ChipMaster
/
Poor-Mans-IDS
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
The Poor Man's (or Woman's) Intrusion Detection System
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21 Commits
1 Branch
133 KiB
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Poor-Mans-IDS/trafficmon/domblacklist.cpp

62 lines
1.7 KiB
Raw Permalink Blame History 

  1. //////////////////////////////////////////////////////////////////////

  2. // Dump Black Listed whole domain (*.domain.tld) entries

  3. // Written by Jonathan A. Foster <jon@jfpossibilities.com>

  4. // Started December 28th, 2021

  5. // Copyright JF Possibilities, Inc. All rights reserved.

  6. //

  7. // Read the "dns_wild" table and dump all black listed domain names as

  8. // "address" entries for a dnsmasq.conf file. This will black list the

  9. // whole domain, subdomains, hosts and all.

  10. //////////////////////////////////////////////////////////////////////

  11. #include  <string>

  12. #include  <map>

  13. #include  <iostream>

  14. #include  <stdio.h>

  15. #include  <libgen.h>

  16. 

  17. #include  "../strutil.h"

  18. #include  "appbase.h"

  19. using namespace std;

  20. 

  21. 

  22. 

  23. //////////////////////////////////////////////////////////////////////

  24. // Connection Report Generator Application Class

  25. //////////////////////////////////////////////////////////////////////

  26. 

  27. struct DomainBlackList: BlackListBaseApp {

  28. 

  29.   int main() {

  30.     cppdb::result  qry;

  31.     string         s;

  32.     int            x;

  33. 

  34.     /// SETUP & VALIDATE CLI ///

  35. 

  36.     if(x=BlackListBaseApp::main()) return x; // Parse CLI args, open conf & db

  37. 

  38.     /// Query & load data ///

  39. 

  40.     qry = db <<

  41.       "SELECT name "

  42.       "FROM dns_wild "

  43.       "WHERE status=2 " // 2 = blocked... need this doc'd somewhere...

  44.       "ORDER BY name";

  45.     while(qry.next()) {

  46.       qry >> s;

  47.       if(ipv4!="") cout << "address=/" << s << '/' << ipv4 << '\n';

  48.       if(ipv6!="") cout << "address=/" << s << '/' << ipv6 << '\n';

  49.     }

  50.     return 0;

  51.   }

  52. 

  53. };

  54. 

  55. 

  56. 

  57. //////////////////////////////////////////////////////////////////////

  58. // Lets run the report and dump it out

  59. //////////////////////////////////////////////////////////////////////

  60. 

  61. MAIN(DomainBlackList)