#!/bin/bash #Scott Sullivan #1 is true, 0 is false uid=`id -u` root_uid=0 E_NOTROOT=87 if [ "$uid" -ne "$root_uid" ] then echo "You must be root to run this script..." exit $E_NOTROOT else function checkCSF { if ! type csf >/dev/null 2>&1 then csf="0" else csf="1" fi } function checkAPF { if ! type apf >/dev/null 2>&1 then apf="0" else apf="1" fi } function checkIptables { if ! type iptables >/dev/null 2>&1 then iptables="0" else iptables="1" fi } checkIptables checkCSF checkAPF #CSF logic if [ $csf -eq 1 ] then for blockMeCSF in `cat /etc/httpd/logs/error_log | grep ModSecurity | cut -d c -f 2 | grep [0-9] | sed 's/lient//g' | sed 's/ModSe//g' | sed 's/]//g' | sed 's/error//g' | sed 's/noti//g' | sed 's/[a-z]//g' | sed 's/://g' | cut -d [ -f 1 | egrep -v '^[0-9 ]*[0-9][0-9 ]*$' | uniq -d`; do csf -d $blockMeCSF >/dev/null 2>&1; done fi #APF logic if [ $apf -eq 1 ] then for blockMeAPF in `cat /etc/httpd/logs/error_log | grep ModSecurity | cut -d c -f 2 | grep [0-9] | sed 's/lient//g' | sed 's/ModSe//g' | sed 's/]//g' | sed 's/error//g' | sed 's/noti//g' | sed 's/[a-z]//g' | sed 's/://g' | cut -d [ -f 1 | egrep -v '^[0-9 ]*[0-9][0-9 ]*$' | uniq -d`; do apf -d $blockMeAPF >/dev/null 2>&1; done fi #IPTABLES logic if [ "$csf" -eq 0 ] && [ "$apf" -eq 0 ] && [ "$iptables" -eq 1 ] then for blockMeIptables in `cat /etc/httpd/logs/error_log | grep ModSecurity | cut -d c -f 2 | grep [0-9] | sed 's/lient//g' | sed 's/ModSe//g' | sed 's/]//g' | sed 's/error//g' | sed 's/noti//g' | sed 's/[a-z]//g' | sed 's/://g' | cut -d [ -f 1 | egrep -v '^[0-9 ]*[0-9][0-9 ]*$' | uniq -d`; do iptables -I INPUT -s $blockMeIptables -j DROP >/dev/null 2>&1; done elif [ $iptables -eq 0 ] then echo "////////////////////////////////////////////////////////////////////////////////////////////////////" echo "//Neither APF,CSF, or Iptables can be found on your server. What firewall software are you running??" echo "////////////////////////////////////////////////////////////////////////////////////////////////////" exit 1 fi fi