initial commit

fail2ban-abuseipdb-check.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+
+set -e
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+api_key=""
+
+get_abuseConfidenceScore(){
+    score=$(curl -s -G https://api.abuseipdb.com/api/v2/check \
+        --data-urlencode "ipAddress=$1" \
+        -d maxAgeInDays=90 \
+        -d verbose \
+        -H "Key: $api_key" \
+        -H "Accept: application/json" | jq .data.abuseConfidenceScore)
+    echo "$score"
+}
+
+echo "Checking /var/log/fail2ban.log for found IP addresses..."
+
+ip_list=$(grep Found /var/log/fail2ban.log | awk '{print $8;}' | uniq)
+
+blocked=()
+not_blocked_unsafe=()
+not_blocked_safe=()
+
+for ip in $(echo "$ip_list"); do
+    if grep -q "$ip" /etc/csf/csf.deny; then
+        blocked+=("$ip");
+        echo -e "${YELLOW}IP $ip is already blocked!${NC}"
+    else
+        echo "Getting abuse score for IP: $ip..."
+        abuse_score=$(get_abuseConfidenceScore $ip)
+        if [[ $abuse_score -gt 75 ]]; then
+            not_blocked_unsafe+=("$ip")
+            echo -e "${RED}IP $ip is unsafe and not yet blocked!${NC}"
+        else
+            not_blocked_safe+=("$ip")
+            echo -e "${GREEN}IP $ip is safe!${NC}"
+        fi
+    fi
+done
+
+echo
+IFS=','
+echo "###################################"
+echo "# State of found addresses in CSF #"
+echo "###################################"
+echo "Blocked: ${blocked[*]}"
+echo -e "${RED}Not blocked and unsafe: ${not_blocked_unsafe[*]}${NC}"
+echo -e "${GREEN}Not blocked and safe: ${not_blocked_safe[*]}${NC}"
+unset IFS
+if [[ ! -z ${not_blocked_unsafe[*]} ]]; then
+    echo
+    echo "#######################"
+    echo "# Gotta Block 'Em All #"
+    echo "#######################"
+    echo "If you want to block the unsafe addresses above, use:"
+    for ip in ${not_blocked_unsafe[@]}; do
+        echo "csf -d $ip"
+    done
+fi