[firewall] / logtrawl

#! /bin/bash

set -e

## DNS DDOS victims.
dns_victims=$(
  sed -n '
    /^.*named.*client \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\)#.*:.*view inet.*NS\/IN.*denied.*$/ s//\1/p
  ' /var/log/daemon.log |
  sort -u |
  while read addr; do
    if ! ipset -qT ddos-evil-dns "$addr"; then
      echo "$addr"
    fi
  done
)
case "$dns_victims" in
  "") ;;
  *)
    echo 'DNS DDOS victim addresses:'
    ipset -N ddos-evil-dns iphash >/dev/null 2>&1 || :
    for addr in $dns_victims; do
      echo "  $addr"
      ipset -A ddos-evil-dns "$addr" || :
    done
    ;;
esac
Commit	Line	Data
83610d8a MW	1	#! /bin/bash
	2
	3	set -e
	4
	5	## DNS DDOS victims.
	6	dns_victims=$(
	7	sed -n '
	8	/^.named.client \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\)#.:.view inet.NS\/IN.denied.*$/ s//\1/p
	9	' /var/log/daemon.log \|
	10	sort -u \|
	11	while read addr; do
	12	if ! ipset -qT ddos-evil-dns "$addr"; then
	13	echo "$addr"
	14	fi
	15	done
	16	)
	17	case "$dns_victims" in
	18	"") ;;
	19	*)
	20	echo 'DNS DDOS victim addresses:'
	21	ipset -N ddos-evil-dns iphash >/dev/null 2>&1 \|\| :
	22	for addr in $dns_victims; do
	23	echo " $addr"
	24	ipset -A ddos-evil-dns "$addr" \|\| :
	25	done
	26	;;
	27	esac