mkdir ${LOCK} > /dev/null 2>&1
MSL=$?
if [ "${MSL}" = "0" ]; then
- # Lock aquired (setting the pid)
+ # Lock acquired (setting the pid)
echo "$$" > ${LOCK_PID}
return;
fi
C_PID=`cat ${LOCK_PID} 2>/dev/null`
if [ "x" = "x${S_PID}" ]; then
S_PID=${C_PID}
- fi
+ fi
# Breaking out of the loop after X attempts
if [ "x${C_PID}" = "x${S_PID}" ]; then
i=`expr $i + 1`;
fi
-
- # Sleep 1 after 10/25 interactions
- if [ "$i" = "10" -o "$i" = "25" ]; then
- sleep 1;
- fi
-
+
+ sleep $i;
+
i=`expr $i + 1`;
-
+
# So i increments 2 by 2 if the pid does not change.
# If the pid keeps changing, we will increments one
# by one and fail after MAX_ITERACTION
if [ "$i" = "${MAX_ITERATION}" ]; then
echo "`date` Unable to execute. Locked: $0" \
>> ${PWD}/ossec-hids-responses.log
-
+
# Unlocking and exiting
unlock;
- exit 1;
+ exit 1;
fi
done
}
# Unlock function
unlock()
{
- rm -rf ${LOCK}
+ rm -rf ${LOCK}
}
# IP Address must be provided
if [ "x${IP}" = "x" ]; then
- echo "$0: Missing argument <action> <user> (ip)"
- exit 1;
+ echo "$0: Missing argument <action> <user> (ip)"
+ exit 1;
fi
-# Checking for invalid entries (lacking ".", etc)
-echo "${IP}" | grep "\." > /dev/null 2>&1
+# Checking for invalid entries (lacking "." or ":", etc)
+echo "${IP}" | egrep "\.|\:" > /dev/null 2>&1
if [ ! $? = 0 ]; then
echo "`date` Invalid ip/hostname entry: ${IP}" >> ${PWD}/../logs/active-responses.log
exit 1;
# Adding the ip to hosts.deny
if [ "x${ACTION}" = "xadd" ]; then
- lock;
- if [ "X$UNAME" = "XFreeBSD" ]; then
- echo "ALL : ${IP} : deny" >> /etc/hosts.allow
- else
- echo "ALL:${IP}" >> /etc/hosts.deny
- fi
- unlock;
- exit 0;
-
-
-# Deleting from hosts.deny
-elif [ "x${ACTION}" = "xdelete" ]; then
- lock;
- TMP_FILE = `mktemp /var/ossec/ossec-hosts.XXXXXXXXXX`
- if [ "X${TMP_FILE}" = "X" ]; then
- # Cheap fake tmpfile, but should be harder then no random data
- TMP_FILE = "/var/ossec/ossec-hosts.`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -1 `"
- fi
- if [ "X$UNAME" = "XFreeBSD" ]; then
- cat /etc/hosts.allow | grep -v "ALL : ${IP} : deny$"> ${TMP_FILE}
- mv ${TMP_FILE} /etc/hosts.allow
- else
- cat /etc/hosts.deny | grep -v "ALL:${IP}$"> ${TMP_FILE}
- cat ${TMP_FILE} > /etc/hosts.deny
- rm ${TMP_FILE}
- fi
- unlock;
- exit 0;
-
-
-# Invalid action
+ # Looking for duplication
+ IPKEY=$(grep -w "${IP}" /etc/hosts.deny)
+ if [ ! -z "$IPKEY" ]; then
+ echo "IP ${IP} already exists on host.deny..." >> ${PWD}/../logs/active-responses.log
+ exit 1
+ fi
+ lock;
+ echo "${IP}" | grep "\:" > /dev/null 2>&1
+ if [ $? = 0 ]; then
+ IP="[${IP}]"
+ fi
+ if [ "X$UNAME" = "XFreeBSD" ]; then
+ echo "ALL : ${IP} : deny" >> /etc/hosts.allow
+ else
+ echo "ALL:${IP}" >> /etc/hosts.deny
+ fi
+ unlock;
+ exit 0;
+
+
+# Deleting from hosts.deny
+elif [ "x${ACTION}" = "xdelete" ]; then
+ lock;
+ TMP_FILE=`mktemp ${PWD}/ossec-hosts.XXXXXXXXXX`
+ if [ "X${TMP_FILE}" = "X" ]; then
+ # Cheap fake tmpfile, but should be harder then no random data
+ TMP_FILE="${PWD}/ossec-hosts.`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -1 `"
+ fi
+ echo "${IP}" | grep "\:" > /dev/null 2>&1
+ if [ $? = 0 ]; then
+ IP="\[${IP}\]"
+ fi
+ if [ "X$UNAME" = "XFreeBSD" ]; then
+ cat /etc/hosts.allow | grep -v "ALL : ${IP} : deny$"> ${TMP_FILE}
+ mv ${TMP_FILE} /etc/hosts.allow
+ else
+ cat /etc/hosts.deny | grep -v "ALL:${IP}$"> ${TMP_FILE}
+ cat ${TMP_FILE} > /etc/hosts.deny
+ rm ${TMP_FILE}
+ fi
+ unlock;
+ exit 0;
+
+
+# Invalid action
else
- echo "$0: invalid action: ${ACTION}"
-fi
+ echo "$0: invalid action: ${ACTION}"
+fi
exit 1;