Auto commit from /home/doc/genesis-tools

hostingtoot/.env

@@ -1,6 +1,6 @@
-DB_USER=tootuser
+DB_USER=hostingtootuser
-DB_PASSWORD=thisisaserver2281
+DB_PASSWORD=rusty2281
-DB_NAME=toot2
+DB_NAME=hostingtootdb
 DB_HOST_PRIMARY=38.102.127.166
 #DB_HOST_FAILOVER=db4.cluster.genesishostingtechnologies.com
 MASTODON_ACCESS_TOKEN=ljnlPFL8SP_4DkX_SBuyMInvvmziEr28aRFgkRHyw80

miscellaneous/malips.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+
+# Path to Snort's alert log (snort.alert.fast)
+SNORT_LOG="/var/log/snort/snort.alert.fast"
+
+# Path to store blocked IPs (to avoid duplicates)
+BLOCKED_IPS="/tmp/blocked_ips.txt"
+
+# Function to block an IP using iptables
+block_ip() {
+    local ip=$1
+
+    # Check if IP is already blocked
+    if ! grep -q "$ip" "$BLOCKED_IPS"; then
+        # Add IP to iptables block list
+        sudo iptables -I INPUT -s "$ip" -j DROP
+
+        # Log the blocked IP in the blocked_ips file
+        echo "$ip" >> "$BLOCKED_IPS"
+        echo "Blocked IP: $ip"
+    fi
+}
+
+# Ensure the blocked_ips.txt file exists and is writable
+if [ ! -f "$BLOCKED_IPS" ]; then
+    sudo touch "$BLOCKED_IPS"
+    sudo chmod 666 "$BLOCKED_IPS"
+fi
+
+# Monitor the snort.alert.fast file for new malicious IPs
+tail -F "$SNORT_LOG" | while read line; do
+    # Debug: Output the full line from Snort log
+    echo "Processing: $line"
+
+    # Extract source and destination IP addresses from Snort logs
+    if echo "$line" | grep -q "ICMP PING NMAP"; then
+        # Extract source IP (before "->")
+        ip=$(echo "$line" | awk -F' -> ' '{print $1}' | awk '{print $NF}')
+        echo "Found Source IP: $ip"  # Debug: Show the IP being extracted
+        block_ip "$ip"
+    elif echo "$line" | grep -q "EXPLOIT"; then
+        # Extract source IP (before "->")
+        ip=$(echo "$line" | awk -F' -> ' '{print $1}' | awk '{print $NF}')
+        echo "Found Source IP: $ip"  # Debug: Show the IP being extracted
+        block_ip "$ip"
+    fi
+done