From 583405ab5f7666435d006db0c81567e2a938225b Mon Sep 17 00:00:00 2001
From: root <root@pompom.softgrouphosting.net>
Date: Sat, 21 Nov 2009 21:21:04 -0500
Subject: Updated filterwall to do IP purging

---
 filterwall.sh | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/filterwall.sh b/filterwall.sh
index deba71f..5c47a48 100755
--- a/filterwall.sh
+++ b/filterwall.sh
@@ -11,16 +11,24 @@
 
 BLOCK_FILE=/etc/firewall/blocked-ips
 
+# Purge the block file at the first hour of the first day of the
+# month to prevent stale IPs from sitting in the block file.
+if (( $(date +%d) == 1 )); then
+    if (( $(date +%H) == 0 )); then
+        echo > $BLOCK_FILE
+    fi
+fi
+
 # Filter SSHD Abusers
 egrep "sshd\[[0-9]+\]: Failed password for" /var/log/auth.log | \
-	egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \
-	awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \
+    egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \
+    awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \
 >> $BLOCK_FILE
 
 # Filter FTP Abusers
 grep 'FAIL LOGIN: Client' /var/log/vsftpd.log | \
-	egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \
-	awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \
+    egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \
+    awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \
 >> $BLOCK_FILE
 
 # De-dup the filter file.
-- 
cgit v1.2.3