-
Notifications
You must be signed in to change notification settings - Fork 0
/
ipset-report
executable file
·39 lines (37 loc) · 1.29 KB
/
ipset-report
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/bin/bash
### reporting for ipset blacklists
# listening honeypot and iptables chain check script to verify 1st pos
/usr/local/bin/honeypot-check
_TMP=$(mktemp /tmp/.fireshXXX)
# show list :
echo "#######################################"
echo "####### configured ipset lists: #######"
for i in $(ipset list -n); do
echo "#######################################"
echo "### IPSet list : $i"
echo "### - $(ipset list $i|wc -l) IP/subnets blocked"
echo "### - rejected traffic:"
iptables -nvL blocklists|grep $i > $_TMP
echo "# >source"
cat $_TMP|grep src|awk '{print "-Packets: "$1" -Bytes: "$2}'
echo "# >dest"
cat $_TMP|grep dst|awk '{print "-Packets: "$1" -Bytes: "$2}'
echo
done
echo "#######################################"
echo "### Blocklists chain global drop :"
for i in INPUT OUTPUT FORWARD; do iptables -nvL $i --line-n|grep -B 2 blocklists ; done
echo
echo "#######################################"
echo "### blocked ip :"
for i in 7 6 5 4 3 2 1 0; do
_XDATE=$(date +"%d-%m-%Y" --date="$i days ago")
if [ "$i" != 0 ]; then
echo "- $i days ago: $(cat /root/blacklist/horny-banlist|grep $_XDATE|wc -l) IP addess blocked"
else
echo "- todays ban: $(cat /root/blacklist/horny-banlist|grep $_XDATE|wc -l) IP addess blocked"
fi
done
echo "#######################################"
echo
rm -rf /tmp/.fire*