-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathunlist
More file actions
94 lines (81 loc) · 3.11 KB
/
unlist
File metadata and controls
94 lines (81 loc) · 3.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/usr/bin/perl -w
#
# unlist.pl Version 2.7
#
# This code is meant to work with the sshblack script.
# See http://www.pettingers.org/code/sshblack.html
# for details on this and a complete README.TXT file and INSTALL.TXT file
#
# Use this program to instantly, manually un-blacklist people. Simply
# run the script name followed by the IP address you want to remove from
# the blacklist.
# e.g. "./unlist 192.168.100.123"
# You need to confirm that the $CACHE variable the $DELRULE variable
# Are set correctly below for your implementation of sshblack.
#
# NOTE: There is no file locking implemented with this script or sshblack.
# There is the potential for collisions between this program and sshblack
# both trying to access the CACHE file at the same time. This may result
# in an indeterminate state of your CACHE file. This is unlikely but is a
# possibility. sshblack may terminate if it can not correctly open the
# CACHE file when it needs to. Check your logs after running this script.
#
##############################################################################
use strict;
#
########### Configure Parameters Below ###############
#
# The text database file to keep track of attackers
my($CACHE) = '/var/tmp/ssh-blacklist-pending';
# Set $DELRULE to the complete command line instruction for REMOVING
# attackers from the blacklist with the following change:
# - Substitute the literal string 'ipaddress' in the location where
# you want the attacker's IP address to be.
#
# ######### ########### ROUTE VERSION ############ ###########
# # generally routing to localhost (127.0.0.1) works fine
#
# my($DELRULE) = '/sbin/route del -host ipaddress gw 127.0.0.1'; #RH/Fedora
# my($DELRULE) = 'route delete ipaddress 127.0.0.1'; #Solaris?
#
# ######### ########### IPTABLES VERSION ############ ###########
#
my($DELRULE) = '/sbin/iptables -D SSHBLACKLIST -s ipaddress -j DROP';
# my($DELRULE) = '/sbin/iptables -D INPUT -s ipaddress -j DROP'; #Generic
#
#
########### No user defined paramters below ################
#
my ($ip) = $ARGV[0];
my ($line) = '';
my (@loser, @buildlist) = ();
open(LIST, $CACHE) || print STDERR "Error opening $CACHE: $!\n";
while ($line = <LIST>) {
@loser = split(/,/, $line);
# [0] is IP, [1] is time, [2] is hits
if ($loser[0] ne $ip) {
push (@buildlist, $line);
}
else {
freeIp($ip);
} #set free after $RELEASEDAYS
} # End while reading
close (LIST);
# open for writing
open (LIST, ">$CACHE") || print STDERR "Error opening $CACHE: $!\n";
print LIST @buildlist;
close (LIST);
#############################################
sub freeIp {
#
# This subroutine removes an attacker from the blacklist. The literal string
# 'ipaddress' in the $DELRULE string is replaced with the IP address of the attacker
# and the command is executed.
#
my($ip) = @_;
my($rule) = $DELRULE;
$rule =~ s/ipaddress/$ip/;
system("$rule");
return;
} # End sub freeIp
# End sshblack.pl