo "---------------------------------------" while IFS=: read ip pays do if [ "$pays" != "FR" ]; then cmd="firewall-cmd --permanent --add-rich-rule=\"rule family='ipv4' source address='"$ip"' drop\"" f=`cat "$alreadybanned" | grep "rule family=\"ipv4\" source address=\"$ip\" drop"` if [ "$f" == "" ]; then echo "Banning ""$ip" echo "$cmd" >> "$cmdbanfile" else echo "$ip"" already banned" fi else echo "$ip"" pays FR exclus" fi done < "$FIPC" echo "firewall-cmd --reload" >> "$cmdbanfile" rm -f "$FIPC" cat "$cmdbanfile" echo "Exécution fichier de banissement" echo "--------------------------------" sh "$cmdbanfile" ret=$? if [ "$ret" -ne 0 ]; then echo "erreur a l'exécution de " cat "$cmdbanfile" else echo "Banissement terminé" fi echo "Terminé "