function compile_sshd_rules(){ include_once(dirname(__FILE__)."/ressources/class.openssh.inc"); $q=new mysql(); $iptablesClass=new iptables_chains(); $unix=new unix(); $openssh=new openssh(); $SSHDPort=$openssh->main_array["Port"]; if(!is_numeric($SSHDPort)){$SSHDPort=22;} $iptables=$unix->find_program("iptables"); $GLOBALS["IPTABLES_WHITELISTED"]=$iptablesClass->LoadWhiteLists(); $sql="SELECT * FROM iptables WHERE disable=0 AND flux='INPUT' AND local_port=22"; $results=$q->QUERY_SQL($sql,"artica_backup"); iptables_delete_all(); if($GLOBALS["VERBOSE"]){echo "OpenSSH port is $SSHDPort\n";} while($ligne=@mysql_fetch_array($results,MYSQL_ASSOC)){ $ip=$ligne["serverip"]; if($iptablesClass->isWhiteListed($ip)){continue;} events("ADD REJECT {$ligne["serverip"]} INBOUND PORT 22"); ssh_events("ADD REJECT {$ligne["serverip"]} INBOUND PORT 22",__FUNCTION__,__FILE__,__LINE__); /*if($InstantIptablesEventAll==1){ if($GLOBALS["VERBOSE"]){echo "$ip -> LOG\n";} $cmd="$iptables -A INPUT -s $ip -p tcp --destination-port 25 -j LOG --log-prefix \"SMTP DROP: \" -m comment --comment \"ArticaInstantPostfix\""; $commands[]=$cmd; }*/ $cmd="$iptables -A INPUT -s $ip -p tcp --destination-port $SSHDPort -j DROP -m comment --comment \"ArticaInstantSSH\""; $commands[]=$cmd; } if($GLOBALS["VERBOSE"]){echo count($commands)." should be performed\n";} if(is_array($commands)){ while (list ($index, $line) = each ($commands) ){ writelogs($line,__FUNCTION__,__FILE__,__LINE__); if($GLOBALS["VERBOSE"]){echo $line."\n";} shell_exec($line); } $unix->send_email_events("SSHD Hack ".count($commands)." rules(s) added",null,"system"); } }
function Compile_rules($NoPersoRules = false) { progress(5, "Cleaning rules"); if ($GLOBALS["VERBOSE"]) { echo __FUNCTION__ . " line:" . __LINE__ . "\n"; } iptables_delete_all(); $sock = new sockets(); if ($GLOBALS["VERBOSE"]) { echo __FUNCTION__ . " line:" . __LINE__ . "\n"; } $PostFixLimitToNets = $sock->GET_INFO("PostFixLimitToNets"); if (!is_numeric($PostFixLimitToNets)) { $PostFixLimitToNets = 0; } $EnablePostfixAutoBlockWhiteListed = $sock->GET_INFO("EnablePostfixAutoBlockWhiteListed"); if (!is_numeric($EnablePostfixAutoBlockWhiteListed)) { $EnablePostfixAutoBlockWhiteListed = 0; } $GlobalIptablesEnabled = $sock->GET_INFO("GlobalIptablesEnabled"); if (!is_numeric($GlobalIptablesEnabled)) { $GlobalIptablesEnabled = 1; } if ($GlobalIptablesEnabled != 1) { if ($GLOBALS["VERBOSE"]) { echo "GlobalIptablesEnabled <> 1, aborting...\n"; } return; } if (!$NoPersoRules) { perso(true); } FW_PERSO_RULES(); if ($GLOBALS["VERBOSE"]) { echo __FUNCTION__ . " line:" . __LINE__ . "\n"; } if ($EnablePostfixAutoBlockWhiteListed == 1) { Compile_rules_whitelist(); } if ($GLOBALS["VERBOSE"]) { echo "FW_NGINX_RULES\n\n"; } FW_NGINX_RULES(true); FW_SPAMHAUS_RULES(true); if ($PostFixLimitToNets == 1) { Compile_rules_postfix_limitToNets(); return; } $unix = new unix(); $iptables = $unix->find_program("iptables"); $sock = new sockets(); if ($GLOBALS["VERBOSE"]) { echo __FUNCTION__ . " line:" . __LINE__ . "\n"; } $iptablesClass = new iptables_chains(); if ($GLOBALS["VERBOSE"]) { echo __FUNCTION__ . " line:" . __LINE__ . "\n"; } $InstantIptablesEventAll = $sock->GET_INFO("InstantIptablesEventAll"); if (!is_numeric($InstantIptablesEventAll)) { $InstantIptablesEventAll = 1; } if ($GLOBALS["VERBOSE"]) { echo "InstantIptablesEventAll={$InstantIptablesEventAll}\n"; } if ($GLOBALS["EnablePostfixAutoBlock"] != 1) { progress(100, "Building rules done..."); return; } events("Query iptables rules from mysql"); progress(10, "Query rules"); progress(25, "Building logging rules"); $sql = "SELECT * FROM iptables WHERE disable=0 AND flux='INPUT' and log=1 AND allow=0 AND local_port=25"; if ($GLOBALS["VERBOSE"]) { echo $sql . "\n"; } $q = new mysql(); $results = $q->QUERY_SQL($sql, "artica_backup"); $GLOBALS["IPTABLES_WHITELISTED"] = $iptablesClass->LoadWhiteLists(); while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) { $ip = $ligne["serverip"]; if ($iptablesClass->isWhiteListed($ip)) { if ($GLOBALS["VERBOSE"]) { echo "{$ip} is whitelisted\n"; } continue; } events("LOG {$ligne["serverip"]} REJECT INBOUND PORT 25"); progress(35, "Building logging rules for {$ip}"); $cmd = "{$iptables} -A INPUT -s {$ip} -p tcp --destination-port 25 -j LOG --log-prefix \"SMTP DROP: \" -m comment --comment \"ArticaInstantPostfix\""; $commands[] = $cmd; } progress(40, "Building rules..."); $c = 0; $sql = "SELECT * FROM iptables WHERE disable=0 AND flux='INPUT' AND allow=0 AND local_port=25"; if ($GLOBALS["VERBOSE"]) { echo $sql . "\n"; } $results = $q->QUERY_SQL($sql, "artica_backup"); progress(55, "Building rules..."); while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) { $ip = $ligne["serverip"]; if ($iptablesClass->isWhiteListed($ip)) { continue; } $c++; events("ADD REJECT {$ligne["serverip"]} INBOUND PORT 25"); progress(60, "Building rules for {$ip}..."); if ($InstantIptablesEventAll == 1) { if ($GLOBALS["VERBOSE"]) { echo "{$ip} -> LOG\n"; } $cmd = "{$iptables} -A INPUT -s {$ip} -p tcp --destination-port 25 -j LOG --log-prefix \"SMTP DROP: \" -m comment --comment \"ArticaInstantPostfix\""; $commands[] = $cmd; } $cmd = "{$iptables} -A INPUT -s {$ip} -p tcp --destination-port 25 -j DROP -m comment --comment \"ArticaInstantPostfix\""; $commands[] = $cmd; } if ($GLOBALS["VERBOSE"]) { echo count($commands) . " should be performed\n"; return; } if (is_array($commands)) { while (list($index, $line) = each($commands)) { shell_exec($line); } } $unix->send_email_events("{$c} banned addresses compiled in the SMTP Firewall", "{$c} items has been banned from 25,587,465 ports", "postfix"); progress(90, "Building rules done..."); progress(100, "Building rules done..."); $nohup = $unix->find_program("nohup"); $cachefile = "/etc/artica-postfix/IPTABLES_INPUT"; shell_exec("{$nohup} {$iptables} -L --line-numbers -n >{$cachefile} 2>&1 &"); }
function Compile_rules() { progress(5, "Cleaning rules"); iptables_delete_all(); $sock = new sockets(); $EnablePostfixAutoBlockWhiteListed = $sock->GET_INFO("EnablePostfixAutoBlockWhiteListed"); if (!is_numeric($EnablePostfixAutoBlockWhiteListed)) { $EnablePostfixAutoBlockWhiteListed = 0; } if ($EnablePostfixAutoBlockWhiteListed == 1) { Compile_rules_whitelist(); return; } $unix = new unix(); $iptables = $unix->find_program("iptables"); $sock = new sockets(); $iptablesClass = new iptables_chains(); $InstantIptablesEventAll = $sock->GET_INFO("InstantIptablesEventAll"); if (!is_numeric($InstantIptablesEventAll)) { $InstantIptablesEventAll = 1; } if ($GLOBALS["VERBOSE"]) { echo "InstantIptablesEventAll={$InstantIptablesEventAll}\n"; } if ($GLOBALS["EnablePostfixAutoBlock"] != 1) { progress(100, "Building rules done..."); return; } events("Query iptables rules from mysql"); progress(10, "Query rules"); progress(25, "Building logging rules"); $sql = "SELECT * FROM iptables WHERE disable=0 AND flux='INPUT' and log=1 AND local_port=25"; $q = new mysql(); $results = $q->QUERY_SQL($sql, "artica_backup"); $GLOBALS["IPTABLES_WHITELISTED"] = $iptablesClass->LoadWhiteLists(); while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) { $ip = $ligne["serverip"]; if ($iptablesClass->isWhiteListed($ip)) { continue; } events("LOG {$ligne["serverip"]} REJECT INBOUND PORT 25"); progress(35, "Building logging rules for {$ip}"); $cmd = "{$iptables} -A INPUT -s {$ip} -p tcp --destination-port 25 -j LOG --log-prefix \"SMTP DROP: \" -m comment --comment \"ArticaInstantPostfix\""; $commands[] = $cmd; } progress(40, "Building rules..."); $c = 0; $sql = "SELECT * FROM iptables WHERE disable=0 AND flux='INPUT' AND local_port=25"; $results = $q->QUERY_SQL($sql, "artica_backup"); progress(55, "Building rules..."); while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) { $ip = $ligne["serverip"]; if ($iptablesClass->isWhiteListed($ip)) { continue; } $c++; events("ADD REJECT {$ligne["serverip"]} INBOUND PORT 25"); progress(60, "Building rules for {$ip}..."); if ($InstantIptablesEventAll == 1) { if ($GLOBALS["VERBOSE"]) { echo "{$ip} -> LOG\n"; } $cmd = "{$iptables} -A INPUT -s {$ip} -p tcp --destination-port 25 -j LOG --log-prefix \"SMTP DROP: \" -m comment --comment \"ArticaInstantPostfix\""; $commands[] = $cmd; } $cmd = "{$iptables} -A INPUT -s {$ip} -p tcp --destination-port 25 -j DROP -m comment --comment \"ArticaInstantPostfix\""; $commands[] = $cmd; } if ($GLOBALS["VERBOSE"]) { echo count($commands) . " should be performed\n"; return; } if (is_array($commands)) { while (list($index, $line) = each($commands)) { shell_exec($line); } } $unix->send_email_events("{$c} banned addresses compiled in the SMTP Firewall", "{$c} items has been banned from 25,587,465 ports", "postfix"); progress(90, "Building rules done..."); progress(100, "Building rules done..."); }