banip: update 0.3.11
authorDirk Brenken <dev@brenken.org>
Sat, 30 Nov 2019 16:26:41 +0000 (17:26 +0100)
committerDirk Brenken <dev@brenken.org>
Sat, 30 Nov 2019 18:31:14 +0000 (19:31 +0100)
* fix ssh daemon autodetection
* fix 'sshd' logfile parsing

Signed-off-by: Dirk Brenken <dev@brenken.org>
net/banip/Makefile
net/banip/files/banip.service
net/banip/files/banip.sh

index 26a88014b9d7504aeeedc5e8f7143756e913dbc4..7a8b8a08458e161e2dedcf23bd0d8283f210d38a 100644 (file)
@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=banip
-PKG_VERSION:=0.3.10
+PKG_VERSION:=0.3.11
 PKG_RELEASE:=1
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
index 45d1a62fafef8aa38d613c31bd7636d120433296..eab59cc3397a950d989968eeef97bd1c1cde9dc6 100755 (executable)
@@ -29,7 +29,7 @@ if [ -x "${ban_logread}" ]
 then
        f_log "info" "log/banIP service started"
        "${ban_logread}" -f -e "${ban_sshdaemon}\|luci: failed login" | \
-               { grep -qE "Exit before auth|luci: failed login|[0-9]+ \[preauth\]$"; [ $? -eq 0 ] && /etc/init.d/banip refresh; }
+               { grep -q "Exit before auth\|luci: failed login\|error: maximum authentication attempts exceeded"; [ $? -eq 0 ] && /etc/init.d/banip refresh; }
 else
        f_log "err" "can't start log/banIP service"
 fi
index 0a0f4d0fdf303cf93379c8530c8d258d6174f1f0..14c4e838ae86c556aeacfef2437e2d771acc9f6f 100755 (executable)
@@ -13,7 +13,7 @@
 #
 LC_ALL=C
 PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-ban_ver="0.3.10"
+ban_ver="0.3.11"
 ban_basever=""
 ban_enabled=0
 ban_automatic="1"
@@ -280,13 +280,16 @@ f_envcheck()
        #
        if [ -z "${ban_sshdaemon}" ]
        then
-               utils="dropbear sshd"
+               utils="sshd dropbear"
                for util in ${utils}
                do
                        if [ -x "$(command -v "${util}")" ]
                        then
-                               ban_sshdaemon="${util}"
-                               break
+                               if [ "$("/etc/init.d/${util}" enabled; printf "%u" ${?})" -eq 0 ]
+                               then
+                                       ban_sshdaemon="${util}"
+                                       break
+                               fi
                        fi
                done
        fi
@@ -636,7 +639,13 @@ f_main()
        local src_name src_on src_url src_rset src_setipv src_settype src_ruletype src_cat src_log src_addon src_ts src_rc
        local wan_input wan_forward lan_input lan_forward target_src target_dst ssh_log luci_log
 
-       ssh_log="$(logread -e "${ban_sshdaemon}" | grep -o "${ban_sshdaemon}.*" | sed 's/:[0-9]*$//g')"
+       if [ "${ban_sshdaemon}" = "dropbear" ]
+       then
+               ssh_log="$(logread -e "${ban_sshdaemon}" | grep -o "${ban_sshdaemon}.*" | sed 's/:[0-9]*$//g')"
+       elif [ "${ban_sshdaemon}" = "sshd" ]
+       then
+               ssh_log="$(logread -e "${ban_sshdaemon}" | grep -o "${ban_sshdaemon}.*" | sed 's/ port.*$//g')"
+       fi
        luci_log="$(logread -e "luci: failed login" | grep -o "luci:.*")"
        mem_total="$(awk '/^MemTotal/ {print int($2/1000)}' "/proc/meminfo" 2>/dev/null)"
        mem_free="$(awk '/^MemFree/ {print int($2/1000)}' "/proc/meminfo" 2>/dev/null)"
@@ -748,7 +757,7 @@ f_main()
                                                                done
                                                        elif [ "${ban_sshdaemon}" = "sshd" ]
                                                        then
-                                                               src_addon="$(printf "%s\\n" "${ssh_log}" | grep -E "[0-9]+ \[preauth\]$" | awk 'match($0,/([0-9]{1,3}\.){3}[0-9]{1,3}$/){ORS=" ";print substr($0,RSTART,RLENGTH)}')"
+                                                               src_addon="$(printf "%s\\n" "${ssh_log}" | grep -F "error: maximum authentication attempts exceeded" | awk 'match($0,/([0-9]{1,3}\.){3}[0-9]{1,3}$/){ORS=" ";print substr($0,RSTART,RLENGTH)}')"
                                                        fi
                                                        src_addon="${src_addon} $(printf "%s\\n" "${luci_log}" | awk 'match($0,/([0-9]{1,3}\.){3}[0-9]{1,3}$/){ORS=" ";print substr($0,RSTART,RLENGTH)}')"
                                                ;;
@@ -762,7 +771,7 @@ f_main()
                                                                done
                                                        elif [ "${ban_sshdaemon}" = "sshd" ]
                                                        then
-                                                               src_addon="$(printf "%s\\n" "${ssh_log}" | grep -E "[0-9]+ \[preauth\]$" | awk 'match($0,/(([0-9A-f]{0,4}::?){1,7}[0-9A-f]{0,4}$)/){ORS=" ";print substr($0,RSTART,RLENGTH)}')"
+                                                               src_addon="$(printf "%s\\n" "${ssh_log}" | grep -F "error: maximum authentication attempts exceeded" | awk 'match($0,/(([0-9A-f]{0,4}::?){1,7}[0-9A-f]{0,4}$)/){ORS=" ";print substr($0,RSTART,RLENGTH)}')"
                                                        fi
                                                        src_addon="${src_addon} $(printf "%s\\n" "${luci_log}" | awk 'match($0,/(([0-9A-f]{0,4}::?){1,7}[0-9A-f]{0,4}$)/){ORS=" ";print substr($0,RSTART,RLENGTH)}')"
                                                ;;