#!/bin/bash

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

[[ ! -x `which nft` ]] && echo install nftables first && exit 1

if [[ `whoami` = root ]]; then
        sudo=""
else
        [[ ! -x `which sudo` ]] && echo install sudo first && exit 1
        sudo=sudo
fi

if [[ -z `nft list ruleset | grep sshguard` ]]; then
        #[[ ! -x `which iptables` ]] && echo install iptables first && exit 1
        if [[ -z `iptables -nvL | grep sshguard` ]]; then
                echo [UNKNOWN] neither nftables nor iptables have sshguard chains
                exit 3
        else
                parser=iptables
        fi
else
        parser=nftables
fi

for ip_ver in 4 6; do
        (( ip_ver == 4 )) && ip_ver_fix="" || ip_ver_fix=$ip_ver

        if [[ $parser = nftables ]]; then
		tmp1=`$sudo nft list set ip$ip_ver_fix sshguard attackers | sed -n '/set attackers/,/^[[:space:]]*}/p' | \
			sed '1d;$d' | \
			grep -v "type ipv${ip_ver}_addr" | \
			grep -v 'flags interval' | \
			sed 's/^[[:space:]]*//'`
        elif [[ $parser = iptables ]]; then
                tmp1=`$sudo ip${ip_ver_fix}tables -nL sshguard | sed 1,2d | awk '{print $4}'`
        fi

        # 10.0.0.0/8
        # 172.16.0.0/12
        # 192.168.0.0/16
        # 100.64.0.0/10

        if (( ip_ver == 4 )); then
                tmp=`echo "$tmp1" | grep -E '[[:space:]]10\.|[[:space:]]172\.[1-3][0-9]\.|[[:space:]]192\.168\.|[[:space:]]100\.6[4-9]\.|[[:space:]]100\.[69][0-9]\.|[[:space:]]100\.1[01][0-9]\.|[[:space:]]100\.12[0-7]'`
        else
                tmp="$tmp1"
        fi

        if [[ -n $tmp ]]; then
                echo [WARNING] internal/non-public ip$ip_ver ssh brute force attempt from $tmp
		(( warn = 1 ))
        else
                echo [OK] no internal/non-public ip$ip_ver ssh brute force attempts
        fi

        unset tmp tmp1 ip_ver_fix
done; unset ip_ver

(( warn == 1 )) && exit 1 || true