|
Programming Guru
Join Date: May 2004
Location: Brandon, Manitoba, Canada
Posts: 2,023
Rep Power: 7 
|
Hey,
couple fixes. First off, thanks to IR, the stop fuction of the rc script now works. Here's the changes.
stop() {
ebegin "Stopping IP Blocker"
kill $(cat /var/run/monitor.pid)
eend $? "Failed to stop IP Blocker"
}
also, i noticed that there is a chance that the ip could be added to hosts.deny more than once. So i added a if statment to grep hosts.deny for the ip. Here's the new version of the ip blocker.
#!/usr/bin/env perl
use Net::SMTP::TLS;
use Switch;
use POSIX;
use Pg;
#use strict;
#Search Patterns:
my @patterns = ("Did not receive identification string","Invalid user","POSSIBLE BREAKIN ATTEMPT");
#db stuff:
#$con_val[0] == the database name.
#$con_val[1] == the host.
#$con_val[2] == the port.
#$con_val[3] == the username for the database.
#$con_val[4] == the password for the database.
my @conn_val = ("sentinel", "localhost", "5432", "sentinel", "fuck_china*");
my $ip;
my $date;
my @months;
$months["Jan"] = 0;
$months["Feb"] = 1;
$months["Mar"] = 2;
$months["Apr"] = 3;
$months["May"] = 4;
$months["Jun"] = 5;
$months["Jul"] = 6;
$months["Aug"] = 7;
$months["Sep"] = 8;
$months["Oct"] = 9;
$months["Nov"] = 10;
$months["Dec"] = 11;
my $time = localtime time;
$time =~ m/\b[0-9][0-9][0-9][0-9]\b/;
my $year = $&;
$year -= 2000;
$year += 100;
#connect up to the db.
$conn = Pg::connectdb("host=" . $conn_val[1] . " port=" . $conn_val[2] . " dbname=" . $conn_val[0] . " user=" . $conn_val[3] . " password=" . $conn_val[4]);
#check connection.
if ($conn->status != PGRES_CONNECTION_OK)
{
die "Failed to connect: ".-$conn->errorMessage."\n";
}
open (TAIL, "tail -f /var/log/auth.log 2>&1 |") or die "can't open pipe:$!";
while (<TAIL>)
{
switch ($_)
{
case m/$patterns[2]/ { next }
case m/$patterns[0]/
{
#log ip, then block and sms details to admin.
#grab ip addy
$_ =~ m/\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/;
$ip = $&;
#grab date
$_ =~ m/\b[A-z]{3} [0-9]{2} [0-9]{1,2}:[0-9]{2}:[0-9]{2}\b/;
$date = $&;
#now, chunk date out into, $month, day, hours, minutes, seconds.
my ($month, $day, $time) = split(/ /, $date);
my ($hour, $min, $sec) = split(/:/, $time);
my $full_date = mktime($sec, $min, $hour, $day, $months[$month], $year);
my $sql = "INSERT INTO log (ip, date) VALUES ('$ip', $full_date)";
my $result = $conn->exec($sql);
if (system("grep $ip /etc/hosts.deny") != 0)
{
open (DENY, ">>", "/etc/hosts.deny") or die "Can't open host.deny!";
print DENY "ALL: " . $ip . "\n";
close DENY;
}
}
case m/$patterns[1]/
{
#get the fucker's ip address.
$_ =~ m/\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/;
$ip = $&;
open (CHECK, "tail -n6 /var/log/auth.log 2>&1 |") or die "can't open pipe:$!";
my $count = 0;
while (<CHECK>)
{
$_ =~ m/\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/;
$log_ip = $&;
if ($log_ip == $ip)
{
$count += 1;
}
}
close CHECK;
if ($count >= 3)
{
#we have an attempt.
#log and ban.
$_ =~ m/\b[A-z]{3} [0-9]{2} [0-9]{1,2}:[0-9]{2}:[0-9]{2}\b/;
$date = $&;
my ($month, $day, $time) = split(/ /, $date);
my ($hour, $min, $sec) = split(/:/, $time);
my $full_date = mktime($sec, $min, $hour, $day, $months[$month], $year);
my $sql = "INSERT INTO log (ip, date) VALUES ('$ip', $full_date)";
$conn->exec($sql);
#append to host.deny
if (system("grep $ip /etc/hosts.deny") != 0)
{
open (DENY, ">>", "/etc/hosts.deny") or die "Can't open host.deny!";
print DENY "ALL: " . $ip . "\n";
close DENY;
}
}
}
}
} #end of while loop.
__________________
Profanity is the one language that all programmers understand.
Check out my Blog <---updated Nov 30 2007!
Last edited by Pizentios; May 24th, 2006 at 2:57 PM.
|