forked from kravietz/blacklist-scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
router-drop.sh
executable file
·47 lines (36 loc) · 971 Bytes
/
router-drop.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/bin/sh
# Block an IP using Linux ipset on a remoter router
# Utility script for OSSEC active response
# Expect: srcip
# Author: Pawel Krawczyk
# THIS MUST BE CONFIGURED
# You also need to add SSH keys to the root account
# on OSSEC server (active response scripts are run
# as root) that will allow root login to the destination
# router.
ACTION=$1
USER=$2
IP=$3
LOCAL=$(dirname $0);
cd $LOCAL
cd ../
PWD=$(pwd)
BLACKLIST=manual-blacklist
# Logging the call
echo "`date` $0 $1 $2 $3 $4 $5" >> ${PWD}/../logs/active-responses.log
# IP Address must be provided
if [ "x${IP}" = "x" ]; then
echo "$0: Missing argument <action> <user> (ip)"
exit 1;
fi
# Use ipset to handle the IP
if [ "x${ACTION}" = "xadd" ]; then
ssh ${ROUTER} ipset -! add ${BLACKLIST} ${IP}
elif [ "x${ACTION}" = "xdelete" ]; then
ssh ${ROUTER} ipset -! del ${BLACKLIST} ${IP}
# Invalid action
else
echo "$0: invalid action: ${ACTION}"
fi
exit 1