#!/usr/bin/perl -w

#parseblocks.pl
#This script will parse the output of PSAD's status command
#and create a log file containing the blocked IPs and the 
#basic whois information for each blocked IP.
#
#copyright 2010 Mark D. Montgomery II
#
#parseblocks.pl by Mark D. Montgomery II
#is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
#href=http://creativecommons.org/licenses/by-sa/3.0/us/

#get the current date and time
$today = `date +%Y-%m-%d--%H-%M`;
#clear the newline from the date
chomp($today);

#define the logfile to create
$logfile = "/var/log/blocks/$today-blocked.log";

#write logfile header
system ("echo PSAD Blocked Site Whois Logfile for: $today>$logfile");

#get the list of currently blocked IPs and make a temp file
system ('psad -Status|grep seconds|cut -d "(" -f1| sed \'s/^[ \t]*//;s/[ \t]*$//\' > /tmp/blocks.tmp');

my $countcommand = `wc -l /tmp/blocks.tmp`;

@countarray = split(/ /, $countcommand);
$count = $countarray[0];
system ("echo There are currently $count Active Blocks>>$logfile");
system ("echo ---------------------------->>$logfile");

#read the list of IPs into an array
open(FILE, "/tmp/blocks.tmp") or die("Unable to open file");
@data = <FILE>;
close(FILE);

#delete the temp file
system ("rm -f /tmp/blocks.tmp");

#delete the newlines from the array items
chomp (@data);

#process the array
foreach $line (@data)
{
    #write the IP address to the logfile
    system ("echo 'Report for $line:\n' >> $logfile");
    
    #get the whois data for the blocked ip and write it to a temp file
    system ("whois $line > /tmp/blockrpt.tmp");
    
    #cut out the unneeded information
    my $cmd = 'cat /tmp/blockrpt.tmp |' . 
    'grep -v \'^$\'|grep -v remarks|' . 
    'grep -v \'c:\'|grep -v \'no:\'|' . 
    'grep -v \'^mnt\'|' . 
    'grep -v \'^status\'|' . 
    'grep -v \'^changed\'|' . 
    'grep -v \'^nic-hdl\'|' . 
    'grep -v \'^address\'|' . 
    'grep -v \'^source\'|' . 
    'grep -v \'^person\'|' . 
    'grep -v \'^phone\'|' . 
    'grep -v \'^e-mail\'|' . 
    'grep -v \'^origin\'|' . 
    'grep -v \'^notify\'|' . 
    'grep -v \'^trouble\'|' . 
    'grep -v \'^role\'|' . 
    'grep -v \'whois\'|' . 
    'grep -v \'Whois\'' . 
    ">> $logfile";
    system $cmd;   
    
    #write a couple lines after the IP report
    system ("echo '--------------------------\n--------------------------' >> $logfile");
    
    #delete the temp file
    system ("rm -f /tmp/blockrpt.tmp");
}