/[smecontribs]/rpms/smeserver-xt_geoip/contribs9/smeserver-xt_geoip-1.0.1-stats.patch
ViewVC logotype

Contents of /rpms/smeserver-xt_geoip/contribs9/smeserver-xt_geoip-1.0.1-stats.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Mon Mar 25 13:34:21 2019 UTC (5 years, 8 months ago) by michel
Branch: MAIN
CVS Tags: smeserver-xt_geoip-1_0_1-8_el6_sme, smeserver-xt_geoip-1_0_1-18_el6_sme, smeserver-xt_geoip-1_0_1-20_el6_sme, smeserver-xt_geoip-1_0_1-14_el6_sme, smeserver-xt_geoip-1_0_1-17_el6_sme, smeserver-xt_geoip-1_0_1-24_el6_sme, smeserver-xt_geoip-1_0_1-23_el6_sme, smeserver-xt_geoip-1_0_1-26_el6_sme, smeserver-xt_geoip-1_0_1-25_el6_sme, smeserver-xt_geoip-1_0_1-11_el6_sme, smeserver-xt_geoip-1_0_1-12_el6_sme, smeserver-xt_geoip-1_0_1-16_el6_sme, smeserver-xt_geoip-1_0_1-15_el6_sme, smeserver-xt_geoip-1_0_1-22_el6_sme, smeserver-xt_geoip-1_0_1-21_el6_sme, smeserver-xt_geoip-1_0_1-13_el6_sme, smeserver-xt_geoip-1_0_1-7_el6_sme, smeserver-xt_geoip-1_0_1-10_el6_sme, smeserver-xt_geoip-1_0_1-9_el6_sme, smeserver-xt_geoip-1_0_1-19_el6_sme, HEAD
* Wed Mar 06 2019 Michel Begue <mab974@gmail.com> 1.0.1-7.sme
- add stats of geoip blocked countries [SME: 10745]
- add stats of ssh attacks not geoip blocked [SME: 10744]
- expand /etc/crontab on update

1 diff -urN smeserver-xt_geoip-1.0.1.old/createlinks smeserver-xt_geoip-1.0.1/createlinks
2 --- smeserver-xt_geoip-1.0.1.old/createlinks 2017-09-22 09:50:47.000000000 +0400
3 +++ smeserver-xt_geoip-1.0.1/createlinks 2019-03-14 20:58:14.000000000 +0400
4 @@ -15,6 +15,7 @@
5 for my $event (qw(xt_geoip-modify xt_geoip-update bootstrap-console-save console-save))
6 {
7 templates2events("/etc/rc.d/init.d/masq", $event);
8 + templates2events("/etc/crontab", $event);
9 templates2events("/usr/share/xt_geoip/update_base", $event);
10 if ($event ne 'xt_geoip-modify') {
11 event_link("smeserver-xt_geoip-download-action", $event, "10");
12 diff -urN smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/crontab/xt_geoip smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/crontab/xt_geoip
13 --- smeserver-xt_geoip-1.0.1.old/root/etc/e-smith/templates/etc/crontab/xt_geoip 2019-02-28 11:38:16.000000000 +0400
14 +++ smeserver-xt_geoip-1.0.1/root/etc/e-smith/templates/etc/crontab/xt_geoip 2019-03-19 21:50:21.000000000 +0400
15 @@ -1,2 +1,6 @@
16 # saturday at 06:00 update xtables geoip base
17 00 06 * * 6 root /usr/share/xt_geoip/update_base
18 +50 1 * * * root /usr/share/xt_geoip/geoip_stats ssh
19 +55 1 * * * root /usr/share/xt_geoip/geoip_stats ipt
20 +05 2 * * * root /usr/share/xt_geoip/geoip_listat
21 +#
22 \ Pas de fin de ligne à la fin du fichier.
