X-Git-Url: http://ftp.carnet.hr/pub/carnet-debian/scm?a=blobdiff_plain;f=active-response%2Fwin%2Froute-null.cmd;h=9b656dce8e16d8240890a4dd9cb9f90d90485b1f;hb=946517cefb8751a43a89bda4220221f065f4e5d1;hp=3960e31590ea1f825492cb691aada49a8c1aa718;hpb=301048b51990573e58a30dc4a5bb4ec285cad554;p=ossec-hids.git diff --git a/active-response/win/route-null.cmd b/active-response/win/route-null.cmd index 3960e31..9b656dc 100644 --- a/active-response/win/route-null.cmd +++ b/active-response/win/route-null.cmd @@ -1,31 +1,48 @@ -:: Simple script to null route an ip address. -@ECHO OFF -ECHO. - - -:: Logging it all -FOR /F "TOKENS=1* DELIMS= " %%A IN ('DATE/T') DO SET DATE=%%B -FOR /F "TOKENS=1* DELIMS= " %%A IN ('TIME/T') DO SET TIME=%%A -ECHO %DATE% %TIME% %0 %1 %2 %3 %4 %5 %6 %7 %8 %9 >> active-response/active-responses.log - - -IF "%1"=="add" GOTO ADD -IF "%1"=="delete" GOTO DEL -:ERROR - -ECHO "Invalid argument. %1" -GOTO Exit; - - -:: Adding to the blocked. - -:ADD -:: Extracts last ip address from ipconfig. -FOR /F "TOKENS=2* DELIMS=:" %%A IN ('IPCONFIG ^| FIND "IP"') DO FOR %%B IN (%%A) DO SET IPADDR=%%B -route add %3 mask 255.255.255.255 %IPADDR% -GOTO Exit; - -:DEL -route delete %3 - -:Exit +:: Script to null route an ip address. +@ECHO OFF +ECHO. + +:: Set some variables +FOR /F "TOKENS=1* DELIMS= " %%A IN ('DATE/T') DO SET DAT=%%A %%B +FOR /F "TOKENS=1-3 DELIMS=:" %%A IN ("%TIME%") DO SET TIM=%%A:%%B:%%C + +:: Check for required arguments +IF /I "%1"=="" GOTO ERROR +IF /I "%2"=="" GOTO ERROR +IF /I "%3"=="" GOTO ERROR + +:: Check for a valid IP +ECHO "%3" | %WINDIR%\system32\findstr.exe /R "\." >nul || GOTO ipv6 + +set prefixlength=32 +set gateway=0.0.0.0 +goto x + +:ipv6 +set prefixlength=128 +set gateway=:: + +:x + +IF /I "%1"=="add" GOTO ADD +IF /I "%1"=="delete" GOTO DEL + +:ERROR +ECHO Invalid argument(s). +ECHO Usage: route-null.cmd ^(ADD^|DELETE^) user IP_Address +ECHO Example: route-null.cmd ADD - 1.2.3.4 +EXIT /B 1 + +:: Adding IP to be null-routed. + +:ADD +%WINDIR%\system32\route.exe ADD %3/%prefixlength% %gateway% +:: Log it +ECHO %DAT%%TIM% "%~f0" %1 %2 %3 >> "%OSSECPATH%active-response\active-responses.log" +GOTO EXIT + +:DEL +%WINDIR%\system32\route.exe DELETE %3/%prefixlength% +ECHO %DAT%%TIM% "%~f0" %1 %2 %3 >> "%OSSECPATH%active-response\active-responses.log" + +:EXIT /B 0: