95 lines
2.5 KiB
Bash
Executable File
95 lines
2.5 KiB
Bash
Executable File
#! /bin/sh
|
|
# script to find the number of IPs banned by fail2ban
|
|
# by k6b kyle@kylefberry.net
|
|
|
|
# MySQL User/Database information
|
|
|
|
mysqldb=""
|
|
mysqlpw=""
|
|
mysqluser=""
|
|
|
|
#####
|
|
# First, we'll define a few functions so we don't have to
|
|
# do the same thing over and over again.
|
|
#####
|
|
|
|
ipfind () {
|
|
mysql $mysqldb -u $mysqluser --password=$mysqlpw -e "SELECT ip,COUNT(*) count,country FROM bans GROUP BY ip HAVING count > 1 ORDER BY count DESC;" | sed '/ip/d'
|
|
}
|
|
|
|
recent () {
|
|
# mysql $mysqldb -u $mysqluser --password=$mysqlpw -e "SELECT ip,ban_date,ban_time,country FROM bans WHERE id > ((SELECT MAX(id) FROM bans) - $total)" | sed '/ip/d'
|
|
mysql $mysqldb -u $mysqluser --password=$mysqlpw -e "SELECT ip,ban_date,ban_time,country FROM bans WHERE bans.id NOT IN ( SELECT unbans.id FROM unbans WHERE bans.id=unbans.id)" | sed '/ip/d'
|
|
}
|
|
|
|
#####
|
|
# Now we'll define some global variables
|
|
#####
|
|
|
|
# Find the number of IPs banned
|
|
# Added sanity check for systems with no IPs banned
|
|
|
|
bans=$(mysql $mysqldb -u $mysqluser --password=$mysqlpw -e "SELECT MAX(id) from bans" | egrep "[0-9]")
|
|
unbans=$(mysql $mysqldb -u $mysqluser --password=$mysqlpw -e "SELECT MAX(id) FROM unbans" | egrep "[0-9]")
|
|
|
|
# Here we find the number of IPs currently banned by using the
|
|
# number we found earlier and subtracting it from the number of
|
|
# Unbans reported by fail2ban. I'm sure there's a better way to
|
|
# find this number.
|
|
# Added sanity check for systems with no IPs banned.
|
|
|
|
total=$(($bans - $unbans))
|
|
|
|
#####
|
|
# Begin the script
|
|
#####
|
|
|
|
# Print some text
|
|
|
|
echo -e '\n'"\033[4m\033[1mFail2BanCount - by k6b\033[0m"'\n'
|
|
|
|
# Use proper grammer :)
|
|
|
|
if [[ $bans -eq 0 ]]
|
|
then
|
|
echo -e No IPs have been banned.
|
|
elif [[ $bans -ne 1 ]]
|
|
then
|
|
echo -e $bans IPs have been banned.
|
|
else
|
|
echo -e $bans IP has been banned.
|
|
fi
|
|
|
|
# Use the list of IPs we found to generate a list of IP's that
|
|
# have been banned more than once, along with the number of times
|
|
# it's been banned and it's country of origin.
|
|
|
|
echo -e '\n'"\033[4mIP\t\tBans\tCountry\033[0m"
|
|
ipfind
|
|
|
|
# We want to print the number of IPs that are currently banned,
|
|
# but we should use proper grammar. (Because why not?)
|
|
|
|
if [[ $total -ne "1" ]]
|
|
then
|
|
echo -e '\n'Currently $total IPs are banned.'\n'
|
|
else
|
|
echo -e '\n'Currently $total IP is banned.'\n'
|
|
fi
|
|
|
|
# If we have an IP currently banned, let's make another list showing
|
|
# the IP, the date and time of it's ban, and it's country of origin.
|
|
|
|
if [[ $total -ne "0" ]]
|
|
then
|
|
|
|
# Print some more text
|
|
|
|
echo -e "\033[4mCurrently Banned\033[0m"'\n'
|
|
echo -e "\033[4mIP\t\tDate\t\tTime\t\tCountry\033[0m"
|
|
|
|
recent
|
|
|
|
echo
|
|
fi
|