23 diff -urN smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_exstat smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_exstat
24 --- smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_exstat 1970-01-01 04:00:00.000000000 +0400
25 +++ smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_exstat 2019-03-19 22:33:38.000000000 +0400
26 @@ -0,0 +1,100 @@
27 +#!/bin/sh
28 +# Read one of the files updated by geoip_stats depending on $1 (PREF)
29 +# Read all of the daily scores by country on a period of D(ay) -default-, W(eek) or M(onth)
30 +# depending on $2
31 +
32 +EXECDIR="/usr/share/xt_geoip"
33 +STATDIR="/var/lib/xt_geoip"
34 +
35 +case $1 in
36 + "ssh")
37 + PREF="ssh"
38 + TITLE=" Numbers of SSH bad attempts by country"
39 + ;;
40 + "ipt")
41 + PREF="ipt"
42 + TITLE=" Numbers of IPs banned (xt_geoip) by country"
43 + ;;
44 + *)
45 + echo "usage : $0 'ssh|ipt' [D|W|M]"
46 + exit 1
47 + ;;
48 +esac
49 +
50 +# permanent files
51 +BASE2FILE="$STATDIR/Base_${PREF}_country.lst"
52 +# results files
53 +RESFILE="$STATDIR/ext${2}_${PREF}_country.lst"
54 +# tempo
55 +TMPFILE=$(mktemp $STATDIR/xt_${PREF}.XXXXXXX)
56 +
57 +# Day -1 -7 -31
58 +DATE1=$(date --date '1 day ago' '+%Y-%m-%d')
59 +
60 +DATE2=$DATE1
61 +PRD="DAY"
62 +if [ "X$2" == "XW" ]
63 +then
64 + DATE2=$(date --date '8 day ago' '+%Y-%m-%d')
65 + PRD="WEEK"
66 +
67 +else
68 + if [ "X$2" == "XM" ]
69 + then
70 + DATE2=$(date --date '31 day ago' '+%Y-%m-%d')
71 + PRD="MONTH"
72 + fi
73 +fi
74 +
75 +#echo "d1: $DATE1 d2: $DATE2"
76 +Date1=$(date -d $DATE1 +%s)
77 +Date2=$(date -d $DATE2 +%s)
78 +#echo "d1: $Date1 d2: $Date2"
79 +
80 +cd $EXECDIR
81 +
82 +# yesterday already in base ?
83 +if [ ! -f $BASE2FILE ]
84 +then
85 + echo "$0 : File $BASE2FILE does not exist."
86 + exit 1
87 +fi
88 +
89 +TOT=0
90 +while read -r line
91 +do
92 + DATELIG=$(date -d $(echo "$line" | cut -s -d';' -f1) +%s)
93 + if [ $DATELIG -le $Date1 -a $DATELIG -ge $Date2 ]
94 + then
95 + echo "$line" >> $TMPFILE
96 + TOT=$(expr $TOT + $(echo "$line" | cut -s -d';' -f3))
97 + fi
98 +done < $BASE2FILE
99 +
100 +#echo "tot: $TOT"
101 +
102 +# number of incidents by country code, sorted reverse by number
103 +awk -F ";" -v v1=$TOT -v OFS=";" \
104 + '{t[$2]=$2; t1[$2]+=$3} END {for(n in t) printf("%s | %d | %0.1f%\n", t[n], t1[n], (t1[n]*100)/v1)}' $TMPFILE | sort -t "|" -k 3 -r -n > $RESFILE
105 +
106 +rm -f $TMPFILE
107 +
108 +# for mail
109 +if [ -s $RESFILE ]
110 +then
111 + echo ""
112 + echo " Smeserver daily statistics for Xtables - GEOIP"
113 + echo " from $(hostname) - $DATE1"
114 + echo ""
115 + echo " $TITLE during LAST $PRD"
116 + echo " ( XX means 'country not found' )"
117 + echo ""
118 + echo "--------------------"
119 + cat $RESFILE
120 + echo "--------------------"
121 + echo " | $TOT | 100%"
122 + echo "--------------------"
123 + echo ""
124 +
125 +fi
126 +
127 diff -urN smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_listat smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_listat
128 --- smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_listat 1970-01-01 04:00:00.000000000 +0400
129 +++ smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_listat 2019-03-16 18:34:46.000000000 +0400
130 @@ -0,0 +1,14 @@
131 +#!/bin/sh
132 +
133 +EXECDIR="/usr/share/xt_geoip"
134 +STATDIR="/var/lib/xt_geoip"
135 +
136 +for pref in $(echo 'ipt ssh')
137 +do
138 + echo "" > ${STATDIR}/extA_${pref}_country.lst
139 + for period in $(echo 'D W M')
140 + do
141 + ${EXECDIR}/geoip_exstat $pref $period >> $STATDIR/extA_${pref}_country.lst
142 + done
143 + cat $STATDIR/extA_${pref}_country.lst
144 +done
145 diff -urN smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_look smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_look
146 --- smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_look 1970-01-01 04:00:00.000000000 +0400
147 +++ smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_look 2019-03-19 22:36:34.000000000 +0400
148 @@ -0,0 +1,14 @@
149 +#! /bin/bash
150 +
151 +if [ "X$1" == "X" ]; then exit 1; fi
152 +if [ ! $(which geoiplookup 2>/dev/null) ]; then echo "??"; exit 9; fi
153 +
154 +CN=$(geoiplookup $1 2>/dev/null | grep 'GeoIP Country' | sed -e 's/^.*: //' -e 's/,.*$//')
155 +if [ "$CN" = "IP Address not found" ]
156 +then
157 + echo "XX"
158 +else
159 + echo $CN
160 +fi
161 +
162 +
163 diff -urN smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_stats smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_stats
164 --- smeserver-xt_geoip-1.0.1.old/root/usr/share/xt_geoip/geoip_stats 1970-01-01 04:00:00.000000000 +0400
165 +++ smeserver-xt_geoip-1.0.1/root/usr/share/xt_geoip/geoip_stats 2019-03-06 13:50:37.000000000 +0400
166 @@ -0,0 +1,88 @@
167 +#!/bin/sh
168 +# Read the log files depending on $1 (PREF)
169 +# Read all of the IPs concerned, search countries and count them.
