mirror of
https://github.com/jrbrtsn/ban2fail
synced 2024-06-16 03:48:03 +00:00
Improved iptables output parsing
This commit is contained in:
parent
3fc95b33a0
commit
5aab1c091a
@ -12,9 +12,13 @@ TRIES=
|
|||||||
|
|
||||||
for (( TRIES= 0; TRIES < 10; ++TRIES )); do
|
for (( TRIES= 0; TRIES < 10; ++TRIES )); do
|
||||||
|
|
||||||
|
# cron generates an entry in auth.log when it runs, which means
|
||||||
|
# ban2fail.sh will launch ban2fail because of the new log entry.
|
||||||
|
# Solution is to pause for a second before running ban2fail here.
|
||||||
|
sleep 1
|
||||||
|
|
||||||
$BAN2FAIL -s && break
|
$BAN2FAIL -s && break
|
||||||
|
|
||||||
sleep 1
|
|
||||||
|
|
||||||
done
|
done
|
||||||
|
|
||||||
|
@ -95,7 +95,7 @@ struct Global G= {
|
|||||||
.version= {
|
.version= {
|
||||||
.major= 0,
|
.major= 0,
|
||||||
.minor= 11,
|
.minor= 11,
|
||||||
.patch= 3
|
.patch= 5
|
||||||
},
|
},
|
||||||
|
|
||||||
.bitTuples.flags= GlobalFlagBitTuples
|
.bitTuples.flags= GlobalFlagBitTuples
|
||||||
@ -290,7 +290,7 @@ main(int argc, char **argv)
|
|||||||
|
|
||||||
/* Default sending listing to stdout */
|
/* Default sending listing to stdout */
|
||||||
G.listing_fh= stdout;
|
G.listing_fh= stdout;
|
||||||
|
#ifndef DEBUG
|
||||||
/* if stdout is a tty, and listing is likely
|
/* if stdout is a tty, and listing is likely
|
||||||
* to be long, then use $PAGER.
|
* to be long, then use $PAGER.
|
||||||
*/
|
*/
|
||||||
@ -298,7 +298,7 @@ main(int argc, char **argv)
|
|||||||
S.flags |= PAGER_RUNNING_FLG;
|
S.flags |= PAGER_RUNNING_FLG;
|
||||||
G.listing_fh= pager_open();
|
G.listing_fh= pager_open();
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
assert(G.listing_fh);
|
assert(G.listing_fh);
|
||||||
|
|
||||||
|
|
||||||
|
@ -4,6 +4,9 @@
|
|||||||
# The purpose of this script is to be run from a systemd service
|
# The purpose of this script is to be run from a systemd service
|
||||||
# file, or sysvinit script.
|
# file, or sysvinit script.
|
||||||
#
|
#
|
||||||
|
# BE CAREFUL not to monitor the log file to which output from this
|
||||||
|
# script gets written - you will have a feedback loop!
|
||||||
|
#
|
||||||
|
|
||||||
BAN2FAIL=/usr/local/bin/ban2fail
|
BAN2FAIL=/usr/local/bin/ban2fail
|
||||||
BAN2FAIL_CFG=/etc/ban2fail/ban2fail.cfg
|
BAN2FAIL_CFG=/etc/ban2fail/ban2fail.cfg
|
||||||
|
63
iptables.c
63
iptables.c
@ -46,34 +46,55 @@ initialize (void)
|
|||||||
|
|
||||||
MAP_constructor(&S.addr_map, 1000, 200);
|
MAP_constructor(&S.addr_map, 1000, 200);
|
||||||
|
|
||||||
|
const static struct ipv {
|
||||||
|
const char *cmd,
|
||||||
|
*pattern;
|
||||||
|
} Ipv[] = {
|
||||||
|
{ .cmd= IPTABLES " -nL INPUT 2>/dev/null",
|
||||||
|
.pattern= "DROP[[:space:]]+all[[:space:]]+--[[:space:]]+([0-9.]+)[[:space:]]+0\\.0\\.0\\.0/0"
|
||||||
|
},
|
||||||
|
{ .cmd= IP6TABLES " -nL INPUT 2>/dev/null",
|
||||||
|
.pattern= "DROP[[:space:]]+all[[:space:]]+([0-9a-f:]+)[[:space:]]+::/0"
|
||||||
|
},
|
||||||
|
{ /* Terminating member */ }
|
||||||
|
};
|
||||||
|
|
||||||
|
for(const struct ipv *ipv= Ipv; ipv->cmd; ++ipv) {
|
||||||
|
|
||||||
static char lbuf[1024];
|
static char lbuf[1024];
|
||||||
static char addr[64];
|
static char addr[43];
|
||||||
FILE *fh= ez_popen(IPTABLES " -nL INPUT 2>/dev/null", "r");
|
regex_t re;
|
||||||
|
regmatch_t matchArr[2];
|
||||||
|
size_t len;
|
||||||
|
FILE *fh= NULL;
|
||||||
|
|
||||||
unsigned i;
|
if(regex_compile(&re, ipv->pattern, REG_EXTENDED)) {
|
||||||
for(i= 0; ez_fgets(lbuf, sizeof(lbuf)-1, fh); ++i) {
|
eprintf("ERROR: regex_compile(\"%s\") failed.", ipv->pattern);
|
||||||
if(0 == i || 1 == i) continue;
|
exit(1);
|
||||||
if(1 != sscanf(lbuf, "DROP all -- %63s 0.0.0.0/0", addr)) {
|
|
||||||
eprintf("ERROR: scanning pattern");
|
|
||||||
continue;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fh= ez_popen(ipv->cmd, "r");
|
||||||
|
|
||||||
|
while(ez_fgets(lbuf, sizeof(lbuf)-1, fh)) {
|
||||||
|
|
||||||
|
/* Filter all that looks uninteresting */
|
||||||
|
if(regexec(&re, lbuf, 2, matchArr, 0)) continue;
|
||||||
|
|
||||||
|
/* Compute the length needed for the address string */
|
||||||
|
len= matchArr[1].rm_eo - matchArr[1].rm_so;
|
||||||
|
|
||||||
|
/* Copy address into a null terminated static buffer */
|
||||||
|
strncpy(addr, lbuf + matchArr[1].rm_so, sizeof(addr)-1);
|
||||||
|
addr[len]= '\0';
|
||||||
|
|
||||||
|
if(MAP_findStrItem(&S.addr_map, addr))
|
||||||
|
eprintf("WARNING: duplicate iptable entry for %s", addr);
|
||||||
|
else
|
||||||
MAP_addStrKey(&S.addr_map, addr, strdup(addr));
|
MAP_addStrKey(&S.addr_map, addr, strdup(addr));
|
||||||
}
|
}
|
||||||
ez_pclose(fh);
|
ez_pclose(fh);
|
||||||
|
regfree(&re);
|
||||||
fh= ez_popen(IP6TABLES " -nL INPUT 2>/dev/null", "r");
|
|
||||||
for(i= 0; ez_fgets(lbuf, sizeof(lbuf)-1, fh); ++i) {
|
|
||||||
if(0 == i || 1 == i) continue;
|
|
||||||
|
|
||||||
// DROP all 2607:5300:60:653b:: ::/0
|
|
||||||
if(1 != sscanf(lbuf, "DROP all %63s ::/0", addr)) {
|
|
||||||
eprintf("ERROR: scanning pattern");
|
|
||||||
continue;
|
|
||||||
}
|
}
|
||||||
MAP_addStrKey(&S.addr_map, addr, strdup(addr));
|
|
||||||
}
|
|
||||||
ez_pclose(fh);
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
|
Loading…
Reference in New Issue
Block a user