fix
This commit is contained in:
Your Name
parent
02e5d984b3
commit
3bc706e771
44
firewall.sh
44
firewall.sh
@ -3,6 +3,8 @@ DATE="$(date +%d/%b/%Y:%H:%M -d '1 minute ago')"
|
|||||||
MY_IP=($(redis-cli --raw SMEMBERS my_ip))
|
MY_IP=($(redis-cli --raw SMEMBERS my_ip))
|
||||||
ATTACK_THRESHOLD="50"
|
ATTACK_THRESHOLD="50"
|
||||||
NGINX_ACCESS="/tmp/access.log"
|
NGINX_ACCESS="/tmp/access.log"
|
||||||
|
ACCESS="/tmp/minute.log"
|
||||||
|
grep $DATE $NGINX_ACCESS > $ACCESS
|
||||||
#Firewall Port Configuration
|
#Firewall Port Configuration
|
||||||
#
|
#
|
||||||
declare -A portConfig
|
declare -A portConfig
|
||||||
@ -111,7 +113,7 @@ attacker-protection() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
bot-search() {
|
bot-search() {
|
||||||
CRAWLERS=($(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Evi 'Guro|spank|report|rape|block' | grep -Ff <(printf '%s\n' "${CRAWLER_DB[@]}") | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | cut -d "-" -f1 | sort -u))
|
CRAWLERS=($(grep $DATE $ACCESS | grep -vi $MY_IP | grep -Evi 'Guro|spank|report|rape|block' | grep -Ff <(printf '%s\n' "${CRAWLER_DB[@]}") | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | cut -d "-" -f1 | sort -u))
|
||||||
|
|
||||||
echo
|
echo
|
||||||
echo "Processing Web Crawler list into NFT....."
|
echo "Processing Web Crawler list into NFT....."
|
||||||
@ -211,14 +213,16 @@ automaticStatus() {
|
|||||||
|
|
||||||
status() {
|
status() {
|
||||||
clear
|
clear
|
||||||
STATS=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | wc -l)
|
sleep 2
|
||||||
GET=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep GET | wc -l)
|
DATE="$(date +%d/%b/%Y:%H:%M -d '1 minute ago')"
|
||||||
POST=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep POST | wc -l)
|
STATS=$(grep $DATE $ACCESS | grep -vi $MY_IP | wc -l)
|
||||||
PUT=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -i PUT | wc -l)
|
GET=$(grep $DATE $ACCESS | grep -vi $MY_IP | grep GET | wc -l)
|
||||||
NOT_FOUND=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 404 | wc -l)
|
POST=$(grep $DATE $ACCESS | grep -vi $MY_IP | grep POST | wc -l)
|
||||||
GATEWAY=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 502 | wc -l)
|
PUT=$(grep $DATE $ACCESS | grep -vi $MY_IP | grep -i PUT | wc -l)
|
||||||
SUCCESS=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 200 | wc -l)
|
NOT_FOUND=$(grep $DATE $ACCESS | grep -vi $MY_IP | grep 404 | wc -l)
|
||||||
CRAWL=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Ff <(printf '%s\n' "${CRAWLER_DB[@]}") | wc -l)
|
GATEWAY=$(grep $DATE $ACCESS | grep -vi $MY_IP | grep 502 | wc -l)
|
||||||
|
SUCCESS=$(grep $DATE $ACCESS | grep -vi $MY_IP | grep 200 | wc -l)
|
||||||
|
CRAWL=$(grep $DATE $ACCESS | grep -vi $MY_IP | grep -Ff <(printf '%s\n' "${CRAWLER_DB[@]}") | wc -l)
|
||||||
echo $MENU_TOP
|
echo $MENU_TOP
|
||||||
echo "Attack Threshold: $ATTACK_THRESHOLD"
