| 1 |
diff -urN smeserver-xt_geoip-1.0.1.old/createlinks smeserver-xt_geoip-1.0.1/createlinks |
| 2 |
--- smeserver-xt_geoip-1.0.1.old/createlinks 2017-09-22 09:50:47.000000000 +0400 |
| 3 |
+++ smeserver-xt_geoip-1.0.1/createlinks 2019-03-14 20:58:14.000000000 +0400 |
| 4 |
@@ -15,6 +15,7 @@ |
| 5 |
for my $event (qw(xt_geoip-modify xt_geoip-update bootstrap-console-save console-save)) |
| 6 |
{ |
| 7 |
templates2events("/etc/rc.d/init.d/masq", $event); |
| 8 |
+ templates2events("/etc/crontab", $event); |
| 9 |
templates2events("/usr/share/xt_geoip/update_base", $event); |
| 10 |
if ($event ne 'xt_geoip-modify') { |
| 11 |
event_link("smeserver-xt_geoip-download-action", $event, "10"); |
| 12 |
diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/crontab/xt_geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/crontab/xt_geoip |
| 13 |
--- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/crontab/xt_geoip 2019-02-28 11:38:16.000000000 +0400 |
| 14 |
+++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/crontab/xt_geoip 2019-03-19 21:50:21.000000000 +0400 |
| 15 |
@@ -1,2 +1,6 @@ |
| 16 |
# saturday at 06:00 update xtables geoip base |
| 17 |
00 06 * * 6 root /usr/share/xt_geoip/update_base |
| 18 |
+50 1 * * * root /usr/share/xt_geoip/geoip_stats ssh |
| 19 |
+55 1 * * * root /usr/share/xt_geoip/geoip_stats ipt |
| 20 |
+05 2 * * * root /usr/share/xt_geoip/geoip_listat |
| 21 |
+# |
| 22 |
\ Pas de fin de ligne à la fin du fichier. |
| 23 |
diff -urN smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_exstat smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_exstat |
| 24 |
--- smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_exstat 1970-01-01 04:00:00.000000000 +0400 |
| 25 |
+++ smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_exstat 2019-03-19 22:33:38.000000000 +0400 |
| 26 |
@@ -0,0 +1,100 @@ |
| 27 |
+#!/bin/sh |
| 28 |
+# Read one of the files updated by geoip_stats depending on $1 (PREF) |
| 29 |
+# Read all of the daily scores by country on a period of D(ay) -default-, W(eek) or M(onth) |
| 30 |
+# depending on $2 |
| 31 |
+ |
| 32 |
+EXECDIR="/usr/share/xt_geoip" |
| 33 |
+STATDIR="/var/lib/xt_geoip" |
| 34 |
+ |
| 35 |
+case $1 in |
| 36 |
+ "ssh") |
| 37 |
+ PREF="ssh" |
| 38 |
+ TITLE=" Numbers of SSH bad attempts by country" |
| 39 |
+ ;; |
| 40 |
+ "ipt") |
| 41 |
+ PREF="ipt" |
| 42 |
+ TITLE=" Numbers of IPs banned (xt_geoip) by country" |
| 43 |
+ ;; |
| 44 |
+ *) |
| 45 |
+ echo "usage : $0 'ssh|ipt' [D|W|M]" |
| 46 |
+ exit 1 |
| 47 |
+ ;; |
| 48 |
+esac |
| 49 |
+ |
| 50 |
+# permanent files |
| 51 |
+BASE2FILE="$STATDIR/Base_${PREF}_country.lst" |
| 52 |
+# results files |
| 53 |
