linux-scripts/fail2ban-abuseipdb-check.sh

#!/bin/bash

set -e

RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

api_key=""

get_abuseConfidenceScore(){
    score=$(curl -s -G https://api.abuseipdb.com/api/v2/check \
        --data-urlencode "ipAddress=$1" \
        -d maxAgeInDays=90 \
        -d verbose \
        -H "Key: $api_key" \
        -H "Accept: application/json" | jq .data.abuseConfidenceScore)
    echo "$score"
}

echo "Checking /var/log/fail2ban.log for found IP addresses..."

ip_list=$(grep Found /var/log/fail2ban.log | awk '{print $8;}' | uniq)

blocked=()
not_blocked_unsafe=()
not_blocked_safe=()

for ip in $(echo "$ip_list"); do
    if grep -q "$ip" /etc/csf/csf.deny; then
        blocked+=("$ip");
        echo -e "${YELLOW}IP $ip is already blocked!${NC}"
    else
        echo "Getting abuse score for IP: $ip..."
        abuse_score=$(get_abuseConfidenceScore $ip)
        if [[ $abuse_score -gt 75 ]]; then
            not_blocked_unsafe+=("$ip")
            echo -e "${RED}IP $ip is unsafe and not yet blocked!${NC}"
        else
            not_blocked_safe+=("$ip")
            echo -e "${GREEN}IP $ip is safe!${NC}"
        fi
    fi
done

echo
IFS=','
echo "###################################"
echo "# State of found addresses in CSF #"
echo "###################################"
echo "Blocked: ${blocked[*]}"
echo -e "${RED}Not blocked and unsafe: ${not_blocked_unsafe[*]}${NC}"
echo -e "${GREEN}Not blocked and safe: ${not_blocked_safe[*]}${NC}"
unset IFS
if [[ ! -z ${not_blocked_unsafe[*]} ]]; then
    echo
    echo "#######################"
    echo "# Gotta Block 'Em All #"
    echo "#######################"
    echo "If you want to block the unsafe addresses above, use:"
    for ip in ${not_blocked_unsafe[@]}; do
        echo "csf -d $ip"
    done
fi