suc2ban

1. #!/bin/bash
2. filez="/var/log/auth.log*"
3. for line in  \
4. $( (zgrep -P 'Their offer' $filez)                      |awk '{print $10}' \
5. |sort -n |uniq -c |sort -n |awk ' $1>=2{print $2}'      |grep -P '^(?:[0-9]{1,3}\.){3}[0-9]{1,3}'|grep -vP '^192.168.'|grep -vP '^10.')  \
6. \
7. $( (zgrep -P 'failure' $filez ) |grep -P ^rhost\=       |awk '{print $14}' \
8. |cut -d "=" -f 2        |sort -n |uniq -c |sort -n      |awk ' $1>=2{print $2}'\
9. | grep -P '^(?:[0-9]{1,3}\.){3}[0-9]{1,3}'|grep -vP '^192.168.'|grep -vP '^10.')  \
10. \
11. $( (zgrep -P 'Failed password for invalid' $filez )     |awk '{print $13}' \
12. |sort -n |uniq -c |sort -n  |awk ' $1>=2{print $2}'     | grep -P '^(?:[0-9]{1,3}\.){3}[0-9]{1,3}'|grep -vP '^192.168.'|grep -vP '^10.') \
13. \
14. $( (zgrep -P 'Failed password for' $filez ) |grep -v invalid \
15. |awk '{print $11}'  |sort -n |uniq -c |sort -n  |awk ' $1>=2{print $2}' | grep -P '^(?:[0-9]{1,3}\.){3}[0-9]{1,3}'|grep -vP '^192.168.'|grep -vP '^10.')
16.  
17. do
18. /sbin/ipset test estolista "$line"  2>/dev/null || ( echo "blokataan: " "$line" ; /sbin/ipset -A estolista "$line" ;  echo "$line" >> /root/scripts/murtautujat.txt )
19. done
20. sort -n /root/scripts/murtautujat.txt > /root/scripts/data.tmp
21. uniq /root/scripts/data.tmp > /root/scripts/murtautujat.txt
22.