Untitled

#!/bin/bash
# run screen; screen -r; watch /root/suhsoinFirewall.sh
#

ip=tail -1 /var/log/syslog| grep suhosin |grep ALERT | grep -v memory_limit|grep "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o -E


#__END__                      <- below only examples and notes

: '

#cat /var/log/syslog| grep suhosin|grep ALERT |grep "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o -E
# ip=`tail -1 /usr/local/assp/logs/maillog.txt | grep unsupported_AUTH| cut -f4 -d' '`


for i in `cat /var/log/syslog| grep suhosin|grep ALERT |grep "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o -E|sort|uniq`; do echo -n $i "---> "; geoiplookup $i; done| grep HU


sqlite3 /root/countmail.db "create table cm (id INTEGER PRIMARY KEY, domain TEXT, datum TEXT, mailbox INTEGER, szerzodesben INTEGER);"

sqlite3 /root/countmail.db "insert into cm (domain, datum, mailbox) VALUES ('$i', '`date`', '"`cmailbox $i`"');"


for i in `mysql -N -s -r -e "select domain from mail_domain" -p$pass -D dbispconfig -t| sed -e 's/|//g'|grep -e [a-z]`
do
###    echo -e $i:' --- '`cmailbox $i`
    sqlite3 /root/countmail.db "insert into cm (domain, datum, mailbox) VALUES ('$i', '`date`', '"`cmailbox $i`"');"
done


for i in `mysql -N -s -r -e "select domain from mail_domain" -p$pass -D dbispconfig -t| sed -e 's/|//g'|grep -e [a-z]`
do
    d=`sqlite3 /root/countmail.db "SELECT mailbox,szerzodesben FROM cm WHERE domain LIKE '$i';"`
    d1=`echo $d|sed -e 's/|1/\\\033[0;31m!\\\033[0m/g'`
#    d2=`echo $d|sed -e 's/|//g'`
    echo -e ${YELLOW}$i${NC}: $d1

done


# iptables -N punish_assp_noauth


if [ $ip  ]; then
# csak az ip cimet adja vissza:
vanTarolvaIp=`mysql -u root -D rendszergazda -e "select ip from punish_assp_noauth where ip like '$ip'\g"|grep .|grep -v ip`
echo $vanTarolvaIp
if [ $vanTarolvaIp ]; then
    # van
    echo "Ismetlodo ip"
else
    # nincs, beirjuk
    echo $ip
    mysql -u root -D rendszergazda -e "insert into punish_assp_noauth (ip, datum) values ('$ip', now() )"
    echo "beirva"
    iptables -A punish_assp_noauth -s $ip -j DROP
fi

'