JoshS/UFW-AbuseIPDB-Reporter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added missing support for wget, some fixes

Browse source
This commit is contained in:
Sefinek 2024-09-06 23:24:44 +02:00
parent cfc358344e
commit 76eb8b336d
1 changed files with 43 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
reporter.sh
View file

@ -1,5 +1,10 @@
#!/bin/bash #!/bin/bash
###
# https://github.com/sefinek24/UFW-AbuseIPDB-Reporter
# Version v1.0.0 from 06.09.2024 [DD.MM.YYYY]
##
LOG_FILE="/var/log/ufw.log" LOG_FILE="/var/log/ufw.log"
ENCODED_API_KEY_FILE="./.abuseipdb_token" ENCODED_API_KEY_FILE="./.abuseipdb_token"
REPORTED_IPS_FILE="/tmp/ufw-abuseipdb-reporter.cache" REPORTED_IPS_FILE="/tmp/ufw-abuseipdb-reporter.cache"
@ -13,6 +18,7 @@ log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] [$level] $message" echo "[$(date '+%Y-%m-%d %H:%M:%S')] [$level] $message"
} }
# Check if the API key file exists and decode it
if [[ -f "$ENCODED_API_KEY_FILE" ]]; then if [[ -f "$ENCODED_API_KEY_FILE" ]]; then
DECODED_API_KEY=$(openssl enc -d -base64 -in "$ENCODED_API_KEY_FILE") DECODED_API_KEY=$(openssl enc -d -base64 -in "$ENCODED_API_KEY_FILE")
if [[ -z "$DECODED_API_KEY" ]]; then if [[ -z "$DECODED_API_KEY" ]]; then
@ -26,6 +32,17 @@ fi
ABUSEIPDB_API_KEY="$DECODED_API_KEY" ABUSEIPDB_API_KEY="$DECODED_API_KEY"
# Check if jq, curl, or wget packages are available
if ! command -v jq &> /dev/null; then
log "ERROR" "jq is not installed. Please install jq to run this script."
exit 1
fi
if ! command -v curl &> /dev/null && ! command -v wget &> /dev/null; then
log "ERROR" "Neither curl nor wget is available. Please install one of them to continue."
exit 1
fi
load_reported_ips() { load_reported_ips() {
if [[ -f "$REPORTED_IPS_FILE" ]]; then if [[ -f "$REPORTED_IPS_FILE" ]]; then
while IFS= read -r line; do while IFS= read -r line; do
@ -76,21 +93,33 @@ Timestamp: $warsaw_time [Europe/Warsaw]
This report (for $ip) was generated by: This report (for $ip) was generated by:
https://github.com/sefinek24/UFW-AbuseIPDB-Reporter" https://github.com/sefinek24/UFW-AbuseIPDB-Reporter"
local response local res
response=$(curl -s -X POST "https://api.abuseipdb.com/api/v2/report" \ if command -v curl >/dev/null 2>&1; then
res=$(curl -s -X POST "https://api.abuseipdb.com/api/v2/report" \
--data-urlencode "ip=$ip" \ --data-urlencode "ip=$ip" \
--data-urlencode "categories=$categories" \ --data-urlencode "categories=$categories" \
--data-urlencode "comment=$comment" \ --data-urlencode "comment=$comment" \
-H "Key: $ABUSEIPDB_API_KEY" \ -H "Key: $ABUSEIPDB_API_KEY" \
-H "Accept: application/json") -H "Accept: application/json")
elif command -v wget >/dev/null 2>&1; then
res=$(wget -qO- --post-data="ip=$ip&categories=$categories&comment=$comment" \
--header="Key: $ABUSEIPDB_API_KEY" \
--header="Accept: application/json" \
"https://api.abuseipdb.com/api/v2/report")
else
log "ERROR" "Neither curl nor wget is available to send the report."
return 1
fi
local abuse_confidence_score local abuse_confidence_score
abuse_confidence_score=$(echo "$response" | jq -r '.data.abuseConfidenceScore') abuse_confidence_score=$(echo "$res" | jq -r '.data.abuseConfidenceScore')
if [[ "$abuse_confidence_score" =~ ^[0-9]+$ ]]; then if [[ "$abuse_confidence_score" =~ ^[0-9]+$ ]]; then
log "INFO" "Successfully reported IP $ip to AbuseIPDB with score: $abuse_confidence_score" log "INFO" "Successfully reported IP $ip to AbuseIPDB with score: $abuse_confidence_score"
return 0
else else
log "ERROR" "Failed to report IP $ip to AbuseIPDB: $response" log "ERROR" "Failed to report IP $ip to AbuseIPDB: $res"
return 1
fi fi
} }
@ -172,10 +201,11 @@ process_log_line() {
warsaw_time=$(TZ="Europe/Warsaw" date -d "$timestamp" '+%Y-%m-%d %H:%M:%S') warsaw_time=$(TZ="Europe/Warsaw" date -d "$timestamp" '+%Y-%m-%d %H:%M:%S')
log "INFO" "Reporting IP $src_ip ($proto $dpt) with categories $categories..." log "INFO" "Reporting IP $src_ip ($proto $dpt) with categories $categories..."
report_to_abuseipdb "$src_ip" "$categories" "$proto" "$spt" "$dpt" "$ttl" "$len" "$tos" "$warsaw_time" if report_to_abuseipdb "$src_ip" "$categories" "$proto" "$spt" "$dpt" "$ttl" "$len" "$tos" "$warsaw_time"; then
mark_ip_as_reported "$src_ip" mark_ip_as_reported "$src_ip"
save_reported_ips save_reported_ips
fi fi
fi
} }
load_reported_ips load_reported_ips