65 lines
1.7 KiB
Perl
65 lines
1.7 KiB
Perl
#!/usr/bin/perl -w
|
|
|
|
use strict;
|
|
use Errno;
|
|
use esmith::ConfigDB;
|
|
use esmith::util;
|
|
use esmith::db;
|
|
use Data::Validate::IP;
|
|
my $validator=Data::Validate::IP->new;
|
|
|
|
my $event = $ARGV [0];
|
|
my $ip = $ARGV [1];
|
|
my $whitelist = $ARGV [2];
|
|
my $debug=0;
|
|
|
|
die "IP missing" unless defined ($ip);
|
|
die "Not an IP" unless ($validator->is_ipv4($ip));
|
|
|
|
|
|
die "IP $ip not banned" unless (system("grep $ip /etc/hosts.deny_ssh ".'>/dev/null 2>&1') == 0);
|
|
die "can not stop denyhost" unless ( system("/etc/init.d/denyhosts","stop") ==0);
|
|
|
|
# unlist
|
|
my @files = ('/etc/hosts.deny_ssh', '/var/lib/denyhosts/hosts', '/var/lib/denyhosts/hosts-restricted' , '/var/lib/denyhosts/hosts-root', '/var/lib/denyhosts/hosts-valid', '/var/lib/denyhosts/users-hosts' );
|
|
foreach my $file (@files) {
|
|
|
|
if (system("grep $ip $file".' >/dev/null 2>&1') == 0) {
|
|
print "$ip removed from $file\n" if (system("sed -i '/$ip/d' $file") == 0 && $debug )
|
|
}
|
|
}
|
|
|
|
#(optional, whitelist) /var/lib/denyhosts/allowed-hosts
|
|
if (defined($whitelist)) {
|
|
# add to db
|
|
my $db = esmith::ConfigDB->open
|
|
|| warn "Couldn't open configuration database (permissions problems?)";
|
|
|
|
my $rec = $db->get('denyhosts');
|
|
if ($rec)
|
|
{
|
|
|
|
my $prop = $rec->prop('ValidFrom') || '';
|
|
|
|
my @vals = split /,/, $prop;
|
|
unless (grep /^$ip$/, @vals)
|
|
{ # already have this entry
|
|
if ($prop ne '')
|
|
{
|
|
$prop .= ",$ip";
|
|
}
|
|
else
|
|
{
|
|
$prop = "$ip";
|
|
}
|
|
$rec->set_prop('ValidFrom', $prop);
|
|
|
|
system("/sbin/e-smith/expand-template /var/lib/denyhosts/allowed-hosts");
|
|
print "Add to whitelist: $ip \n";
|
|
}
|
|
}
|
|
}
|
|
# /etc/init.d/denyhosts start
|
|
system("/etc/init.d/denyhosts","start");
|
|
|