/[smecontribs]/rpms/smeserver-xt_geoip/contribs9/smeserver-xt_geoip-1.0.1-stats.patch
ViewVC logotype

Annotation of /rpms/smeserver-xt_geoip/contribs9/smeserver-xt_geoip-1.0.1-stats.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Mon Mar 25 13:34:21 2019 UTC (5 years, 7 months ago) by michel
Branch: MAIN
CVS Tags: smeserver-xt_geoip-1_0_1-8_el6_sme, smeserver-xt_geoip-1_0_1-18_el6_sme, smeserver-xt_geoip-1_0_1-20_el6_sme, smeserver-xt_geoip-1_0_1-14_el6_sme, smeserver-xt_geoip-1_0_1-17_el6_sme, smeserver-xt_geoip-1_0_1-24_el6_sme, smeserver-xt_geoip-1_0_1-23_el6_sme, smeserver-xt_geoip-1_0_1-26_el6_sme, smeserver-xt_geoip-1_0_1-25_el6_sme, smeserver-xt_geoip-1_0_1-11_el6_sme, smeserver-xt_geoip-1_0_1-12_el6_sme, smeserver-xt_geoip-1_0_1-16_el6_sme, smeserver-xt_geoip-1_0_1-15_el6_sme, smeserver-xt_geoip-1_0_1-22_el6_sme, smeserver-xt_geoip-1_0_1-21_el6_sme, smeserver-xt_geoip-1_0_1-13_el6_sme, smeserver-xt_geoip-1_0_1-7_el6_sme, smeserver-xt_geoip-1_0_1-10_el6_sme, smeserver-xt_geoip-1_0_1-9_el6_sme, smeserver-xt_geoip-1_0_1-19_el6_sme, HEAD
* Wed Mar 06 2019 Michel Begue <mab974@gmail.com> 1.0.1-7.sme
- add stats of geoip blocked countries [SME: 10745]
- add stats of ssh attacks not geoip blocked [SME: 10744]
- expand /etc/crontab on update

1 michel 1.1 diff -urN smeserver-xt_geoip-1.0.1.old/createlinks smeserver-xt_geoip-1.0.1/createlinks
2     --- smeserver-xt_geoip-1.0.1.old/createlinks 2017-09-22 09:50:47.000000000 +0400
3     +++ smeserver-xt_geoip-1.0.1/createlinks 2019-03-14 20:58:14.000000000 +0400
4     @@ -15,6 +15,7 @@
5     for my $event (qw(xt_geoip-modify xt_geoip-update bootstrap-console-save console-save))
6     {
7     templates2events("/etc/rc.d/init.d/masq", $event);
8     + templates2events("/etc/crontab", $event);
9     templates2events("/usr/share/xt_geoip/update_base", $event);
10     if ($event ne 'xt_geoip-modify') {
11     event_link("smeserver-xt_geoip-download-action", $event, "10");
12     diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/crontab/xt_geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/crontab/xt_geoip
13     --- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/crontab/xt_geoip 2019-02-28 11:38:16.000000000 +0400
14     +++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/crontab/xt_geoip 2019-03-19 21:50:21.000000000 +0400
15     @@ -1,2 +1,6 @@
16     # saturday at 06:00 update xtables geoip base
17     00 06 * * 6 root /usr/share/xt_geoip/update_base
18     +50 1 * * * root /usr/share/xt_geoip/geoip_stats ssh
19     +55 1 * * * root /usr/share/xt_geoip/geoip_stats ipt
20     +05 2 * * * root /usr/share/xt_geoip/geoip_listat
21     +#
22     \ Pas de fin de ligne à la fin du fichier.
