function compile_sshd_rules(){
include_once(dirname(__FILE__)."/ressources/class.openssh.inc");
$q=new mysql();
$iptablesClass=new iptables_chains();
$unix=new unix();
$openssh=new openssh();
$SSHDPort=$openssh->main_array["Port"];
if(!is_numeric($SSHDPort)){$SSHDPort=22;}
$iptables=$unix->find_program("iptables");
$GLOBALS["IPTABLES_WHITELISTED"]=$iptablesClass->LoadWhiteLists();
$sql="SELECT * FROM iptables WHERE disable=0 AND flux='INPUT' AND local_port=22";
$results=$q->QUERY_SQL($sql,"artica_backup");
iptables_delete_all();
if($GLOBALS["VERBOSE"]){echo "OpenSSH port is $SSHDPort\n";}
while($ligne=@mysql_fetch_array($results,MYSQL_ASSOC)){
$ip=$ligne["serverip"];
if($iptablesClass->isWhiteListed($ip)){continue;}
events("ADD REJECT {$ligne["serverip"]} INBOUND PORT 22");
ssh_events("ADD REJECT {$ligne["serverip"]} INBOUND PORT 22",__FUNCTION__,__FILE__,__LINE__);
/*if($InstantIptablesEventAll==1){
if($GLOBALS["VERBOSE"]){echo "$ip -> LOG\n";}
$cmd="$iptables -A INPUT -s $ip -p tcp --destination-port 25 -j LOG --log-prefix \"SMTP DROP: \" -m comment --comment \"ArticaInstantPostfix\"";
$commands[]=$cmd;
}*/
$cmd="$iptables -A INPUT -s $ip -p tcp --destination-port $SSHDPort -j DROP -m comment --comment \"ArticaInstantSSH\"";
$commands[]=$cmd;
}
if($GLOBALS["VERBOSE"]){echo count($commands)." should be performed\n";}
if(is_array($commands)){
while (list ($index, $line) = each ($commands) ){
writelogs($line,__FUNCTION__,__FILE__,__LINE__);
if($GLOBALS["VERBOSE"]){echo $line."\n";}
shell_exec($line);
}
$unix->send_email_events("SSHD Hack ".count($commands)." rules(s) added",null,"system");
}
}
function Compile_rules($NoPersoRules = false)
{
progress(5, "Cleaning rules");
if ($GLOBALS["VERBOSE"]) {
echo __FUNCTION__ . " line:" . __LINE__ . "\n";
}
iptables_delete_all();
$sock = new sockets();
if ($GLOBALS["VERBOSE"]) {
echo __FUNCTION__ . " line:" . __LINE__ . "\n";
}
$PostFixLimitToNets = $sock->GET_INFO("PostFixLimitToNets");
if (!is_numeric($PostFixLimitToNets)) {
$PostFixLimitToNets = 0;
}
$EnablePostfixAutoBlockWhiteListed = $sock->GET_INFO("EnablePostfixAutoBlockWhiteListed");
if (!is_numeric($EnablePostfixAutoBlockWhiteListed)) {
$EnablePostfixAutoBlockWhiteListed = 0;
}
$GlobalIptablesEnabled = $sock->GET_INFO("GlobalIptablesEnabled");
if (!is_numeric($GlobalIptablesEnabled)) {
$GlobalIptablesEnabled = 1;
}
if ($GlobalIptablesEnabled != 1) {
if ($GLOBALS["VERBOSE"]) {
echo "GlobalIptablesEnabled <> 1, aborting...\n";
}
return;
}
if (!$NoPersoRules) {
perso(true);
}
FW_PERSO_RULES();
if ($GLOBALS["VERBOSE"]) {
echo __FUNCTION__ . " line:" . __LINE__ . "\n";
}
if ($EnablePostfixAutoBlockWhiteListed == 1) {
Compile_rules_whitelist();
}
if ($GLOBALS["VERBOSE"]) {
echo "FW_NGINX_RULES\n\n";
}
FW_NGINX_RULES(true);
FW_SPAMHAUS_RULES(true);
if ($PostFixLimitToNets == 1) {
Compile_rules_postfix_limitToNets();
return;
}
$unix = new unix();
$iptables = $unix->find_program("iptables");
$sock = new sockets();
if ($GLOBALS["VERBOSE"]) {
echo __FUNCTION__ . " line:" . __LINE__ . "\n";
}
$iptablesClass = new iptables_chains();
if ($GLOBALS["VERBOSE"]) {
echo __FUNCTION__ . " line:" . __LINE__ . "\n";
}
$InstantIptablesEventAll = $sock->GET_INFO("InstantIptablesEventAll");
if (!is_numeric($InstantIptablesEventAll)) {
$InstantIptablesEventAll = 1;
}
if ($GLOBALS["VERBOSE"]) {
echo "InstantIptablesEventAll={$InstantIptablesEventAll}\n";
}
if ($GLOBALS["EnablePostfixAutoBlock"] != 1) {
progress(100, "Building rules done...");
return;
}
events("Query iptables rules from mysql");
progress(10, "Query rules");
progress(25, "Building logging rules");
$sql = "SELECT * FROM iptables WHERE disable=0 AND flux='INPUT' and log=1 AND allow=0 AND local_port=25";
if ($GLOBALS["VERBOSE"]) {
echo $sql . "\n";
}
$q = new mysql();
$results = $q->QUERY_SQL($sql, "artica_backup");
$GLOBALS["IPTABLES_WHITELISTED"] = $iptablesClass->LoadWhiteLists();
while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) {
$ip = $ligne["serverip"];
if ($iptablesClass->isWhiteListed($ip)) {
if ($GLOBALS["VERBOSE"]) {
echo "{$ip} is whitelisted\n";
}
continue;
}
events("LOG {$ligne["serverip"]} REJECT INBOUND PORT 25");
progress(35, "Building logging rules for {$ip}");
$cmd = "{$iptables} -A INPUT -s {$ip} -p tcp --destination-port 25 -j LOG --log-prefix \"SMTP DROP: \" -m comment --comment \"ArticaInstantPostfix\"";
$commands[] = $cmd;
}
progress(40, "Building rules...");
$c = 0;
$sql = "SELECT * FROM iptables WHERE disable=0 AND flux='INPUT' AND allow=0 AND local_port=25";
if ($GLOBALS["VERBOSE"]) {
echo $sql . "\n";
}
$results = $q->QUERY_SQL($sql, "artica_backup");
progress(55, "Building rules...");
while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) {
$ip = $ligne["serverip"];
if ($iptablesClass->isWhiteListed($ip)) {
continue;
}
$c++;
events("ADD REJECT {$ligne["serverip"]} INBOUND PORT 25");
progress(60, "Building rules for {$ip}...");
if ($InstantIptablesEventAll == 1) {
if ($GLOBALS["VERBOSE"]) {
echo "{$ip} -> LOG\n";
}
$cmd = "{$iptables} -A INPUT -s {$ip} -p tcp --destination-port 25 -j LOG --log-prefix \"SMTP DROP: \" -m comment --comment \"ArticaInstantPostfix\"";
$commands[] = $cmd;
}
$cmd = "{$iptables} -A INPUT -s {$ip} -p tcp --destination-port 25 -j DROP -m comment --comment \"ArticaInstantPostfix\"";
$commands[] = $cmd;
}
if ($GLOBALS["VERBOSE"]) {
echo count($commands) . " should be performed\n";
return;
}
if (is_array($commands)) {
while (list($index, $line) = each($commands)) {
shell_exec($line);
}
}
$unix->send_email_events("{$c} banned addresses compiled in the SMTP Firewall", "{$c} items has been banned from 25,587,465 ports", "postfix");
progress(90, "Building rules done...");
progress(100, "Building rules done...");
$nohup = $unix->find_program("nohup");
$cachefile = "/etc/artica-postfix/IPTABLES_INPUT";
shell_exec("{$nohup} {$iptables} -L --line-numbers -n >{$cachefile} 2>&1 &");
}
function Compile_rules()
{
progress(5, "Cleaning rules");
iptables_delete_all();
$sock = new sockets();
$EnablePostfixAutoBlockWhiteListed = $sock->GET_INFO("EnablePostfixAutoBlockWhiteListed");
if (!is_numeric($EnablePostfixAutoBlockWhiteListed)) {
$EnablePostfixAutoBlockWhiteListed = 0;
}
if ($EnablePostfixAutoBlockWhiteListed == 1) {
Compile_rules_whitelist();
return;
}
$unix = new unix();
$iptables = $unix->find_program("iptables");
$sock = new sockets();
$iptablesClass = new iptables_chains();
$InstantIptablesEventAll = $sock->GET_INFO("InstantIptablesEventAll");
if (!is_numeric($InstantIptablesEventAll)) {
$InstantIptablesEventAll = 1;
}
if ($GLOBALS["VERBOSE"]) {
echo "InstantIptablesEventAll={$InstantIptablesEventAll}\n";
}
if ($GLOBALS["EnablePostfixAutoBlock"] != 1) {
progress(100, "Building rules done...");
return;
}
events("Query iptables rules from mysql");
progress(10, "Query rules");
progress(25, "Building logging rules");
$sql = "SELECT * FROM iptables WHERE disable=0 AND flux='INPUT' and log=1 AND local_port=25";
$q = new mysql();
$results = $q->QUERY_SQL($sql, "artica_backup");
$GLOBALS["IPTABLES_WHITELISTED"] = $iptablesClass->LoadWhiteLists();
while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) {
$ip = $ligne["serverip"];
if ($iptablesClass->isWhiteListed($ip)) {
continue;
}
events("LOG {$ligne["serverip"]} REJECT INBOUND PORT 25");
progress(35, "Building logging rules for {$ip}");
$cmd = "{$iptables} -A INPUT -s {$ip} -p tcp --destination-port 25 -j LOG --log-prefix \"SMTP DROP: \" -m comment --comment \"ArticaInstantPostfix\"";
$commands[] = $cmd;
}
progress(40, "Building rules...");
$c = 0;
$sql = "SELECT * FROM iptables WHERE disable=0 AND flux='INPUT' AND local_port=25";
$results = $q->QUERY_SQL($sql, "artica_backup");
progress(55, "Building rules...");
while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) {
$ip = $ligne["serverip"];
if ($iptablesClass->isWhiteListed($ip)) {
continue;
}
$c++;
events("ADD REJECT {$ligne["serverip"]} INBOUND PORT 25");
progress(60, "Building rules for {$ip}...");
if ($InstantIptablesEventAll == 1) {
if ($GLOBALS["VERBOSE"]) {
echo "{$ip} -> LOG\n";
}
$cmd = "{$iptables} -A INPUT -s {$ip} -p tcp --destination-port 25 -j LOG --log-prefix \"SMTP DROP: \" -m comment --comment \"ArticaInstantPostfix\"";
$commands[] = $cmd;
}
$cmd = "{$iptables} -A INPUT -s {$ip} -p tcp --destination-port 25 -j DROP -m comment --comment \"ArticaInstantPostfix\"";
$commands[] = $cmd;
}
if ($GLOBALS["VERBOSE"]) {
echo count($commands) . " should be performed\n";
return;
}
if (is_array($commands)) {
while (list($index, $line) = each($commands)) {
shell_exec($line);
}
}
$unix->send_email_events("{$c} banned addresses compiled in the SMTP Firewall", "{$c} items has been banned from 25,587,465 ports", "postfix");
progress(90, "Building rules done...");
progress(100, "Building rules done...");
}
