Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # run screen; screen -r; watch /root/suhsoinFirewall.sh
- #
- ip=tail -1 /var/log/syslog| grep suhosin |grep ALERT | grep -v memory_limit|grep "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o -E
- #__END__ <- below only examples and notes
- : '
- #cat /var/log/syslog| grep suhosin|grep ALERT |grep "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o -E
- # ip=`tail -1 /usr/local/assp/logs/maillog.txt | grep unsupported_AUTH| cut -f4 -d' '`
- for i in `cat /var/log/syslog| grep suhosin|grep ALERT |grep "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o -E|sort|uniq`; do echo -n $i "---> "; geoiplookup $i; done| grep HU
- sqlite3 /root/countmail.db "create table cm (id INTEGER PRIMARY KEY, domain TEXT, datum TEXT, mailbox INTEGER, szerzodesben INTEGER);"
- sqlite3 /root/countmail.db "insert into cm (domain, datum, mailbox) VALUES ('$i', '`date`', '"`cmailbox $i`"');"
- for i in `mysql -N -s -r -e "select domain from mail_domain" -p$pass -D dbispconfig -t| sed -e 's/|//g'|grep -e [a-z]`
- do
- ### echo -e $i:' --- '`cmailbox $i`
- sqlite3 /root/countmail.db "insert into cm (domain, datum, mailbox) VALUES ('$i', '`date`', '"`cmailbox $i`"');"
- done
- for i in `mysql -N -s -r -e "select domain from mail_domain" -p$pass -D dbispconfig -t| sed -e 's/|//g'|grep -e [a-z]`
- do
- d=`sqlite3 /root/countmail.db "SELECT mailbox,szerzodesben FROM cm WHERE domain LIKE '$i';"`
- d1=`echo $d|sed -e 's/|1/\\\033[0;31m!\\\033[0m/g'`
- # d2=`echo $d|sed -e 's/|//g'`
- echo -e ${YELLOW}$i${NC}: $d1
- done
- # iptables -N punish_assp_noauth
- if [ $ip ]; then
- # csak az ip cimet adja vissza:
- vanTarolvaIp=`mysql -u root -D rendszergazda -e "select ip from punish_assp_noauth where ip like '$ip'\g"|grep .|grep -v ip`
- echo $vanTarolvaIp
- if [ $vanTarolvaIp ]; then
- # van
- echo "Ismetlodo ip"
- else
- # nincs, beirjuk
- echo $ip
- mysql -u root -D rendszergazda -e "insert into punish_assp_noauth (ip, datum) values ('$ip', now() )"
- echo "beirva"
- iptables -A punish_assp_noauth -s $ip -j DROP
- fi
- '
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement