2 # Author: Gianni D'Aprile
15 echo "`date` $0 $1 $2 $3 $4 $5" >> ${PWD}/../logs/active-responses.log
19 if [ ! -x ${NPFCTL} ]; then
20 echo "$0: NPF not present."
21 echo "$0: NPF not present." >> ${PWD}/ossec-hids-responses.log
25 NPF_ACTIVE=`${NPFCTL} show | grep "filtering:" | ${GREP} -c active`
27 if [ "x1" != "x${NPF_ACTIVE}" ]; then
28 echo "$0: NPF not active."
29 echo "$0: NPF not active." >> ${PWD}/ossec-hids-responses.log
33 NPF_OSSEC_READY=`${NPFCTL} show | ${GREP} -c "table <ossec_blacklist>"`
35 if [ "x1" != "x${NPF_OSSEC_READY}" ]; then
36 echo "$0: NPF not configured."
37 echo "$0: NPF not configured." >> ${PWD}/ossec-hids-responses.log
42 if [ "x${IP}" = "x" ]; then
43 echo "$0: <action> <username> <ip>"
52 ${NPFCTL} table ossec_blacklist add ${IP} >/dev/null 2>&1
60 ${NPFCTL} table ossec_blacklist del ${IP} >/dev/null 2>&1
68 echo "$0: invalid action: ${ACTION}"
69 echo "$0: invalid action: ${ACTION}" >> ${PWD}/ossec-hids-responses.log