forked from kappapiana/script
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbadip_new.sh
executable file
·57 lines (35 loc) · 1.31 KB
/
badip_new.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/bin/bash
# takes a list of bad IPs and after checking against whitelist
# blocks them
# list is provided as argument to the command
# requires sudo and password insertion
# **************************************************
# caution: can lock you out, make sure you are whiltelisted!
# **************************************************
file=$1
echo "Start! da file $1"
rm ~/white.txt
#find those whiltelisted, never shut them off
sudo iptables --list INPUT -v -n | grep ^\ *[0-9].*ACCEPT | awk '{print $8}' > /home/carlo/white.txt
echo "these are whitelisted"
cat ~/white.txt
sleep 1
rm ~/present.txt
#find those already in the REJECT list
sudo /sbin/iptables --list -n --line-numbers | egrep "(REJECT) | (DROP)" | awk '{print $5}' | sort -n | uniq > ~/present.txt
sleep 1
while read p; do
if grep -q "$p" ~/present.txt ; then
echo "trovato $p"
elif grep -q "$p" ~/white.txt ; then
echo "trovato e buono $p"
else
echo "$p non trovato"
echo "comando: sudo iptables -I INPUT -s $p -j DROP"
sudo iptables -I INPUT -s $p -j DROP
echo "$p cancellato"
fi
done < $1
sudo bash -c "iptables-save > /etc/network/iptables.save"
# Examples of extracting bad IPs:
# sudo grep -P "rosco sshd\[.*\]: Invalid user" /var/log/auth.log | awk {'print $10'} | sort | uniq -c | sort -n | awk {'print $2'} > foe.txt