23     diff -urN smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_exstat smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_exstat
24     --- smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_exstat 1970-01-01 04:00:00.000000000 +0400
25     +++ smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_exstat 2019-03-19 22:33:38.000000000 +0400
26     @@ -0,0 +1,100 @@
27     +#!/bin/sh
28     +# Read one of the files updated by geoip_stats depending on $1 (PREF)
29     +# Read all of the daily scores by country on a period of D(ay) -default-, W(eek) or M(onth)
30     +# depending on $2
31     +
32     +EXECDIR="/usr/share/xt_geoip"
33     +STATDIR="/var/lib/xt_geoip"
34     +
35     +case $1 in
36     + "ssh")
37     + PREF="ssh"
38     + TITLE=" Numbers of SSH bad attempts by country"
39     + ;;
40     + "ipt")
41     + PREF="ipt"
42     + TITLE=" Numbers of IPs banned (xt_geoip) by country"
43     + ;;
44     + *)
45     + echo "usage : $0 'ssh|ipt' [D|W|M]"
46     + exit 1
47     + ;;
48     +esac
49     +
50     +# permanent files
51     +BASE2FILE="$STATDIR/Base_${PREF}_country.lst"
52     +# results files
53     +RESFILE="$STATDIR/ext${2}_${PREF}_country.lst"
54     +# tempo
55     +TMPFILE=$(mktemp $STATDIR/xt_${PREF}.XXXXXXX)
56     +
57     +# Day -1 -7 -31
58     +DATE1=$(date --date '1 day ago' '+%Y-%m-%d')
59     +
60     +DATE2=$DATE1
61     +PRD="DAY"
62     +if [ "X$2" == "XW" ]
63     +then
64     + DATE2=$(date --date '8 day ago' '+%Y-%m-%d')
65     + PRD="WEEK"
66     +
67     +else
68     + if [ "X$2" == "XM" ]
69     + then
70     + DATE2=$(date --date '31 day ago' '+%Y-%m-%d')
71     + PRD="MONTH"
72     + fi
73     +fi
74     +
75     +#echo "d1: $DATE1 d2: $DATE2"
76     +Date1=$(date -d $DATE1 +%s)
77     +Date2=$(date -d $DATE2 +%s)
78     +#echo "d1: $Date1 d2: $Date2"
79     +
80     +cd $EXECDIR
81     +
82     +# yesterday already in base ?
83     +if [ ! -f $BASE2FILE ]
84     +then
85     + echo "$0 : File $BASE2FILE does not exist."
86     + exit 1
87     +fi
88     +
89     +TOT=0
90     +while read -r line
91     +do
92     + DATELIG=$(date -d $(echo "$line" | cut -s -d';' -f1) +%s)
93     + if [ $DATELIG -le $Date1 -a $DATELIG -ge $Date2 ]
94     + then
95     + echo "$line" >> $TMPFILE
96     + TOT=$(expr $TOT + $(echo "$line" | cut -s -d';' -f3))
97     + fi
98     +done < $BASE2FILE
99     +
100     +#echo "tot: $TOT"
101     +
102     +# number of incidents by country code, sorted reverse by number
103     +awk -F ";" -v v1=$TOT -v OFS=";" \
104     + '{t[$2]=$2; t1[$2]+=$3} END {for(n in t) printf("%s | %d | %0.1f%\n", t[n], t1[n], (t1[n]*100)/v1)}' $TMPFILE | sort -t "|" -k 3 -r -n > $RESFILE
105     +
106     +rm -f $TMPFILE
107     +
108     +# for mail
109     +if [ -s $RESFILE ]
110     +then
111     + echo ""
112     + echo " Smeserver daily statistics for Xtables - GEOIP"
113     + echo " from $(hostname) - $DATE1"
114     + echo ""
115     + echo " $TITLE during LAST $PRD"
116     + echo " ( XX means 'country not found' )"
117     + echo ""
118     + echo "--------------------"
119     + cat $RESFILE
120     + echo "--------------------"
121     + echo " | $TOT | 100%"
122     + echo "--------------------"
123     + echo ""
124     +
125     +fi
126     +
127     diff -urN smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_listat smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_listat
128     --- smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_listat 1970-01-01 04:00:00.000000000 +0400
129     +++ smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_listat 2019-03-16 18:34:46.000000000 +0400
130     @@ -0,0 +1,14 @@
131     +#!/bin/sh
132     +
133     +EXECDIR="/usr/share/xt_geoip"
134     +STATDIR="/var/lib/xt_geoip"
135     +
136     +for pref in $(echo 'ipt ssh')
137     +do
138     + echo "" > ${STATDIR}/extA_${pref}_country.lst
139     + for period in $(echo 'D W M')
140     + do
141     + ${EXECDIR}/geoip_exstat $pref $period >> $STATDIR/extA_${pref}_country.lst
142     + done
143     + cat $STATDIR/extA_${pref}_country.lst
144     +done
145     diff -urN smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_look smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_look
146     --- smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_look 1970-01-01 04:00:00.000000000 +0400
147     +++ smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_look 2019-03-19 22:36:34.000000000 +0400
148     @@ -0,0 +1,14 @@
149     +#! /bin/bash
150     +
151     +if [ "X$1" == "X" ]; then exit 1; fi
152     +if [ ! $(which geoiplookup 2>/dev/null) ]; then echo "??"; exit 9; fi
153     +
154     +CN=$(geoiplookup $1 2>/dev/null | grep 'GeoIP Country' | sed -e 's/^.*: //' -e 's/,.*$//')
155     +if [ "$CN" = "IP Address not found" ]
156     +then
157     + echo "XX"
158     +else
159     + echo $CN
160     +fi
161     +
162     +
163     diff -urN smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_stats smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_stats
164     --- smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_stats 1970-01-01 04:00:00.000000000 +0400
165     +++ smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_stats 2019-03-06 13:50:37.000000000 +0400
166     @@ -0,0 +1,88 @@
167     +#!/bin/sh
168     +# Read the log files depending on $1 (PREF)
169     +# Read all of the IPs concerned, search countries and count them.
