fix
This commit is contained in:
Your Name
parent
02e5d984b3
commit
3bc706e771
44
firewall.sh
44
firewall.sh
@ -3,6 +3,8 @@ DATE="$(date +%d/%b/%Y:%H:%M -d '1 minute ago')"
|
||||
MY_IP=($(redis-cli --raw SMEMBERS my_ip))
|
||||
ATTACK_THRESHOLD="50"
|
||||
NGINX_ACCESS="/tmp/access.log"
|
||||
ACCESS="/tmp/minute.log"
|
||||
grep $DATE $NGINX_ACCESS > $ACCESS
|
||||
#Firewall Port Configuration
|
||||
#
|
||||
declare -A portConfig
|
||||
@ -111,7 +113,7 @@ attacker-protection() {
|
||||
}
|
||||
|
||||
bot-search() {
|
||||
CRAWLERS=($(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Evi 'Guro|spank|report|rape|block' | grep -Ff <(printf '%s\n' "${CRAWLER_DB[@]}") | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | cut -d "-" -f1 | sort -u))
|
||||
CRAWLERS=($(grep $DATE $ACCESS | grep -vi $MY_IP | grep -Evi 'Guro|spank|report|rape|block' | grep -Ff <(printf '%s\n' "${CRAWLER_DB[@]}") | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | cut -d "-" -f1 | sort -u))
|
||||
|
||||
echo
|
||||
echo "Processing Web Crawler list into NFT....."
|
||||
@ -211,14 +213,16 @@ automaticStatus() {
|
||||
|
||||
status() {
|
||||
clear
|
||||
STATS=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | wc -l)
|
||||
GET=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep GET | wc -l)
|
||||
POST=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep POST | wc -l)
|
||||
PUT=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -i PUT | wc -l)
|
||||
NOT_FOUND=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 404 | wc -l)
|
||||
GATEWAY=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 502 | wc -l)
|
||||
SUCCESS=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 200 | wc -l)
|
||||
CRAWL=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Ff <(printf '%s\n' "${CRAWLER_DB[@]}") | wc -l)
|
||||
sleep 2
|
||||
DATE="$(date +%d/%b/%Y:%H:%M -d '1 minute ago')"
|
||||
STATS=$(grep $DATE $ACCESS | grep -vi $MY_IP | wc -l)
|
||||
GET=$(grep $DATE $ACCESS | grep -vi $MY_IP | grep GET | wc -l)
|
||||
POST=$(grep $DATE $ACCESS | grep -vi $MY_IP | grep POST | wc -l)
|
||||
PUT=$(grep $DATE $ACCESS | grep -vi $MY_IP | grep -i PUT | wc -l)
|
||||
NOT_FOUND=$(grep $DATE $ACCESS | grep -vi $MY_IP | grep 404 | wc -l)
|
||||
GATEWAY=$(grep $DATE $ACCESS | grep -vi $MY_IP | grep 502 | wc -l)
|
||||
SUCCESS=$(grep $DATE $ACCESS | grep -vi $MY_IP | grep 200 | wc -l)
|
||||
CRAWL=$(grep $DATE $ACCESS | grep -vi $MY_IP | grep -Ff <(printf '%s\n' "${CRAWLER_DB[@]}") | wc -l)
|
||||
echo $MENU_TOP
|
||||
echo "Attack Threshold: $ATTACK_THRESHOLD"
|
||||
echo "Firewall Rules: $($NFT list table filter | wc -l)"
|
||||
@ -276,7 +280,7 @@ forgive() {
|
||||
}
|
||||
|
||||
module-go() {
|
||||
GO_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "Go-http-client" | wc -l)
|
||||
GO_SPAM=$(grep $2 $ACCESS | grep -E "Go-http-client" | wc -l)
|
||||
if [[ "$GO_SPAM" -gt 10 ]]; then
|
||||
ipBlockParser "$1"
|
||||
redis-cli SADD tmp_block $i
|
||||
@ -285,7 +289,7 @@ module-go() {
|
||||
}
|
||||
|
||||
module-akkoma() {
|
||||
SEARCH_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "api/v1/instance|api/v1/notifications|api/v1/accounts|api/v2/search|timelines/public|timelines/home|/api/v1/accounts" | grep $1 | wc -l)
|
||||
SEARCH_SPAM=$(grep $2 $ACCESS | grep -E "api/v1/instance|api/v1/notifications|api/v1/accounts|api/v2/search|timelines/public|timelines/home|/api/v1/accounts" | grep $1 | wc -l)
|
||||
CHECK=$(cat $NFT_CACHE | sort -u | grep $i)
|
||||
if [[ "$SEARCH_SPAM" -gt 30 ]]; then
|
||||
echo "$IP $CHECK $COUNT"
|
||||
@ -301,7 +305,7 @@ module-akkoma() {
|
||||
}
|
||||
|
||||
module-get-spam() {
|
||||
GET_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "GET / HTTP" | wc -l)
|
||||
GET_SPAM=$(grep $2 $ACCESS | grep -E "GET / HTTP" | wc -l)
|
||||
if [[ "$GET_SPAM" -gt 5 ]]; then
|
||||
ipBlockParser "$1"
|
||||
redis-cli SADD tmp_block $i
|
||||
@ -310,7 +314,7 @@ module-get-spam() {
|
||||
}
|
||||
|
||||
module-php() {
|
||||
PHP_SPAM=$(grep $2 $NGINX_ACCESS | grep -E ".php|cgi-bin|wp-content|wp-admin|wp-includes" | wc -l)
|
||||
PHP_SPAM=$(grep $2 $ACCESS | grep -E ".php|cgi-bin|wp-content|wp-admin|wp-includes" | wc -l)
|
||||
if [[ "$PHP_SPAM" -gt 1 ]]; then
|
||||
ipBlockParser "$1"
|
||||
message "PHP Attack!"
