Menu
▾
▴
astlinux-commits
|
From: <abe...@us...> - 2011-11-21 05:40:27
|
Revision: 5264
http://astlinux.svn.sourceforge.net/astlinux/?rev=5264&view=rev
Author: abelbeck
Date: 2011-11-21 05:40:20 +0000 (Mon, 21 Nov 2011)
Log Message:
-----------
adaptive-ban-plugin, remove possible IPv4 port numbers extracted from logs, fixes an issue reported by Fernando Fuentes
Modified Paths:
--------------
branches/1.0/package/arnofw/adaptive-ban/95adaptive-ban.plugin.sh
branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh
Modified: branches/1.0/package/arnofw/adaptive-ban/95adaptive-ban.plugin.sh
===================================================================
--- branches/1.0/package/arnofw/adaptive-ban/95adaptive-ban.plugin.sh 2011-11-20 18:31:22 UTC (rev 5263)
+++ branches/1.0/package/arnofw/adaptive-ban/95adaptive-ban.plugin.sh 2011-11-21 05:40:20 UTC (rev 5264)
@@ -2,10 +2,10 @@
# -= Arno's iptables firewall - Adaptive Ban plugin =-
#
PLUGIN_NAME="Adaptive Ban plugin"
-PLUGIN_VERSION="1.03 BETA"
+PLUGIN_VERSION="1.04 BETA"
PLUGIN_CONF_FILE="adaptive-ban.conf"
#
-# Last changed : May 20, 2011
+# Last changed : November 20, 2011
# Requirements : AIF 2.0.0+
# Comments : Parse a log file for failed access with offending IP addresses
# Ban the IP address after multiple failed attempts
Modified: branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh
===================================================================
--- branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh 2011-11-20 18:31:22 UTC (rev 5263)
+++ branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh 2011-11-21 05:40:20 UTC (rev 5264)
@@ -205,6 +205,9 @@
{
local count="$1" type="$2" line host IFS
+ # Remove possible IPv4 port numbers, IPv4:PORT -> IPv4
+ sed -i -r -e 's/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+):[0-9]+$/\1/' "$TEMPFILE"
+
IFS=$'\n'
for line in $(sort "$TEMPFILE" | uniq -c); do
if [ "$(echo "$line" | awk '{ print $1; }')" -ge "$count" ]; then
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2013-05-18 16:14:12
|
Revision: 6090
http://sourceforge.net/p/astlinux/code/6090
Author: abelbeck
Date: 2013-05-18 16:14:09 +0000 (Sat, 18 May 2013)
Log Message:
-----------
AIF, adaptive-ban plugin, add support for Asterisk 11 'Rejecting ... ACL' log. Thanks to Dominko Vrljic
Modified Paths:
--------------
branches/1.0/package/arnofw/adaptive-ban/95adaptive-ban.plugin.sh
branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh
Modified: branches/1.0/package/arnofw/adaptive-ban/95adaptive-ban.plugin.sh
===================================================================
--- branches/1.0/package/arnofw/adaptive-ban/95adaptive-ban.plugin.sh 2013-05-17 23:01:48 UTC (rev 6089)
+++ branches/1.0/package/arnofw/adaptive-ban/95adaptive-ban.plugin.sh 2013-05-18 16:14:09 UTC (rev 6090)
@@ -2,15 +2,15 @@
# -= Arno's iptables firewall - Adaptive Ban plugin =-
#
PLUGIN_NAME="Adaptive Ban plugin"
-PLUGIN_VERSION="1.04 BETA"
+PLUGIN_VERSION="1.05"
PLUGIN_CONF_FILE="adaptive-ban.conf"
#
-# Last changed : November 20, 2011
+# Last changed : May 5, 2013
# Requirements : AIF 2.0.0+
# Comments : Parse a log file for failed access with offending IP addresses
# Ban the IP address after multiple failed attempts
#
-# Author : (C) Copyright 2010-2011 by Lonnie Abelbeck
+# Author : (C) Copyright 2010-2013 by Lonnie Abelbeck
# Homepage : http://www.astlinux.org/
# Credits : Fail2ban Project
# Homepage : http://www.fail2ban.org/
Modified: branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh
===================================================================
--- branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh 2013-05-17 23:01:48 UTC (rev 6089)
+++ branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh 2013-05-18 16:14:09 UTC (rev 6090)
@@ -168,6 +168,7 @@
-e "s/^${PREFIX}NOTICE.* .*: Registration from '.*' failed for '${HOST}' - No matching peer found$/\1/p" \
-e "s/^${PREFIX}NOTICE.* .*: Registration from '.*' failed for '${HOST}' - Username\/auth name mismatch$/\1/p" \
-e "s/^${PREFIX}NOTICE.* .*: Registration from '.*' failed for '${HOST}' - Device does not match ACL$/\1/p" \
+ -e "s/^${PREFIX}NOTICE.* .*: Rejecting '${HOST}' due to a failure to pass ACL '.*'$/\1/p" \
-e "s/^${PREFIX}NOTICE.* '${HOST}' - Dialplan Noted Suspicious IP Address$/\1/p" \
-e "s/^${PREFIX}NOTICE.* ${HOST} failed to authenticate as '.*'$/\1/p" \
-e "s/^${PREFIX}NOTICE.* .*: No registration for peer '.*' \(from ${HOST}\)$/\1/p" \
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2013-07-19 18:31:23
|
Revision: 6140
http://sourceforge.net/p/astlinux/code/6140
Author: abelbeck
Date: 2013-07-19 18:31:20 +0000 (Fri, 19 Jul 2013)
Log Message:
-----------
AIF - adaptive ban plugin, don't ban IPv4 127.0.0.1, the IPv6 ::1 was previously ignored
Modified Paths:
--------------
branches/1.0/package/arnofw/adaptive-ban/95adaptive-ban.plugin.sh
branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh
Modified: branches/1.0/package/arnofw/adaptive-ban/95adaptive-ban.plugin.sh
===================================================================
--- branches/1.0/package/arnofw/adaptive-ban/95adaptive-ban.plugin.sh 2013-07-19 17:24:28 UTC (rev 6139)
+++ branches/1.0/package/arnofw/adaptive-ban/95adaptive-ban.plugin.sh 2013-07-19 18:31:20 UTC (rev 6140)
@@ -2,10 +2,10 @@
# -= Arno's iptables firewall - Adaptive Ban plugin =-
#
PLUGIN_NAME="Adaptive Ban plugin"
-PLUGIN_VERSION="1.05"
+PLUGIN_VERSION="1.06"
PLUGIN_CONF_FILE="adaptive-ban.conf"
#
-# Last changed : May 18, 2013
+# Last changed : July 19, 2013
# Requirements : AIF 2.0.0+
# Comments : Parse a log file for failed access with offending IP addresses
# Ban the IP address after multiple failed attempts
Modified: branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh
===================================================================
--- branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh 2013-07-19 17:24:28 UTC (rev 6139)
+++ branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh 2013-07-19 18:31:20 UTC (rev 6140)
@@ -225,10 +225,12 @@
get_numeric_ip_version "$host"
case $? in
4)
- if ! ip4tables -n -L ADAPTIVE_BAN_CHAIN | grep -q " ${host//./\.}[/ ]"; then
- ip4tables -A ADAPTIVE_BAN_CHAIN -s $host -j ADAPTIVE_BAN_DROP_CHAIN
- if [ $? -eq 0 ]; then
- log_msg "Banned IPv4 Host: $host Filter Type: $type"
+ if [ "$host" != "127.0.0.1" ]; then
+ if ! ip4tables -n -L ADAPTIVE_BAN_CHAIN | grep -q " ${host//./\.}[/ ]"; then
+ ip4tables -A ADAPTIVE_BAN_CHAIN -s $host -j ADAPTIVE_BAN_DROP_CHAIN
+ if [ $? -eq 0 ]; then
+ log_msg "Banned IPv4 Host: $host Filter Type: $type"
+ fi
fi
fi
;;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2015-12-26 14:10:28
|
Revision: 7428
http://sourceforge.net/p/astlinux/code/7428
Author: abelbeck
Date: 2015-12-26 14:10:26 +0000 (Sat, 26 Dec 2015)
Log Message:
-----------
arnofw, add racoon filter type for 'Invalid exchange type'
Modified Paths:
--------------
branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh
branches/1.0/package/arnofw/adaptive-ban/adaptive-ban.conf
Modified: branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh
===================================================================
--- branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh 2015-12-24 21:42:04 UTC (rev 7427)
+++ branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh 2015-12-26 14:10:26 UTC (rev 7428)
@@ -140,6 +140,8 @@
;;
pptpd) filter_pptpd "$file" "$PREFIX" "$HOST"
;;
+ racoon) filter_racoon "$file" ".*${type}:[[:space:]]*" "$HOST"
+ ;;
*) log_msg "Unsupported type \"$type\""
continue
;;
@@ -212,6 +214,14 @@
"$file" >"$TEMPFILE"
}
+filter_racoon()
+{
+ local file="$1" PREFIX="$2" HOST="$3"
+
+ sed -n -r -e "s/^${PREFIX}ERROR: Invalid exchange type [0-9]+ from ${HOST}\[[0-9]+].$/\1/p" \
+ "$file" >"$TEMPFILE"
+}
+
count_attempts_then_ban()
{
local count="$1" type="$2" line host IFS
Modified: branches/1.0/package/arnofw/adaptive-ban/adaptive-ban.conf
===================================================================
--- branches/1.0/package/arnofw/adaptive-ban/adaptive-ban.conf 2015-12-24 21:42:04 UTC (rev 7427)
+++ branches/1.0/package/arnofw/adaptive-ban/adaptive-ban.conf 2015-12-26 14:10:26 UTC (rev 7428)
@@ -19,7 +19,7 @@
ADAPTIVE_BAN_COUNT=6
# A list of analysis types that are applied
-# Choose from: sshd asterisk kamailio lighttpd prosody pptpd
+# Choose from: sshd asterisk kamailio lighttpd prosody pptpd racoon
# ------------------------------------------------------------------------------
ADAPTIVE_BAN_TYPES="sshd asterisk"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X