diff --git a/zen/ipfs_SWARM_refresh.sh b/zen/ipfs_SWARM_refresh.sh index ad4bbde..4391ad9 100755 --- a/zen/ipfs_SWARM_refresh.sh +++ b/zen/ipfs_SWARM_refresh.sh @@ -41,25 +41,24 @@ touch /tmp/treated.ipfs.swarm touch ~/.zen/A_dead_swarm.txt count=1 -for peerline in $(ipfs swarm peers && cat ~/.zen/A_swarm_map.txt | sort | uniq); +for ipfsnodeid in $(ipfs swarm peers | grep -o '[^/]*$' && cat ~/.zen/A_swarm_map.txt | grep -o '[^/]*$' | sort | uniq); do - ipfsnodeid=$(echo "$peerline" | awk -F '/' '{print $8}') - [[ "$ipfsnodeid" == "" ]] && continue + ## $ipfsnodeid already Treated ? + [[ $(cat /tmp/treated.ipfs.swarm | grep $ipfsnodeid ) ]] && continue [[ $(cat ~/.zen/A_dead_swarm.txt | grep "$ipfsnodeid") ]] && continue + # Convert ipfsnodeid into g1pub whoisg1=$(~/.zen/astrXbian/zen/tools/ipfs_to_g1.py $ipfsnodeid) # control ip isLAN? - ip=$(echo "$peerline" | awk -F '/' '{print $3}') + peerline=$(cat ~/.zen/A_swarm_map.txt | grep "$ipfsnodeid" | head -n 1) + [[ ! $peerline ]] && peerline=$(ipfs swarm peers | grep "$ipfsnodeid") + ip=$(cat ~/.zen/A_swarm_map.txt | grep "$ipfsnodeid" | awk -F '/' '{print $3}' | head -n 1) isLAN=$(echo $ip | cut -f3 -d '/' | grep -E "(^127\.)|(^192\.168\.)|(^fd42\:)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^::1$)|(^[fF][cCdD])/") - ## $ipfsnodeid already Treated ? - [[ $(cat /tmp/treated.ipfs.swarm | grep $ipfsnodeid ) ]] && continue - nowdate=$(date) echo "### ANALYZING $whoisg1 = $ipfsnodeid ($ip) ###" - echo "${peerline}" myfriendpeer=$(cat ~/.zen/A_my_swarm.txt | grep $ipfsnodeid ) if [[ "$myfriendpeer" != "" ]]; then [[ ! $(ipfs swarm peers | grep $ipfsnodeid) ]] && ipfs swarm connect "$peerline" && ipfs bootstrap add "$peerline" @@ -69,12 +68,23 @@ do echo "TIMEOUT REACHED ___ REMOVE $ipfsnodeid FROM ~/.zen/A_my_swarm.txt"; grep -vEi $ip ~/.zen/A_my_swarm.txt echo $ipfsnodeid > ~/.zen/A_dead_swarm.txt + ## SEND MESSAGE ABOUT UNREACHABLE FRIEND + [[ "$IPFSNODEID" != "$ipfsnodeid" ]] && ~/.zen/astrXbian/zen/jaklis/jaklis.py -k ~/.zen/secret.dunikey send -d $G1PUB -t "ALERT" -m "Impossible de se synchroniser avec $whoisg1" + # KEEPING LAST 10 ALERT MESSAGES + nbmessage=0 + for messageid in $(~/.zen/astrXbian/zen/jaklis/jaklis.py -k ~/.zen/secret.dunikey read -n300 -j | jq -r --arg friendKEY "$G1PUB" '.[] | select(.pubkey == $friendKEY)' | jq 'select(.title == "ALERT")' | jq -r '.id') + do + nbmessage=$((nbmessage+1)) + [ $nbmessage -gt 10 ] && echo "Delete $nbmessage OLD 'ipfstryme' messages from $whoisg1" && ~/.zen/astrXbian/zen/jaklis/jaklis.py -k ~/.zen/secret.dunikey delete -i $messageid && sleep 0.5 + done + fi else [[ -f ~/.zen/DEFCON ]] && export DEFCON=$(cat ~/.zen/DEFCON) || export DEFCON=$(cat ~/.zen/astrXbian/DEFCON) # like in crom_MINUTE.sh - echo "!!! NOT MY FRIEND !!! ___________________ # DEFCON : $DEFCON " + echo "!!! UNKNOWN FRIEND !!! $ip ___ $ipfsnodeid ________ # DEFCON : $DEFCON " if [[ ( $DEFCON < 5 ) && ! $isLAN ]] then + ## DEFCON 4 ### SECURITY CHOICE TO MAKE IN /etc/sudoers ### # $USER ALL=(ALL:ALL) NOPASSWD:ALL # $USER ALL=(ALL:ALL) NOPASSWD:/usr/bin/fail2ban-client @@ -83,6 +93,12 @@ do sudo fail2ban-client set recidive banip $ip # Show ALL banned IP sudo fail2ban-client status recidive + ## DEFCON 3 + # Ban all known ipfsnodeid ip + ## DEFCON 2 + # nmap NOT FRIEND + ## DEFCON 1 + # DDOS NOT FRIEND fi if [[ ! $isLAN ]]; then ipfs swarm disconnect "$peerline"