autodrop 0.1.0

data/Rakefile

@@ -0,0 +1,75 @@
+# -*-ruby-*-
+
+FILES = [
+         'ChangeLog',
+         'Rakefile',
+         'bin/autodrop',
+         'bin/autodrop.rb',
+         'conf/autodrop.conf.default',
+         'doc/README.jp.txt',
+         'doc/README.txt',
+         'misc/autodrop.sh',
+        ]
+
+desc "Same as 'rake bin/autodrop'"
+task :default => [ "bin/autodrop" ]
+
+desc "Make bin/autodrop"
+file "bin/autodrop" do
+  sh "cp -f bin/autodrop.rb bin/autodrop"
+  sh "chmod 755 bin/autodrop"
+end
+
+desc "Do distclean"
+task :distclean => [ :clobber_package ] do
+  sh "rm -f bin/autodrop"
+end
+
+task :gem => [ "bin/autodrop" ]
+require 'rubygems'
+require 'rake/gempackagetask'
+spec = Gem::Specification.new do |s|
+  s.name = "autodrop"
+  s.version = "0.1.0"
+  s.author = "NOZAWA Hiromasa"
+  s.summary = "Automatic iptables DROP daemon"
+  s.homepage = 'http://rubyforge.org/projects/autodrop'
+  s.rubyforge_project = 'autodrop'
+  s.files = FILES
+  s.bindir = 'bin'
+  s.executables = 'autodrop'
+  s.require_path = []
+end
+Rake::GemPackageTask.new(spec) do |pkg|
+  pkg.need_zip = true
+  pkg.need_tar = true
+end
+
+#
+# for manual installation (without rubygem)
+#
+
+DEFAULT_BIN_INSTALL_DIR = '/usr/local/sbin'
+DEFAULT_CONF_INSTALL_DIR = '/etc'
+
+desc "Install (without rubygem)"
+task :install => "bin/autodrop" do
+  bin_install_dir = ENV['BIN_INSTALL_DIR']
+  bin_install_dir ||= DEFAULT_BIN_INSTALL_DIR
+  conf_install_dir = ENV['CONF_INSTALL_DIR']
+  conf_install_dir ||= DEFAULT_CONF_INSTALL_DIR
+  directory bin_install_dir
+  directory conf_install_dir
+  sh "cp -f bin/autodrop #{bin_install_dir}/autodrop"
+  sh "cp -f conf/autodrop.conf.default #{conf_install_dir}/autodrop.conf.default"
+end
+
+desc "Uninstall (without rubygem)"
+task :uninstall do
+  bin_install_dir = ENV['BIN_INSTALL_DIR']
+  bin_install_dir ||= DEFAULT_BIN_INSTALL_DIR
+  conf_install_dir = ENV['CONF_INSTALL_DIR']
+  conf_install_dir ||= DEFAULT_CONF_INSTALL_DIR
+  sh "rm -f #{bin_install_dir}/autodrop"
+  sh "rm -f #{conf_install_dir}/autodrop.conf.default"
+end

data/bin/autodrop

@@ -0,0 +1,202 @@
+#!/usr/bin/env ruby
+
+require 'optparse'
+require 'syslog'
+
+DEFAULT_CONFFILE = '/etc/autodrop.conf'
+
+$debug = false
+
+def log msg
+  if $debug
+    puts "#{Time.now}: syslog: #{msg}"
+  else
+    if Syslog.opened?
+      Syslog.info msg
+    end
+  end
+end
+
+def debug msg
+  return unless $debug
+  puts "#{Time.now}: debug: #{msg}"
+end
+
+def terminate whymsg, status = 0
+  log "terminate (#{whymsg})"
+  exit! status
+end
+
+module Autodrop
+  # { ip => Dog obj }
+  @dogs = {}
+
+  def Autodrop.house ip
+    @dogs.delete ip
+  end
+
+  def Autodrop.watch
+    log "start watching '#{WATCH_FIFO_}'"
+    loop {
+      begin
+        File.open(WATCH_FIFO_, File::RDONLY | File::NONBLOCK) { |f|
+          ready = File.select([f])
+          if ready
+            line = ready[0][0].gets
+            ip = nil
+            MESSAGES_TO_WATCH.each { |msg|
+              ip = $1 if line =~ msg
+            }
+            if ip
+              if @dogs.has_key? ip
+                @dogs[ip].bark
+              else
+                @dogs[ip] = Dog.new(ip)
+              end
+            end
+          end
+        }
+      rescue Errno::ENOENT => ex
+        log "lost FIFO '#{WATCH_FIFO_}'. exit"
+        break
+      end
+    }
+  end
+end  # Autodrop
+
+class Dog
+  def initialize ip
+    @ip = ip
+    @count = 1
+    @time = Time.now + INTERVAL
+    @thread = Thread.new {
+      debug "[#{@ip}] bark! (#{@count})"
+      loop {
+        if Time.now >= @time
+          debug "[#{@ip}] leave"
+          break
+        end
+        if @count >= COUNT_MAX
+          bite
+          break
+        end
+        debug "[#{@ip}] grrr..."
+        sleep 1
+      }
+      Autodrop.house @ip
+      debug "[#{@ip}] end"
+    }
+  end
+
+  def bark
+    @count += 1
+    @time = Time.now + INTERVAL
+    debug "[#{@ip}] bark! (#{@count})"
+  end
+
+  def bite
+    if $debug
+      log "DROP (#{@ip})"
+      return
+    end
+    if system(IPTABLES_PROGRAM, '-I', 'INPUT', '-s', @ip, '-j', 'DROP')
+      log "DROP (#{@ip})"
+    else
+      log "error (iptables fail)"
+    end
+  end
+end  # Dog
+
+### main
+
+@conffile = nil
+opts = OptionParser.new
+opts.on("-c CONFFILE", "--config CONFFILE", String, /.*/,
+        "Configuration file",
+        "(default: '#{DEFAULT_CONFFILE}')") { |conffile|
+  @conffile = conffile
+}
+opts.on("-d", "--debug", nil, nil,
+        "Debug mode",
+        "+ no daemon",
+        "+ write logs to stdout",
+        "+ watch fifo named './fifo'") { |flag|
+  $debug = true
+}
+opts.parse! ARGV
+opts = nil
+
+@conffile ||= DEFAULT_CONFFILE
+unless File.file? @conffile
+  puts "#{@conffile} does not exist."
+  exit 1
+end
+
+eval File.readlines(@conffile).join("\n")
+
+unless File.executable? IPTABLES_PROGRAM
+  puts "#{IPTABLES_PROGRAM} is not executable."
+  exit 1
+end
+
+if $debug
+  WATCH_FIFO_ = 'fifo'
+else
+  WATCH_FIFO_ = WATCH_FIFO
+  if Process.euid != 0
+    puts 'Run as root'
+    exit 1
+  end
+end
+
+begin
+  Syslog.open('autodrop', Syslog::LOG_PID|Syslog::LOG_CONS, Syslog::LOG_AUTH)
+  if $debug
+    Autodrop.watch
+  else
+    # daemonify self
+    Process.fork {
+      Process.setsid
+      Dir.chdir "/"
+      trap("SIGINT") { terminate 'SIGINT' }
+      trap("SIGTERM") { terminate 'SIGTERM' }
+      trap("SIGHUP") { terminate 'SIGHUP' }
+      STDIN.reopen "/dev/null"
+      STDOUT.reopen "/dev/null"
+      STDERR.reopen "/dev/null"
+      File.open(PIDFILE, 'w') {|f|
+        f.puts Process.pid
+      }
+      Autodrop.watch
+    }
+  end
+rescue => ex
+  log "error (#{ex}). exit"
+  exit! 1
+end
+
+# Copyright (c) 2009, NOZAWA Hiromasa. All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+#  1. Redistributions of source code must retain the above copyright
+#     notice, this list of conditions and the following disclaimer.
+#  2. Redistributions in binary form must reproduce the above
+#     copyright notice, this list of conditions and the following
+#     disclaimer in the documentation and/or other materials provided
+#     with the distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.

data/bin/autodrop.rb

@@ -0,0 +1,202 @@
+#!/usr/bin/env ruby
+
+require 'optparse'
+require 'syslog'
+
+DEFAULT_CONFFILE = '/etc/autodrop.conf'
+
+$debug = false
+
+def log msg
+  if $debug
+    puts "#{Time.now}: syslog: #{msg}"
+  else
+    if Syslog.opened?
+      Syslog.info msg
+    end
+  end
+end
+
+def debug msg
+  return unless $debug
+  puts "#{Time.now}: debug: #{msg}"
+end
+
+def terminate whymsg, status = 0
+  log "terminate (#{whymsg})"
+  exit! status
+end
+
+module Autodrop
+  # { ip => Dog obj }
+  @dogs = {}
+
+  def Autodrop.house ip
+    @dogs.delete ip
+  end
+
+  def Autodrop.watch
+    log "start watching '#{WATCH_FIFO_}'"
+    loop {
+      begin
+        File.open(WATCH_FIFO_, File::RDONLY | File::NONBLOCK) { |f|
+          ready = File.select([f])
+          if ready
+            line = ready[0][0].gets
+            ip = nil
+            MESSAGES_TO_WATCH.each { |msg|
+              ip = $1 if line =~ msg
+            }
+            if ip
+              if @dogs.has_key? ip
+                @dogs[ip].bark
+              else
+                @dogs[ip] = Dog.new(ip)
+              end
+            end
+          end
+        }
+      rescue Errno::ENOENT => ex
+        log "lost FIFO '#{WATCH_FIFO_}'. exit"
+        break
+      end
+    }
+  end
+end  # Autodrop
+
+class Dog
+  def initialize ip
+    @ip = ip
+    @count = 1
+    @time = Time.now + INTERVAL
+    @thread = Thread.new {
+      debug "[#{@ip}] bark! (#{@count})"
+      loop {
+        if Time.now >= @time
+          debug "[#{@ip}] leave"
+          break
+        end
+        if @count >= COUNT_MAX
+          bite
+          break
+        end
+        debug "[#{@ip}] grrr..."
+        sleep 1
+      }
+      Autodrop.house @ip
+      debug "[#{@ip}] end"
+    }
+  end
+
+  def bark
+    @count += 1
+    @time = Time.now + INTERVAL
+    debug "[#{@ip}] bark! (#{@count})"
+  end
+
+  def bite
+    if $debug
+      log "DROP (#{@ip})"
+      return
+    end
+    if system(IPTABLES_PROGRAM, '-I', 'INPUT', '-s', @ip, '-j', 'DROP')
+      log "DROP (#{@ip})"
+    else
+      log "error (iptables fail)"
+    end
+  end
+end  # Dog
+
+### main
+
+@conffile = nil
+opts = OptionParser.new
+opts.on("-c CONFFILE", "--config CONFFILE", String, /.*/,
+        "Configuration file",
+        "(default: '#{DEFAULT_CONFFILE}')") { |conffile|
+  @conffile = conffile
+}
+opts.on("-d", "--debug", nil, nil,
+        "Debug mode",
+        "+ no daemon",
+        "+ write logs to stdout",
+        "+ watch fifo named './fifo'") { |flag|
+  $debug = true
+}
+opts.parse! ARGV
+opts = nil
+
+@conffile ||= DEFAULT_CONFFILE
+unless File.file? @conffile
+  puts "#{@conffile} does not exist."
+  exit 1
+end
+
+eval File.readlines(@conffile).join("\n")
+
+unless File.executable? IPTABLES_PROGRAM
+  puts "#{IPTABLES_PROGRAM} is not executable."
+  exit 1
+end
+
+if $debug
+  WATCH_FIFO_ = 'fifo'
+else
+  WATCH_FIFO_ = WATCH_FIFO
+  if Process.euid != 0
+    puts 'Run as root'
+    exit 1
+  end
+end
+
+begin
+  Syslog.open('autodrop', Syslog::LOG_PID|Syslog::LOG_CONS, Syslog::LOG_AUTH)
+  if $debug
+    Autodrop.watch
+  else
+    # daemonify self
+    Process.fork {
+      Process.setsid
+      Dir.chdir "/"
+      trap("SIGINT") { terminate 'SIGINT' }
+      trap("SIGTERM") { terminate 'SIGTERM' }
+      trap("SIGHUP") { terminate 'SIGHUP' }
+      STDIN.reopen "/dev/null"
+      STDOUT.reopen "/dev/null"
+      STDERR.reopen "/dev/null"
+      File.open(PIDFILE, 'w') {|f|
+        f.puts Process.pid
+      }
+      Autodrop.watch
+    }
+  end
+rescue => ex
+  log "error (#{ex}). exit"
+  exit! 1
+end
+
+# Copyright (c) 2009, NOZAWA Hiromasa. All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+#  1. Redistributions of source code must retain the above copyright
+#     notice, this list of conditions and the following disclaimer.
+#  2. Redistributions in binary form must reproduce the above
+#     copyright notice, this list of conditions and the following
+#     disclaimer in the documentation and/or other materials provided
+#     with the distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.

data/conf/autodrop.conf.default

@@ -0,0 +1,17 @@
+# configration file for autodrop
+# -*-ruby-*-
+
+# $1 must match with an IP address
+MESSAGES_TO_WATCH =
+  [
+   # OpenSSH
+   /Invalid user [^\s]+ from (.+)/,
+   /Address (.+) maps to [^\s]+, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!/,
+  ]
+
+COUNT_MAX = 3
+INTERVAL = 10 # sec
+
+IPTABLES_PROGRAM = '/sbin/iptables'
+PIDFILE = '/var/run/autodrop.pid'
+WATCH_FIFO = '/var/log/authfifo'

data/doc/README.jp.txt

@@ -0,0 +1,164 @@
+autodrop README
+
+NOZAWA Hiromasa, Tokyo, Japan
+
+
+= 概要
+
+ホストへのしつこいアクセスを iptables で弾くデーモン。
+
+syslog のログを監視して、パターンにマッチするログを一定期間内に繰り返し
+生じさせるホストを iptables の DROP ルールでアクセス禁止にする。
+
+監視するログのパターン、ログの発生回数、発生回数のカウントを続ける期間
+を設定できる。パターンは複数設定できる。
+
+複数のログファイルをポーリングしたり stat したりせずに、単一の名前つき
+パイプを見るようになっている。このため syslogd が目的のログを名前つきパ
+イプへ吐くように設定する必要がある (syslog.conf で '|' を使う)。
+
+Ruby 製です。Ruby なので、というかスクリプト言語製なので本格的に高トラ
+フィックな環境には向かないでしょう。でもウチでは毎日々々延々と 22 番を
+叩きにくる人たちをしっかり弾いてくれるので重宝してます。なかなか重宝す
+るので公開してみます。
+
+この手のツールの常として自分を自分のホストから締め出すことも可能なので
+注意してください。
+
+
+= 必要なもの
+
+* iptables なので linux
+* syslogd
+* ruby 1.8.6 あたり
+
+
+= ライセンス
+
+BSD
+
+
+= インストール
+
+gem install したあと設定ファイルを作る必要があります。
+#! 行も必要なら書き換えてください。
+
+*1. gem install autodrop
+
+*2. cd <GEMDIR>/gems/autodrop-x.x.x/conf
+
+*3. sudo cp autodrop.conf.default /etc
+
+*6. /etc/autodrop.conf を編集
+
+
+= 使い方
+
+== 起動
+
+root で実行するようになってます。
+
+	------------------------------
+	$ sudo ruby autodrop.rb
+	------------------------------
+
+設定ファイルのデフォルトは /etc/autodrop.conf です。
+コマンドラインから指定すれば別の場所にある設定ファイルも使えます。
+
+	------------------------------
+	$ ruby autodrop.rb -c /foo/bar/autodrop.conf
+	------------------------------
+
+起動すると /var/run/autodrop.pid が作られます。
+
+== 停止
+
+	------------------------------
+	$ sudo kill `cat /var/run/autodrop.pid`
+	------------------------------
+
+== 稼働中
+
+autodrop 自身もプレフィクス `autodrop' で起動、終了、DROP の発生を
+syslog に吐きます。
+
+稼働中は iptables の INPUT テーブルに DROP ルールが溜まる一方になるので、
+たまに手でクリアすることになるかと思います。定期的にクリアするような機
+能はありません。
+
+
+= autodrop.conf
+
+どの設定も省略不可。どれも単なる ruby の定数です。
+
+* MESSAGES_TO_WATCH
+
+	監視するメッセージのパターンを正規表現で書いた配列。
+	$1 がリモートホストの IP アドレスにマッチするようにする。
+
+	------------------------------
+	MESSAGES_TO_WATCH =
+	  [
+           # OpenSSH's
+	   /Invalid user [^\s]+ from (.+)/,
+	   /Address (.+) maps to.*POSSIBLE BREAK-IN ATTEMPT!/,
+	  ]
+	------------------------------
+
+* COUNT_MAX
+
+	DROP するまでのマッチ回数。
+
+	------------------------------
+	COUNT_MAX = 3
+	------------------------------
+
+* INTERVAL
+
+	マッチしたパターン (パターンと IP アドレスの組) についてカウン
+	トをとり続ける時間。秒で指定する。
+	マッチするたびに 0 に戻る。
+
+	------------------------------
+	INTERVAL = 10
+	------------------------------
+
+* IPTABLES_PROGRAM
+
+	用いる iptables を指定する。
+
+	------------------------------
+	IPTABLES_PROGRAM = '/bin/iptables'
+	------------------------------
+
+* PIDFILE
+
+	pid ファイルのパス。
+
+	------------------------------
+	PIDFILE = '/var/run/autodrop.pid'
+	------------------------------
+
+* WATCH_FIFO
+
+	監視する名前つきパイプのパス。
+
+	------------------------------
+	WATCH_FIFO = '/var/log/authfifo'
+	------------------------------
+
+
+= 参考: syslogd の設定例
+
+パイプを作って、
+	------------------------------
+	sudo mkfifo /var/log/authfifo
+	------------------------------
+syslog.conf に登録する。
+	------------------------------
+	authpriv.*		|/var/log/authfifo
+	------------------------------
+
+「|」で名前つきパイプへの出力になる。詳しくは syslog.conf(5) で。
+
+#eof

data/doc/README.txt

@@ -0,0 +1,165 @@
+autodrop README
+
+NOZAWA Hiromasa, Tokyo Japan
+
+
+= About
+
+Autodrop is a daemon, observes syslog logs and forbid accesses from
+remote hosts who continue wrong attempt to our host like knocking port
+22 for 100,000,000 times a day.  Autodrop uses iptables(8) and named
+pipe from syslogd.
+
+Autodrop adds DROP rule into iptables' INPUT table for the remote host
+which generates log messages matched with same reguler expression more
+than specified times in specified interval.
+
+Multiple regular expression can be specified by config file.  Also
+matching count threshold and interval time to continue counting can be
+customizable.
+
+Autodrop watches a named pipe and not neither does polling nor stat(2)
+on many log files.  You need syslogd which can output logs to named
+pipe.
+
+Autodrop is written in Ruby scripting language then surely it will not
+suit for very high traffic sites.  However it works well to shut out
+port 22 knockers for my small site.
+
+Using autodrop can also shut out yourself from your host.  Be careful.
+
+
+= Requirement
+
+* linux box (for iptables)
+* syslogd (can output logs to named pipes)
+* ruby 1.8.6 or later (I have not run autodrop on other versions)
+
+
+= Licence
+
+BSD
+
+
+= Install
+
+After doing 'gem install', you need to write config file.
+Fix #! line in the script if necessary.
+
+*1. gem install autodrop
+
+*2. cd <GEMDIR>/gems/autodrop-x.x.x/conf
+
+*3. sudo cp autodrop.conf.default /etc
+
+*4. Edit /etc/autodrop.conf
+
+
+= Usage
+
+== Start
+
+	------------------------------
+	$ sudo ruby autodrop.rb
+	------------------------------
+
+Default config file is /etc/autodrop.conf .
+Another config file can be specified from command line.
+
+	------------------------------
+	$ ruby autodrop.rb -c /foo/bar/autodrop.conf
+	------------------------------
+
+== Stop
+
+	------------------------------
+	$ sudo kill `cat /var/run/autodrop.pid`
+	------------------------------
+
+== When Running
+
+Autodrop itself also outputs syslog logs with prefix 'autodrop' when
+started, stopped and each occurrences of DROP.
+
+After running autodrop, iptables's INPUT table will filled with DROP
+rules in few weeks or months but autodrop does not have ability to
+clear them.  Please do it by your hand when it required.
+
+
+= autodrop.conf
+
+All variables are not omit-able.
+These are Ruby's constant variables.
+
+* MESSAGES_TO_WATCH
+
+	Array of regular expressions.
+	Each expression must have $1 and it must match an IP address.
+
+	------------------------------
+	MESSAGES_TO_WATCH =
+	  [
+           # OpenSSH's
+	   /Invalid user [^\s]+ from (.+)/,
+	   /Address (.+) maps to.*POSSIBLE BREAK-IN ATTEMPT!/,
+	  ]
+	------------------------------
+
+* COUNT_MAX
+
+	Matching count to do DROP.
+
+	------------------------------
+	COUNT_MAX = 3
+	------------------------------
+
+* INTERVAL
+
+	Interval time to continue counting for a remote host matched
+	to a pattern.  Specify in seconds.
+	Each interval timers are reset on each matches.
+
+	------------------------------
+	INTERVAL = 10
+	------------------------------
+
+* IPTABLES_PROGRAM
+
+	iptables(8) command path.
+
+	------------------------------
+	IPTABLES_PROGRAM = '/sbin/iptables'
+	------------------------------
+
+* PIDFILE
+
+	PID file path.
+
+	------------------------------
+	PIDFILE = '/var/run/autodrop.pid'
+	------------------------------
+
+* WATCH_FIFO
+
+	Named pipe path to watch.
+
+	------------------------------
+	WATCH_FIFO = '/var/log/authfifo'
+	------------------------------
+
+
+= Example: syslogd configuration
+
+Create fifo,
+	------------------------------
+	mkfifo /var/log/authfifo
+	------------------------------
+and add it to your syslog.conf
+	------------------------------
+	authpriv.*	|/var/log/authfifo
+	------------------------------
+
+`|' means `out put logs to this pipe'.
+See your syslog.conf(5) for more details.
+
+#eof

data/misc/autodrop.sh

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+AUTODROP=/usr/local/sbin/autodrop
+CONF=/etc/autodrop.conf
+PIDFILE=/var/run/autodrop.pid
+
+case "$1" in
+    start)
+	$AUTODROP -c $CONF
+	;;
+    stop)
+	kill -TERM `cat ${PIDFILE}`
+	;;
+    *)
+	echo "usage: $0 { start | stop }" >&2
+	exit 1
+	;;
+esac

metadata

@@ -0,0 +1,61 @@
+--- !ruby/object:Gem::Specification 
+name: autodrop
+version: !ruby/object:Gem::Version 
+  version: 0.1.0
+platform: ruby
+authors: 
+- NOZAWA Hiromasa
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-05-10 00:00:00 +09:00
+default_executable: 
+dependencies: []
+
+description: 
+email: 
+executables: 
+- autodrop
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- ChangeLog
+- Rakefile
+- bin/autodrop
+- bin/autodrop.rb
+- conf/autodrop.conf.default
+- doc/README.jp.txt
+- doc/README.txt
+- misc/autodrop.sh
+has_rdoc: false
+homepage: http://rubyforge.org/projects/autodrop
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- []
+
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: autodrop
+rubygems_version: 1.3.1
+signing_key: 
+specification_version: 2
+summary: Automatic iptables DROP daemon
+test_files: []
+