block 0.0.7
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +6 -0
- data/bin/block +74 -0
- data/block.rdoc +5 -0
- data/lib/block.rb +37 -0
- data/lib/block/reader.rb +45 -0
- data/lib/block/version.rb +3 -0
- metadata +188 -0
data/README.rdoc
ADDED
data/bin/block
ADDED
@@ -0,0 +1,74 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
require 'gli'
|
3
|
+
require 'block'
|
4
|
+
|
5
|
+
include GLI::App
|
6
|
+
|
7
|
+
$redis = Redis.new
|
8
|
+
|
9
|
+
program_desc 'Ruby Gem to block IP addresses that are requesting URLs you determine are bad.'
|
10
|
+
|
11
|
+
version Block::VERSION
|
12
|
+
|
13
|
+
desc 'The searches - separated by commas.'
|
14
|
+
arg_name 'passwd,acunetrix'
|
15
|
+
flag [:s,:search]
|
16
|
+
|
17
|
+
desc 'The filename to watch'
|
18
|
+
arg_name 'filename.txt'
|
19
|
+
flag [:f,:file]
|
20
|
+
|
21
|
+
desc 'Redis server location'
|
22
|
+
arg_name '127.0.0.1:6379'
|
23
|
+
default_value '127.0.0.1:6379'
|
24
|
+
flag [:r,:redis]
|
25
|
+
|
26
|
+
desc 'Expiry time in seconds'
|
27
|
+
arg_name '10'
|
28
|
+
default_value 10
|
29
|
+
flag [:e,:expiry]
|
30
|
+
|
31
|
+
desc 'Block threshold number'
|
32
|
+
arg_name '30'
|
33
|
+
default_value 30
|
34
|
+
flag [:t,:threshold]
|
35
|
+
|
36
|
+
desc 'Disable adding firewall rules'
|
37
|
+
switch [:d,:disable]
|
38
|
+
|
39
|
+
pre do |global,command,options,args|
|
40
|
+
# Make sure there's a file.
|
41
|
+
file = check_for_file(global)
|
42
|
+
|
43
|
+
# Make sure we have searches
|
44
|
+
searches = check_for_searches(global)
|
45
|
+
|
46
|
+
# Make sure redis is available.
|
47
|
+
redis = check_for_redis
|
48
|
+
end
|
49
|
+
|
50
|
+
desc 'Watch and (optionally) block bad IP addresses'
|
51
|
+
command :watch do |c|
|
52
|
+
c.action do |global,options,args|
|
53
|
+
puts "Starting to tail: #{global[:file]}"
|
54
|
+
$search = global[:search].split(',')
|
55
|
+
$options = global
|
56
|
+
EventMachine.run do
|
57
|
+
EventMachine::file_tail(global[:file], Reader)
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
post do |global,command,options,args|
|
63
|
+
# Post logic here
|
64
|
+
# Use skips_post before a command to skip this
|
65
|
+
# block on that command only
|
66
|
+
end
|
67
|
+
|
68
|
+
on_error do |exception|
|
69
|
+
# Error logic here
|
70
|
+
# return false to skip default error handling
|
71
|
+
true
|
72
|
+
end
|
73
|
+
|
74
|
+
exit run(ARGV)
|
data/block.rdoc
ADDED
data/lib/block.rb
ADDED
@@ -0,0 +1,37 @@
|
|
1
|
+
require 'block/version.rb'
|
2
|
+
require 'block/reader.rb'
|
3
|
+
require 'redis'
|
4
|
+
|
5
|
+
# Add requires for other files you add to your project here, so
|
6
|
+
# you just need to require this one file in your bin file
|
7
|
+
|
8
|
+
def check_for_redis
|
9
|
+
begin
|
10
|
+
$redis.ping
|
11
|
+
true
|
12
|
+
rescue
|
13
|
+
help_now!("######### WARNING: Redis needs to be running. #########")
|
14
|
+
false
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
def check_for_file(args)
|
19
|
+
if args[:file].nil?
|
20
|
+
help_now!("Need a filename.")
|
21
|
+
else
|
22
|
+
file = File.join(Dir.pwd,args[:file])
|
23
|
+
if File.exist?(file)
|
24
|
+
true
|
25
|
+
else
|
26
|
+
help_now!("File needs to exist.")
