ChipMaster
/
Poor-Mans-IDS
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

*NEW* "impblack" tool 

This imports a hosts file formatted list of host names and sets them
as blocked in the DB. The packageing was updated to reflect this tool.
master
Jon Foster 2 years ago
parent
ddca2693c4
commit
aea34081c0
4 changed files with 96 additions and 3 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +3
    -0
      .gitignore
  2. +6
    -3
      Makefile
  3. +10
    -0
      poorman-ids.dpak
  4. +77
    -0
      trafficmon/impblack.cpp

+ 3
- 0
.gitignore View File

@@ -4,6 +4,9 @@
/log
/README.html
/trafficmon/badtrafficrpt
/trafficmon/dnsblacklist
/trafficmon/domblacklist
/trafficmon/impblack
/trafficmon/trafficmon
/controlpanel/trafficctrl



+ 6
- 3
Makefile View File

@@ -5,7 +5,7 @@
### Program Targets ###

.PHONY: all controlpanel/trafficctrl
all: iptraffic trafficmon/badtrafficrpt trafficmon/dnsblacklist trafficmon/domblacklist trafficmon/trafficmon controlpanel/trafficctrl
all: iptraffic trafficmon/badtrafficrpt trafficmon/dnsblacklist trafficmon/domblacklist trafficmon/impblack trafficmon/trafficmon controlpanel/trafficctrl

controlpanel/trafficctrl:
cd controlpanel && make trafficctrl
@@ -22,11 +22,13 @@ trafficmon/dnsblacklist: trafficmon/dnsblacklist.cpp cli.o miniini.o strutil.o t
trafficmon/domblacklist: trafficmon/domblacklist.cpp cli.o miniini.o strutil.o trafficmon/appbase.o
g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb

trafficmon/impblack: trafficmon/impblack.cpp strutil.o cli.o miniini.o trafficmon/appbase.o
g++ $O -o $@ $@.cpp strutil.o cli.o miniini.o trafficmon/appbase.o -lcppdb

trafficmon/trafficmon: trafficmon/trafficmon.cpp strutil.o data.o config.o cli.o miniini.o trafficmon/appbase.o
g++ $O -o $@ $@.cpp strutil.o data.o config.o cli.o miniini.o trafficmon/appbase.o -lcppdb



### Libs ###

cli.o: cli.cpp cli.h
@@ -55,6 +57,7 @@ trafficmon/appbase.o: trafficmon/appbase.cpp trafficmon/appbase.h cli.o miniini.
clean:
rm *.o */*.o || true
distclean: clean
rm iptraffic trafficmon/trafficmon trafficmon/badtrafficrpt trafficmon/dnsblacklist trafficmon/domblacklist || true
rm iptraffic trafficmon/trafficmon trafficmon/badtrafficrpt || true
rm trafficmon/dnsblacklist trafficmon/domblacklist trafficmon/impblack || true
rm *.deb || true
cd controlpanel && make distclean

+ 10
- 0
poorman-ids.dpak View File

@@ -13,6 +13,15 @@ Copyright: .
Origin: JFP
Packaged-For: JF Possibilities, Inc.
changelog:
(0.7-1j) unstable; urgency=low
.
** This is an alpha release **
.
* Improve CNAME handling to handle multiple depths
* *NEW* simple tool to import a hosts like file as a black list.
.
-- Jon Foster <jon@jfpossibilities.com> Mon, 21 Mar 2022 14:56:19 -0700
.
(0.6-1j) unstable; urgency=low
.
** This is an alpha release **
@@ -96,6 +105,7 @@ Description: .
Install: sh
dpak install -sbin iptraffic trafficmon/trafficmon trafficmon/badtrafficrpt
dpak install -sbin trafficmon/dnsblacklist trafficmon/domblacklist
dpak install -sbin trafficmon/impblack
dpak install -sbin controlpanel/trafficctrl
dpak strip
dpak install -conf -subdir poorman-ids sample.conf controlpanel/sample.js


+ 77
- 0
trafficmon/impblack.cpp View File

@@ -0,0 +1,77 @@
//////////////////////////////////////////////////////////////////////
// Import "hosts" file as a black list
// Written by Jonathan A. Foster <ChipMaster@YeOlPiShack.net>
// Started March 23rd, 2022
//
// We want to read a file formatted as /etc/hosts and add all names
// listed in it to the "dns" table as a "block" (status=2).
//////////////////////////////////////////////////////////////////////
#include <iostream>
#include <fstream>
#include <stdexcept>
#include "../strutil.h"
#include "appbase.h"



struct BlakcImpApp: public TrafficMonBaseApp {
int lnct;
int impct;
int cli_pass;


virtual void do_switch_arg(const char *sw, const std::string &val) {
// handle switches on pass 0
if(!cli_pass) TrafficMonBaseApp::do_switch_arg(sw, val);
}
virtual void do_arg(const char *fname) {
int x;
std::string s;
std::ifstream hosts(fname);
cppdb::statement q;

if(!cli_pass) return; // postpone until pass 1 (2)
if(!db.is_open())
throw CLIerror("You must specify a configuration file first");
q = db <<
"INSERT INTO dns (name,status,note) VALUES (?,2,'import from black list')";
while(std::getline(hosts, s)) {
s = trim(s);
if(s=="" || s[0]=='#') continue;
for(x=0; x<s.size() && s[x]>' '; x++);
s=trim(s.substr(x));
if(s=="") continue;

// TODO: more than one host on a line
lnct++;
q.reset();
try {
q << s << cppdb::exec;
impct+=q.affected();
} catch(const std::exception &e) {
std::cerr << e.what() << std::endl;
}
}
}



int main() {
int x;
cli_pass = lnct = impct = 0;
if(x=TrafficMonBaseApp::main()) return x;
++cli_pass;
x=TrafficMonBaseApp::main();
std::cout << "Records: " << lnct << " imports: " << impct << '\n';
return x;
}
};


MAIN(BlakcImpApp)

Write Preview
Loading…
Cancel
Save