JoshS/UFW-AbuseIPDB-Reporter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added missing support for wget, some fixes

Browse source
This commit is contained in:
Sefinek 2024-09-06 23:24:44 +02:00
parent cfc358344e
commit 76eb8b336d
1 changed files with 43 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
reporter.sh
View file

@ -1,5 +1,10 @@
#!/bin/bash
###
# https://github.com/sefinek24/UFW-AbuseIPDB-Reporter
# Version v1.0.0 from 06.09.2024 [DD.MM.YYYY]
##
LOG_FILE="/var/log/ufw.log"
ENCODED_API_KEY_FILE="./.abuseipdb_token"
REPORTED_IPS_FILE="/tmp/ufw-abuseipdb-reporter.cache"
@ -13,6 +18,7 @@ log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] [$level] $message"
}
# Check if the API key file exists and decode it
if [[ -f "$ENCODED_API_KEY_FILE" ]]; then
DECODED_API_KEY=$(openssl enc -d -base64 -in "$ENCODED_API_KEY_FILE")
if [[ -z "$DECODED_API_KEY" ]]; then
@ -26,6 +32,17 @@ fi
ABUSEIPDB_API_KEY="$DECODED_API_KEY"
# Check if jq, curl, or wget packages are available
if ! command -v jq &> /dev/null; then
log "ERROR" "jq is not installed. Please install jq to run this script."
exit 1
fi
if ! command -v curl &> /dev/null && ! command -v wget &> /dev/null; then
log "ERROR" "Neither curl nor wget is available. Please install one of them to continue."
exit 1
fi
load_reported_ips() {
if [[ -f "$REPORTED_IPS_FILE" ]]; then
while IFS= read -r line; do
@ -58,7 +75,7 @@ is_local_ip() {
report_to_abuseipdb() {
local ip="$1" categories="$2" proto="$3" spt="$4" dpt="$5" ttl="$6" len="$7" tos="$8" warsaw_time="$9"
local comment="Blocked by UFW ($proto on port $dpt).
local comment="Blocked by UFW ($proto on port $dpt).
Source port: $spt"
[[ -n "$ttl" ]] && comment+="
@ -76,21 +93,33 @@ Timestamp: $warsaw_time [Europe/Warsaw]
This report (for $ip) was generated by:
https://github.com/sefinek24/UFW-AbuseIPDB-Reporter"
local response
response=$(curl -s -X POST "https://api.abuseipdb.com/api/v2/report" \
--data-urlencode "ip=$ip" \
--data-urlencode "categories=$categories" \
--data-urlencode "comment=$comment" \
-H "Key: $ABUSEIPDB_API_KEY" \
-H "Accept: application/json")
local res
if command -v curl >/dev/null 2>&1; then
res=$(curl -s -X POST "https://api.abuseipdb.com/api/v2/report" \
--data-urlencode "ip=$ip" \
--data-urlencode "categories=$categories" \
--data-urlencode "comment=$comment" \
-H "Key: $ABUSEIPDB_API_KEY" \
-H "Accept: application/json")
elif command -v wget >/dev/null 2>&1; then
res=$(wget -qO- --post-data="ip=$ip&categories=$categories&comment=$comment" \
--header="Key: $ABUSEIPDB_API_KEY" \
--header="Accept: application/json" \
"https://api.abuseipdb.com/api/v2/report")
else
log "ERROR" "Neither curl nor wget is available to send the report."
return 1
fi
local abuse_confidence_score
abuse_confidence_score=$(echo "$response" | jq -r '.data.abuseConfidenceScore')
abuse_confidence_score=$(echo "$res" | jq -r '.data.abuseConfidenceScore')
if [[ "$abuse_confidence_score" =~ ^[0-9]+$ ]]; then
log "INFO" "Successfully reported IP $ip to AbuseIPDB with score: $abuse_confidence_score"
return 0
else
log "ERROR" "Failed to report IP $ip to AbuseIPDB: $response"
log "ERROR" "Failed to report IP $ip to AbuseIPDB: $res"
return 1
fi
}
@ -172,9 +201,10 @@ process_log_line() {
warsaw_time=$(TZ="Europe/Warsaw" date -d "$timestamp" '+%Y-%m-%d %H:%M:%S')
log "INFO" "Reporting IP $src_ip ($proto $dpt) with categories $categories..."
report_to_abuseipdb "$src_ip" "$categories" "$proto" "$spt" "$dpt" "$ttl" "$len" "$tos" "$warsaw_time"
mark_ip_as_reported "$src_ip"
save_reported_ips
if report_to_abuseipdb "$src_ip" "$categories" "$proto" "$spt" "$dpt" "$ttl" "$len" "$tos" "$warsaw_time"; then
mark_ip_as_reported "$src_ip"
save_reported_ips
fi
fi
}