|
||||
@ -319,7 +323,7 @@ module-php() {
|
||||
}
|
||||
|
||||
module-lightning() {
|
||||
LN_SPAM=$(grep $2 $NGINX_ACCESS | grep "lnurlp/verita84" | wc -l)
|
||||
LN_SPAM=$(grep $2 $ACCESS | grep "lnurlp/verita84" | wc -l)
|
||||
if [[ "$LN_SPAM" -gt 5 ]]; then
|
||||
ipBlockParser "$1"
|
||||
message "Lightning Spam Attack!"
|
||||
@ -334,7 +338,7 @@ message() {
|
||||
watch() {
|
||||
echo "Scanning $DATE"
|
||||
echo
|
||||
IP=($(grep $DATE $NGINX_ACCESS | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | grep -Fivf <(printf '%s\n' "${CRAWLER_DB[@]}") | grep -Fivf <(printf '%s\n' "${SAVED_BOTS[@]}") | grep -vi $MY_IP | grep -vi '127.0.0.1' | cut -d ' ' -f1 | sort -u))
|
||||
IP=($(grep $DATE $ACCESS | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | grep -Fivf <(printf '%s\n' "${CRAWLER_DB[@]}") | grep -Fivf <(printf '%s\n' "${SAVED_BOTS[@]}") | grep -vi $MY_IP | grep -vi '127.0.0.1' | cut -d ' ' -f1 | sort -u))
|
||||
|
||||
for i in "${IP[@]}"; do
|
||||
module-akkoma "$i" "$DATE"
|
||||
@ -343,7 +347,7 @@ watch() {
|
||||
module-go "$i" "$DATE"
|
||||
module-get-spam "$i" "$DATE"
|
||||
|
||||
COUNT=$(grep $DATE $NGINX_ACCESS | grep $i | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | grep -Fivf <(printf '%s\n' "${SAVED_BOTS[@]}") | wc -l)
|
||||
COUNT=$(grep $DATE $ACCESS | grep $i | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | grep -Fivf <(printf '%s\n' "${SAVED_BOTS[@]}") | wc -l)
|
||||
CHECK=$(cat $NFT_CACHE | sort -u | grep $i)
|
||||
if [[ "$COUNT" -gt $ATTACK_THRESHOLD ]]; then
|
||||
if [ "$CHECK" = "" ]; then
|
||||
@ -367,7 +371,7 @@ watch() {
|
||||
}
|
||||
|
||||
module-nostr() {
|
||||
IP=($(grep $DATE $NGINX_ACCESS | grep "/block=" | cut -d '=' -f2 | cut -d ' ' -f1 | sed 's/"//'))
|
||||
IP=($(grep $DATE $ACCESS | grep "/block=" | cut -d '=' -f2 | cut -d ' ' -f1 | sed 's/"//'))
|
||||
for i in "${IP[@]}"; do
|
||||
echo $i
|
||||
if [[ "$i" == *"npub"* ]]; then
|
||||
@ -380,7 +384,7 @@ module-nostr() {
|
||||
|
||||
test-bots() {
|
||||
for i in "${SAVED_BOTS[@]}"; do
|
||||
DATA=$(grep $i $NGINX_ACCESS | grep -Fivf <(printf '%s\n' "${CRAWLER_DB[@]}"))
|
||||
DATA=$(grep $i $ACCESS | grep -Fivf <(printf '%s\n' "${CRAWLER_DB[@]}"))
|
||||
if [ "$DATA" = "" ]; then
|
||||
echo "No Data. Probably OK"
|
||||
else
|
||||
@ -394,7 +398,7 @@ test-bots() {
|
||||
research-ip() {
|
||||
echo "Enter an IP Address to search"
|
||||
read -p 'IP Address: ' -e IP
|
||||
cat $NGINX_ACCESS | grep $IP
|
||||
cat $ACCESS | grep $IP
|
||||
echo
|
||||
read -p 'Press Enter to Continue ' -e
|
||||
}
|
||||
@ -438,7 +442,7 @@ menu() {
|
||||
status
|
||||
read -p 'Press Enter to Continue ' -e
|
||||
elif [ "$CHOICE" = "6" ]; then
|
||||
tail -f $NGINX_ACCESS | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | grep -Fivf <(printf '%s\n' "${CRAWLER_DB[@]}")
|
||||
tail -f $ACCESS | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | grep -Fivf <(printf '%s\n' "${CRAWLER_DB[@]}")
|
||||
read -p 'Press Enter to Continue ' -e
|
||||
elif [ "$CHOICE" = "7" ]; then
|
||||
test-bots
|
||||
|
||||
Loading…
Reference in New Issue
Block a user