+++ /dev/null
-#!/bin/sh
-# Author: Rafael M. Capovilla
-# Last modified: Daniel B. Cid
-
-UNAME=`uname`
-GREP="/usr/bin/grep"
-PFCTL="/sbin/pfctl"
-PFCTL_RULES="/etc/pf.conf"
-PFCTL_TABLE="ossec_fwtable"
-ARG1=""
-ARG2=""
-CHECKTABLE=""
-ACTION=$1
-USER=$2
-IP=$3
-
-# Getting pf rules file.
-if [ ! -f $PFCTL_RULES ]; then
- echo "The pf rules file $PFCTL_RULES does not exist"
- exit 1
-fi
-
-# Checking if ossec table is configured
-CHECKTABLE=`cat ${PFCTL_RULES} | $GREP $PFCTL_TABLE`
-if [ -z "$CHECKTABLE" ]; then
- echo "Table $PFCTL_TABLE does not exist"
- exit 1
-fi
-
-# Finding path
-LOCAL=`dirname $0`;
-cd $LOCAL
-cd ../
-PWD=`pwd`
-echo "`date` $0 $1 $2 $3 $4 $5" >> ${PWD}/../logs/active-responses.log
-
-# Checking for an IP
-if [ "x${IP}" = "x" ]; then
- echo "$0: <action> <username> <ip>"
- exit 1;
-fi
-
-# Blocking IP
-if [ "x${ACTION}" != "xadd" -a "x${ACTION}" != "xdelete" ]; then
- echo "$0: invalid action: ${ACTION}"
- echo "$0: invalid action: ${ACTION}" >> ${PWD}/ossec-hids-responses.log
- exit 1;
-fi
-
-# OpenBSD and FreeBSD pf
-if [ "X${UNAME}" = "XOpenBSD" -o "X${UNAME}" = "XFreeBSD" -o "X${UNAME}" = "XDarwin" ]; then
-
- # Checking if pfctl is present
- ls ${PFCTL} > /dev/null 2>&1
- if [ ! $? = 0 ]; then
- echo "$0: PF not configured."
- echo "$0: PF not configured." >> ${PWD}/ossec-hids-responses.log
- exit 0;
- fi
-
- # Checking if we have pf config file
- if [ -e ${PFCTL_RULES} ]; then
-
- #Checking if we got the table to add the bad guys
- if [ "x${PFCTL_TABLE}" = "x" ]; then
- echo "$0: PF not configured."
- echo "$0: PF not configured." >> ${PWD}/ossec-hids-responses.log
- exit 0;
- else
- if [ "x${ACTION}" = "xadd" ]; then
- ARG1="-t $PFCTL_TABLE -T add ${IP}"
- ARG2="-k ${IP}"
- else
- ARG1="-t $PFCTL_TABLE -T delete ${IP}"
- fi
- fi
- else
- exit 0;
- fi
-
- #Executing it
- ${PFCTL} ${ARG1} > /dev/null 2>&1
- ${PFCTL} ${ARG2} > /dev/null 2>&1
- exit 0;
-
-else
- exit 0;
-fi
projects / ossec-hids.git / blobdiff