+RESFILE="$STATDIR/ext${2}_${PREF}_country.lst" |
| 54 |
+# tempo |
| 55 |
+TMPFILE=$(mktemp $STATDIR/xt_${PREF}.XXXXXXX) |
| 56 |
+ |
| 57 |
+# Day -1 -7 -31 |
| 58 |
+DATE1=$(date --date '1 day ago' '+%Y-%m-%d') |
| 59 |
+ |
| 60 |
+DATE2=$DATE1 |
| 61 |
+PRD="DAY" |
| 62 |
+if [ "X$2" == "XW" ] |
| 63 |
+then |
| 64 |
+ DATE2=$(date --date '8 day ago' '+%Y-%m-%d') |
| 65 |
+ PRD="WEEK" |
| 66 |
+ |
| 67 |
+else |
| 68 |
+ if [ "X$2" == "XM" ] |
| 69 |
+ then |
| 70 |
+ DATE2=$(date --date '31 day ago' '+%Y-%m-%d') |
| 71 |
+ PRD="MONTH" |
| 72 |
+ fi |
| 73 |
+fi |
| 74 |
+ |
| 75 |
+#echo "d1: $DATE1 d2: $DATE2" |
| 76 |
+Date1=$(date -d $DATE1 +%s) |
| 77 |
+Date2=$(date -d $DATE2 +%s) |
| 78 |
+#echo "d1: $Date1 d2: $Date2" |
| 79 |
+ |
| 80 |
+cd $EXECDIR |
| 81 |
+ |
| 82 |
+# yesterday already in base ? |
| 83 |
+if [ ! -f $BASE2FILE ] |
| 84 |
+then |
| 85 |
+ echo "$0 : File $BASE2FILE does not exist." |
| 86 |
+ exit 1 |
| 87 |
+fi |
| 88 |
+ |
| 89 |
+TOT=0 |
| 90 |
+while read -r line |
| 91 |
+do |
| 92 |
+ DATELIG=$(date -d $(echo "$line" | cut -s -d';' -f1) +%s) |
| 93 |
+ if [ $DATELIG -le $Date1 -a $DATELIG -ge $Date2 ] |
| 94 |
+ then |
| 95 |
+ echo "$line" >> $TMPFILE |
| 96 |
+ TOT=$(expr $TOT + $(echo "$line" | cut -s -d';' -f3)) |
| 97 |
+ fi |
| 98 |
+done < $BASE2FILE |
| 99 |
+ |
| 100 |
+#echo "tot: $TOT" |
| 101 |
+ |
| 102 |
+# number of incidents by country code, sorted reverse by number |
| 103 |
+awk -F ";" -v v1=$TOT -v OFS=";" \ |
| 104 |
+ '{t[$2]=$2; t1[$2]+=$3} END {for(n in t) printf("%s | %d | %0.1f%\n", t[n], t1[n], (t1[n]*100)/v1)}' $TMPFILE | sort -t "|" -k 3 -r -n > $RESFILE |
| 105 |
+ |
| 106 |
+rm -f $TMPFILE |
| 107 |
+ |
| 108 |
+# for mail |
| 109 |
+if [ -s $RESFILE ] |
| 110 |
+then |
| 111 |
+ echo "" |
| 112 |
+ echo " Smeserver daily statistics for Xtables - GEOIP" |
| 113 |
+ echo " from $(hostname) - $DATE1" |
| 114 |
+ echo "" |
| 115 |
+ echo " $TITLE during LAST $PRD" |
| 116 |
+ echo " ( XX means 'country not found' )" |
| 117 |
+ echo "" |
| 118 |
+ echo "--------------------" |
| 119 |
+ cat $RESFILE |
| 120 |
+ echo "--------------------" |
| 121 |
+ echo " | $TOT | 100%" |
| 122 |
+ echo "--------------------" |
| 123 |
+ echo "" |
| 124 |
+ |
| 125 |
+fi |
| 126 |
+ |
| 127 |
diff -urN smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_listat smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_listat |
| 128 |
--- smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_listat 1970-01-01 04:00:00.000000000 +0400 |
| 129 |
+++ smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_listat 2019-03-16 18:34:46.000000000 +0400 |
| 130 |
@@ -0,0 +1,14 @@ |
| 131 |
+#!/bin/sh |
| 132 |
+ |
| 133 |
