Document Actions
shutout_ssh.pl
電脳趣味さんのところにあるものをベースにしてIPホイホイ機能も追加してます。
Size 2.9 kB - File type text/x-perl
Click here to get the file
File contents
#!/usr/bin/perl
$| = 1;
$g_debuglevel = 3;
$g_maxcnt1 = 5;
$g_maxcnt2 = 3;
$g_cdbfile = "/etc/tcpserver.d/tcp.sshd.cdb";
$g_rulefile = "/etc/tcpserver.d/tcp.sshd";
$g_exec = "/usr/local/bin/tcprules $g_cdbfile $g_cdbfile.tmp < $g_rulefile";
$g_exec_py = "/opt/python2.4.4/bin/python /var/zope/bin/update_bl_ssh.py";
%g_graylist;
%g_blacklist;
init();
main();
end();
sub main(){
my ( $ipaddr, @line );
while ( <> ){
@line = split;
if ( /Failed password for illegal/ ){
$ipaddr = $line[8];
if ( !$g_blacklist{$ipaddr} ){
if ( countup($ipaddr) > $g_maxcnt1 ){
addtoblacklist($ipaddr);
shutout();
update_python($ipaddr);
}
}
}
elsif ( /Failed password for/ ){
$ipaddr = $line[6];
if ( !$g_blacklist{$ipaddr} ){
if ( countup($ipaddr) > $g_maxcnt2 ){
addtoblacklist($ipaddr);
shutout();
update_python($ipaddr);
}
}
}
elsif ( /Did not receive identification/ ){
$ipaddr = $line[7];
if ( !$g_blacklist{$ipaddr} ){
if ( countup($ipaddr) > $g_maxcnt2 ){
addtoblacklist($ipaddr);
shutout();
update_python($ipaddr);
}
}
}
}
}
sub init()
{
my ( $ipaddr, $access, $addr );
debugout("----- reading blacklist ($g_rulefile) -----\n", 2);
open RULEFILE, $g_rulefile or debugout("Can't open $g_rulefile\n", 2);
while (<RULEFILE>){
chop;
( $ipaddr, $access ) = split /:/;
if( $access eq "deny" ){
addtoblacklist($ipaddr);
}
}
close RULEFILE;
debugout("-----\n", 2);
}
sub end()
{
}
sub countup()
{
my ( $ipaddr ) = @_;
$g_graylist{$ipaddr}++;
debugout($ipaddr . " tried " . $g_graylist{$ipaddr} . " times\n", 2);
return $g_graylist{$ipaddr};
}
sub update_python()
{
my ( $ipaddr ) = @_;
my ( $datestr ) = getdatestr();
debugout("update python $ipaddr\n", 1);
system( $g_exec_py . ' ' . $ipaddr . ' "' . $datestr . '"');
}
sub addtoblacklist()
{
my ( $ipaddr ) = @_;
debugout("adding $ipaddr to blacklist...\n", 1);
$g_blacklist{$ipaddr} = time;
}
sub shutout()
{
my ( $ipaddr ) = @_;
debugout("----- writing blacklist ($g_rulefile) -----\n", 3);
open RULEFILE, ">$g_rulefile.tmp" or die "Can't open $g_rulefile.tmp";
foreach $ipaddr (keys %g_blacklist){
debugout("$ipaddr:deny\n", 3);
print RULEFILE "$ipaddr:deny\n" or die "Can't print to $g_rulefile.tmp";
}
print RULEFILE ":allow\n" or die "Can't print to $g_rulefile.tmp";
close RULEFILE;
rename "$g_rulefile.tmp", "$g_rulefile" or die "Can't rename from $g_rulefile.tmp to $g_rulefile";
debugout("executing $g_exec\n", 3);
# system "$g_exec\n";
system($g_exec);
debugout("-----\n", 3);
}
sub debugout()
{
my ( $message, $level ) = @_;
my ( $date ) = getdatestr();
printf "%s %s", $date, $message if $level <= $g_debuglevel;
}
sub getdatestr()
{
my ( $sec, $min, $hour, $day, $month, $year ) = localtime;
$str = sprintf( "%04d/%02d/%02d %02d:%02d:%02d", $year + 1900, $month + 1, $day, $hour, $min, $sec );
return $str;
}