SCSIraidGURU’s World

SRG

SCSIraidGURU’s World

GeoFencing.sh

GeoFencing is a policy that blocks all traffic based on Geography from the countries listed.   The previous day’s syslog file is parsed.   I could modify the code to add the path into the FNAME. 

Russian Federation, China, Ukraine, Vietnam, Estonia, (Germany was removed), and Romania.  I created a unique key, year, month, day, country_code and number of attacks.   The Russian Federation is highly active each day.  

19082201 2019 08 22 1 4518
19082202 2019 08 22 2 1037
19082203 2019 08 22 3 85
19082204 2019 08 22 4 55
19082205 2019 08 22 5 102
19082207 2019 08 22 7 69

#!/bin/bash
CURRENTDATE=`date –date=”1 days ago” +%Y-%m-%d`
CURRENTDATESHORT=`date –date=”1 days ago” +%y-%d-%m`
FourYear=`date +%Y`
TwoYear=`date –date=”1 days ago” +%y`
Month=`date –date=”1 days ago” +%m`
Day=`date –date=”1 days ago” +%d`
FNAME=”GeoFencing-${CURRENTDATE}.txt”
echo ${CURRENTDATE}
echo ${CURRENTDATESHORT}
echo ${TwoYear}
echo ${Month}
echo ${Day}
echo ${TwoYear}${Month}${Day}
echo ${FNAME}
echo -n ${TwoYear}${Month}${Day}”01″ >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $FourYear >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $Month >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $Day >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ “1” ‘\t’ >> “/home/michael/logs/${FNAME}”
sudo cat /var/log/firewalls/192.168.1.173-${CURRENTDATE}.log | grep -o -w srccountry=\”Russian” “Federation\” | wc -w >> “/home/michael/logs/${FNAME}”

echo -n ${TwoYear}${Month}${Day}”02″ >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $FourYear >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $Month >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $Day >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ “2” ‘\t’ >> “/home/michael/logs/${FNAME}”
sudo cat /var/log/firewalls/192.168.1.173-${CURRENTDATE}.log | grep -o -w srccountry=\”China\” | wc -w >> “/home/michael/logs/${FNAME}”

echo -n ${TwoYear}${Month}${Day}”03″ >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $FourYear >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $Month >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $Day >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ “3” ‘\t’ >> “/home/michael/logs/${FNAME}”
sudo cat /var/log/firewalls/192.168.1.173-${CURRENTDATE}.log | grep -o -w srccountry=\”Ukraine\” | wc -w >> “/home/michael/logs/${FNAME}”

echo -n ${TwoYear}${Month}${Day}”04″ >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $FourYear >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $Month >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $Day >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ “4” ‘\t’ >> “/home/michael/logs/${FNAME}”
sudo cat /var/log/firewalls/192.168.1.173-${CURRENTDATE}.log | grep -o -w srccountry=\”Vietnam\” | wc -w >> “/home/michael/logs/${FNAME}”

echo -n ${TwoYear}${Month}${Day}”05″ >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $FourYear >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $Month >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $Day >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ “5” ‘\t’ >> “/home/michael/logs/${FNAME}”
sudo cat /var/log/firewalls/192.168.1.173-${CURRENTDATE}.log | grep -o -w srccountry=\”Estonia\” | wc -w >> “/home/michael/logs/${FNAME}”

# echo -n ${TwoYear}${Month}${Day}”06″ >> “/home/michael/logs/${FNAME}”
# echo -n -e ‘\t’ $FourYear >> “/home/michael/logs/${FNAME}”
#echo -n -e ‘\t’ $Month >> “/home/michael/logs/${FNAME}”
# echo -n -e ‘\t’ $Day >> “/home/michael/logs/${FNAME}”
# echo -n -e ‘\t’ “6” ‘\t’ >> “/home/michael/logs/${FNAME}”
#sudo cat /var/log/firewalls/192.168.1.173-${CURRENTDATE}.log | grep -o -w srccountry=\”Germany\” | wc -w >> “/home/michael/logs/${FNAME}”

echo -n ${TwoYear}${Month}${Day}”07″ >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $FourYear >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $Month >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $Day >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ “7” ‘\t’ >> “/home/michael/logs/${FNAME}”
sudo cat /var/log/firewalls/192.168.1.173-${CURRENTDATE}.log | grep -o -w srccountry=\”Romania\” | wc -w >> “/home/michael/logs/${FNAME}”
sudo chown michael:michael “/home/michael/logs/${FNAME}”
sudo chmod 755 “/home/michael/logs/${FNAME}”

Close Menu