X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=active-response%2Ffirewalls%2Fpf.sh;h=df0f7bcb91421b339e0cb6f57f9f2db9a99a8e3c;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=1958f3e3dfb47e3727994a371fc0c16890e1a961;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a;p=ossec-hids.git

diff --git a/active-response/firewalls/pf.sh b/active-response/firewalls/pf.sh
index 1958f3e..df0f7bc 100755
--- a/active-response/firewalls/pf.sh
+++ b/active-response/firewalls/pf.sh
@@ -3,22 +3,29 @@
 # Last modified: Daniel B. Cid
 
 UNAME=`uname`
-GREP=`which grep`
+GREP="/usr/bin/grep"
 PFCTL="/sbin/pfctl"
-
-# Getting pf rules file.
-PFCTL_RULES=`${GREP} pf_rules /etc/rc.conf | awk -F"=" '{print $2}' | awk '{print $1}' | awk -F"\"" '{print $1 $2}'`
-if [ "X${PFCTL_RULES}" = "X" ]; then
-    PFCTL_RULES="/etc/pf.conf"
-fi    
-
-# Checking if ossec table is configured
-PFCTL_TABLE=`cat ${PFCTL_RULES} | egrep -v "(^#|^$)" | grep ossec_fwtable | head -1 | awk '{print $2}' | sed "s/<//;s/>//"`
+PFCTL_RULES="/etc/pf.conf"
+PFCTL_TABLE="ossec_fwtable"
 ARG1=""
+ARG2=""
+CHECKTABLE=""
 ACTION=$1
 USER=$2
 IP=$3
 
+# Getting pf rules file.
+if [ ! -f $PFCTL_RULES ]; then
+        echo "The pf rules file $PFCTL_RULES does not exist"
+        exit 1
+fi 
+
+# Checking if ossec table is configured
+CHECKTABLE=`cat ${PFCTL_RULES} | $GREP $PFCTL_TABLE`
+if [ -z "$CHECKTABLE" ]; then
+        echo "Table $PFCTL_TABLE does not exist"
+        exit 1
+fi
 
 # Finding path
 LOCAL=`dirname $0`;
@@ -27,15 +34,12 @@ cd ../
 PWD=`pwd`
 echo "`date` $0 $1 $2 $3 $4 $5" >> ${PWD}/../logs/active-responses.log
 
-
 # Checking for an IP
 if [ "x${IP}" = "x" ]; then
    echo "$0: <action> <username> <ip>" 
    exit 1;
 fi
 
-
-
 # Blocking IP
 if [ "x${ACTION}" != "xadd" -a "x${ACTION}" != "xdelete" ]; then
    echo "$0: invalid action: ${ACTION}"
@@ -43,10 +47,8 @@ if [ "x${ACTION}" != "xadd" -a "x${ACTION}" != "xdelete" ]; then
    exit 1;
 fi
 
-
-
 # OpenBSD and FreeBSD pf
-if [ "X${UNAME}" = "XOpenBSD" -o "X${UNAME}" = "XFreeBSD" ]; then
+if [ "X${UNAME}" = "XOpenBSD" -o "X${UNAME}" = "XFreeBSD" -o "X${UNAME}" = "XDarwin" ]; then
   
   # Checking if pfctl is present
   ls ${PFCTL} > /dev/null 2>&1
@@ -67,6 +69,7 @@ if [ "X${UNAME}" = "XOpenBSD" -o "X${UNAME}" = "XFreeBSD" ]; then
 	else
   		if [ "x${ACTION}" = "xadd" ]; then
 	     		ARG1="-t $PFCTL_TABLE -T add ${IP}"
+			ARG2="-k ${IP}"
 		else
 	     		ARG1="-t $PFCTL_TABLE -T delete ${IP}"
 		fi
@@ -77,7 +80,7 @@ if [ "X${UNAME}" = "XOpenBSD" -o "X${UNAME}" = "XFreeBSD" ]; then
 
   #Executing it
   ${PFCTL} ${ARG1} > /dev/null 2>&1 
-
+  ${PFCTL} ${ARG2} > /dev/null 2>&1
   exit 0;
   
 else