smeserver-denyhosts/root/etc/e-smith/events/actions/denyhost-purge

65 lines
1.7 KiB
Plaintext
Raw Normal View History

#!/usr/bin/perl -w
use strict;
use Errno;
use esmith::ConfigDB;
use esmith::util;
use esmith::db;
use Data::Validate::IP;
my $validator=Data::Validate::IP->new;
my $event = $ARGV [0];
my $ip = $ARGV [1];
my $whitelist = $ARGV [2];
my $debug=0;
die "IP missing" unless defined ($ip);
die "Not an IP" unless ($validator->is_ipv4($ip));
die "IP $ip not banned" unless (system("grep $ip /etc/hosts.deny_ssh ".'>/dev/null 2>&1') == 0);
die "can not stop denyhost" unless ( system("/etc/init.d/denyhosts","stop") ==0);
# unlist
my @files = ('/etc/hosts.deny_ssh', '/var/lib/denyhosts/hosts', '/var/lib/denyhosts/hosts-restricted' , '/var/lib/denyhosts/hosts-root', '/var/lib/denyhosts/hosts-valid', '/var/lib/denyhosts/users-hosts' );
foreach my $file (@files) {
if (system("grep $ip $file".' >/dev/null 2>&1') == 0) {
print "$ip removed from $file\n" if (system("sed -i '/$ip/d' $file") == 0 && $debug )
}
}
#(optional, whitelist) /var/lib/denyhosts/allowed-hosts
if (defined($whitelist)) {
# add to db
my $db = esmith::ConfigDB->open
|| warn "Couldn't open configuration database (permissions problems?)";
my $rec = $db->get('denyhosts');
if ($rec)
{
my $prop = $rec->prop('ValidFrom') || '';
my @vals = split /,/, $prop;
unless (grep /^$ip$/, @vals)
{ # already have this entry
if ($prop ne '')
{
$prop .= ",$ip";
}
else
{
$prop = "$ip";
}
$rec->set_prop('ValidFrom', $prop);
system("/sbin/e-smith/expand-template /var/lib/denyhosts/allowed-hosts");
print "Add to whitelist: $ip \n";
}
}
}
# /etc/init.d/denyhosts start
system("/etc/init.d/denyhosts","start");