170     +# exec crontab 2h AM for previous day
171     +
172     +EXECDIR="/usr/share/xt_geoip"
173     +STATDIR="/var/lib/xt_geoip"
174     +
175     +case $1 in
176     + "ssh")
177     + PREF="ssh"
178     + LOGDIR="/var/log/sshd"
179     + CMD1='cat'
180     + CMD2=' | /usr/local/bin/tai64nlocal | grep'
181     + CMD3=' | grep "Failed password" | sed -e "s/^.*from //" -e "s/ port.*$//" >> $RESFILE'
182     + ;;
183     + "ipt")
184     + PREF="ipt"
185     + LOGDIR="/var/log/iptables"
186     + CMD1='cat'
187     + CMD2=' | /usr/local/bin/tai64nlocal | grep '
188     + CMD3=' | grep "GeoIP BAN" | sed -e "s/^.*SRC=//" -e "s/ DST=.*$//" >> $RESFILE'
189     + ;;
190     + *)
191     + echo "usage : $0 [ssh|ipt|....]"
192     + exit 1
193     + ;;
194     +esac
195     +# files of the day
196     +RESFILE="$STATDIR/${PREF}_ip.lst"
197     +RES2FILE="$STATDIR/${PREF}_country.lst"
198     +# permanent files
199     +BASEFILE="$STATDIR/Base_${PREF}_ip.lst"
200     +BASE2FILE="$STATDIR/Base_${PREF}_country.lst"
201     +# tempo
202     +TMPFILE=$(mktemp $STATDIR/xt_${PREF}.XXXXXXX)
203     +# Day - 1
204     +DATE=$(date --date '1 day ago' '+%Y-%m-%d')
205     +
206     +cd $EXECDIR
207     +
208     +# yesterday already in base ?
209     +if [ -f $BASEFILE ]
210     +then
211     + if (fgrep $DATE $BASEFILE > /dev/null 2>&1)
212     + then
213     + echo "$0 : $PREF already run for that date. Please verify this !"
214     + exit 1
215     + fi
216     +fi
217     +
218     +cp /dev/null $RESFILE
219     +
220     +# All logfiles update for 2 days, not empty
221     +for file in $(find $LOGDIR/* -type f -mtime -2 -size +50c)
222     +do
223     + #echo $(echo $CMD1 $file $CMD2 "$DATE" $CMD3)
224     + eval $(echo $CMD1 $file $CMD2 "$DATE" $CMD3)
225     +done
226     +
227     +# number of incidents by IP, sorted by IP
228     +awk -F ";" -v OFS=";" \
229     + '{t[$1]=$1; t1[$1]+=1} END {for(n in t) print t[n], t1[n]}' $RESFILE | sort -t ";" -n -k 1 > $TMPFILE
230     +
231     +# +date, +country code
232     +awk -F ";" -v v1=$DATE -v OFS=";" \
233     +'{ printf "%s",v1 ";" $0 ";"; system("./geoip_look " $1) }' $TMPFILE > $RESFILE
234     +
235     +# number of incidents by country code, sorted reverse by number
236     +awk -F ";" -v v1=$DATE -v OFS=";" \
237     + '{t[$4]=$4; t1[$4]+=$3} END {for(n in t) print v1, t[n], t1[n]}' $RESFILE | sort -t ";" -k 3 -r -n > $RES2FILE
238     +
239     +rm -f $TMPFILE
240     +
241     +# concatenate into bases
242     +cat $RESFILE >> $BASEFILE
243     +cat $RES2FILE >> $BASE2FILE
244     +
245     +# delete files of today
246     +#rm -f $RESFILE $RES2FILE
247     +
248     +# for mail
249     +if [ -s $RES2FILE ]
250     +then
251     + echo "parse $LOGDIR for $PREF events"
252     + cat $RES2FILE
253     +fi
254     +
255     diff -urN smeserver-xt_geoip-1.0.1.old/root/var/lib/xt_geoip/README.txt smeserver-xt_geoip-1.0.1/root/var/lib/xt_geoip/README.txt
256     --- smeserver-xt_geoip-1.0.1.old/root/var/lib/xt_geoip/README.txt 1970-01-01 04:00:00.000000000 +0400
257     +++ smeserver-xt_geoip-1.0.1/root/var/lib/xt_geoip/README.txt 2019-03-06 23:59:04.000000000 +0400
258     @@ -0,0 +1,6 @@
259     +Directory for storing results and stats
260     +
261     + for different periods
262     +
263     +- IPs banned per countries
264     +- SSH attacks not blocked

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed