#!/bin/sh

if [ -z "$1" ]; then
        echo "usage: $0 'PATTERN'"
        exit
fi

# A pattern to grep through your accesslog
# Every ip related to that pattern we'll be listed.
match="$1"

# The Apache RewriteMap file for blacklisting IP addresses.
# The Rewrite stuff should look like the following:
#
#    RewriteMap ipbaned txt:/usr/share/apache/maps/ip-baned.txt
#    RewriteCond ${ipbaned:%{REMOTE_ADDR}|NOTFOUND} !=NOTFOUND
#    RewriteRule ^(.*) - [F]
#
ipmap=/usr/share/apache/maps/ip-baned.txt

# The accesslog where you want to grep the sensible traffic.
accesslog=/var/log/apache/www.sukria.net-access.log

# A tempfile for internal use.
tempfile=$(mktemp)

# First we get the list of already known IP addresses
# from the Apache RewriteMap file.
if [ -f $ipmap ]; then
        for line in `cat $ipmap | awk '{print $1}'`
        do
                echo "$line" >> $tempfile
        done
fi

# Then we append all the IP addresses related to the given pattern.
grep "$match" $accesslog | awk '{ print $1; }' >> $tempfile

# We sort the new list.
cat $tempfile | sort | uniq > "${tempfile}.sorted"

# And we convert the file to a RewriteMap format (just adding a -).
for line in `cat "${tempfile}.sorted"`
do
        echo "$line -" >> "${tempfile}.map"
done

# Now, let's diff 
diff -ubB $ipmap "$tempfile.map"

# Update the files.
mv $ipmap "$ipmap.old"
mv "$tempfile.map" $ipmap

# Clean remaining tempfiles.
rm -f $tempfile
rm -f "$tempfile.sorted"