170 +# exec crontab 2h AM for previous day
171 +
172 +EXECDIR="/usr/share/xt_geoip"
173 +STATDIR="/var/lib/xt_geoip"
174 +
175 +case $1 in
176 + "ssh")
177 + PREF="ssh"
178 + LOGDIR="/var/log/sshd"
179 + CMD1='cat'
180 + CMD2=' | /usr/local/bin/tai64nlocal | grep'
181 + CMD3=' | grep "Failed password" | sed -e "s/^.*from //" -e "s/ port.*$//" >> $RESFILE'
182 + ;;
183 + "ipt")
184 + PREF="ipt"
185 + LOGDIR="/var/log/iptables"
186 + CMD1='cat'
187 + CMD2=' | /usr/local/bin/tai64nlocal | grep '
188 + CMD3=' | grep "GeoIP BAN" | sed -e "s/^.*SRC=//" -e "s/ DST=.*$//" >> $RESFILE'
189 + ;;
190 + *)
191 + echo "usage : $0 [ssh|ipt|....]"
192 + exit 1
193 + ;;
194 +esac
195 +# files of the day
196 +RESFILE="$STATDIR/${PREF}_ip.lst"
197 +RES2FILE="$STATDIR/${PREF}_country.lst"
198 +# permanent files
199 +BASEFILE="$STATDIR/Base_${PREF}_ip.lst"
200 +BASE2FILE="$STATDIR/Base_${PREF}_country.lst"
201 +# tempo
202 +TMPFILE=$(mktemp $STATDIR/xt_${PREF}.XXXXXXX)
203 +# Day - 1
204 +DATE=$(date --date '1 day ago' '+%Y-%m-%d')
205 +
206 +cd $EXECDIR
207 +
208 +# yesterday already in base ?
209 +if [ -f $BASEFILE ]
210 +then
211 + if (fgrep $DATE $BASEFILE > /dev/null 2>&1)
212 + then
213 + echo "$0 : $PREF already run for that date. Please verify this !"
214 + exit 1
215 + fi
216 +fi
217 +
218 +cp /dev/null $RESFILE
219 +
220 +# All logfiles update for 2 days, not empty
221 +for file in $(find $LOGDIR/* -type f -mtime -2 -size +50c)
222 +do
223 + #echo $(echo $CMD1 $file $CMD2 "$DATE" $CMD3)
224 + eval $(echo $CMD1 $file $CMD2 "$DATE" $CMD3)
225 +done
226 +
227 +# number of incidents by IP, sorted by IP
228 +awk -F ";" -v OFS=";" \
229 + '{t[$1]=$1; t1[$1]+=1} END {for(n in t) print t[n], t1[n]}' $RESFILE | sort -t ";" -n -k 1 > $TMPFILE
230 +
231 +# +date, +country code
232 +awk -F ";" -v v1=$DATE -v OFS=";" \
233 +'{ printf "%s",v1 ";" $0 ";"; system("./geoip_look " $1) }' $TMPFILE > $RESFILE
234 +
235 +# number of incidents by country code, sorted reverse by number
236 +awk -F ";" -v v1=$DATE -v OFS=";" \
237 + '{t[$4]=$4; t1[$4]+=$3} END {for(n in t) print v1, t[n], t1[n]}' $RESFILE | sort -t ";" -k 3 -r -n > $RES2FILE
238 +
239 +rm -f $TMPFILE
240 +
241 +# concatenate into bases
242 +cat $RESFILE >> $BASEFILE
243 +cat $RES2FILE >> $BASE2FILE
244 +
245 +# delete files of today
246 +#rm -f $RESFILE $RES2FILE
247 +
248 +# for mail
249 +if [ -s $RES2FILE ]
250 +then
251 + echo "parse $LOGDIR for $PREF events"
252 + cat $RES2FILE
253 +fi
254 +
255 diff -urN smeserver-xt_geoip-1.0.1.old/root/var/lib/xt_geoip/README.txt smeserver-xt_geoip-1.0.1/root/var/lib/xt_geoip/README.txt
256 --- smeserver-xt_geoip-1.0.1.old/root/var/lib/xt_geoip/README.txt 1970-01-01 04:00:00.000000000 +0400
257 +++ smeserver-xt_geoip-1.0.1/root/var/lib/xt_geoip/README.txt 2019-03-06 23:59:04.000000000 +0400
258 @@ -0,0 +1,6 @@
259 +Directory for storing results and stats
260 +
261 + for different periods
262 +
263 +- IPs banned per countries
264 +- SSH attacks not blocked

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed