block 0.0.7

data/README.rdoc

@@ -0,0 +1,6 @@
+= block
+
+Describe your project here
+
+:include:block.rdoc
+

data/bin/block

@@ -0,0 +1,74 @@
+#!/usr/bin/env ruby
+require 'gli'
+require 'block'
+
+include GLI::App
+
+$redis = Redis.new
+
+program_desc 'Ruby Gem to block IP addresses that are requesting URLs you determine are bad.'
+
+version Block::VERSION
+
+desc 'The searches - separated by commas.'
+arg_name 'passwd,acunetrix'
+flag [:s,:search]
+
+desc 'The filename to watch'
+arg_name 'filename.txt'
+flag [:f,:file]
+
+desc 'Redis server location'
+arg_name '127.0.0.1:6379'
+default_value '127.0.0.1:6379'
+flag [:r,:redis]
+
+desc 'Expiry time in seconds'
+arg_name '10'
+default_value 10
+flag [:e,:expiry]
+
+desc 'Block threshold number'
+arg_name '30'
+default_value 30
+flag [:t,:threshold]
+
+desc 'Disable adding firewall rules'
+switch [:d,:disable]
+
+pre do |global,command,options,args|
+  # Make sure there's a file.
+  file = check_for_file(global)
+
+  # Make sure we have searches
+  searches = check_for_searches(global)
+  
+  # Make sure redis is available.
+  redis = check_for_redis
+end
+
+desc 'Watch and (optionally) block bad IP addresses'
+command :watch do |c|
+  c.action do |global,options,args|
+    puts "Starting to tail: #{global[:file]}"
+    $search = global[:search].split(',')
+    $options = global
+    EventMachine.run do
+      EventMachine::file_tail(global[:file], Reader)
+    end
+  end
+end
+
+post do |global,command,options,args|
+  # Post logic here
+  # Use skips_post before a command to skip this
+  # block on that command only
+end
+
+on_error do |exception|
+  # Error logic here
+  # return false to skip default error handling
+  true
+end
+
+exit run(ARGV)

data/block.rdoc

@@ -0,0 +1,5 @@
+= block
+
+Generate this with
+    block rdoc
+After you have described your command line interface

data/lib/block.rb

@@ -0,0 +1,37 @@
+require 'block/version.rb'
+require 'block/reader.rb'
+require 'redis'
+
+# Add requires for other files you add to your project here, so
+# you just need to require this one file in your bin file
+
+def check_for_redis
+  begin
+    $redis.ping
+    true
+  rescue
+    help_now!("######### WARNING: Redis needs to be running. #########")
+    false
+  end
+end
+
+def check_for_file(args)
+  if args[:file].nil?
+    help_now!("Need a filename.") 
+  else
+    file = File.join(Dir.pwd,args[:file])
+    if File.exist?(file)
+      true
+    else
+      help_now!("File needs to exist.") 
+    end
+  end
+end
+
+def check_for_searches(args)
+  if args[:search].nil?
+    help_now!("Need some searches - separated by commas.") 
+  else
+    true
+  end
+end

data/lib/block/reader.rb

@@ -0,0 +1,45 @@
+require 'eventmachine'
+require 'eventmachine-tail'
+
+class Reader < EventMachine::FileTail
+  def initialize(path, startpos=-1)
+    super(path, startpos)
+    @buffer = BufferedTokenizer.new
+  end
+  
+  def log_search(line, pattern)
+    if line.split(' ').grep(/#{pattern}/).length > 0
+      array = line.split(" ")
+      count = $redis.incr array.first.to_s
+      $redis.expire array.first.to_s, $options[:expiry]
+      puts "\nIP: #{array.first.to_s} on #{pattern} (#{count})"
+      if (count > $options[:threshold])
+        firewall(array.first.to_s)
+      end
+    else
+      print "."
+    end
+  end
+
+  def receive_data(data)
+    @buffer.extract(data).each do |line|
+      $search.each do |search|
+        log_search(line, "#{search}")
+      end
+    end
+  end
+
+  def firewall(ip)
+    if ($redis.sismember "ips", "#{ip}")
+      puts "Already firewalled"
+    else
+      unless ($options[:disable] == true)
+        puts "Firewalling: #{ip}"
+        system "/sbin/iptables -I INPUT -s #{ip} -j DROP"
+        $redis.sadd "ips", "#{ip}"
+      else
+        puts "Adding rules disabled for: #{ip}"
+      end
+    end
+   end
+ end

data/lib/block/version.rb

@@ -0,0 +1,3 @@
+module Block
+  VERSION = '0.0.7'
+end

metadata

@@ -0,0 +1,188 @@
+--- !ruby/object:Gem::Specification
+name: block
+version: !ruby/object:Gem::Version
+  version: 0.0.7
+  prerelease: 
+platform: ruby
+authors:
+- Darron Froese
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-02-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aruba
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: foreman
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: gli
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.5.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.5.4
+- !ruby/object:Gem::Dependency
+  name: redis
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: eventmachine
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+- !ruby/object:Gem::Dependency
+  name: eventmachine-tail
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.6.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.6.4
+description: 
+email: darron@froese.org
+executables:
+- block
+extensions: []
+extra_rdoc_files:
+- README.rdoc
+- block.rdoc
+files:
+- bin/block
+- lib/block/version.rb
+- lib/block/reader.rb
+- lib/block.rb
+- README.rdoc
+- block.rdoc
+homepage: http://darron.froese.org
+licenses: []
+post_install_message: 
+rdoc_options:
+- --title
+- block
+- --main
+- README.rdoc
+- -ri
+require_paths:
+- lib
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: Ruby Gem to block IP addresses that are requesting URLs you determine are
+  bad.
+test_files: []