projects / ossec-hids.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
new upstream release (3.3.0); modify package compatibility for Stretch
[ossec-hids.git] / active-response / firewalls / pf.sh
diff --git a/active-response/firewalls/pf.sh b/active-response/firewalls/pf.sh
index b93502b..df0f7bc 100755 (executable)
--- a/active-response/firewalls/pf.sh
+++ b/active-response/firewalls/pf.sh
@@ -3,22 +3,29 @@
 # Last modified: Daniel B. Cid
 
 UNAME=`uname`
-GREP=`which grep`
+GREP="/usr/bin/grep"
 PFCTL="/sbin/pfctl"
-
-# Getting pf rules file.
-PFCTL_RULES=`${GREP} pf_rules /etc/rc.conf | awk -F"=" '{print $2}' | awk '{print $1}' | awk -F"\"" '{print $1 $2}'`
-if [ "X${PFCTL_RULES}" = "X" ]; then
-    PFCTL_RULES="/etc/pf.conf"
-fi    
-
-# Checking if ossec table is configured
-PFCTL_TABLE=`cat ${PFCTL_RULES} | egrep -v "(^#|^$)" | grep ossec_fwtable | head -1 | awk '{print $2}' | sed "s/<//;s/>//"`
+PFCTL_RULES="/etc/pf.conf"
+PFCTL_TABLE="ossec_fwtable"
 ARG1=""
+ARG2=""
+CHECKTABLE=""
 ACTION=$1
 USER=$2
 IP=$3
 
+# Getting pf rules file.
+if [ ! -f $PFCTL_RULES ]; then
+        echo "The pf rules file $PFCTL_RULES does not exist"
+        exit 1
+fi 
+
+# Checking if ossec table is configured
+CHECKTABLE=`cat ${PFCTL_RULES} | $GREP $PFCTL_TABLE`
+if [ -z "$CHECKTABLE" ]; then
+        echo "Table $PFCTL_TABLE does not exist"
+        exit 1
+fi
 
 # Finding path
 LOCAL=`dirname $0`;
@@ -27,15 +34,12 @@ cd ../
 PWD=`pwd`
 echo "`date` $0 $1 $2 $3 $4 $5" >> ${PWD}/../logs/active-responses.log
 
-
 # Checking for an IP
 if [ "x${IP}" = "x" ]; then
    echo "$0: <action> <username> <ip>" 
    exit 1;
 fi
 
-
-
 # Blocking IP
 if [ "x${ACTION}" != "xadd" -a "x${ACTION}" != "xdelete" ]; then
    echo "$0: invalid action: ${ACTION}"
@@ -43,8 +47,6 @@ if [ "x${ACTION}" != "xadd" -a "x${ACTION}" != "xdelete" ]; then
    exit 1;
 fi
 
-
-
 # OpenBSD and FreeBSD pf
 if [ "X${UNAME}" = "XOpenBSD" -o "X${UNAME}" = "XFreeBSD" -o "X${UNAME}" = "XDarwin" ]; then
   
@@ -67,6 +69,7 @@ if [ "X${UNAME}" = "XOpenBSD" -o "X${UNAME}" = "XFreeBSD" -o "X${UNAME}" = "XDar
        else
                if [ "x${ACTION}" = "xadd" ]; then
                        ARG1="-t $PFCTL_TABLE -T add ${IP}"
+                       ARG2="-k ${IP}"
                else
                        ARG1="-t $PFCTL_TABLE -T delete ${IP}"
                fi
@@ -77,7 +80,7 @@ if [ "X${UNAME}" = "XOpenBSD" -o "X${UNAME}" = "XFreeBSD" -o "X${UNAME}" = "XDar
 
   #Executing it
   ${PFCTL} ${ARG1} > /dev/null 2>&1 
-
+  ${PFCTL} ${ARG2} > /dev/null 2>&1
   exit 0;
   
 else
ossec-hids