Initial commit - v1.3.1-18

source/root/usr/share/xt_geoip/geoip_countries_list.txt

@@ -0,0 +1,280 @@
+Abbreviated Country Code List
+
+A1      Anonymous Proxy
+A2      Satellite Provider
+AC      Ascension Island
+AD      Andorra
+AE      United Arab Emirates
+AERO    members of the air-transport industry
+AF      Afghanistan
+AG      Antigua and Barbuda
+AI      Anguilla
+AL      Albania
+AM      Armenia
+AN      Netherlands Antilles (being phased out)
+AO      Angola
+AQ      Antarctica
+AP      Asia/Pacific
+AR      Argentina
+AS      American Samoa
+ASIA    Restricted to the Pan-Asia and Asia Pacific community
+AT      Austria
+AU      Australia
+AW      Aruba
+AX      Aland Islands
+AZ      Azerbaijan
+BA      Bosnia and Herzegovina
+BB      Barbados
+BD      Bangladesh
+BE      Belgium
+BF      Burkina Faso
+BG      Bulgaria
+BH      Bahrain
+BI      Burundi
+BIZ     Restricted for Business
+BJ      Benin
+BL      Saint Barthelemy
+BM      Bermuda
+BN      Brunei Darussalam
+BO      Bolivia
+BQ      Bonaire, Sint Eustatius and Saba
+BR      Brazil
+BS      Bahamas
+BT      Bhutan
+BV      Bouvet Island
+BW      Botswana
+BY      Belarus
+BZ      Belize
+CA      Canada
+CC      Cocos (Keeling) Islands
+CD      Congo, The Democratic Republic of the
+CF      Central African Republic
+CG      Congo
+CH      Switzerland
+CI      Cote d'Ivoire
+CK      Cook Islands
+CL      Chile
+CM      Cameroon
+CN      China
+CO      Colombia
+COM     Generic top-level domain
+COOP    cooperative associations
+CR      Costa Rica
+CU      Cuba
+CV      Cape Verde
+CW      Curaçao
+CX      Christmas Island
+CY      Cyprus
+CZ      Czech Republic
+DE      Germany
+DJ      Djibouti
+DK      Denmark
+DM      Dominica
+DO      Dominican Republic
+DZ      Algeria
+EC      Ecuador
+EDU     Educational Institutions
+EE      Estonia
+EG      Egypt
+EH      Western Sahara
+ER      Eritrea
+ES      Spain
+ET      Ethiopia
+EU      European Union
+FI      Finland
+FJ      Fiji
+FK      Falkland Islands (Malvinas)
+FM      Micronesia, Federated States of
+FO      Faroe Islands
+FR      France
+GA      Gabon
+GB      United Kingdom
+GD      Grenada
+GE      Georgia
+GF      French Guiana
+GG      Guernsey
+GH      Ghana
+GI      Gibraltar
+GL      Greenland
+GM      Gambia
+GN      Guinea
+GOV     United States Government
+GP      Guadeloupe
+GQ      Equatorial Guinea
+GR      Greece
+GS      South Georgia and the South Sandwich Islands
+GT      Guatemala
+GU      Guam
+GW      Guinea-Bissau
+GY      Guyana
+HK      Hong Kong
+HM      Heard Island and McDonald Islands
+HN      Honduras
+HR      Croatia
+HT      Haiti
+HU      Hungary
+ID      Indonesia
+IE      Ireland
+IL      Israel
+IM      Isle of Man
+IN      India
+INFO    Generic top-level domain
+IO      British Indian Ocean Territory
+IQ      Iraq
+IR      Iran, Islamic Republic of
+IS      Iceland
+IT      Italy
+JE      Jersey
+JM      Jamaica
+JO      Jordan
+JOBS    Reserved to serve needs of the international human resource management community
+JP      Japan
+KE      Kenya
+KG      Kyrgyzstan
+KH      Cambodia
+KI      Kiribati
+KM      Comoros
+KN      Saint Kitts and Nevis
+KP      Korea, Democratic People's Republic of
+KR      Korea, Republic of
+KW      Kuwait
+KY      Cayman Islands
+KZ      Kazakhstan
+LA      Lao People's Democratic Republic
+LB      Lebanon
+LC      Saint Lucia
+LI      Liechtenstein
+LK      Sri Lanka
+LR      Liberia
+LS      Lesotho
+LT      Lithuania
+LU      Luxembourg
+LV      Latvia
+LY      Libyan Arab Jamahiriya
+MA      Morocco
+MC      Monaco
+MD      Moldova, Republic of
+ME      Montenegro
+MF      Saint Martin (French part)
+MG      Madagascar
+MH      Marshall Islands
+MIL     United States Military
+MK      Macedonia, The Former Yugoslav Republic of
+ML      Mali
+MM      Myanmar
+MN      Mongolia
+MO      Macao
+MOBI    consumers and providers of mobile products and services
+MP      Northern Mariana Islands
+MQ      Martinique
+MR      Mauritania
+MS      Montserrat
+MT      Malta
+MU      Mauritius
+MUSEUM  museums
+MV      Maldives
+MW      Malawi
+MX      Mexico
+MY      Malaysia
+MZ      Mozambique
+NA      Namibia
+NAME    individuals
+NC      New Caledonia
+NE      Niger
+NET     Generic top-level domain
+NF      Norfolk Island
+NG      Nigeria
+NI      Nicaragua
+NL      Netherlands
+NO      Norway
+NP      Nepal
+NR      Nauru
+NU      Niue
+NZ      New Zealand
+OM      Oman
+ORG     Generic top-level domain
+PA      Panama
+PE      Peru
+PF      French Polynesia
+PG      Papua New Guinea
+PH      Philippines
+PK      Pakistan
+PL      Poland
+PM      Saint Pierre and Miquelon
+PN      Pitcairn
+PR      Puerto Rico
+PRO     Restricted to credentialed professionals and related entities
+PS      Palestinian Territory, Occupied
+PT      Portugal
+PW      Palau
+PY      Paraguay
+QA      Qatar
+RE      Reunion
+RO      Romania
+RS      Serbia
+RU      Russian Federation
+RW      Rwanda
+SA      Saudi Arabia
+SB      Solomon Islands
+SC      Seychelles
+SD      Sudan
+SE      Sweden
+SG      Singapore
+SH      Saint Helena
+SI      Slovenia
+SJ      Svalbard and Jan Mayen
+SK      Slovakia
+SL      Sierra Leone
+SM      San Marino
+SN      Senegal
+SO      Somalia
+SR      Suriname
+SS      South Sudan
+ST      Sao Tome and Principe
+SU      Soviet Union (being phased out)
+SV      El Salvador
+SX      Saint Maarten (Dutch part)
+SY      Syrian Arab Republic
+SZ      Swaziland
+TC      Turks and Caicos Islands
+TD      Chad
+TEL     businesses and individuals to publish their contact data
+TF      French Southern Territories
+TG      Togo
+TH      Thailand
+TJ      Tajikistan
+TK      Tokelau
+TL      Timor-Leste
+TM      Turkmenistan
+TN      Tunisia
+TO      Tonga
+TP      Portuguese Timor (being phased out)
+TR      Turkey
+TRAVEL  entities whose primary area of activity is in the travel industry
+TT      Trinidad and Tobago
+TV      Tuvalu
+TW      Taiwan, Province of China
+TZ      Tanzania, United Republic of
+UA      Ukraine
+UG      Uganda
+UK      United Kingdom
+UM      United States Minor Outlying Islands
+US      United States
+UY      Uruguay
+UZ      Uzbekistan
+VA      Holy See (Vatican City State)
+VC      Saint Vincent and the Grenadines
+VE      Venezuela, Bolivarian Republic of
+VG      Virgin Islands, British
+VI      Virgin Islands, US
+VN      Viet Nam
+VU      Vanuatu
+WF      Wallis and Futuna
+WS      Samoa
+XXX     the adult entertainment community
+YE      Yemen
+YT      Mayotte
+ZA      South Africa
+ZM      Zambia
+ZW      Zimbabwe
+

