-
-
Save shadowbq/53245c0805bf48846938 to your computer and use it in GitHub Desktop.
SSHGuard => sshguard-dump sshguard-reprieve
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
build/ | |
Makefile | |
sshguard-prefix/ | |
CMakeFiles | |
CMakeCache.txt | |
cmake_install.cmake |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cmake_minimum_required (VERSION 2.8) | |
project (sshguard-reprieve) | |
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99") | |
include(ExternalProject) | |
ExternalProject_Add (sshguard | |
URL http://downloads.sourceforge.net/project/sshguard/sshguard/sshguard-1.5/sshguard-1.5.tar.bz2 | |
URL_MD5 11b9f47f9051e25bdfe84a365c961ec1 | |
CONFIGURE_COMMAND <SOURCE_DIR>/configure --prefix=<INSTALL_DIR> --with-firewall=null | |
PATCH_COMMAND patch -p1 < ${CMAKE_SOURCE_DIR}/expose.patch | |
BUILD_IN_SOURCE 1 | |
) | |
ExternalProject_Get_Property(sshguard source_dir) | |
include_directories(${source_dir}/src) | |
FILE(WRITE ${source_dir}/src/sshguard_blacklist.o "") | |
SET_SOURCE_FILES_PROPERTIES(${source_dir}/src/sshguard_blacklist.o PROPERTIES EXTERNAL_OBJECT TRUE) | |
FILE(WRITE ${source_dir}/src/seekers.o "") | |
SET_SOURCE_FILES_PROPERTIES(${source_dir}/src/seekers.o PROPERTIES EXTERNAL_OBJECT TRUE) | |
FILE(WRITE ${source_dir}/src/simclist.o "") | |
SET_SOURCE_FILES_PROPERTIES(${source_dir}/src/simclist.o PROPERTIES EXTERNAL_OBJECT TRUE) | |
add_executable(sshguard-dump sshguard-dump.c ${source_dir}/src/sshguard_blacklist.o | |
${source_dir}/src/simclist.o ${source_dir}/src/seekers.o | |
) | |
add_executable(sshguard-reprieve sshguard-reprieve.c ${source_dir}/src/sshguard_blacklist.o | |
${source_dir}/src/simclist.o ${source_dir}/src/seekers.o | |
) | |
install(TARGETS sshguard-reprieve sshguard-dump DESTINATION bin) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- a/src/sshguard_blacklist.h 2012-04-27 15:40:11.000000000 -0500 | |
+++ b/src/sshguard_blacklist.h 2012-04-27 15:55:37.000000000 -0500 | |
@@ -25,6 +25,8 @@ | |
#include "sshguard_attack.h" | |
+void *attacker_serializer(const void *restrict el, uint32_t *restrict len); | |
+ | |
/** | |
* Load the blacklist contained at a given filename. | |
* | |
--- a/src/sshguard_blacklist.c 2012-04-27 15:35:22.000000000 -0500 | |
+++ b/src/sshguard_blacklist.c 2012-04-27 15:55:48.000000000 -0500 | |
@@ -29,7 +29,7 @@ | |
#include <assert.h> | |
#include "sshguard_addresskind.h" | |
-#include "sshguard_log.h" | |
+#define sshguard_log(...) | |
#include "sshguard_blacklist.h" | |
#define BL_MAXBUF 50 | |
@@ -59,7 +59,7 @@ | |
} | |
*/ | |
-static void *attacker_serializer(const void *restrict el, uint32_t *restrict len) { | |
+void *attacker_serializer(const void *restrict el, uint32_t *restrict len) { | |
/* buffer for serialization operations */ | |
char *serialization_buf; | |
attacker_t atkr = *(const attacker_t *restrict)el; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
sshguard-dump /var/log/sshguard.db |awk -F ',' '{print $2}' |sort |grep -v 'ip' |grep -v '^$' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
#include <libgen.h> // For basename | |
#include "sshguard_blacklist.h" | |
#include "seekers.h" | |
// Output Examples: | |
// | |
// Compile: cmake ./; make | |
// sudo ./sshguard-dump ./sshguard.db |awk -F ',' '{print $2}' |sort | |
int main(int argc, char **argv) { | |
if (argc < 2) { | |
printf("Usage: %s <blacklist file>\n", basename(argv[0])); | |
return 1; | |
} | |
char *filename = argv[1]; | |
list_t *blacklist; | |
if (!(blacklist = blacklist_load(filename))) { | |
perror("Failed opening blacklist"); | |
return 3; | |
} | |
/* printing out the result */ | |
printf("Current Blacklist:\n"); | |
printf("list_size: %d\n", list_size(blacklist)); | |
printf("Entry, ip, count, service, last seen\n"); | |
int i = 0; | |
list_iterator_start(blacklist); | |
while (list_iterator_hasnext(blacklist)) { | |
const attacker_t *bl_attacker = list_iterator_next(blacklist); | |
if (bl_attacker->attack.address.kind != 4) | |
continue; | |
printf("%d, %s, %d, %d, %s", i, | |
bl_attacker->attack.address.value, bl_attacker->attack.address.kind, bl_attacker->attack.service, | |
ctime(& bl_attacker->whenlast)); | |
++i; | |
} | |
list_iterator_stop(blacklist); | |
list_destroy(blacklist); | |
free(blacklist); | |
return 0; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
#include <libgen.h> // For basename | |
#include "sshguard_blacklist.h" | |
#include "seekers.h" | |
#include <regex.h> | |
#include "regexlib.h" | |
int main(int argc, char **argv) { | |
if (argc < 3) { | |
printf("Usage: %s <blacklist file> <ip address>\n", basename(argv[0])); | |
return 1; | |
} | |
char *filename = argv[1]; | |
attacker_t *el; | |
list_t *blacklist; | |
sshg_address_t me; | |
regex_t ipreg4, ipreg6; | |
if (regcomp(&ipreg4, "^" REGEXLIB_IPV4 "$", REG_EXTENDED) || | |
regcomp(&ipreg6, "^" REGEXLIB_IPV6 "$", REG_EXTENDED)) { | |
printf("Failed detecting ip address type: regex compile failed\n"); | |
return 2; | |
} | |
if (!regexec(&ipreg4, argv[2], 0, NULL, 0)) { | |
me.kind = ADDRKIND_IPv4; | |
} else if (!regexec(&ipreg6, argv[2], 0, NULL, 0)) { | |
me.kind = ADDRKIND_IPv6; | |
} else { | |
printf("%s is not a valid ip address\n", argv[2]); | |
regfree(&ipreg4); | |
regfree(&ipreg6); | |
return 2; | |
} | |
for(int i = 0; *(me.value + i) = *(argv[2] + i); i++); | |
regfree(&ipreg4); | |
regfree(&ipreg6); | |
if (!(blacklist = blacklist_load(filename))) { | |
perror("Failed opening blacklist"); | |
return 3; | |
} | |
list_attributes_seeker(blacklist, seeker_addr); | |
list_attributes_serializer(blacklist, attacker_serializer); | |
if ((el = list_seek(blacklist, &me))) { | |
list_delete(blacklist, el); | |
printf("Removed %s from blacklist\n", me.value); | |
if (list_dump_file(blacklist, filename, NULL) == 0) { | |
printf("Saved modified blacklist\n"); | |
} else { | |
perror("Failed saving blacklist"); | |
list_destroy(blacklist); | |
free(blacklist); | |
return 5; | |
} | |
} else { | |
printf("%s is not in blacklist\n", me.value); | |
list_destroy(blacklist); | |
free(blacklist); | |
return 4; | |
} | |
list_destroy(blacklist); | |
free(blacklist); | |
return 0; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment