Beispiel #1
0
function compile_sshd_rules(){
	include_once(dirname(__FILE__)."/ressources/class.openssh.inc");
	$q=new mysql();	
	$iptablesClass=new iptables_chains();
	$unix=new unix();
	$openssh=new openssh();
	$SSHDPort=$openssh->main_array["Port"];
	if(!is_numeric($SSHDPort)){$SSHDPort=22;}
	$iptables=$unix->find_program("iptables");
	$GLOBALS["IPTABLES_WHITELISTED"]=$iptablesClass->LoadWhiteLists();	
	$sql="SELECT * FROM iptables WHERE disable=0 AND flux='INPUT' AND local_port=22";
	$results=$q->QUERY_SQL($sql,"artica_backup");
	iptables_delete_all();
	
	if($GLOBALS["VERBOSE"]){echo "OpenSSH port is $SSHDPort\n";}
	
	while($ligne=@mysql_fetch_array($results,MYSQL_ASSOC)){
		$ip=$ligne["serverip"];
		if($iptablesClass->isWhiteListed($ip)){continue;}
		events("ADD REJECT {$ligne["serverip"]} INBOUND PORT 22");
		ssh_events("ADD REJECT {$ligne["serverip"]} INBOUND PORT 22",__FUNCTION__,__FILE__,__LINE__);

		/*if($InstantIptablesEventAll==1){
			if($GLOBALS["VERBOSE"]){echo "$ip -> LOG\n";}
			$cmd="$iptables -A INPUT -s $ip -p tcp --destination-port 25 -j LOG --log-prefix \"SMTP DROP: \" -m comment --comment \"ArticaInstantPostfix\"";
			$commands[]=$cmd;
		}*/
		
		$cmd="$iptables -A INPUT -s $ip -p tcp --destination-port $SSHDPort -j DROP -m comment --comment \"ArticaInstantSSH\"";
		$commands[]=$cmd;
	}
	
	if($GLOBALS["VERBOSE"]){echo count($commands)." should be performed\n";}
	
	if(is_array($commands)){
		while (list ($index, $line) = each ($commands) ){
			writelogs($line,__FUNCTION__,__FILE__,__LINE__);
			if($GLOBALS["VERBOSE"]){echo $line."\n";}
			shell_exec($line);
		}
		
		$unix->send_email_events("SSHD Hack ".count($commands)." rules(s) added",null,"system");
		
	}	

	
	