source/root/usr/share/xt_geoip/geoip_exstat

@@ -0,0 +1,104 @@
+#!/bin/sh 
+# Read one of the files updated by geoip_stats depending on $1 (PREF)
+# Read all of the daily scores by country on a period of D(ay) -default-, W(eek) or M(onth)
+#    depending on $2
+
+EXECDIR="/usr/share/xt_geoip"
+STATDIR="/var/lib/xt_geoip"
+
+case $1 in
+    "ssh")
+        PREF="ssh"
+        TITLE=" Numbers of SSH bad attempts by country"
+    ;;
+    "ipt")
+        PREF="ipt"
+        TITLE=" Numbers of IPs banned (xt_geoip) by country"
+    ;;
+    "f2b")
+        PREF="f2b"
+        TITLE=" Numbers of IPs banned (fail2ban) by country"
+    ;;
+    *)
+        echo "usage : $0 'ssh|ipt|f2b' [D|W|M]"
+        exit 1
+    ;;
+esac
+
+# permanent files
+BASE2FILE="$STATDIR/Base_${PREF}_country.lst"
+# results files
+RESFILE="$STATDIR/ext${2}_${PREF}_country.lst"
+# tempo
+TMPFILE=$(mktemp $STATDIR/xt_${PREF}.XXXXXXX)
+
+# Day -1  -7  -31
+DATE1=$(date --date '1 day ago' '+%Y-%m-%d')
+
+DATE2=$DATE1
+PRD="DAY"
+if [ "X$2" == "XW" ]
+then
+    DATE2=$(date --date '8 day ago' '+%Y-%m-%d')
+    PRD="WEEK"
+
+else
+    if [ "X$2" == "XM" ]
+    then
+        DATE2=$(date --date '31 day ago' '+%Y-%m-%d')
+        PRD="MONTH"
+    fi
+fi
+
+#echo "d1: $DATE1 d2: $DATE2"
+Date1=$(date -d $DATE1 +%s)
+Date2=$(date -d $DATE2 +%s)
+#echo "d1: $Date1 d2: $Date2"
+
+cd $EXECDIR
+
+# yesterday already in base ?
+if  [ ! -f $BASE2FILE ]
+then
+    echo "$0 : File $BASE2FILE does not exist."
+    exit 1
+fi
+
+TOT=0
+while read -r line
+do
+    DATELIG=$(date -d $(echo "$line" | cut -s -d';' -f1) +%s)
+    if [ $DATELIG -le $Date1 -a $DATELIG -ge $Date2 ]
+    then
+        echo "$line" >> $TMPFILE
+        TOT=$(expr $TOT + $(echo "$line" | cut -s -d';' -f3))
+    fi
+done < $BASE2FILE
+
+#echo "tot: $TOT"
+
+# number of incidents by country code, sorted reverse by number
+awk -F ";" -v v1=$TOT -v OFS=";" \
+ '{t[$2]=$2; t1[$2]+=$3} END {for(n in t) printf("%s | %d | %0.1f%\n", t[n], t1[n], (t1[n]*100)/v1)}' $TMPFILE | sort -t "|" -k 3 -r -n > $RESFILE
+
+rm -f $TMPFILE
+
+# for mail
+if [ -s $RESFILE ]
+then
+    echo ""
+    echo "  Smeserver daily statistics for Xtables - GEOIP"
+    echo "           from $(hostname) - $DATE1"
+    echo ""
+    echo " $TITLE during LAST $PRD"
+    echo "       ( XX means 'country not found' )"
+    echo ""
+    echo "--------------------"
+    cat $RESFILE
+    echo "--------------------"
+    echo "   | $TOT | 100%"
+    echo "--------------------"
+    echo ""
+
+fi
+

source/root/usr/share/xt_geoip/geoip_listat

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+EXECDIR="/usr/share/xt_geoip"
+STATDIR="/var/lib/xt_geoip"
+
+for pref in $(echo 'ipt ssh f2b')
+do
+    echo "" > ${STATDIR}/extA_${pref}_country.lst
+    for period in $(echo 'D W M')
+    do
+	${EXECDIR}/geoip_exstat $pref $period >> $STATDIR/extA_${pref}_country.lst
+    done
+    cat $STATDIR/extA_${pref}_country.lst
+done

source/root/usr/share/xt_geoip/geoip_look

@@ -0,0 +1,11 @@
+#! /bin/bash
+
+for par in "$@"
+do
+
+CN=$(/usr/bin/mmdblookup --file /usr/share/GeoIP/GeoLite2-Country.mmdb --ip $par country iso_code 2>/dev/null | cut -d\" -f2|  tr -d '\n')
+if [ -z $CN ]; then echo 'XX'; else echo $CN; fi
+
+done
+
+

source/root/usr/share/xt_geoip/geoip_stats

@@ -0,0 +1,135 @@
+#!/bin/sh 
+# Read the log files depending on $1 (PREF)
+# Read all of the IPs concerned, search countries and count them.  
+# exec crontab 2h AM for previous day
+
+EXECDIR="/usr/share/xt_geoip"
+STATDIR="/var/lib/xt_geoip"
+
+case $1 in
+    "ssh")
+        PREF="ssh"
+        LOGDIR="/var/log/sshd"
+        CMD1='cat'
+        CMD2=' | grep -i '
+        CMD3=' | grep -E "(Failed password|Invalid user \w+ from)" | sed -e "s/^.*from //" -e "s/ port.*$//" >> $RESFILE'
+    ;;
+    "ipt")
+        PREF="ipt"
+        LOGDIR="/var/log/iptables"
+        CMD1='zcat -f '
+        CMD2=' | grep -i '
+        CMD3=' | grep "GeoIP BAN" | sed -e "s/^.*SRC=//" -e "s/ DST=.*$//" >> $RESFILE'
+    ;;
+     "f2b")
+ 	if [[ -x /bin/fail2ban-client && -f /var/log/fail2ban/daemon.log ]]
+ 	then
+     	    PREF="f2b"
+     	    LOGDIR="/var/log/fail2ban"
+     	    CMD1='zcat -f '
+     	    CMD2=' | grep -i '
+     	    CMD3=' | grep -E "] Ban " | sed -e "s/^.* Ban //" >> $RESFILE'
+ #        	CMD3=' | grep -E ": NOTICE  [.*] Ban" | sed -e "s/^.* Ban //" >> $RESFILE'
+ 	else
+ 	    echo "No fail2ban enabled here"
+ 	    exit 1
+ 	fi
+     ;;
+    *)
+	echo "usage : $0 [ssh|ipt|f2b|....]"
+        exit 1
+    ;;
+esac
+
+
+# files of the day
+RESFILE="$STATDIR/${PREF}_ip.lst"
+RES2FILE="$STATDIR/${PREF}_country.lst"
+# permanent files
+BASEFILE="$STATDIR/Base_${PREF}_ip.lst"
+BASE2FILE="$STATDIR/Base_${PREF}_country.lst"
+ARCHFILE="$STATDIR/ArchBase_${PREF}_ip.lst"
+ARCH2FILE="$STATDIR/ArchBase_${PREF}_country.lst"
+# tempo
+TMPFILE=$(mktemp $STATDIR/xt_${PREF}.XXXXXXX)
+# Day - 1
+MONTH=$(date --date '1 day ago' +%B)
+LOGDAY="$(LC_ALL=C date --date '1 day ago' '+%h %e')"
+DATE=$(date --date '1 day ago' '+%Y-%m-%d')
+ARCHDATE=$(date --date '90 day ago' '+%Y-%m-%d')
+[[ $PREF = 'f2b' ]] && LOGDAY=$DATE
+
+cd $EXECDIR
+
+# yesterday already in base ?
+if  [ -f $BASEFILE ]
+then
+    if (fgrep $DATE $BASEFILE > /dev/null 2>&1)
+    then 
+        echo "$0 : $PREF already run for that date. Please verify this !"
+        exit 1
+    fi
+fi
+
+cp /dev/null $RESFILE
+
+# All logfiles update for 2 days, not empty
+for file in $(find $LOGDIR/* -type f -mtime -2 -size +50c)
+do
+#    echo "$(echo $CMD1 $file $CMD2 \'^"$LOGDAY"\' $CMD3)"
+    eval "$(echo $CMD1 $file $CMD2 \'^"$LOGDAY"\' $CMD3)"
+done
+
+# number of incidents by IP, sorted by IP
+awk  -F ";" -v OFS=";" \
+ '{t[$1]=$1; t1[$1]+=1} END {for(n in t) print t[n], t1[n]}' $RESFILE | sort -t ";" -n -k 1 > $TMPFILE
+
+# +date, +country code
+awk -F ";" -v v1=$DATE -v OFS=";" \
+'{ printf "%s",v1 ";" $0 ";"; system("./geoip_look " $1) }' $TMPFILE > $RESFILE
+
+# number of incidents by country code, sorted reverse by number
+awk -F ";" -v v1=$DATE -v OFS=";" \
+ '{t[$4]=$4; t1[$4]+=$3} END {for(n in t) print v1, t[n], t1[n]}' $RESFILE | sort -t ";" -k 3 -r -n > $RES2FILE
+
+rm -f $TMPFILE
+
+# concatenate into bases
+cat $RESFILE >> $BASEFILE
+cat $RES2FILE >> $BASE2FILE
+
+touch ${TMPFILE}_last3m
+touch ${TMPFILE}_older
+
+# split IP bases file between 'last 3 months' and 'archives'
+awk -F ';' "\$1 > \"$ARCHDATE\" {print > (\"${TMPFILE}_last3m\"); next} {print > (\"${TMPFILE}_older\")}" $BASEFILE
+
+if [ -f ${TMPFILE}_older ]
+then
+    cat ${TMPFILE}_older >> $ARCHFILE
+    cp ${TMPFILE}_last3m $BASEFILE
+fi
+cp /dev/null ${TMPFILE}_last3m
+cp /dev/null ${TMPFILE}_older
+ 
+# split COUNTRY bases file between 'last 3 months' and archives
+ awk -F ';' "\$1 > \"$ARCHDATE\" {print > (\"${TMPFILE}_last3m\"); next} {print > (\"${TMPFILE}_older\")}" $BASE2FILE
+ 
+if [ -f ${TMPFILE}_older ]
+then
+     cat ${TMPFILE}_older >> $ARCH2FILE
+     cp ${TMPFILE}_last3m $BASE2FILE
+fi
+
+rm -f ${TMPFILE}_last3m ${TMPFILE}_older
+
+# for mail
+if [ -s $RES2FILE ]
+then
+    echo "parse $LOGDIR for $PREF events"
+    cat $RES2FILE
+fi
+
+# delete files of today
+#rm -f $RESFILE $RES2FILE
+

