45 lines
1.8 KiB
Bash
45 lines
1.8 KiB
Bash
|
#!/bin/bash
|
||
|
|
||
|
PATH="$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||
|
LANG="C"
|
||
|
REMOTE_IP="$1"
|
||
|
SENDER_MAIL="$2"
|
||
|
DEST_MAIL="$3"
|
||
|
LOGFILE="$4"
|
||
|
DATE=$(date)
|
||
|
WHOIS_OUTPUT=$(whois $REMOTE_IP)
|
||
|
REVERSE_IP=$(echo $REMOTE_IP | awk 'BEGIN{FS=".";ORS="."} {for (i = NF; i > 0; i--){print $i}}')
|
||
|
LOG_LINES=$(grep $REMOTE_IP $LOGFILE)
|
||
|
BANNED_IP_PATH="/var/tmp/fail2ban_banned_ips"
|
||
|
|
||
|
# Skip sending email when an email was already sent out for that IP the last 24hours
|
||
|
if ! [ -d $BANNED_IP_PATH ]; then mkdir $BANNED_IP_PATH; else find ${BANNED_IP_PATH}/ -mtime +30 -type f -delete; fi
|
||
|
if [ -n "$(find ${BANNED_IP_PATH}/$REMOTE_IP -mtime -1 2>/dev/null)" ]; then exit 0; else touch ${BANNED_IP_PATH}/$REMOTE_IP; fi
|
||
|
|
||
|
# Get the Abuse email address from Abusix
|
||
|
if DNS_REPLY=$(host -t TXT ${REVERSE_IP}abuse-contacts.abusix.org); then
|
||
|
ABUSE_ADDR=$(echo $DNS_REPLY | grep -Eio '\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b' | paste -sd ",")
|
||
|
fi
|
||
|
|
||
|
# Send email
|
||
|
if [ $ABUSE_ADDR ]; then
|
||
|
#sendmail -t -i -f $SENDER_MAIL $ABUSE_ADDR << EOF
|
||
|
swaks -f $SENDER_MAIL -t "$ABUSE_ADDR" --tlsc -au fail2ban -ap pass -s mail.hatthieves.es -p 465 \
|
||
|
--h-Subject "[Urgent]: Automatic abuse report for IP address $REMOTE_IP from hatthieves.es, please read" --h-From "Fail2Ban hatthieves.es <$SENDER_MAIL>" \
|
||
|
--h-Bcc "webmail@hatthieves.es" --h-To $ABUSE_ADDR --body \
|
||
|
"This is an automatic email abuse report about the IP address $REMOTE_IP generated at $DATE, please do not reply.
|
||
|
You get this email because you are listed as the official and popular abuse email contact for this concrete IP address.
|
||
|
|
||
|
The following intrusion attempts were detected by our systems:
|
||
|
$LOG_LINES
|
||
|
|
||
|
WHOIS report FYI:
|
||
|
$WHOIS_OUTPUT
|
||
|
|
||
|
Thanks for your time and curiosity... take care with botnets...
|
||
|
- ANTIBOTNET SYSTEM -
|
||
|
together will do a better and free world :-)
|
||
|
from postmaster@hatthieves.es
|
||
|
by www.HatThieves.es"
|
||
|
fi
|