From 76eb8b336d780477de95e8f1f05c5cf32f517660 Mon Sep 17 00:00:00 2001 From: Sefinek Date: Fri, 6 Sep 2024 23:24:44 +0200 Subject: [PATCH] Added missing support for wget, some fixes --- reporter.sh | 56 ++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 43 insertions(+), 13 deletions(-) diff --git a/reporter.sh b/reporter.sh index 87aa4fc..18f8004 100644 --- a/reporter.sh +++ b/reporter.sh @@ -1,5 +1,10 @@ #!/bin/bash +### +# https://github.com/sefinek24/UFW-AbuseIPDB-Reporter +# Version v1.0.0 from 06.09.2024 [DD.MM.YYYY] +## + LOG_FILE="/var/log/ufw.log" ENCODED_API_KEY_FILE="./.abuseipdb_token" REPORTED_IPS_FILE="/tmp/ufw-abuseipdb-reporter.cache" @@ -13,6 +18,7 @@ log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] [$level] $message" } +# Check if the API key file exists and decode it if [[ -f "$ENCODED_API_KEY_FILE" ]]; then DECODED_API_KEY=$(openssl enc -d -base64 -in "$ENCODED_API_KEY_FILE") if [[ -z "$DECODED_API_KEY" ]]; then @@ -26,6 +32,17 @@ fi ABUSEIPDB_API_KEY="$DECODED_API_KEY" +# Check if jq, curl, or wget packages are available +if ! command -v jq &> /dev/null; then + log "ERROR" "jq is not installed. Please install jq to run this script." + exit 1 +fi + +if ! command -v curl &> /dev/null && ! command -v wget &> /dev/null; then + log "ERROR" "Neither curl nor wget is available. Please install one of them to continue." + exit 1 +fi + load_reported_ips() { if [[ -f "$REPORTED_IPS_FILE" ]]; then while IFS= read -r line; do @@ -58,7 +75,7 @@ is_local_ip() { report_to_abuseipdb() { local ip="$1" categories="$2" proto="$3" spt="$4" dpt="$5" ttl="$6" len="$7" tos="$8" warsaw_time="$9" -local comment="Blocked by UFW ($proto on port $dpt). + local comment="Blocked by UFW ($proto on port $dpt). Source port: $spt" [[ -n "$ttl" ]] && comment+=" @@ -76,21 +93,33 @@ Timestamp: $warsaw_time [Europe/Warsaw] This report (for $ip) was generated by: https://github.com/sefinek24/UFW-AbuseIPDB-Reporter" - local response - response=$(curl -s -X POST "https://api.abuseipdb.com/api/v2/report" \ - --data-urlencode "ip=$ip" \ - --data-urlencode "categories=$categories" \ - --data-urlencode "comment=$comment" \ - -H "Key: $ABUSEIPDB_API_KEY" \ - -H "Accept: application/json") + local res + if command -v curl >/dev/null 2>&1; then + res=$(curl -s -X POST "https://api.abuseipdb.com/api/v2/report" \ + --data-urlencode "ip=$ip" \ + --data-urlencode "categories=$categories" \ + --data-urlencode "comment=$comment" \ + -H "Key: $ABUSEIPDB_API_KEY" \ + -H "Accept: application/json") + elif command -v wget >/dev/null 2>&1; then + res=$(wget -qO- --post-data="ip=$ip&categories=$categories&comment=$comment" \ + --header="Key: $ABUSEIPDB_API_KEY" \ + --header="Accept: application/json" \ + "https://api.abuseipdb.com/api/v2/report") + else + log "ERROR" "Neither curl nor wget is available to send the report." + return 1 + fi local abuse_confidence_score - abuse_confidence_score=$(echo "$response" | jq -r '.data.abuseConfidenceScore') + abuse_confidence_score=$(echo "$res" | jq -r '.data.abuseConfidenceScore') if [[ "$abuse_confidence_score" =~ ^[0-9]+$ ]]; then log "INFO" "Successfully reported IP $ip to AbuseIPDB with score: $abuse_confidence_score" + return 0 else - log "ERROR" "Failed to report IP $ip to AbuseIPDB: $response" + log "ERROR" "Failed to report IP $ip to AbuseIPDB: $res" + return 1 fi } @@ -172,9 +201,10 @@ process_log_line() { warsaw_time=$(TZ="Europe/Warsaw" date -d "$timestamp" '+%Y-%m-%d %H:%M:%S') log "INFO" "Reporting IP $src_ip ($proto $dpt) with categories $categories..." - report_to_abuseipdb "$src_ip" "$categories" "$proto" "$spt" "$dpt" "$ttl" "$len" "$tos" "$warsaw_time" - mark_ip_as_reported "$src_ip" - save_reported_ips + if report_to_abuseipdb "$src_ip" "$categories" "$proto" "$spt" "$dpt" "$ttl" "$len" "$tos" "$warsaw_time"; then + mark_ip_as_reported "$src_ip" + save_reported_ips + fi fi }