source/root/usr/share/xt_geoip/update_base

@@ -0,0 +1,5 @@
+cd /usr/share/xt_geoip
+if ( ./xt_geoip_dl )
+then
+    /usr/libexec/xtables-addons/xt_geoip_build GeoIPCountryWhois.csv
+fi

source/root/usr/share/xt_geoip/xt_geoip_dl

@@ -0,0 +1,30 @@
+#!/bin/sh
+
+# Original script from xtables-addons
+# SME specific use of ConfigDB
+# replace /usr/libexec/xtables-addons/xt_geoip_dl in /usr/share/xt_geoip/update_base
+
+status=$(/sbin/e-smith/config getprop geoip status)
+if [[ "$status" != "enabled" ]]
+then
+    echo "Geoip is not enabled. No download."
+    exit 1
+fi
+
+LicenseKey=$(/sbin/e-smith/config getprop geoip LicenseKey)
+if [ -z $LicenseKey ]
+then
+    echo "No License Key available. Downloading cannot be performed"
+    exit 1
+fi
+
+rm -rf GeoLite2-Country-CSV_*
+
+if ( ! wget -O GeoLite2-Country-CSV.zip -q "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country-CSV&license_key=${LicenseKey}&suffix=zip" )
+then
+    echo "Error while downloading"
+    exit 2
+fi
+
+unzip -q GeoLite2-Country-CSV.zip
+rm -f GeoLite2-Country-CSV.zip