#!/bin/bash

# Variables
LOGFILE=/var/log/auth.log    # Log file    
LINE=0                       # Where to start count

# Install geoiplookup if needed
if [ ! "$(command -v geoiplookup)" ]; then
    apt -y install geoip-bin
fi

# Colors for Location/Address
BB="\033[1;34m"              # Blue bold
BW="\033[1;37m"              # Bold White 
BY="\033[1;33m"              # Bold Yellow
GR="\033[0;32m"              # Green
LY="\033[3;33m"              # Light Yellow
RB="\033[1;31m"              # Red bold (Default)
NC="\033[00m"                # Color Reset

while true
    do
        for i in $(cat $LOGFILE | awk "NR>$LINE"  | grep Invalid | awk '{print $(NF-2)}' | uniq)
            do
                LINE=$(cat $LOGFILE | wc -l)
                # Detect if IPv4 address for lookups
                if [ "$i" != "${i#*[0-9].[0-9]}" ]; then 
                    LOCATION=$(geoiplookup "$i" | awk '{print $5  " "  $6}') 
                else
                    LOCATION=$(geoiplookup6 "$i" | awk '{print $6  " "  $7}')
                fi
                echo -e "[*] The Blocked Attacker's Country: ${RB}$LOCATION ${NC}[IP ADDRESS:${RB} $i]${NC}" 
                
            done
        sleep 2
    done