mirror of https://github.com/jrbrtsn/ban2fail
Improved iptables output parsing
This commit is contained in:
parent
3fc95b33a0
commit
5aab1c091a
|
@ -12,9 +12,13 @@ TRIES=
|
|||
|
||||
for (( TRIES= 0; TRIES < 10; ++TRIES )); do
|
||||
|
||||
# cron generates an entry in auth.log when it runs, which means
|
||||
# ban2fail.sh will launch ban2fail because of the new log entry.
|
||||
# Solution is to pause for a second before running ban2fail here.
|
||||
sleep 1
|
||||
|
||||
$BAN2FAIL -s && break
|
||||
|
||||
sleep 1
|
||||
|
||||
done
|
||||
|
||||
|
|
|
@ -95,7 +95,7 @@ struct Global G= {
|
|||
.version= {
|
||||
.major= 0,
|
||||
.minor= 11,
|
||||
.patch= 3
|
||||
.patch= 5
|
||||
},
|
||||
|
||||
.bitTuples.flags= GlobalFlagBitTuples
|
||||
|
@ -290,7 +290,7 @@ main(int argc, char **argv)
|
|||
|
||||
/* Default sending listing to stdout */
|
||||
G.listing_fh= stdout;
|
||||
|
||||
#ifndef DEBUG
|
||||
/* if stdout is a tty, and listing is likely
|
||||
* to be long, then use $PAGER.
|
||||
*/
|
||||
|
@ -298,7 +298,7 @@ main(int argc, char **argv)
|
|||
S.flags |= PAGER_RUNNING_FLG;
|
||||
G.listing_fh= pager_open();
|
||||
}
|
||||
|
||||
#endif
|
||||
assert(G.listing_fh);
|
||||
|
||||
|
||||
|
|
|
@ -4,6 +4,9 @@
|
|||
# The purpose of this script is to be run from a systemd service
|
||||
# file, or sysvinit script.
|
||||
#
|
||||
# BE CAREFUL not to monitor the log file to which output from this
|
||||
# script gets written - you will have a feedback loop!
|
||||
#
|
||||
|
||||
BAN2FAIL=/usr/local/bin/ban2fail
|
||||
BAN2FAIL_CFG=/etc/ban2fail/ban2fail.cfg
|
||||
|
|
71
iptables.c
71
iptables.c
|
@ -46,34 +46,55 @@ initialize (void)
|
|||
|
||||
MAP_constructor(&S.addr_map, 1000, 200);
|
||||
|
||||
static char lbuf[1024];
|
||||
static char addr[64];
|
||||
FILE *fh= ez_popen(IPTABLES " -nL INPUT 2>/dev/null", "r");
|
||||
const static struct ipv {
|
||||
const char *cmd,
|
||||
*pattern;
|
||||
} Ipv[] = {
|
||||
{ .cmd= IPTABLES " -nL INPUT 2>/dev/null",
|
||||
.pattern= "DROP[[:space:]]+all[[:space:]]+--[[:space:]]+([0-9.]+)[[:space:]]+0\\.0\\.0\\.0/0"
|
||||
},
|
||||
{ .cmd= IP6TABLES " -nL INPUT 2>/dev/null",
|
||||
.pattern= "DROP[[:space:]]+all[[:space:]]+([0-9a-f:]+)[[:space:]]+::/0"
|
||||
},
|
||||
{ /* Terminating member */ }
|
||||
};
|
||||
|
||||
unsigned i;
|
||||
for(i= 0; ez_fgets(lbuf, sizeof(lbuf)-1, fh); ++i) {
|
||||
if(0 == i || 1 == i) continue;
|
||||
if(1 != sscanf(lbuf, "DROP all -- %63s 0.0.0.0/0", addr)) {
|
||||
eprintf("ERROR: scanning pattern");
|
||||
continue;
|
||||
for(const struct ipv *ipv= Ipv; ipv->cmd; ++ipv) {
|
||||
|
||||
static char lbuf[1024];
|
||||
static char addr[43];
|
||||
regex_t re;
|
||||
regmatch_t matchArr[2];
|
||||
size_t len;
|
||||
FILE *fh= NULL;
|
||||
|
||||
if(regex_compile(&re, ipv->pattern, REG_EXTENDED)) {
|
||||
eprintf("ERROR: regex_compile(\"%s\") failed.", ipv->pattern);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
fh= ez_popen(ipv->cmd, "r");
|
||||
|
||||
while(ez_fgets(lbuf, sizeof(lbuf)-1, fh)) {
|
||||
|
||||
/* Filter all that looks uninteresting */
|
||||
if(regexec(&re, lbuf, 2, matchArr, 0)) continue;
|
||||
|
||||
/* Compute the length needed for the address string */
|
||||
len= matchArr[1].rm_eo - matchArr[1].rm_so;
|
||||
|
||||
/* Copy address into a null terminated static buffer */
|
||||
strncpy(addr, lbuf + matchArr[1].rm_so, sizeof(addr)-1);
|
||||
addr[len]= '\0';
|
||||
|
||||
if(MAP_findStrItem(&S.addr_map, addr))
|
||||
eprintf("WARNING: duplicate iptable entry for %s", addr);
|
||||
else
|
||||
MAP_addStrKey(&S.addr_map, addr, strdup(addr));
|
||||
}
|
||||
MAP_addStrKey(&S.addr_map, addr, strdup(addr));
|
||||
ez_pclose(fh);
|
||||
regfree(&re);
|
||||
}
|
||||
ez_pclose(fh);
|
||||
|
||||
fh= ez_popen(IP6TABLES " -nL INPUT 2>/dev/null", "r");
|
||||
for(i= 0; ez_fgets(lbuf, sizeof(lbuf)-1, fh); ++i) {
|
||||
if(0 == i || 1 == i) continue;
|
||||
|
||||
// DROP all 2607:5300:60:653b:: ::/0
|
||||
if(1 != sscanf(lbuf, "DROP all %63s ::/0", addr)) {
|
||||
eprintf("ERROR: scanning pattern");
|
||||
continue;
|
||||
}
|
||||
MAP_addStrKey(&S.addr_map, addr, strdup(addr));
|
||||
}
|
||||
ez_pclose(fh);
|
||||
|
||||
}
|
||||
|
||||
int
|
||||
|
|
Loading…
Reference in New Issue