diff --git a/hostingtoot/.env b/hostingtoot/.env index 9afdf56..98f2a62 100644 --- a/hostingtoot/.env +++ b/hostingtoot/.env @@ -1,6 +1,6 @@ -DB_USER=tootuser -DB_PASSWORD=thisisaserver2281 -DB_NAME=toot2 +DB_USER=hostingtootuser +DB_PASSWORD=rusty2281 +DB_NAME=hostingtootdb DB_HOST_PRIMARY=38.102.127.166 #DB_HOST_FAILOVER=db4.cluster.genesishostingtechnologies.com MASTODON_ACCESS_TOKEN=ljnlPFL8SP_4DkX_SBuyMInvvmziEr28aRFgkRHyw80 diff --git a/miscellaneous/malips.sh b/miscellaneous/malips.sh new file mode 100755 index 0000000..0f540ff --- /dev/null +++ b/miscellaneous/malips.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +# Path to Snort's alert log (snort.alert.fast) +SNORT_LOG="/var/log/snort/snort.alert.fast" + +# Path to store blocked IPs (to avoid duplicates) +BLOCKED_IPS="/tmp/blocked_ips.txt" + +# Function to block an IP using iptables +block_ip() { + local ip=$1 + + # Check if IP is already blocked + if ! grep -q "$ip" "$BLOCKED_IPS"; then + # Add IP to iptables block list + sudo iptables -I INPUT -s "$ip" -j DROP + + # Log the blocked IP in the blocked_ips file + echo "$ip" >> "$BLOCKED_IPS" + echo "Blocked IP: $ip" + fi +} + +# Ensure the blocked_ips.txt file exists and is writable +if [ ! -f "$BLOCKED_IPS" ]; then + sudo touch "$BLOCKED_IPS" + sudo chmod 666 "$BLOCKED_IPS" +fi + +# Monitor the snort.alert.fast file for new malicious IPs +tail -F "$SNORT_LOG" | while read line; do + # Debug: Output the full line from Snort log + echo "Processing: $line" + + # Extract source and destination IP addresses from Snort logs + if echo "$line" | grep -q "ICMP PING NMAP"; then + # Extract source IP (before "->") + ip=$(echo "$line" | awk -F' -> ' '{print $1}' | awk '{print $NF}') + echo "Found Source IP: $ip" # Debug: Show the IP being extracted + block_ip "$ip" + elif echo "$line" | grep -q "EXPLOIT"; then + # Extract source IP (before "->") + ip=$(echo "$line" | awk -F' -> ' '{print $1}' | awk '{print $NF}') + echo "Found Source IP: $ip" # Debug: Show the IP being extracted + block_ip "$ip" + fi +done