scripts/block_list.sh

44 lines
989 B
Bash
Executable File

#!/bin/sh
# Parse multiple fail2ban log files to list all the IP that should be banned.
# The log files comes from many different host and we want a big block list.
# The block list to create
blk_list='/tmp/blk_list'
log_path='/var/log/clients/fail2ban'
rm -f "${blk_list}" && touch "${blk_list}"
# Log files to analyze
for log_file in $(find ${log_path} ! -iname "*.gz" -type f); do
#printf 'Analyze %s file\n' "${log_file}"
# Analyze the lines of this log file
while read -r line; do
#printf 'l: %s\n' "${line}"
# SAME
#awk '{print $"$line"}'
action=$(echo $line | awk '{ print $8 }')
ip=$(echo $line | awk '{ print $NF }')
case $action in
"Ban" )
printf '%s\n' "${ip}" >> "${blk_list}"
;;
"Unban" )
#printf 'Unban %s\n' "${ip}"
sed -i '/'"${ip}"'/d' "${blk_list}"
;;
esac
done < "${log_file}"
#printf 'Last action: %s\n' $action
#printf 'Last IP: %s\n' $ip
done # End for log_file