Differences between version 2 and predecessor to the previous major change of KnowledgeBase/FreeBSD/SiteBan.
Other diffs: Previous Revision, Previous Author
Newer page: | version 2 | Last edited on Thursday, 20 September 2007 12:03:03 | by CyberLeo | Revert |
Older page: | version 1 | Last edited on Sunday, 2 September 2007 18:29:11 | by CyberLeo | Revert |
@@ -108,5 +108,106 @@
${ipfw} list | egrep "^${prefix}" | cut -d" " -f1,6 | sort | while read number ip
do
echo "${number} -> ${ip}"
done
+</verbatim>
+
+autoban:
+<verbatim>
+#!/bin/bash
+
+# autoban <ip> <template|default>
+
+pv_base="/home/admin/siteban/asshats"
+
+if [ "$(id -u)" -ne "0" ]
+then
+ echo "Run me as root."
+ exit 32
+fi
+
+ip="${1}"
+template="${2:-autoban}"
+
+# Parameter check
+if [ -z "${ip}" ]
+then
+ echo "Usage: $(basename "${0}") <ip> [template]"
+ echo "Executes banishment of the specified IP, optionally using template"
+ echo " as the ban message, or autoban if unspecified."
+ exit 64
+fi
+
+cd "${pv_base}"
+
+# Template validity check
+if [ ! -f "htdocs/${template}.html" ]
+then
+ echo "Template ${template} doesn't exist. Defaulting to 'autoban'."
+ template="autoban"
+fi
+
+echo "$(date "+%Y-%m-%d:%H:%M:%S") autoban: banned ${ip} using template ${template}" >> autoban.log
+logger -p security.notice -t autoban "banned ${ip} using template ${template}"
+ln -svf "${template}.html" "htdocs/${ip}.html"
+touch ".autoban/${ip}"
+./ban "${ip}"
+</verbatim>
+
+ab_expire:
+<verbatim>
+#!/bin/bash
+
+# Run me from cron every few minutes or hours or whatever to auto-expire bans
+
+# Bans expire after one day
+expiry=86400
+pv_base="/home/admin/siteban/asshats"
+
+if [ "$(id -u)" -ne "0" ]
+then
+ echo "Run me as root."
+ exit 32
+fi
+
+cd "${pv_base}"
+
+now="$(date "+%s")"
+
+#logger -p security.notice -t autoban "Running ban expiry at $(date -r "${now}" "+%Y-%m-%d:%H:%M:%S")"
+
+ls -1 .autoban/* 2>/dev/null | while read ip
+do
+ ip="$(basename "${ip}")"
+ then="$(stat -f "%m" ".autoban/${ip}")"
+ age="$(( ${now} - ${then} ))"
+ consider
+# logger -p security.notice -t autoban "Considering ${ip} (${age}, $(date -r "${then}" "+%Y-%m-%d:%H:%M:%S") )"
+
+ if [ "${age}" -ge "${expiry}" ]
+ then
+ echo "$(date "+%Y-%m-%d:%H:%M:%S") autoban: unbanned ${ip}" >> autoban.log
+ logger -p security.notice -t autoban "autoban expired for ${ip}"
+ ./unban "${ip}"
+ rm -f ".autoban/${ip}"
+ rm -vf "htdocs/${ip}.html"
+ fi
+done
+</verbatim>
+
+kerban.php:
+<verbatim>
+<?php
+
+// Place a line similar to the following into sudoers to allow this to function:
+// www = (root) NOPASSWD: /usr/home/admin/siteban/asshats/autoban *
+// You must specify the full path to the autoban script, and NOPASSWD must be in effect, as www doesn't (or shouldn't) have a password.
+
+
+$ip=$_SERVER['REMOTE_ADDR'];
+
+shell_exec(sprintf('/usr/local/bin/sudo /usr/home/admin/siteban/asshats/autoban %s', escapeshellarg($ip)));
+
+header("Location: http://www.lslwiki.net/lslwiki/");
+
+?>
</verbatim>
version 2
Set up a webserver on a local IP alias. Preferrably something nobody else listens on. I use 127.0.0.44.
I wrote a tiny, quick webserver to serve static pages. It's written in PHP, and can serve nearly a million pages per minute. It's available under PartyVan.
ban:
#!/bin/sh # IPFW binary ipfw="/sbin/ipfw" # Index prefix of autoban rules prefix="44???" if [ -z "${1}" ] then echo "Usage: ${0} <ip>" exit 64 fi if [ "$(id -u)" -ne 0 ] then echo "Must be run as root." exit 32 fi luser="${1}" # Determine if the IP is already banned banned=$( ${ipfw} list | egrep "^${prefix}" | grep "from ${luser}" | cut -d" " -f1 | sort ) if [ -n "${banned}" ] then echo "Already banned, in rule(s): ${banned}" exit 16 fi # Obtain biggest index last=$( ${ipfw} list | egrep "^${prefix}" | cut -d" " -f1 | sort | tail -n 1 ) # Is it an index? if [ -z "${last}" ] then # Populate it with a sane value index="$( echo "${prefix}" | tr '?' '0' )" else # Increment index="$(( "${last}" + 1 ))" fi rule="${index} fwd 127.0.0.44 tcp from "${luser}" to any 80 in recv fxp0" ${ipfw} add ${rule}
unban:
#!/bin/sh # IPFW binary ipfw="/sbin/ipfw" # Index prefix of autoban rules prefix="44???" if [ -z "${1}" ] then echo "Usage: ${0} <ip>" exit 64 fi if [ "$(id -u)" -ne 0 ] then echo "Must be run as root." exit 32 fi luser="${1}" # Determine if the IP is already banned banned=$( ${ipfw} list | egrep "^${prefix}" | grep "from ${luser}" | cut -d" " -f1 | sort ) if [ -z "${banned}" ] then echo "Not banned. Check rulesets manually." exit 16 fi # Unban echo "Unbanning: ${banned}" ${ipfw} del ${banned}
banlist:
#!/bin/sh # IPFW binary ipfw="/sbin/ipfw" # Index prefix of autoban rules prefix="44???" if [ "$(id -u)" -ne 0 ] then echo "Must be run as root." exit 32 fi # Get list of banned IPs ${ipfw} list | egrep "^${prefix}" | cut -d" " -f1,6 | sort | while read number ip do echo "${number} -> ${ip}" done
autoban:
#!/bin/bash # autoban <ip> <template|default> pv_base="/home/admin/siteban/asshats" if [ "$(id -u)" -ne "0" ] then echo "Run me as root." exit 32 fi ip="${1}" template="${2:-autoban}" # Parameter check if [ -z "${ip}" ] then echo "Usage: $(basename "${0}") <ip> [template]" echo "Executes banishment of the specified IP, optionally using template" echo " as the ban message, or autoban if unspecified." exit 64 fi cd "${pv_base}" # Template validity check if [ ! -f "htdocs/${template}.html" ] then echo "Template ${template} doesn't exist. Defaulting to 'autoban'." template="autoban" fi echo "$(date "+%Y-%m-%d:%H:%M:%S") autoban: banned ${ip} using template ${template}" >> autoban.log logger -p security.notice -t autoban "banned ${ip} using template ${template}" ln -svf "${template}.html" "htdocs/${ip}.html" touch ".autoban/${ip}" ./ban "${ip}"
ab_expire:
#!/bin/bash # Run me from cron every few minutes or hours or whatever to auto-expire bans # Bans expire after one day expiry=86400 pv_base="/home/admin/siteban/asshats" if [ "$(id -u)" -ne "0" ] then echo "Run me as root." exit 32 fi cd "${pv_base}" now="$(date "+%s")" #logger -p security.notice -t autoban "Running ban expiry at $(date -r "${now}" "+%Y-%m-%d:%H:%M:%S")" ls -1 .autoban/* 2>/dev/null | while read ip do ip="$(basename "${ip}")" then="$(stat -f "%m" ".autoban/${ip}")" age="$(( ${now} - ${then} ))" consider # logger -p security.notice -t autoban "Considering ${ip} (${age}, $(date -r "${then}" "+%Y-%m-%d:%H:%M:%S") )" if [ "${age}" -ge "${expiry}" ] then echo "$(date "+%Y-%m-%d:%H:%M:%S") autoban: unbanned ${ip}" >> autoban.log logger -p security.notice -t autoban "autoban expired for ${ip}" ./unban "${ip}" rm -f ".autoban/${ip}" rm -vf "htdocs/${ip}.html" fi done
kerban.php:
<?php // Place a line similar to the following into sudoers to allow this to function: // www = (root) NOPASSWD: /usr/home/admin/siteban/asshats/autoban * // You must specify the full path to the autoban script, and NOPASSWD must be in effect, as www doesn't (or shouldn't) have a password. $ip=$_SERVER['REMOTE_ADDR']; shell_exec(sprintf('/usr/local/bin/sudo /usr/home/admin/siteban/asshats/autoban %s', escapeshellarg($ip))); header("Location: http://www.lslwiki.net/lslwiki/"); ?>