add OpenWRT script
This commit is contained in:
Pawel Krawczyk
parent
9dee5ec650
commit
09a513c4c5
47
router-drop.sh
Normal file
47
router-drop.sh
Normal file
@ -0,0 +1,47 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Block an IP using Linux ipset on a remoter router
|
||||
# Utility script for OSSEC active response
|
||||
# Expect: srcip
|
||||
# Author: Pawel Krawczyk
|
||||
|
||||
# THIS MUST BE CONFIGURED
|
||||
ROUTER=root@gw.example.com
|
||||
|
||||
# You also need to add SSH keys to the root account
|
||||
# on OSSEC server (active response scripts are run
|
||||
# as root) that will allow root login to the destination
|
||||
# router.
|
||||
|
||||
ACTION=$1
|
||||
USER=$2
|
||||
IP=$3
|
||||
|
||||
LOCAL=$(dirname $0);
|
||||
cd $LOCAL
|
||||
cd ../
|
||||
PWD=$(pwd)
|
||||
BLACKLIST=manual-blacklist
|
||||
|
||||
# Logging the call
|
||||
echo "`date` $0 $1 $2 $3 $4 $5" >> ${PWD}/../logs/active-responses.log
|
||||
|
||||
|
||||
# IP Address must be provided
|
||||
if [ "x${IP}" = "x" ]; then
|
||||
echo "$0: Missing argument <action> <user> (ip)"
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
# Use ipset to handle the IP
|
||||
if [ "x${ACTION}" = "xadd" ]; then
|
||||
ssh ${ROUTER} ipset -! add ${BLACKLIST} ${IP}
|
||||
elif [ "x${ACTION}" = "xdelete" ]; then
|
||||
ssh ${ROUTER} ipset -! del ${BLACKLIST} ${IP}
|
||||
|
||||
# Invalid action
|
||||
else
|
||||
echo "$0: invalid action: ${ACTION}"
|
||||
fi
|
||||
|
||||
exit 1
|
||||
Loading…
Reference in New Issue
Block a user