X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=debian%2Fossec-hids%2Fvar%2Fossec%2Factive-response%2Fbin%2Fipfw.sh;fp=debian%2Fossec-hids%2Fvar%2Fossec%2Factive-response%2Fbin%2Fipfw.sh;h=fb424cb8b1726dbefde45dfc9e8a62d347ce590c;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=0000000000000000000000000000000000000000;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b;p=ossec-hids.git diff --git a/debian/ossec-hids/var/ossec/active-response/bin/ipfw.sh b/debian/ossec-hids/var/ossec/active-response/bin/ipfw.sh new file mode 100755 index 0000000..fb424cb --- /dev/null +++ b/debian/ossec-hids/var/ossec/active-response/bin/ipfw.sh @@ -0,0 +1,67 @@ +#!/bin/sh +# Adds an IP to the IPFW drop list. +# Only works with IPFW. +# We use TABLE 00001. If you use this table for anything else, +# please change it here. +# Expect: srcip +# Author: Rafael Capovilla - under @ ( at ) underlinux.com.br +# Author: Daniel B. Cid - dcid @ ( at ) ossec.net +# Last modified: May 07, 2006 + +UNAME=`uname` +IPFW="/sbin/ipfw" +ARG1="" +ARG2="" +ACTION=$1 +USER=$2 +IP=$3 +TABLE_ID=00001 + +LOCAL=`dirname $0`; +cd $LOCAL +cd ../ +PWD=`pwd` +echo "`date` $0 $1 $2 $3 $4 $5" >> ${PWD}/../logs/active-responses.log + + +# Checking for an IP +if [ "x${IP}" = "x" ]; then + echo "$0: " + exit 1; +fi + + + +# Blocking IP +if [ "x${ACTION}" != "xadd" -a "x${ACTION}" != "xdelete" ]; then + echo "$0: Invalid action: ${ACTION}" + exit 1; +fi + + +# We should run on FreeBSD +# We always use table 00001 and rule id 00001. +if [ "X${UNAME}" = "XFreeBSD" ]; then + ls ${IPFW} >> /dev/null 2>&1 + if [ $? != 0 ]; then + exit 0; + fi + + # Check if our table is set + ${IPFW} show | grep "^00001" | grep "table(1)" >/dev/null 2>&1 + if [ ! $? = 0 ]; then + # We need to add the table + ${IPFW} -q 00001 add deny ip from table\(${TABLE_ID}\) to any + ${IPFW} -q 00001 add deny ip from any to table\(${TABLE_ID}\) + fi + + + # Executing and exiting + ${IPFW} -q table ${TABLE_ID} ${ACTION} ${IP} + + exit 0; +fi + + +# Not FreeBSD +exit 1;