+EXECDIR="/usr/share/xt_geoip" |
| 134 |
+STATDIR="/var/lib/xt_geoip" |
| 135 |
+ |
| 136 |
+for pref in $(echo 'ipt ssh') |
| 137 |
+do |
| 138 |
+ echo "" > ${STATDIR}/extA_${pref}_country.lst |
| 139 |
+ for period in $(echo 'D W M') |
| 140 |
+ do |
| 141 |
+ ${EXECDIR}/geoip_exstat $pref $period >> $STATDIR/extA_${pref}_country.lst |
| 142 |
+ done |
| 143 |
+ cat $STATDIR/extA_${pref}_country.lst |
| 144 |
+done |
| 145 |
diff -urN smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_look smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_look |
| 146 |
--- smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_look 1970-01-01 04:00:00.000000000 +0400 |
| 147 |
+++ smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_look 2019-03-19 22:36:34.000000000 +0400 |
| 148 |
@@ -0,0 +1,14 @@ |
| 149 |
+#! /bin/bash |
| 150 |
+ |
| 151 |
+if [ "X$1" == "X" ]; then exit 1; fi |
| 152 |
+if [ ! $(which geoiplookup 2>/dev/null) ]; then echo "??"; exit 9; fi |
| 153 |
+ |
| 154 |
+CN=$(geoiplookup $1 2>/dev/null | grep 'GeoIP Country' | sed -e 's/^.*: //' -e 's/,.*$//') |
| 155 |
+if [ "$CN" = "IP Address not found" ] |
| 156 |
+then |
| 157 |
+ echo "XX" |
| 158 |
+else |
| 159 |
+ echo $CN |
| 160 |
+fi |
| 161 |
+ |
| 162 |
+ |
| 163 |
diff -urN smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_stats smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_stats |
| 164 |
--- smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_stats 1970-01-01 04:00:00.000000000 +0400 |
| 165 |
+++ smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_stats 2019-03-06 13:50:37.000000000 +0400 |
| 166 |
@@ -0,0 +1,88 @@ |
| 167 |
+#!/bin/sh |
| 168 |
+# Read the log files depending on $1 (PREF) |
| 169 |
+# Read all of the IPs concerned, search countries and count them. |
| 170 |
+# exec crontab 2h AM for previous day |
| 171 |
+ |
| 172 |
+EXECDIR="/usr/share/xt_geoip" |
| 173 |
+STATDIR="/var/lib/xt_geoip" |
| 174 |
+ |
| 175 |
+case $1 in |
| 176 |
+ "ssh") |
| 177 |
+ PREF="ssh" |
| 178 |
+ LOGDIR="/var/log/sshd" |
| 179 |
+ CMD1='cat' |
| 180 |
+ CMD2=' | /usr/local/bin/tai64nlocal | grep' |
| 181 |
+ CMD3=' | grep "Failed password" | sed -e "s/^.*from //" -e "s/ port.*$//" >> $RESFILE' |
| 182 |
+ ;; |
| 183 |
+ "ipt") |
| 184 |
+ PREF="ipt" |
| 185 |
+ LOGDIR="/var/log/iptables" |
| 186 |
+ CMD1='cat' |
| 187 |
+ CMD2=' | /usr/local/bin/tai64nlocal | grep ' |
| 188 |
+ CMD3=' | grep "GeoIP BAN" | sed -e "s/^.*SRC=//" -e "s/ DST=.*$//" >> $RESFILE' |
| 189 |
+ ;; |
| 190 |
+ *) |
| 191 |
+ echo "usage : $0 [ssh|ipt|....]" |
| 192 |
+ exit 1 |
| 193 |
+ ;; |
| 194 |
+esac |
| 195 |
+# files of the day |
| 196 |
+RESFILE="$STATDIR/${PREF}_ip.lst" |
| 197 |
