shadowbq/.gitignore

## .gitignore
build/
Makefile
sshguard-prefix/
CMakeFiles
CMakeCache.txt
cmake_install.cmake

## CMakeLists.txt
cmake_minimum_required (VERSION 2.8)
project (sshguard-reprieve)

set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99")

include(ExternalProject)
ExternalProject_Add (sshguard
  URL http://downloads.sourceforge.net/project/sshguard/sshguard/sshguard-1.5/sshguard-1.5.tar.bz2
  URL_MD5 11b9f47f9051e25bdfe84a365c961ec1
  CONFIGURE_COMMAND <SOURCE_DIR>/configure --prefix=<INSTALL_DIR> --with-firewall=null
  PATCH_COMMAND patch -p1 < ${CMAKE_SOURCE_DIR}/expose.patch
  BUILD_IN_SOURCE 1
)

ExternalProject_Get_Property(sshguard source_dir)
include_directories(${source_dir}/src)

FILE(WRITE ${source_dir}/src/sshguard_blacklist.o "")
SET_SOURCE_FILES_PROPERTIES(${source_dir}/src/sshguard_blacklist.o PROPERTIES EXTERNAL_OBJECT TRUE)
FILE(WRITE ${source_dir}/src/seekers.o "")
SET_SOURCE_FILES_PROPERTIES(${source_dir}/src/seekers.o PROPERTIES EXTERNAL_OBJECT TRUE)
FILE(WRITE ${source_dir}/src/simclist.o "")
SET_SOURCE_FILES_PROPERTIES(${source_dir}/src/simclist.o PROPERTIES EXTERNAL_OBJECT TRUE)

add_executable(sshguard-dump sshguard-dump.c ${source_dir}/src/sshguard_blacklist.o
  ${source_dir}/src/simclist.o ${source_dir}/src/seekers.o
)
add_executable(sshguard-reprieve sshguard-reprieve.c ${source_dir}/src/sshguard_blacklist.o
  ${source_dir}/src/simclist.o ${source_dir}/src/seekers.o
)

install(TARGETS sshguard-reprieve sshguard-dump DESTINATION bin)

## expose.patch
--- a/src/sshguard_blacklist.h	2012-04-27 15:40:11.000000000 -0500
+++ b/src/sshguard_blacklist.h	2012-04-27 15:55:37.000000000 -0500
@@ -25,6 +25,8 @@

 #include "sshguard_attack.h"

+void *attacker_serializer(const void *restrict el, uint32_t *restrict len);
+
 /**
  * Load the blacklist contained at a given filename.
  *
--- a/src/sshguard_blacklist.c	2012-04-27 15:35:22.000000000 -0500
+++ b/src/sshguard_blacklist.c	2012-04-27 15:55:48.000000000 -0500
@@ -29,7 +29,7 @@
 #include <assert.h>

 #include "sshguard_addresskind.h"
-#include "sshguard_log.h"
+#define sshguard_log(...)
 #include "sshguard_blacklist.h"

 #define BL_MAXBUF      50
@@ -59,7 +59,7 @@
 }
 */

-static void *attacker_serializer(const void *restrict el, uint32_t *restrict len) {
+void *attacker_serializer(const void *restrict el, uint32_t *restrict len) {
     /* buffer for serialization operations */
     char *serialization_buf;
     attacker_t atkr = *(const attacker_t *restrict)el;

## sshguard-dump-ips
#!/usr/bin/env bash
sshguard-dump /var/log/sshguard.db |awk -F ',' '{print $2}' |sort |grep -v 'ip' |grep -v '^$'

## sshguard-dump.c
#include <stdio.h>
#include <stdlib.h>
#include <libgen.h> // For basename

#include "sshguard_blacklist.h"
#include "seekers.h"

// Output Examples:
//
// Compile: cmake ./; make
// sudo ./sshguard-dump ./sshguard.db |awk -F ',' '{print $2}' |sort


int main(int argc, char **argv) {
  if (argc < 2) {
    printf("Usage: %s <blacklist file>\n", basename(argv[0]));
    return 1;
  }

  char *filename = argv[1];
  list_t *blacklist;


  if (!(blacklist = blacklist_load(filename))) {
      perror("Failed opening blacklist");
      return 3;
  }

  /* printing out the result */
  printf("Current Blacklist:\n");
  printf("list_size: %d\n", list_size(blacklist));
  printf("Entry, ip, count, service, last seen\n");
  int i = 0;
  list_iterator_start(blacklist);
    while (list_iterator_hasnext(blacklist)) {
        const attacker_t *bl_attacker = list_iterator_next(blacklist);
        if (bl_attacker->attack.address.kind != 4)
            continue;
        printf("%d, %s, %d, %d, %s", i,
                bl_attacker->attack.address.value, bl_attacker->attack.address.kind, bl_attacker->attack.service,
                ctime(& bl_attacker->whenlast));
        ++i;
    }
  list_iterator_stop(blacklist);

  list_destroy(blacklist);
  free(blacklist);

  return 0;
}

## sshguard-reprieve.c
#include <stdio.h>
#include <stdlib.h>
#include <libgen.h> // For basename

#include "sshguard_blacklist.h"
#include "seekers.h"

#include <regex.h>
#include "regexlib.h"

int main(int argc, char **argv) {
  if (argc < 3) {
    printf("Usage: %s <blacklist file> <ip address>\n", basename(argv[0]));
    return 1;
  }

  char *filename = argv[1];
  attacker_t *el;
  list_t *blacklist;
  sshg_address_t me;
  regex_t ipreg4, ipreg6;

  if (regcomp(&ipreg4, "^" REGEXLIB_IPV4 "$", REG_EXTENDED) ||
      regcomp(&ipreg6, "^" REGEXLIB_IPV6 "$", REG_EXTENDED)) {
    printf("Failed detecting ip address type: regex compile failed\n");
    return 2;
  }

  if (!regexec(&ipreg4, argv[2], 0, NULL, 0)) {
    me.kind = ADDRKIND_IPv4;
  } else if (!regexec(&ipreg6, argv[2], 0, NULL, 0)) {
    me.kind = ADDRKIND_IPv6;
  } else {
    printf("%s is not a valid ip address\n", argv[2]);
    regfree(&ipreg4);
    regfree(&ipreg6);
    return 2;
  }

  for(int i = 0; *(me.value + i) = *(argv[2] + i); i++);
  regfree(&ipreg4);
  regfree(&ipreg6);

  if (!(blacklist = blacklist_load(filename))) {
      perror("Failed opening blacklist");
      return 3;
  }

  list_attributes_seeker(blacklist, seeker_addr);
  list_attributes_serializer(blacklist, attacker_serializer);

  if ((el = list_seek(blacklist, &me))) {
    list_delete(blacklist, el);

    printf("Removed %s from blacklist\n", me.value);

    if (list_dump_file(blacklist, filename, NULL) == 0) {
      printf("Saved modified blacklist\n");
    } else {
      perror("Failed saving blacklist");
      list_destroy(blacklist);
      free(blacklist);
      return 5;
    }
  } else {
    printf("%s is not in blacklist\n", me.value);
    list_destroy(blacklist);
    free(blacklist);
    return 4;
  }

  list_destroy(blacklist);
  free(blacklist);

  return 0;
}
	build/
	Makefile
	sshguard-prefix/
	CMakeFiles
	CMakeCache.txt
	cmake_install.cmake
	cmake_minimum_required (VERSION 2.8)
	project (sshguard-reprieve)

	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99")

	include(ExternalProject)
	ExternalProject_Add (sshguard
	URL http://downloads.sourceforge.net/project/sshguard/sshguard/sshguard-1.5/sshguard-1.5.tar.bz2
	URL_MD5 11b9f47f9051e25bdfe84a365c961ec1
	CONFIGURE_COMMAND <SOURCE_DIR>/configure --prefix=<INSTALL_DIR> --with-firewall=null
	PATCH_COMMAND patch -p1 < ${CMAKE_SOURCE_DIR}/expose.patch
	BUILD_IN_SOURCE 1
	)

	ExternalProject_Get_Property(sshguard source_dir)
	include_directories(${source_dir}/src)

	FILE(WRITE ${source_dir}/src/sshguard_blacklist.o "")
	SET_SOURCE_FILES_PROPERTIES(${source_dir}/src/sshguard_blacklist.o PROPERTIES EXTERNAL_OBJECT TRUE)
	FILE(WRITE ${source_dir}/src/seekers.o "")
	SET_SOURCE_FILES_PROPERTIES(${source_dir}/src/seekers.o PROPERTIES EXTERNAL_OBJECT TRUE)
	FILE(WRITE ${source_dir}/src/simclist.o "")
	SET_SOURCE_FILES_PROPERTIES(${source_dir}/src/simclist.o PROPERTIES EXTERNAL_OBJECT TRUE)

	add_executable(sshguard-dump sshguard-dump.c ${source_dir}/src/sshguard_blacklist.o
	${source_dir}/src/simclist.o ${source_dir}/src/seekers.o
	)
	add_executable(sshguard-reprieve sshguard-reprieve.c ${source_dir}/src/sshguard_blacklist.o
	${source_dir}/src/simclist.o ${source_dir}/src/seekers.o
	)

	install(TARGETS sshguard-reprieve sshguard-dump DESTINATION bin)
	--- a/src/sshguard_blacklist.h 2012-04-27 15:40:11.000000000 -0500
	+++ b/src/sshguard_blacklist.h 2012-04-27 15:55:37.000000000 -0500
	@@ -25,6 +25,8 @@

	#include "sshguard_attack.h"

	+void attacker_serializer(const void restrict el, uint32_t *restrict len);
	+
	/**
	* Load the blacklist contained at a given filename.
	*
	--- a/src/sshguard_blacklist.c 2012-04-27 15:35:22.000000000 -0500
	+++ b/src/sshguard_blacklist.c 2012-04-27 15:55:48.000000000 -0500
	@@ -29,7 +29,7 @@
	#include <assert.h>

	#include "sshguard_addresskind.h"
	-#include "sshguard_log.h"
	+#define sshguard_log(...)
	#include "sshguard_blacklist.h"

	#define BL_MAXBUF 50
	@@ -59,7 +59,7 @@
	}
	*/

	-static void attacker_serializer(const void restrict el, uint32_t *restrict len) {
	+void attacker_serializer(const void restrict el, uint32_t *restrict len) {
	/* buffer for serialization operations */
	char *serialization_buf;
	attacker_t atkr = (const attacker_t restrict)el;
	#!/usr/bin/env bash
	sshguard-dump /var/log/sshguard.db \|awk -F ',' '{print $2}' \|sort \|grep -v 'ip' \|grep -v '^$'
	#include <stdio.h>
	#include <stdlib.h>
	#include <libgen.h> // For basename

	#include "sshguard_blacklist.h"
	#include "seekers.h"

	// Output Examples:
	//
	// Compile: cmake ./; make
	// sudo ./sshguard-dump ./sshguard.db \|awk -F ',' '{print $2}' \|sort


	int main(int argc, char **argv) {
	if (argc < 2) {
	printf("Usage: %s <blacklist file>\n", basename(argv[0]));
	return 1;
	}

	char *filename = argv[1];
	list_t *blacklist;


	if (!(blacklist = blacklist_load(filename))) {
	perror("Failed opening blacklist");
	return 3;
	}

	/* printing out the result */
	printf("Current Blacklist:\n");
	printf("list_size: %d\n", list_size(blacklist));
	printf("Entry, ip, count, service, last seen\n");
	int i = 0;
	list_iterator_start(blacklist);
	while (list_iterator_hasnext(blacklist)) {
	const attacker_t *bl_attacker = list_iterator_next(blacklist);
	if (bl_attacker->attack.address.kind != 4)
	continue;
	printf("%d, %s, %d, %d, %s", i,
	bl_attacker->attack.address.value, bl_attacker->attack.address.kind, bl_attacker->attack.service,
	ctime(& bl_attacker->whenlast));
	++i;
	}
	list_iterator_stop(blacklist);

	list_destroy(blacklist);
	free(blacklist);

	return 0;
	}