X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=active-response%2Ffirewall-drop.sh;h=5b5cd5309709a88e96773edd6c910c0f8cf60b20;hb=HEAD;hp=f0e634bb94107a79bdb9d78bf52eb13fc846fbc3;hpb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;p=ossec-hids.git diff --git a/active-response/firewall-drop.sh b/active-response/firewall-drop.sh index f0e634b..5b5cd53 100755 --- a/active-response/firewall-drop.sh +++ b/active-response/firewall-drop.sh @@ -29,16 +29,17 @@ RULEID="" ACTION=$1 USER=$2 IP=$3 - +PWD=`pwd` +LOCK="${PWD}/fw-drop" +LOCK_PID="${PWD}/fw-drop/pid" +IPV4F="/proc/sys/net/ipv4/ip_forward" +IPV6F="/proc/sys/net/ipv6/conf/all/forwarding" LOCAL=`dirname $0`; cd $LOCAL cd ../ -PWD=`pwd` filename=$(basename "$0") -LOCK="${PWD}/fw-drop" -LOCK_PID="${LOCK}/pid" LOG_FILE="${PWD}/../logs/active-responses.log" echo "`date` $0 $1 $2 $3 $4 $5" >> ${LOG_FILE} @@ -70,7 +71,7 @@ lock() mkdir ${LOCK} > /dev/null 2>&1 MSL=$? if [ "${MSL}" = "0" ]; then - # Lock aquired (setting the pid) + # Lock acquired (setting the pid) echo "$$" > ${LOCK_PID} return; fi @@ -86,10 +87,7 @@ lock() i=`expr $i + 1`; fi - # Sleep 1 after 10/25 interactions - if [ "$i" = "10" -o "$i" = "25" ]; then - sleep 1; - fi + sleep $i; i=`expr $i + 1`; @@ -161,7 +159,6 @@ if [ "X${UNAME}" = "XLinux" ]; then COUNT=0; lock; while [ 1 ]; do - echo ".." ${IPTABLES} ${ARG1} RES=$? if [ $RES = 0 ]; then @@ -177,7 +174,29 @@ if [ "X${UNAME}" = "XLinux" ]; then fi done + COUNT=0; while [ 1 ]; do + # + # Looking for IPV4 and IPV6 FORWARD + # + if [ -e "$IPV4F" ] + then + IPV4KEY="$(cat "$IPV4F")" + else + IPV4KEY="0" + fi + if [ -e "$IPV6F" ] + then + IPV6KEY="$(cat "$IPV6F")" + else + IPV6KEY="0" + fi + + if [ "$IPV4KEY" = "0" ] && [ "$IPV6KEY" = "0" ] + then + break + fi + ${IPTABLES} ${ARG2} RES=$? if [ $RES = 0 ]; then