+RES2FILE="$STATDIR/${PREF}_country.lst" |
| 198 |
+# permanent files |
| 199 |
+BASEFILE="$STATDIR/Base_${PREF}_ip.lst" |
| 200 |
+BASE2FILE="$STATDIR/Base_${PREF}_country.lst" |
| 201 |
+# tempo |
| 202 |
+TMPFILE=$(mktemp $STATDIR/xt_${PREF}.XXXXXXX) |
| 203 |
+# Day - 1 |
| 204 |
+DATE=$(date --date '1 day ago' '+%Y-%m-%d') |
| 205 |
+ |
| 206 |
+cd $EXECDIR |
| 207 |
+ |
| 208 |
+# yesterday already in base ? |
| 209 |
+if [ -f $BASEFILE ] |
| 210 |
+then |
| 211 |
+ if (fgrep $DATE $BASEFILE > /dev/null 2>&1) |
| 212 |
+ then |
| 213 |
+ echo "$0 : $PREF already run for that date. Please verify this !" |
| 214 |
+ exit 1 |
| 215 |
+ fi |
| 216 |
+fi |
| 217 |
+ |
| 218 |
+cp /dev/null $RESFILE |
| 219 |
+ |
| 220 |
+# All logfiles update for 2 days, not empty |
| 221 |
+for file in $(find $LOGDIR/* -type f -mtime -2 -size +50c) |
| 222 |
+do |
| 223 |
+ #echo $(echo $CMD1 $file $CMD2 "$DATE" $CMD3) |
| 224 |
+ eval $(echo $CMD1 $file $CMD2 "$DATE" $CMD3) |
| 225 |
+done |
| 226 |
+ |
| 227 |
+# number of incidents by IP, sorted by IP |
| 228 |
+awk -F ";" -v OFS=";" \ |
| 229 |
+ '{t[$1]=$1; t1[$1]+=1} END {for(n in t) print t[n], t1[n]}' $RESFILE | sort -t ";" -n -k 1 > $TMPFILE |
| 230 |
+ |
| 231 |
+# +date, +country code |
| 232 |
+awk -F ";" -v v1=$DATE -v OFS=";" \ |
| 233 |
+'{ printf "%s",v1 ";" $0 ";"; system("./geoip_look " $1) }' $TMPFILE > $RESFILE |
| 234 |
+ |
| 235 |
+# number of incidents by country code, sorted reverse by number |
| 236 |
+awk -F ";" -v v1=$DATE -v OFS=";" \ |
| 237 |
+ '{t[$4]=$4; t1[$4]+=$3} END {for(n in t) print v1, t[n], t1[n]}' $RESFILE | sort -t ";" -k 3 -r -n > $RES2FILE |
| 238 |
+ |
| 239 |
+rm -f $TMPFILE |
| 240 |
+ |
| 241 |
+# concatenate into bases |
| 242 |
+cat $RESFILE >> $BASEFILE |
| 243 |
+cat $RES2FILE >> $BASE2FILE |
| 244 |
+ |
| 245 |
+# delete files of today |
| 246 |
+#rm -f $RESFILE $RES2FILE |
| 247 |
+ |
| 248 |
+# for mail |
| 249 |
+if [ -s $RES2FILE ] |
| 250 |
+then |
| 251 |
+ echo "parse $LOGDIR for $PREF events" |
| 252 |
+ cat $RES2FILE |
| 253 |
+fi |
| 254 |
+ |
| 255 |
diff -urN smeserver-xt_geoip-1.0.1.old/root/var/lib/xt_geoip/README.txt smeserver-xt_geoip-1.0.1/root/var/lib/xt_geoip/README.txt |
| 256 |
--- smeserver-xt_geoip-1.0.1.old/root/var/lib/xt_geoip/README.txt 1970-01-01 04:00:00.000000000 +0400 |
| 257 |
+++ smeserver-xt_geoip-1.0.1/root/var/lib/xt_geoip/README.txt 2019-03-06 23:59:04.000000000 +0400 |
| 258 |
@@ -0,0 +1,6 @@ |
| 259 |
+Directory for storing results and stats |
| 260 |
+ |
| 261 |
+ for different periods |
| 262 |
+ |
| 263 |
+- IPs banned per countries |
| 264 |
+- SSH attacks not blocked |
Parent Directory
| 
Revision Log
| 
Revision Graph