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
def check_for_searches(args)
|
32
|
+
if args[:search].nil?
|
33
|
+
help_now!("Need some searches - separated by commas.")
|
34
|
+
else
|
35
|
+
true
|
36
|
+
end
|
37
|
+
end
|
data/lib/block/reader.rb
ADDED
@@ -0,0 +1,45 @@
|
|
1
|
+
require 'eventmachine'
|
2
|
+
require 'eventmachine-tail'
|
3
|
+
|
4
|
+
class Reader < EventMachine::FileTail
|
5
|
+
def initialize(path, startpos=-1)
|
6
|
+
super(path, startpos)
|
7
|
+
@buffer = BufferedTokenizer.new
|
8
|
+
end
|
9
|
+
|
10
|
+
def log_search(line, pattern)
|
11
|
+
if line.split(' ').grep(/#{pattern}/).length > 0
|
12
|
+
array = line.split(" ")
|
13
|
+
count = $redis.incr array.first.to_s
|
14
|
+
$redis.expire array.first.to_s, $options[:expiry]
|
15
|
+
puts "\nIP: #{array.first.to_s} on #{pattern} (#{count})"
|
16
|
+
if (count > $options[:threshold])
|
17
|
+
firewall(array.first.to_s)
|
18
|
+
end
|
19
|
+
else
|
20
|
+
print "."
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
def receive_data(data)
|
25
|
+
@buffer.extract(data).each do |line|
|
26
|
+
$search.each do |search|
|
27
|
+
log_search(line, "#{search}")
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
def firewall(ip)
|
33
|
+
if ($redis.sismember "ips", "#{ip}")
|
34
|
+
puts "Already firewalled"
|
35
|
+
else
|
36
|
+
unless ($options[:disable] == true)
|
37
|
+
puts "Firewalling: #{ip}"
|
38
|
+
system "/sbin/iptables -I INPUT -s #{ip} -j DROP"
|
39
|
+
$redis.sadd "ips", "#{ip}"
|
40
|
+
else
|
41
|
+
puts "Adding rules disabled for: #{ip}"
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
metadata
ADDED
@@ -0,0 +1,188 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: block
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.7
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Darron Froese
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2013-02-21 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: rake
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ! '>='
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '0'
|
22
|
+
type: :development
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ! '>='
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '0'
|
30
|
+
- !ruby/object:Gem::Dependency
|
31
|
+
name: rdoc
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
33
|
+
none: false
|
34
|
+
requirements:
|
35
|
+
- - ! '>='
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: '0'
|
38
|
+
type: :development
|
39
|
+
prerelease: false
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
42
|
+
requirements:
|
43
|
+
- - ! '>='
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
version: '0'
|
46
|
+
- !ruby/object:Gem::Dependency
|
47
|
+
name: aruba
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
49
|
+
none: false
|
50
|
+
requirements:
|
51
|
+
- - ! '>='
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '0'
|
54
|
+
type: :development
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
none: false
|
58
|
+
requirements:
|
59
|
+
- - ! '>='
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
- !ruby/object:Gem::Dependency
|
63
|
+
name: foreman
|
64
|
+
requirement: !ruby/object:Gem::Requirement
|
65
|
+
none: false
|
66
|
+
requirements:
|
67
|
+
- - ! '>='
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '0'
|
70
|
+
type: :development
|
71
|
+
prerelease: false
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
73
|
+
none: false
|
74
|
+
requirements:
|
75
|
+
- - ! '>='
|
76
|
+
- !ruby/object:Gem::Version
|
77
|
+
version: '0'
|
78
|
+
- !ruby/object:Gem::Dependency
|
79
|
+
name: gli
|
80
|
+
requirement: !ruby/object:Gem::Requirement
|
81
|
+
none: false
|
82
|
+
requirements:
|
83
|
+
- - '='
|
84
|
+
- !ruby/object:Gem::Version
|
85
|
+
version: 2.5.4
|
86
|
+
type: :runtime
|
87
|
+
prerelease: false
|
88
|
+
version_requirements: !ruby/object:Gem::Requirement
|
89
|
+
none: false
|
90
|
+
requirements:
|
91
|
+
- - '='
|
92
|
+
- !ruby/object:Gem::Version
|
93
|
+
version: 2.5.4
|
94
|
+
- !ruby/object:Gem::Dependency
|
95
|
+
name: redis
|
96
|
+
requirement: !ruby/object:Gem::Requirement
|
97
|
+
none: false
|
98
|
+
requirements:
|
99
|
+
- - ~>
|
100
|
+
- !ruby/object:Gem::Version
|
101
|
+
version: 3.0.0
|
102
|
+
type: :runtime
|
103
|
+
prerelease: false
|
104
|
+
version_requirements: !ruby/object:Gem::Requirement
|
105
|
+
none: false
|
106
|
+
requirements:
|
107
|
+
- - ~>
|
108
|
+
- !ruby/object:Gem::Version
|
109
|
+
version: 3.0.0
|
110
|
+
- !ruby/object:Gem::Dependency
|
111
|
+
name: eventmachine
|
112
|
+
requirement: !ruby/object:Gem::Requirement
|
113
|
+
none: false
|
114
|
+
requirements:
|
115
|
+
- - ! '>='
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: 1.0.0
|
118
|
+
type: :runtime
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
none: false
|
122
|
+
requirements:
|
123
|
+
- - ! '>='
|
124
|
+
- !ruby/object:Gem::Version
|
125
|
+
version: 1.0.0
|
126
|
+
- !ruby/object:Gem::Dependency
|
127
|
+
name: eventmachine-tail
|
128
|
+
requirement: !ruby/object:Gem::Requirement
|
129
|
+
none: false
|
130
|
+
requirements:
|
131
|
+
- - ~>
|
132
|
+
- !ruby/object:Gem::Version
|
133
|
+
version: 0.6.4
|
134
|
+
type: :runtime
|
135
|
+
prerelease: false
|
136
|
+
version_requirements: !ruby/object:Gem::Requirement
|
137
|
+
none: false
|
138
|
+
requirements:
|
139
|
+
- - ~>
|
140
|
+
- !ruby/object:Gem::Version
|
141
|
+
version: 0.6.4
|
142
|
+
description:
|
143
|
+
email: darron@froese.org
|
144
|
+
executables:
|
145
|
+
- block
|
146
|
+
extensions: []
|
147
|
+
extra_rdoc_files:
|
148
|
+
- README.rdoc
|
149
|
+
- block.rdoc
|
150
|
+
files:
|
151
|
+
- bin/block
|
152
|
+
- lib/block/version.rb
|
153
|
+
- lib/block/reader.rb
|
154
|
+
- lib/block.rb
|
155
|
+
- README.rdoc
|
156
|
+
- block.rdoc
|
157
|
+
homepage: http://darron.froese.org
|
158
|
+
licenses: []
|
159
|
+
post_install_message:
|
160
|
+
rdoc_options:
|
161
|
+
- --title
|
162
|
+
- block
|
163
|
+
- --main
|
164
|
+
- README.rdoc
|
165
|
+
- -ri
|
166
|
+
require_paths:
|
167
|
+
- lib
|
168
|
+
- lib
|
169
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
170
|
+
none: false
|
171
|
+
requirements:
|
172
|
+
- - ! '>='
|
173
|
+
- !ruby/object:Gem::Version
|
174
|
+
version: '0'
|
175
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
176
|
+
none: false
|
177
|
+
requirements:
|
178
|
+
- - ! '>='
|
179
|
+
- !ruby/object:Gem::Version
|
180
|
+
version: '0'
|
181
|
+
requirements: []
|
182
|
+
rubyforge_project:
|
183
|
+
rubygems_version: 1.8.23
|
184
|
+
signing_key:
|
185
|
+
specification_version: 3
|
186
|
+
summary: Ruby Gem to block IP addresses that are requesting URLs you determine are
|
187
|
+
bad.
|
188
|
+
test_files: []
|