	
}
function Compile_rules($NoPersoRules = false)
{
    progress(5, "Cleaning rules");
    if ($GLOBALS["VERBOSE"]) {
        echo __FUNCTION__ . " line:" . __LINE__ . "\n";
    }
    iptables_delete_all();
    $sock = new sockets();
    if ($GLOBALS["VERBOSE"]) {
        echo __FUNCTION__ . " line:" . __LINE__ . "\n";
    }
    $PostFixLimitToNets = $sock->GET_INFO("PostFixLimitToNets");
    if (!is_numeric($PostFixLimitToNets)) {
        $PostFixLimitToNets = 0;
    }
    $EnablePostfixAutoBlockWhiteListed = $sock->GET_INFO("EnablePostfixAutoBlockWhiteListed");
    if (!is_numeric($EnablePostfixAutoBlockWhiteListed)) {
        $EnablePostfixAutoBlockWhiteListed = 0;
    }
    $GlobalIptablesEnabled = $sock->GET_INFO("GlobalIptablesEnabled");
    if (!is_numeric($GlobalIptablesEnabled)) {
        $GlobalIptablesEnabled = 1;
    }
    if ($GlobalIptablesEnabled != 1) {
        if ($GLOBALS["VERBOSE"]) {
            echo "GlobalIptablesEnabled <> 1, aborting...\n";
        }
        return;
    }
    if (!$NoPersoRules) {
        perso(true);
    }
    FW_PERSO_RULES();
    if ($GLOBALS["VERBOSE"]) {
        echo __FUNCTION__ . " line:" . __LINE__ . "\n";
    }
    if ($EnablePostfixAutoBlockWhiteListed == 1) {
        Compile_rules_whitelist();
    }
    if ($GLOBALS["VERBOSE"]) {
        echo "FW_NGINX_RULES\n\n";
    }
    FW_NGINX_RULES(true);
    FW_SPAMHAUS_RULES(true);
    if ($PostFixLimitToNets == 1) {
        Compile_rules_postfix_limitToNets();
        return;
    }
    $unix = new unix();
    $iptables = $unix->find_program("iptables");
    $sock = new sockets();
    if ($GLOBALS["VERBOSE"]) {
        echo __FUNCTION__ . " line:" . __LINE__ . "\n";
    }
    $iptablesClass = new iptables_chains();
    if ($GLOBALS["VERBOSE"]) {
        echo __FUNCTION__ . " line:" . __LINE__ . "\n";
    }
    $InstantIptablesEventAll = $sock->GET_INFO("InstantIptablesEventAll");
    if (!is_numeric($InstantIptablesEventAll)) {
        $InstantIptablesEventAll = 1;
    }
    if ($GLOBALS["VERBOSE"]) {
        echo "InstantIptablesEventAll={$InstantIptablesEventAll}\n";
    }
    if ($GLOBALS["EnablePostfixAutoBlock"] != 1) {
        progress(100, "Building rules done...");
        return;
    }
    events("Query iptables rules from mysql");
    progress(10, "Query rules");
    progress(25, "Building logging rules");
    $sql = "SELECT * FROM iptables WHERE disable=0 AND flux='INPUT' and log=1 AND allow=0 AND local_port=25";
    if ($GLOBALS["VERBOSE"]) {
        echo $sql . "\n";
    }
    $q = new mysql();
    $results = $q->QUERY_SQL($sql, "artica_backup");
    $GLOBALS["IPTABLES_WHITELISTED"] = $iptablesClass->LoadWhiteLists();
    while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) {
        $ip = $ligne["serverip"];
        if ($iptablesClass->isWhiteListed($ip)) {
            if ($GLOBALS["VERBOSE"]) {
                echo "{$ip} is whitelisted\n";
            }
            continue;
        }
        events("LOG {$ligne["serverip"]} REJECT INBOUND PORT 25");
        progress(35, "Building logging rules for {$ip}");
        $cmd = "{$iptables} -A INPUT -s {$ip} -p tcp --destination-port 25 -j LOG --log-prefix \"SMTP DROP: \" -m comment --comment \"ArticaInstantPostfix\"";
        $commands[] = $cmd;
    }
    progress(40, "Building rules...");
    $c = 0;
    $sql = "SELECT * FROM iptables WHERE disable=0 AND flux='INPUT' AND allow=0 AND local_port=25";
    if ($GLOBALS["VERBOSE"]) {
        echo $sql . "\n";
    }
    $results = $q->QUERY_SQL($sql, "artica_backup");
    progress(55, "Building rules...");
    while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) {
        $ip = $ligne["serverip"];
        if ($iptablesClass->isWhiteListed($ip)) {
            continue;
        }
        $c++;
        events("ADD REJECT {$ligne["serverip"]} INBOUND PORT 25");
        progress(60, "Building rules for {$ip}...");
        if ($InstantIptablesEventAll == 1) {
            if ($GLOBALS["VERBOSE"]) {
                echo "{$ip} -> LOG\n";
            }
            $cmd = "{$iptables} -A INPUT -s {$ip} -p tcp --destination-port 25 -j LOG --log-prefix \"SMTP DROP: \" -m comment --comment \"ArticaInstantPostfix\"";
            $commands[] = $cmd;
        }
        $cmd = "{$iptables} -A INPUT -s {$ip} -p tcp --destination-port 25 -j DROP -m comment --comment \"ArticaInstantPostfix\"";
        $commands[] = $cmd;
    }
    if ($GLOBALS["VERBOSE"]) {
        echo count($commands) . " should be performed\n";
        return;
    }
    if (is_array($commands)) {
        while (list($index, $line) = each($commands)) {
            shell_exec($line);
        }
    }
    $unix->send_email_events("{$c} banned addresses compiled in the SMTP Firewall", "{$c} items has been banned from 25,587,465 ports", "postfix");
    progress(90, "Building rules done...");
    progress(100, "Building rules done...");
    $nohup = $unix->find_program("nohup");
    $cachefile = "/etc/artica-postfix/IPTABLES_INPUT";
    shell_exec("{$nohup} {$iptables} -L --line-numbers -n >{$cachefile} 2>&1 &");
}
Beispiel #3
0
function Compile_rules()
{
    progress(5, "Cleaning rules");
    iptables_delete_all();
    $sock = new sockets();
    $EnablePostfixAutoBlockWhiteListed = $sock->GET_INFO("EnablePostfixAutoBlockWhiteListed");
    if (!is_numeric($EnablePostfixAutoBlockWhiteListed)) {
        $EnablePostfixAutoBlockWhiteListed = 0;
    }
    if ($EnablePostfixAutoBlockWhiteListed == 1) {
        Compile_rules_whitelist();
        return;
    }
    $unix = new unix();
    $iptables = $unix->find_program("iptables");
    $sock = new sockets();
    $iptablesClass = new iptables_chains();
    $InstantIptablesEventAll = $sock->GET_INFO("InstantIptablesEventAll");
    if (!is_numeric($InstantIptablesEventAll)) {
        $InstantIptablesEventAll = 1;
    }
    if ($GLOBALS["VERBOSE"]) {
        echo "InstantIptablesEventAll={$InstantIptablesEventAll}\n";
    }
    if ($GLOBALS["EnablePostfixAutoBlock"] != 1) {
        progress(100, "Building rules done...");
        return;
    }
    events("Query iptables rules from mysql");
    progress(10, "Query rules");
    progress(25, "Building logging rules");
    $sql = "SELECT * FROM iptables WHERE disable=0 AND flux='INPUT' and log=1 AND local_port=25";
    $q = new mysql();
    $results = $q->QUERY_SQL($sql, "artica_backup");
    $GLOBALS["IPTABLES_WHITELISTED"] = $iptablesClass->LoadWhiteLists();
    while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) {
        $ip = $ligne["serverip"];
        if ($iptablesClass->isWhiteListed($ip)) {
            continue;
        }
        events("LOG {$ligne["serverip"]} REJECT INBOUND PORT 25");
        progress(35, "Building logging rules for {$ip}");
        $cmd = "{$iptables} -A INPUT -s {$ip} -p tcp --destination-port 25 -j LOG --log-prefix \"SMTP DROP: \" -m comment --comment \"ArticaInstantPostfix\"";
        $commands[] = $cmd;
    }
    progress(40, "Building rules...");
    $c = 0;
    $sql = "SELECT * FROM iptables WHERE disable=0 AND flux='INPUT' AND local_port=25";
    $results = $q->QUERY_SQL($sql, "artica_backup");
    progress(55, "Building rules...");
    while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) {
        $ip = $ligne["serverip"];
        if ($iptablesClass->isWhiteListed($ip)) {
            continue;
        }
        $c++;
        events("ADD REJECT {$ligne["serverip"]} INBOUND PORT 25");
        progress(60, "Building rules for {$ip}...");
        if ($InstantIptablesEventAll == 1) {
            if ($GLOBALS["VERBOSE"]) {
                echo "{$ip} -> LOG\n";
            }
            $cmd = "{$iptables} -A INPUT -s {$ip} -p tcp --destination-port 25 -j LOG --log-prefix \"SMTP DROP: \" -m comment --comment \"ArticaInstantPostfix\"";
            $commands[] = $cmd;
        }
        $cmd = "{$iptables} -A INPUT -s {$ip} -p tcp --destination-port 25 -j DROP -m comment --comment \"ArticaInstantPostfix\"";
        $commands[] = $cmd;
    }
    if ($GLOBALS["VERBOSE"]) {
        echo count($commands) . " should be performed\n";
        return;
    }
    if (is_array($commands)) {
        while (list($index, $line) = each($commands)) {
            shell_exec($line);
        }
    }
    $unix->send_email_events("{$c} banned addresses compiled in the SMTP Firewall", "{$c} items has been banned from 25,587,465 ports", "postfix");
    progress(90, "Building rules done...");
    progress(100, "Building rules done...");
}