2 # Author: Rafael M. Capovilla
3 # Last modified: Daniel B. Cid
9 # Getting pf rules file.
10 PFCTL_RULES=`${GREP} pf_rules /etc/rc.conf | awk -F"=" '{print $2}' | awk '{print $1}' | awk -F"\"" '{print $1 $2}'`
11 if [ "X${PFCTL_RULES}" = "X" ]; then
12 PFCTL_RULES="/etc/pf.conf"
15 # Checking if ossec table is configured
16 PFCTL_TABLE=`cat ${PFCTL_RULES} | egrep -v "(^#|^$)" | grep ossec_fwtable | head -1 | awk '{print $2}' | sed "s/<//;s/>//"`
28 echo "`date` $0 $1 $2 $3 $4 $5" >> ${PWD}/../logs/active-responses.log
32 if [ "x${IP}" = "x" ]; then
33 echo "$0: <action> <username> <ip>"
40 if [ "x${ACTION}" != "xadd" -a "x${ACTION}" != "xdelete" ]; then
41 echo "$0: invalid action: ${ACTION}"
42 echo "$0: invalid action: ${ACTION}" >> ${PWD}/ossec-hids-responses.log
48 # OpenBSD and FreeBSD pf
49 if [ "X${UNAME}" = "XOpenBSD" -o "X${UNAME}" = "XFreeBSD" ]; then
51 # Checking if pfctl is present
52 ls ${PFCTL} > /dev/null 2>&1
54 echo "$0: PF not configured."
55 echo "$0: PF not configured." >> ${PWD}/ossec-hids-responses.log
59 # Checking if we have pf config file
60 if [ -e ${PFCTL_RULES} ]; then
62 #Checking if we got the table to add the bad guys
63 if [ "x${PFCTL_TABLE}" = "x" ]; then
64 echo "$0: PF not configured."
65 echo "$0: PF not configured." >> ${PWD}/ossec-hids-responses.log
68 if [ "x${ACTION}" = "xadd" ]; then
69 ARG1="-t $PFCTL_TABLE -T add ${IP}"
71 ARG1="-t $PFCTL_TABLE -T delete ${IP}"
79 ${PFCTL} ${ARG1} > /dev/null 2>&1
projects / ossec-hids.git / blob