mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-05-02 00:02:55 +02:00
Merge commit 'origin'; branch 'master' into next
This commit is contained in:
Arne Fitzenreiter
@@ -50,6 +50,8 @@ print "My gatewayaddess is: $gatewayaddr\n";
|
|||||||
# destination was found.
|
# destination was found.
|
||||||
"$hostipaddr" => 1);
|
"$hostipaddr" => 1);
|
||||||
|
|
||||||
|
&get_aliases;
|
||||||
|
|
||||||
%sshhash = ();
|
%sshhash = ();
|
||||||
|
|
||||||
if ( -e $targetfile ) {
|
if ( -e $targetfile ) {
|
||||||
@@ -186,8 +188,8 @@ sub ipchain {
|
|||||||
my ($source, $dest, $type) = @_;
|
my ($source, $dest, $type) = @_;
|
||||||
&write_log ("$source\t$type\n");
|
&write_log ("$source\t$type\n");
|
||||||
if ($hash{$source} eq "") {
|
if ($hash{$source} eq "") {
|
||||||
&write_log ("Running '$blockpath $source'\n");
|
&write_log ("Running '$blockpath $source $interface'\n");
|
||||||
system ("$blockpath $source");
|
system ("$blockpath $source $interface");
|
||||||
$hash{$source} = time() + $TimeLimit;
|
$hash{$source} = time() + $TimeLimit;
|
||||||
} else {
|
} else {
|
||||||
# We have already blocked this one, but snort detected another attack. So
|
# We have already blocked this one, but snort detected another attack. So
|
||||||
@@ -244,6 +246,9 @@ sub load_conf {
|
|||||||
}
|
}
|
||||||
if (/Interface\s+(.*)/) {
|
if (/Interface\s+(.*)/) {
|
||||||
$interface = $1;
|
$interface = $1;
|
||||||
|
if ( $interface eq "" ) {
|
||||||
|
$interface = `cat /var/ipfire/ethernet/settings | grep RED_DEV | cut -d"=" -f2`;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (/AlertFile\s+(.*)/) {
|
if (/AlertFile\s+(.*)/) {
|
||||||
$alert_file = $1;
|
$alert_file = $1;
|
||||||
@@ -265,16 +270,13 @@ sub load_conf {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($interface eq "") {
|
|
||||||
die "Fatal! Interface is undefined.. Please define it in $opt_o with keyword Interface\n";
|
|
||||||
}
|
|
||||||
if ($alert_file eq "") {
|
if ($alert_file eq "") {
|
||||||
print "Warning! AlertFile is undefined.. Assuming /var/log/snort.alert\n";
|
print "Warning! AlertFile is undefined.. Assuming /var/log/snort.alert\n";
|
||||||
$alert_file="/var/log/snort.alert";
|
$alert_file="/var/log/snort.alert";
|
||||||
}
|
}
|
||||||
if ($hostipaddr eq "") {
|
if ($hostipaddr eq "") {
|
||||||
print "Warning! HostIpAddr is undefined! Attempting to guess..\n";
|
print "Warning! HostIpAddr is undefined! Attempting to guess..\n";
|
||||||
$hostipaddr = &get_ip($interface);
|
$hostipaddr = `cat /var/ipfire/red/local-ipaddress`;
|
||||||
print "Got it.. your HostIpAddr is $hostipaddr\n";
|
print "Got it.. your HostIpAddr is $hostipaddr\n";
|
||||||
}
|
}
|
||||||
if ($ignorefile eq "") {
|
if ($ignorefile eq "") {
|
||||||
@@ -345,30 +347,9 @@ sub daemonize {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sub get_ip {
|
|
||||||
my ($interface) = $_[0];
|
|
||||||
my $ip;
|
|
||||||
open (IFCONFIG, "/bin/netstat -iee |grep $interface -A7 |");
|
|
||||||
while (<IFCONFIG>) {
|
|
||||||
if ($OS eq "FreeBSD") {
|
|
||||||
if (/inet (\d+\.\d+\.\d+\.\d+)/) {
|
|
||||||
$ip = $1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if ($OS eq "Linux") {
|
|
||||||
if (/inet addr:(\d+\.\d+\.\d+\.\d+)/) {
|
|
||||||
$ip = $1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
close (IFCONFIG);
|
|
||||||
|
|
||||||
if ($ip eq "") { die "Couldn't figure out the ip address\n"; }
|
|
||||||
$ip;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub sig_handler_setup {
|
sub sig_handler_setup {
|
||||||
$SIG{TERM} = \&clean_up_and_exit; # kill
|
$SIG{INT} = \&clean_up_and_exit; # kill -2
|
||||||
|
$SIG{TERM} = \&clean_up_and_exit; # kill -9
|
||||||
$SIG{QUIT} = \&clean_up_and_exit; # kill -3
|
$SIG{QUIT} = \&clean_up_and_exit; # kill -3
|
||||||
# $SIG{HUP} = \&flush_and_reload; # kill -1
|
# $SIG{HUP} = \&flush_and_reload; # kill -1
|
||||||
}
|
}
|
||||||
@@ -387,7 +368,7 @@ sub remove_blocks {
|
|||||||
sub call_unblock {
|
sub call_unblock {
|
||||||
my ($source, $message) = @_;
|
my ($source, $message) = @_;
|
||||||
&write_log ("$message");
|
&write_log ("$message");
|
||||||
system ("$unblockpath $source");
|
system ("$unblockpath $source $interface");
|
||||||
}
|
}
|
||||||
|
|
||||||
sub clean_up_and_exit {
|
sub clean_up_and_exit {
|
||||||
@@ -412,3 +393,22 @@ sub load_targetfile {
|
|||||||
close (TARG);
|
close (TARG);
|
||||||
print "Loaded $count addresses from $targetfile\n";
|
print "Loaded $count addresses from $targetfile\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub get_aliases {
|
||||||
|
my $ip;
|
||||||
|
print "Scanning for aliases on $interface and add them to the target hash...";
|
||||||
|
|
||||||
|
open (IFCONFIG, "/sbin/ip addr show $interface |");
|
||||||
|
my @lines = <IFCONFIG>;
|
||||||
|
close(IFCONFIG);
|
||||||
|
|
||||||
|
foreach $line (@lines) {
|
||||||
|
if ( $line =~ /inet (\d+\.\d+\.\d+\.\d+)/) {
|
||||||
|
$ip = $1;
|
||||||
|
print " got $ip on $interface ... ";
|
||||||
|
$targethash{'$ip'} = "1";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
print "done \n";
|
||||||
|
}
|
||||||
@@ -2,10 +2,11 @@
|
|||||||
|
|
||||||
# this is a sample block script for guardian. This should work with ipchains.
|
# this is a sample block script for guardian. This should work with ipchains.
|
||||||
# This command gets called by guardian as such:
|
# This command gets called by guardian as such:
|
||||||
# guardian_block.sh <source_ip>
|
# guardian_block.sh <source_ip> <interface>
|
||||||
# and the script will issue a command to block all traffic from that source ip
|
# and the script will issue a command to block all traffic from that source ip
|
||||||
# address. The logic of weither or not it is safe to block that address is
|
# address. The logic of weither or not it is safe to block that address is
|
||||||
# done inside guardian itself.
|
# done inside guardian itself.
|
||||||
source=$1
|
source=$1
|
||||||
|
interface=$2
|
||||||
|
|
||||||
/sbin/iptables -I GUARDIANINPUT -s $source -j DROP
|
/sbin/iptables -I GUARDIAN -s $source -i $interface -j DROP
|
||||||
|
|||||||
@@ -2,8 +2,9 @@
|
|||||||
|
|
||||||
# this is a sample unblock script for guardian. This should work with ipchains.
|
# this is a sample unblock script for guardian. This should work with ipchains.
|
||||||
# This command gets called by guardian as such:
|
# This command gets called by guardian as such:
|
||||||
# unblock.sh <source_ip>
|
# unblock.sh <source_ip> <interface>
|
||||||
# and the script will issue a command to remove the block that was created with # block.sh address.
|
# and the script will issue a command to remove the block that was created with # block.sh address.
|
||||||
source=$1
|
source=$1
|
||||||
|
interface=$2
|
||||||
|
|
||||||
/sbin/iptables -D GUARDIANINPUT -s $source -j DROP
|
/sbin/iptables -D GUARDIAN -s $source -i $interface -j DROP
|
||||||
|
|||||||
@@ -30,7 +30,7 @@ THISAPP = guardian-$(VER)
|
|||||||
DIR_APP = $(DIR_SRC)/$(THISAPP)
|
DIR_APP = $(DIR_SRC)/$(THISAPP)
|
||||||
TARGET = $(DIR_INFO)/$(THISAPP)
|
TARGET = $(DIR_INFO)/$(THISAPP)
|
||||||
PROG = guardian
|
PROG = guardian
|
||||||
PAK_VER = 6
|
PAK_VER = 7
|
||||||
|
|
||||||
DEPS = ""
|
DEPS = ""
|
||||||
|
|
||||||
|
|||||||
@@ -140,8 +140,9 @@ case "$1" in
|
|||||||
# CUSTOM chains, can be used by the users themselves
|
# CUSTOM chains, can be used by the users themselves
|
||||||
/sbin/iptables -N CUSTOMINPUT
|
/sbin/iptables -N CUSTOMINPUT
|
||||||
/sbin/iptables -A INPUT -j CUSTOMINPUT
|
/sbin/iptables -A INPUT -j CUSTOMINPUT
|
||||||
/sbin/iptables -N GUARDIANINPUT
|
/sbin/iptables -N GUARDIAN
|
||||||
/sbin/iptables -A INPUT -j GUARDIANINPUT
|
/sbin/iptables -A INPUT -j GUARDIAN
|
||||||
|
/sbin/iptables -A FORWARD -j GUARDIAN
|
||||||
/sbin/iptables -N CUSTOMFORWARD
|
/sbin/iptables -N CUSTOMFORWARD
|
||||||
/sbin/iptables -A FORWARD -j CUSTOMFORWARD
|
/sbin/iptables -A FORWARD -j CUSTOMFORWARD
|
||||||
/sbin/iptables -N CUSTOMOUTPUT
|
/sbin/iptables -N CUSTOMOUTPUT
|
||||||
|
|||||||
Reference in New Issue
Block a user