Add local tools

diff --git a/blacklist b/blacklist
new file mode 100755 (executable)
index 0000000..a31beee
--- /dev/null
+++ b/blacklist
@@ -0,0 +1,71 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+
+use IPC::System::Simple qw(capturex);
+use Data::Validate::IP;
+
+my %ip4s = ();
+my %ip6s = ();
+my @blrule4s = ();
+my @blrule6s = ();
+my $whitelist = qr/^(?:127.|85.68.182.45|195.25.233.49|94.23.226.160|::1|2001:41d0:2:65a0:)/;
+my @userlist = ('rapsys');
+
+# Extract sshd.service scan
+map {
+       if (/Failed password for (?:invalid user )?(.+) from (.+) port [0-9]+ ssh2/ && grep($_ ne $1, @userlist) && $2 !~ /$whitelist/) {
+               if (Data::Validate::IP::is_ipv4($2)) {
+                       $ip4s{$2}=1;
+               } elsif (Data::Validate::IP::is_ipv6($2)) {
+                       $ip6s{$2}=1;
+               }
+       }
+} capturex('journalctl', '-u', 'sshd.service');
+
+# Extract kernel port scan
+map {
+       if (/Shorewall:net-fw:DROP:.* SRC=([^\s]+) DST=.*/ && $1 !~ /$whitelist/) {
+               if (Data::Validate::IP::is_ipv4($1)) {
+                       $ip4s{$1}=1;
+               } elsif (Data::Validate::IP::is_ipv6($1)) {
+                       $ip6s{$1}=1;
+               }
+       }
+} capturex('journalctl', '-k');
+
+# Open blrule4s file for reading
+open (my $fh, '<', '/etc/shorewall/blrules') or die "Can't open < /etc/shorewall/blrules: $!";
+
+# Populate with comments
+@blrule4s = map { chomp($_); if (/^#/) { $_; } else { (); } } <$fh>;
+
+# Prepend header
+push @blrule4s, "WHITELIST\tnet:85.68.182.45\tall";
+push @blrule4s, "WHITELIST\tnet:94.23.226.160\tall";
+push @blrule4s, "WHITELIST\tnet:195.25.233.49\tall";
+
+# Build blacklist
+map { push @blrule4s, "DROP\t\tnet:".$_.(length lt 12?"\t":'')."\tfw"; } sort keys %ip4s;
+
+# Close blrule4s file
+close $fh or die "Can't close fh: $!";
+
+# Open blrule4s file for writing
+open ($fh, '>', '/etc/shorewall/blrules') or die "Can't open > /etc/shorewall/blrules: $!";
+
+# Inject content of blacklist
+map { print $fh $_."\n"; } @blrule4s;
+
+# Close blrule4s file
+close $fh or die "Can't close fh: $!";
+
+# Print ipv6 to update hash
+#XXX; right now it don't seems scanned at all...
+for (sort keys %ip6s) {
+       print $_."\n";
+}
+
+# Restart shorewall service
+capturex('systemctl', 'restart', 'shorewall.service');

diff --git a/git-new b/git-new
new file mode 100755 (executable)
index 0000000..7aa12a3
--- /dev/null
+++ b/git-new
@@ -0,0 +1,35 @@
+#! /bin/sh
+
+# Set git root
+GITROOT='/var/www/git'
+
+# make sure we have repository to create
+if [ $# -le 0 ]; then
+       echo "Usage: $0 repository"
+       exit 1
+fi
+
+# Switch to directory
+cd $GITROOT
+
+# Handle args
+for repo in $@; do
+       if [ -d "$GITROOT/$repo" ]; then
+               echo "Warning: $GITROOT/$repo already exists"
+       else
+               # Create directory
+               mkdir "$GITROOT/$repo"
+               # Switch to directory
+               pushd "$GITROOT/$repo" > /dev/null
+               # Init bare repository
+               git --bare init --shared . > /dev/null
+               # Make it work
+               git update-server-info
+               # Allow push
+               git config http.receivepack true
+               # Fix ownership
+               chown -R apache. .
+               # Return in old dir
+               popd > /dev/null
+       fi
+done