#!/bin/bash
#Created by Denis P. June 2015.

#For debug unset #
#set -x

#Define VARs & check if SITELIST EXIST
if [ ! -d /tmp/ipchecks/ ] ;then
   mkdir /tmp/ipchecks/
fi
###
WORKDIR=/var/www
SITELIST=/tmp/ipchecks/sitelist
TODAY=`date +%m_%d_%y`
###
if [ ! -d /tmp/ipchecks/"$TODAY" ] ;then
   mkdir /tmp/ipchecks/"$TODAY"
fi
###
DEL='_'
SORTED="SORTED"
###
if [ ! -d /tmp/ipchecks/"$TODAY$DEL$SORTED" ] ;then
   mkdir /tmp/ipchecks/"$TODAY$DEL$SORTED"
fi

#parse all logs in WORKDIR
ls -h $WORKDIR | grep widgets | cut -d . -f 2 > $SITELIST
for SITENAME in `cat $SITELIST`
        do
          egrep -o "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"  $WORKDIR/widgets.$SITENAME.*/log/$SITENAME.*_access.log.1 |  sort | uniq -c  > /tmp/ipchecks/"$TODAY"/"$SITENAME"

          egrep "^[[:blank:]]*[0-9]{5,9} [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" /tmp/ipchecks/"$TODAY"/"$SITENAME" > /tmp/ipchecks/"$TODAY$DEL$SORTED"/"$SITENAME"

         if  [[ ! -s /tmp/ipchecks/"$TODAY$DEL$SORTED"/"$SITENAME" ]];then rm /tmp/ipchecks/"$TODAY$DEL$SORTED"/"$SITENAME"; fi
        done

#Creating list
cd /tmp/ipchecks/"$TODAY$DEL$SORTED"/
for x in `ls -1 /tmp/ipchecks/"$TODAY$DEL$SORTED"/| grep -v SENDING` ; do echo -e "Wensite $x\n$(cat $x)" > $x ; done
paste -d , /tmp/ipchecks/"$TODAY$DEL$SORTED"/*  | column -t -s "," >SENDING
#Clearing IPS from whitlisted (Not necessary step , here I checking whitlisted IPS in FW)
cp SENDING SENDINGBACK
while read x ; do grep -v "$x" SENDING > temp && mv temp SENDING ; done </tmp/ipchecks/AllowedIP

#Creating Template
cd /tmp/ipchecks/"$TODAY$DEL$SORTED"/
cp /tmp/ipchecks/mail.html /tmp/ipchecks/"$TODAY$DEL$SORTED"/
NUM=$[ $(cat mail.html|wc -l)-13 ]
headed=/tmp/ipchecks/"$TODAY$DEL$SORTED"/headed
tailed=/tmp/ipchecks/"$TODAY$DEL$SORTED"/tailed
head -13 mail.html >> headed && tail -$NUM mail.html >> tailed
while read x ;do  echo "$x" >> $headed  >> $headed; done</tmp/ipchecks/"$TODAY$DEL$SORTED"/SENDING
while read x ;do echo "$x" >> $headed ; done<$tailed
mv $headed /tmp/ipchecks/"$TODAY$DEL$SORTED"/sendrep.html

#Sending list
bash /usr/local/bin/telnetmail.sh (Any cript that can send email)
#GC
cd /tmp/ipchecks/"$TODAY$DEL$SORTED"/
rm mail.html headed tailed $SITELIST

2. Telnet Mail script ( telnetmail.sh in the cript)

#!/bin/bash
IFS='%'
WORKDIR=/var/www
SITELIST=/tmp/ipchecks/sitelist
TODAY=`date +%m_%d_%y`
DEL='_'
SORTED="SORTED"
count=1
while [[ $count=1 ]]
        do
(echo open SOMEMAILSRV
sleep 8
#echo helo mailsrv
echo helo srv
echo mail from:ipchecks@dom.com
sleep 2
echo rcpt to:denis@pesikov.tk
sleep 2
echo data
sleep 2
echo subject: IPSCHECKS  from `date`
while read line ; do echo "$line" ;done</tmp/ipchecks/$TODAY$DEL$SORTED/sendrep.html
sleep 2
echo .
sleep 1
echo quit)|telnet
count=2
exit
unset IFS
done

 

3.MAIL TEMLATE (mail.html in the script)

MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;
&lt;head&gt;
&lt;meta content="text/html; charset=utf-8" http-equiv="Content-Type" /&gt;
&lt;meta name="viewport" content="width=device-width, initial-scale=1" /&gt;
&lt;title&gt;&lt;/title&gt;
&lt;/head&gt;
&lt;center&gt;&lt;font size="6" color="red"&gt;Detected suspicious IPs on websites:&lt;/font&gt;&lt;/center&gt;
&lt;body style="margin:0;padding:0;background-color:#c7c7c7"&gt;
&lt;pre&gt;
&lt;font size="3"&gt;

&lt;/font&gt;
&lt;/pre&gt;
&lt;/head&gt;
&lt;/html&gt;

 

*