|
echo "Attack Threshold: $ATTACK_THRESHOLD"
|
||||||
echo "Firewall Rules: $($NFT list table filter | wc -l)"
|
echo "Firewall Rules: $($NFT list table filter | wc -l)"
|
||||||
@ -276,7 +280,7 @@ forgive() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
module-go() {
|
module-go() {
|
||||||
GO_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "Go-http-client" | wc -l)
|
GO_SPAM=$(grep $2 $ACCESS | grep -E "Go-http-client" | wc -l)
|
||||||
if [[ "$GO_SPAM" -gt 10 ]]; then
|
if [[ "$GO_SPAM" -gt 10 ]]; then
|
||||||
ipBlockParser "$1"
|
ipBlockParser "$1"
|
||||||
redis-cli SADD tmp_block $i
|
redis-cli SADD tmp_block $i
|
||||||
@ -285,7 +289,7 @@ module-go() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
module-akkoma() {
|
module-akkoma() {
|
||||||
SEARCH_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "api/v1/instance|api/v1/notifications|api/v1/accounts|api/v2/search|timelines/public|timelines/home|/api/v1/accounts" | grep $1 | wc -l)
|
SEARCH_SPAM=$(grep $2 $ACCESS | grep -E "api/v1/instance|api/v1/notifications|api/v1/accounts|api/v2/search|timelines/public|timelines/home|/api/v1/accounts" | grep $1 | wc -l)
|
||||||
CHECK=$(cat $NFT_CACHE | sort -u | grep $i)
|
CHECK=$(cat $NFT_CACHE | sort -u | grep $i)
|
||||||
if [[ "$SEARCH_SPAM" -gt 30 ]]; then
|
if [[ "$SEARCH_SPAM" -gt 30 ]]; then
|
||||||
echo "$IP $CHECK $COUNT"
|
echo "$IP $CHECK $COUNT"
|
||||||
@ -301,7 +305,7 @@ module-akkoma() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
module-get-spam() {
|
module-get-spam() {
|
||||||
GET_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "GET / HTTP" | wc -l)
|
GET_SPAM=$(grep $2 $ACCESS | grep -E "GET / HTTP" | wc -l)
|
||||||
if [[ "$GET_SPAM" -gt 5 ]]; then
|
if [[ "$GET_SPAM" -gt 5 ]]; then
|
||||||
ipBlockParser "$1"
|
ipBlockParser "$1"
|
||||||
redis-cli SADD tmp_block $i
|
redis-cli SADD tmp_block $i
|
||||||
@ -310,7 +314,7 @@ module-get-spam() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
module-php() {
|
module-php() {
|
||||||
PHP_SPAM=$(grep $2 $NGINX_ACCESS | grep -E ".php|cgi-bin|wp-content|wp-admin|wp-includes" | wc -l)
|
PHP_SPAM=$(grep $2 $ACCESS | grep -E ".php|cgi-bin|wp-content|wp-admin|wp-includes" | wc -l)
|
||||||
if [[ "$PHP_SPAM" -gt 1 ]]; then
|
if [[ "$PHP_SPAM" -gt 1 ]]; then
|
||||||
ipBlockParser "$1"
|
ipBlockParser "$1"
|
||||||
message "PHP Attack!"
|
message "PHP Attack!"
|
||||||
@ -319,7 +323,7 @@ module-php() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
module-lightning() {
|
module-lightning() {
|
||||||
LN_SPAM=$(grep $2 $NGINX_ACCESS | grep "lnurlp/verita84" | wc -l)
|
LN_SPAM=$(grep $2 $ACCESS | grep "lnurlp/verita84" | wc -l)
|
||||||
if [[ "$LN_SPAM" -gt 5 ]]; then
|
if [[ "$LN_SPAM" -gt 5 ]]; then
|
||||||
ipBlockParser "$1"
|
ipBlockParser "$1"
|
||||||
message "Lightning Spam Attack!"
|
message "Lightning Spam Attack!"
