#!/usr/local/bin/php
<?php

$data = shell_exec("cat /var/log/auth.log | grep sshd | grep -v 0.0.0.0 | grep -oE \"([0-9.]+){7,}\" | sort | uniq -c");

$data_list = explode("\n", $data);
foreach ($data_list as $v) {
	$tmp = explode(" ", trim($v));
	if ($tmp[0] >= 5) {
		$banlist[$tmp[1]] = $tmp[1];
	}
}

/*
$data = shell_exec("cat /var/log/auth.log | grep sshd | grep -v \"::\" | grep user | grep -oE \"\]:.+port\" | grep -oE \"([0-9a-f]{1,4}:[^ ]+)\" | sort | uniq -c");

$data_list = explode("\n", $data);
foreach($data_list as $v) {
	$tmp = explode(" ", trim($v));
	if ($tmp[0] >= 5) {
		$banlist[$tmp[1]] = $tmp[1];
	}
} // */
$data = shell_exec("ipfw table 1 list | awk '{print \$1}' | grep -oE \".[^/]+\" | grep -vE \"/[0-9]+\"");
$data_list = explode("\n", $data);

foreach ($data_list as $v) {
	$blocked[$v] = $v;
}

// free up some memories
unset($data);
unset($data_list);
unset($tmp);

$count = 0;
$message = "I looked in /var/log/auth.log and found a number of entires I didn't like.  Here's a list of IP addresses I saw.\n\n";
$ipfwdata = file_get_contents("/etc/ipfw.auto");

foreach ($banlist as $v) {
	if (!empty($v)) {
		if (empty($blocked[$v])) {
			shell_exec("ipfw table 1 add $v");
			$count++;
			$message .= "Block [$v]\n";
			$ipfwdata .= "\nipfw -q table 1 add $v";
		}
	}
}

print("count: $count");

if ($count != 0) {
	$message .= "\n" . shell_exec("fortune") . "\n";

	file_put_contents("/etc/ipfw.auto", $ipfwdata);

	mail("Charlie Root <root@rixiekitty.com>", "Blocked Skiddies [$count]", $message, array("X-Mailer" => "banner"));
}