diff --git a/firewall.sh b/firewall.sh index 021d314..d37c56a 100644 --- a/firewall.sh +++ b/firewall.sh @@ -9,7 +9,7 @@ # __/ | # # |___/ # # # -## - 27/08/2018 - Asus Firewall Addition By Adamm v6.3.3 # +## - 03/09/2018 - Asus Firewall Addition By Adamm v6.3.4 # ## https://github.com/Adamm00/IPSet_ASUS # ############################################################################################################# @@ -2767,6 +2767,11 @@ case "$1" in if [ -n "$found2" ]; then $red "Blacklist Reason;"; grep -F "add Skynet-Blacklist $4 " "$skynetipset" | awk '{$1=$2=$3=$4=""; print $0}' | tr -s " "; echo; fi if [ -n "$found3" ]; then $red "BlockedRanges Reason;"; grep -F "add Skynet-BlockedRanges $(echo "$4" | cut -d '.' -f1-3)." "$skynetipset" | awk '{$1=$2=$4=""; print $0}' | tr -s " "; fi echo + if [ -f "/opt/var/log/dnsmasq.log" ] && grep -q "reply.* is $4" /opt/var/log/*; then + $red "Associated Domains;" + grep "reply.* is $4" /opt/var/log/* | awk '{print $6}' | sed 's~http[s]*://~~;s~/.*~~;s~www.~~g' | awk '!x[$0]++' + echo; echo + fi echo "$4 First Tracked On $(grep -m1 -F "=$4 " "$skynetlog" | awk '{print $1" "$2" "$3}')" echo "$4 Last Tracked On $(grep -F "=$4 " "$skynetlog" | tail -1 | awk '{print $1" "$2" "$3}')" echo "$(grep -Foc "=$4 " "$skynetlog") Blocks Total" @@ -2919,10 +2924,20 @@ case "$1" in grep -F "Manual Ban" "$skynetevents" | grep -oE ' SRC=[0-9,\.]* ' | cut -c 6- | tail -"$counter" | awk '{a[i++]=$0} END {for (j=i-1; j>=0;) print a[j--] }' | awk '{print "https://otx.alienvault.com/indicator/ip/"$1}' echo $red "Last $counter Unique HTTP(s) Blocks (Outbound);" - grep -E 'DPT=80 |DPT=443 ' "$skynetlog" | grep -E "OUTBOUND.*$proto" | grep -oE ' DST=[0-9,\.]* ' | cut -c 6- | awk '{a[i++]=$0} END {for (j=i-1; j>=0;) print a[j--] }' | awk '!x[$0]++' | head -"$counter" | awk '{print "https://otx.alienvault.com/indicator/ip/"$1}' + if [ -f "/opt/var/log/dnsmasq.log" ]; then + grep -E 'DPT=80 |DPT=443 ' "$skynetlog" | grep -E "OUTBOUND.*$proto" | grep -oE ' DST=[0-9,\.]* ' | cut -c 6- | awk '{a[i++]=$0} END {for (j=i-1; j>=0;) print a[j--] }' | awk '!x[$0]++' | head -"$counter" | awk '{print "https://otx.alienvault.com/indicator/ip/"$1}' | while IFS= read -r "ip"; do + echo "$ip - ($(grep "reply.* is $(echo $ip | cut -d '/' -f6-)" /opt/var/log/* | awk '{print $6}' | sed 's~http[s]*://~~;s~/.*~~;s~www.~~g' | awk '!x[$0]++' | xargs))" + done + fi echo $red "Top $counter HTTP(s) Blocks (Outbound);" - grep -E 'DPT=80 |DPT=443 ' "$skynetlog" | grep -E "OUTBOUND.*$proto" | grep -oE ' DST=[0-9,\.]* ' | cut -c 6- | sort -n | uniq -c | sort -nr | head -"$counter" | awk '{print $1"x https://otx.alienvault.com/indicator/ip/"$2}' + if [ -f "/opt/var/log/dnsmasq.log" ]; then + grep -E 'DPT=80 |DPT=443 ' "$skynetlog" | grep -E "OUTBOUND.*$proto" | grep -oE ' DST=[0-9,\.]* ' | cut -c 6- | sort -n | uniq -c | sort -nr | head -"$counter" | awk '{print $1"x https://otx.alienvault.com/indicator/ip/"$2}' | while IFS= read -r "ip"; do + echo "$ip - ($(grep "reply.* is $(echo $ip | cut -d '/' -f6-)" /opt/var/log/* | awk '{print $6}' | sed 's~http[s]*://~~;s~/.*~~;s~www.~~g' | awk '!x[$0]++' | xargs))" + done + else + grep -E 'DPT=80 |DPT=443 ' "$skynetlog" | grep -E "OUTBOUND.*$proto" | grep -oE ' DST=[0-9,\.]* ' | cut -c 6- | sort -n | uniq -c | sort -nr | head -"$counter" | awk '{print $1"x https://otx.alienvault.com/indicator/ip/"$2}' + fi echo $red "Top $counter Blocks (Inbound);" grep -E "INBOUND.*$proto" "$skynetlog" | grep -oE ' SRC=[0-9,\.]* ' | cut -c 6- | sort -n | uniq -c | sort -nr | head -"$counter" | awk '{print $1"x https://otx.alienvault.com/indicator/ip/"$2}'