|
||||||
@ -334,7 +338,7 @@ message() {
|
|||||||
watch() {
|
watch() {
|
||||||
echo "Scanning $DATE"
|
echo "Scanning $DATE"
|
||||||
echo
|
echo
|
||||||
IP=($(grep $DATE $NGINX_ACCESS | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | grep -Fivf <(printf '%s\n' "${CRAWLER_DB[@]}") | grep -Fivf <(printf '%s\n' "${SAVED_BOTS[@]}") | grep -vi $MY_IP | grep -vi '127.0.0.1' | cut -d ' ' -f1 | sort -u))
|
IP=($(grep $DATE $ACCESS | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | grep -Fivf <(printf '%s\n' "${CRAWLER_DB[@]}") | grep -Fivf <(printf '%s\n' "${SAVED_BOTS[@]}") | grep -vi $MY_IP | grep -vi '127.0.0.1' | cut -d ' ' -f1 | sort -u))
|
||||||
|
|
||||||
for i in "${IP[@]}"; do
|
for i in "${IP[@]}"; do
|
||||||
module-akkoma "$i" "$DATE"
|
module-akkoma "$i" "$DATE"
|
||||||
@ -343,7 +347,7 @@ watch() {
|
|||||||
module-go "$i" "$DATE"
|
module-go "$i" "$DATE"
|
||||||
module-get-spam "$i" "$DATE"
|
module-get-spam "$i" "$DATE"
|
||||||
|
|
||||||
COUNT=$(grep $DATE $NGINX_ACCESS | grep $i | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | grep -Fivf <(printf '%s\n' "${SAVED_BOTS[@]}") | wc -l)
|
COUNT=$(grep $DATE $ACCESS | grep $i | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | grep -Fivf <(printf '%s\n' "${SAVED_BOTS[@]}") | wc -l)
|
||||||
CHECK=$(cat $NFT_CACHE | sort -u | grep $i)
|
CHECK=$(cat $NFT_CACHE | sort -u | grep $i)
|
||||||
if [[ "$COUNT" -gt $ATTACK_THRESHOLD ]]; then
|
if [[ "$COUNT" -gt $ATTACK_THRESHOLD ]]; then
|
||||||
if [ "$CHECK" = "" ]; then
|
if [ "$CHECK" = "" ]; then
|
||||||
@ -367,7 +371,7 @@ watch() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
module-nostr() {
|
module-nostr() {
|
||||||
IP=($(grep $DATE $NGINX_ACCESS | grep "/block=" | cut -d '=' -f2 | cut -d ' ' -f1 | sed 's/"//'))
|
IP=($(grep $DATE $ACCESS | grep "/block=" | cut -d '=' -f2 | cut -d ' ' -f1 | sed 's/"//'))
|
||||||
for i in "${IP[@]}"; do
|
for i in "${IP[@]}"; do
|
||||||
echo $i
|
echo $i
|
||||||
if [[ "$i" == *"npub"* ]]; then
|
if [[ "$i" == *"npub"* ]]; then
|
||||||
@ -380,7 +384,7 @@ module-nostr() {
|
|||||||
|
|
||||||
test-bots() {
|
test-bots() {
|
||||||
for i in "${SAVED_BOTS[@]}"; do
|
for i in "${SAVED_BOTS[@]}"; do
|
||||||
DATA=$(grep $i $NGINX_ACCESS | grep -Fivf <(printf '%s\n' "${CRAWLER_DB[@]}"))
|
DATA=$(grep $i $ACCESS | grep -Fivf <(printf '%s\n' "${CRAWLER_DB[@]}"))
|
||||||
if [ "$DATA" = "" ]; then
|
if [ "$DATA" = "" ]; then
|
||||||
echo "No Data. Probably OK"
|
echo "No Data. Probably OK"
|
||||||
else
|
else
|
||||||
@ -394,7 +398,7 @@ test-bots() {
|
|||||||
research-ip() {
|
research-ip() {
|
||||||
echo "Enter an IP Address to search"
|
echo "Enter an IP Address to search"
|
||||||
read -p 'IP Address: ' -e IP
|
read -p 'IP Address: ' -e IP
|
||||||
cat $NGINX_ACCESS | grep $IP
|
cat $ACCESS | grep $IP
|
||||||
echo
|
echo
|
||||||
read -p 'Press Enter to Continue ' -e
|
read -p 'Press Enter to Continue ' -e
|
||||||
}
|
}
|
||||||
@ -438,7 +442,7 @@ menu() {
|
|||||||
status
|
status
|
||||||
read -p 'Press Enter to Continue ' -e
|
read -p 'Press Enter to Continue ' -e
|
||||||
elif [ "$CHOICE" = "6" ]; then
|
elif [ "$CHOICE" = "6" ]; then
|
||||||
tail -f $NGINX_ACCESS | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | grep -Fivf <(printf '%s\n' "${CRAWLER_DB[@]}")
|
tail -f $ACCESS | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | grep -Fivf <(printf '%s\n' "${CRAWLER_DB[@]}")
|
||||||
read -p 'Press Enter to Continue ' -e
|
read -p 'Press Enter to Continue ' -e
|
||||||
elif [ "$CHOICE" = "7" ]; then
|
elif [ "$CHOICE" = "7" ]; then
|
||||||
test-bots
|
test-bots
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user