diff --git a/.gitignore b/.gitignore index e781761..4ca2bc9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ *.log +*.swp venv diff --git a/Makefile b/Makefile index 0179c7e..219f7ca 100644 --- a/Makefile +++ b/Makefile @@ -16,3 +16,5 @@ check-type: check: format lint check-type +live: + tail -f /var/log/nginx/access.log | python3 ufwban.py --live diff --git a/README.md b/README.md index 80061d8..97d2cac 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,7 @@ options: -h, --help show this help message and exit --dry-run --refresh Drop all the deny ip in the UFW table and return + --to-nginx Generate an Nginx deny configuration --reload Reload the UFW firewall --live Read inputs from stdin ``` @@ -52,12 +53,15 @@ python ufwban.py --dry-run # drop all "DENY IN" ufw rules (be careful) python ufwban.py --refresh + +# generate an Nginx deny configuration (use --dry-run to see updates before applying) +python ufwban.py --to-nginx ``` * Live mode: ```bash # Read and parse Nginx access logs on each new entry and ban ip -tail -f /var/log/nginx/access.log | python ufwban.py +tail -f /var/log/nginx/access.log | python ufwban.py --live ``` -For each modes, a log is available to show which ip has been banned: `ufwban.log`. \ No newline at end of file +For each modes, a log is available to show which ip has been banned: `ufwban.log`. diff --git a/ufwban.py b/ufwban.py index ae95cce..bf720b2 100644 --- a/ufwban.py +++ b/ufwban.py @@ -264,6 +264,7 @@ def get_logs_to_deny(logs: list[NginxLog], rules: Rules) -> dict[str, NginxLog]: def get_nginx_denied_ips() -> list[str]: + """Retrieve existing Nginx denied ips""" denied_ips = [] try: @@ -278,7 +279,7 @@ def get_nginx_denied_ips() -> list[str]: logging.warning(f"not a deny rule: {line} in {NGINX_DENY_CONF}") continue - denied_ips.append(parts[2][:-1]) + denied_ips.append(parts[1].removesuffix("\n")[:-1]) except FileNotFoundError: logging.warning(f"{NGINX_DENY_CONF} does not exist")