macielportugal · October 1, 2019 02:56
diff --git a/AsteriskBlockIP.sh b/AsteriskBlockIP.sh
 #!/bin/bash

 logFile="/var/log/asterisk/messages"
 debugFile="/var/log/asterisk/ips-bloqueados.log"
 attempts=3
 whitelist="127.0.0.1"

 name=`basename $0`
 checkIsScriptRunning=$(ps | grep $name | grep -v grep | wc -l)
 if [ $checkIsScriptRunning -ge 3 ]; then
    echo "Script ja rodando"
    exit
 fi

 echo "Start `date`" >> $debugFile

 declare -A ipList

 tail -f $logFile | grep --line-buffered -E "Wrong password|ChallengeSent|SuccessfulAuth" | while read result
 do
    #echo "$result"

    if [[ $result == *"SuccessfulAuth"* ]]; then
        ip=$(echo $result | sed -e "s/.*UDP\///g" | sed -e "s/\/.*//g");
        echo "sucesso $ip"
        unset ipList["$ip"]
    else

        if [[ $result == *"ChallengeSent"* ]]; then
            ip=$(echo $result | sed -e "s/.*UDP\///g" | sed -e "s/\/.*//g");
        else
            ip=$(echo $result | sed -e "s/.*failed for '//g" | sed -e "s/:.*//g");
        fi

        if [[ $whitelist != *"$ip"* ]]; then
            echo "$ip na whitelist"

            if [ -z ${ipList["$ip"]} ]; then
                echo "Não existe na lista de ips"
                ipList["$ip"]=1
            else
                echo "Existe na lista de ips"
                ipList["$ip"]=$((${ipList["$ip"]} + 1))
            fi

            echo "Numero de tentativas de login ${ipList["$ip"]}"

            if [ ${ipList["$ip"]} -ge $attempts ]; then
                echo "Block ${ip}"
                iptables -A INPUT -s ${ip}  -j DROP
                echo "Block ${ip}" >> $debugFile
                unset ipList["$ip"]
            fi
       fi
    fi
 done
	#!/bin/bash

	logFile="/var/log/asterisk/messages"
	debugFile="/var/log/asterisk/ips-bloqueados.log"
	attempts=3
	whitelist="127.0.0.1"

	name=`basename $0`
	checkIsScriptRunning=$(ps \| grep $name \| grep -v grep \| wc -l)
	if [ $checkIsScriptRunning -ge 3 ]; then
	echo "Script ja rodando"
	exit
	fi

	echo "Start `date`" >> $debugFile

	declare -A ipList

	tail -f $logFile \| grep --line-buffered -E "Wrong password\|ChallengeSent\|SuccessfulAuth" \| while read result
	do
	#echo "$result"

	if [[ $result == "SuccessfulAuth" ]]; then
	ip=$(echo $result \| sed -e "s/.UDP\///g" \| sed -e "s/\/.//g");
	echo "sucesso $ip"
	unset ipList["$ip"]
	else

	if [[ $result == "ChallengeSent" ]]; then
	ip=$(echo $result \| sed -e "s/.UDP\///g" \| sed -e "s/\/.//g");
	else
	ip=$(echo $result \| sed -e "s/.failed for '//g" \| sed -e "s/:.//g");
	fi

	if [[ $whitelist != "$ip" ]]; then
	echo "$ip na whitelist"

	if [ -z ${ipList["$ip"]} ]; then
	echo "Não existe na lista de ips"
	ipList["$ip"]=1
	else
	echo "Existe na lista de ips"
	ipList["$ip"]=$((${ipList["$ip"]} + 1))
	fi

	echo "Numero de tentativas de login ${ipList["$ip"]}"

	if [ ${ipList["$ip"]} -ge $attempts ]; then
	echo "Block ${ip}"
	iptables -A INPUT -s ${ip} -j DROP
	echo "Block ${ip}" >> $debugFile
	unset ipList["$ip"]
	fi
	fi
	fi
	done