shutout_ssh.pl
電脳趣味さんのところにあるものをベースにしてIPホイホイ機能も追加してます。
Size 2.9 kB - File type text/x-perlFile contents
#!/usr/bin/perl $| = 1; $g_debuglevel = 3; $g_maxcnt1 = 5; $g_maxcnt2 = 3; $g_cdbfile = "/etc/tcpserver.d/tcp.sshd.cdb"; $g_rulefile = "/etc/tcpserver.d/tcp.sshd"; $g_exec = "/usr/local/bin/tcprules $g_cdbfile $g_cdbfile.tmp < $g_rulefile"; $g_exec_py = "/opt/python2.4.4/bin/python /var/zope/bin/update_bl_ssh.py"; %g_graylist; %g_blacklist; init(); main(); end(); sub main(){ my ( $ipaddr, @line ); while ( <> ){ @line = split; if ( /Failed password for illegal/ ){ $ipaddr = $line[8]; if ( !$g_blacklist{$ipaddr} ){ if ( countup($ipaddr) > $g_maxcnt1 ){ addtoblacklist($ipaddr); shutout(); update_python($ipaddr); } } } elsif ( /Failed password for/ ){ $ipaddr = $line[6]; if ( !$g_blacklist{$ipaddr} ){ if ( countup($ipaddr) > $g_maxcnt2 ){ addtoblacklist($ipaddr); shutout(); update_python($ipaddr); } } } elsif ( /Did not receive identification/ ){ $ipaddr = $line[7]; if ( !$g_blacklist{$ipaddr} ){ if ( countup($ipaddr) > $g_maxcnt2 ){ addtoblacklist($ipaddr); shutout(); update_python($ipaddr); } } } } } sub init() { my ( $ipaddr, $access, $addr ); debugout("----- reading blacklist ($g_rulefile) -----\n", 2); open RULEFILE, $g_rulefile or debugout("Can't open $g_rulefile\n", 2); while (<RULEFILE>){ chop; ( $ipaddr, $access ) = split /:/; if( $access eq "deny" ){ addtoblacklist($ipaddr); } } close RULEFILE; debugout("-----\n", 2); } sub end() { } sub countup() { my ( $ipaddr ) = @_; $g_graylist{$ipaddr}++; debugout($ipaddr . " tried " . $g_graylist{$ipaddr} . " times\n", 2); return $g_graylist{$ipaddr}; } sub update_python() { my ( $ipaddr ) = @_; my ( $datestr ) = getdatestr(); debugout("update python $ipaddr\n", 1); system( $g_exec_py . ' ' . $ipaddr . ' "' . $datestr . '"'); } sub addtoblacklist() { my ( $ipaddr ) = @_; debugout("adding $ipaddr to blacklist...\n", 1); $g_blacklist{$ipaddr} = time; } sub shutout() { my ( $ipaddr ) = @_; debugout("----- writing blacklist ($g_rulefile) -----\n", 3); open RULEFILE, ">$g_rulefile.tmp" or die "Can't open $g_rulefile.tmp"; foreach $ipaddr (keys %g_blacklist){ debugout("$ipaddr:deny\n", 3); print RULEFILE "$ipaddr:deny\n" or die "Can't print to $g_rulefile.tmp"; } print RULEFILE ":allow\n" or die "Can't print to $g_rulefile.tmp"; close RULEFILE; rename "$g_rulefile.tmp", "$g_rulefile" or die "Can't rename from $g_rulefile.tmp to $g_rulefile"; debugout("executing $g_exec\n", 3); # system "$g_exec\n"; system($g_exec); debugout("-----\n", 3); } sub debugout() { my ( $message, $level ) = @_; my ( $date ) = getdatestr(); printf "%s %s", $date, $message if $level <= $g_debuglevel; } sub getdatestr() { my ( $sec, $min, $hour, $day, $month, $year ) = localtime; $str = sprintf( "%04d/%02d/%02d %02d:%02d:%02d", $year + 1900, $month + 1, $day, $hour, $min, $sec ); return $str; }