Last active
May 26, 2024 15:14
-
-
Save austinsonger/6cbab3dc30c038e5a9dc2717e99bda56 to your computer and use it in GitHub Desktop.
Bash script that blocks web server scanner IP Addresses after they scan once.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ######################### Common Functions ######################### | |
| # Function to process log files | |
| process_log() { | |
| local log_file=$1 | |
| local output_file=$2 | |
| local temp_file=$3 | |
| local ip_column=$4 | |
| cat $log_file | \ | |
| grep -v bot | \ | |
| grep -v google | \ | |
| grep " 403 " | \ | |
| awk -v col="$ip_column" '{ print $col }' | \ | |
| awk '{match($0,/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/); ip = substr($0,RSTART,RLENGTH); print ip}' | \ | |
| sed '/^$/d' | \ | |
| uniq -c | \ | |
| awk '$1>1{print $2}' | \ | |
| grep -F -x -v -f $output_file > $temp_file | |
| if [ -s $temp_file ]; then | |
| cat $temp_file >> $output_file | |
| for ip in $(cat $temp_file); do | |
| /usr/sbin/ipset add blacklist $ip | |
| firewall-cmd --permanent --ipset=blacklist --add-entry=$ip | |
| # Uncomment the following line to add entries to iptables directly | |
| # iptables -A INPUT -s $ip/32 -d 0/0 -j DROP | |
| done | |
| fi | |
| rm -f $temp_file | |
| } | |
| # Ensure the existence of block list files | |
| for file in /root/access_403.txt /root/error_403.txt /root/nginx_access_403.txt /root/nginx_error_403.txt; do | |
| [ ! -f $file ] && touch $file | |
| done | |
| ######################### Apache access_log ######################### | |
| process_log "/var/log/httpd/access_log" "/root/access_403.txt" "/tmp/access_403.log" 1 | |
| ######################### Apache error_log ######################### | |
| process_log "/var/log/httpd/error_log" "/root/error_403.txt" "/tmp/error_403.log" 13 | |
| ######################### Nginx access_log ######################### | |
| # Adjust the column for Nginx logs if necessary. Typically, IP addresses are in the first column. | |
| process_log "/var/log/nginx/access.log" "/root/nginx_access_403.txt" "/tmp/nginx_access_403.log" 1 | |
| ######################### Nginx error_log ######################### | |
| # Adjust the column for Nginx logs if necessary. Typically, IP addresses are in the first column. | |
| process_log "/var/log/nginx/error.log" "/root/nginx_error_403.txt" "/tmp/nginx_error_403.log" 1 | |
| #########################Reload firewalld ######################### | |
| firewall-cmd --reload |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment