dev #1
@ -18,3 +18,8 @@ This way attacker will be entertained for some time... :D
|
||||
## Configure
|
||||
Read config.toml and adapt it to your preferences. Keep in mind that for docker
|
||||
use you want to keep log_file="CONSOLE".
|
||||
|
||||
## Action Script
|
||||
You can configure action script by adding it to config.toml.
|
||||
When a new suspicious IP address is detected, the script will be executed. See
|
||||
action_script.sh for an example.
|
||||
|
18
action_script.sh
Executable file
18
action_script.sh
Executable file
@ -0,0 +1,18 @@
|
||||
#!/bin/sh
|
||||
# Script to run when a new suspicious IP address is detected.
|
||||
|
||||
# Example for Linux:
|
||||
# iptables -I INPUT -s $1 -j DROP
|
||||
#
|
||||
# Example for OpenBSD:
|
||||
# Having a table in pf.conf:
|
||||
# table <blacklist> persist file "/etc/blacklist"
|
||||
# block drop in quick from <blacklist> to any
|
||||
# then add/delete dinamically:
|
||||
# pfctl -t badhosts -T add $1
|
||||
# pfctl -t badhosts -T delete $1
|
||||
|
||||
# Example for "debugging":
|
||||
echo $1 > /tmp/foo
|
||||
|
||||
|
@ -17,3 +17,7 @@ delay = 1500
|
||||
|
||||
[sqlite]
|
||||
location = "tarpit.db"
|
||||
|
||||
[action]
|
||||
# path to action script, remember give it execution permission
|
||||
script = "./action_script.sh"
|
||||
|
@ -5,7 +5,8 @@ struct ConfigToml {
|
||||
listen: Option<ConfigTomlListen>,
|
||||
log: Option<ConfigTomlLog>,
|
||||
tarpit: Option<ConfigTomlTarpit>,
|
||||
sqlite: Option<ConfigTomlSqlite>
|
||||
sqlite: Option<ConfigTomlSqlite>,
|
||||
action: Option<ConfigTomlAction>,
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug)]
|
||||
@ -30,6 +31,11 @@ struct ConfigTomlSqlite {
|
||||
location: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug)]
|
||||
struct ConfigTomlAction {
|
||||
script: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug)]
|
||||
pub struct Config {
|
||||
pub bind_addr: String,
|
||||
@ -37,7 +43,8 @@ pub struct Config {
|
||||
pub log_file: String,
|
||||
pub log_level: String,
|
||||
pub delay: u64,
|
||||
pub database_location: String
|
||||
pub database_location: String,
|
||||
pub action_script: String
|
||||
}
|
||||
|
||||
impl Config {
|
||||
@ -65,7 +72,8 @@ impl Config {
|
||||
listen: None,
|
||||
log: None,
|
||||
tarpit: None,
|
||||
sqlite: None
|
||||
sqlite: None,
|
||||
action: None
|
||||
}
|
||||
});
|
||||
|
||||
@ -95,13 +103,19 @@ impl Config {
|
||||
None => "./tarpit.db".to_owned()
|
||||
};
|
||||
|
||||
let action_script = match config_toml.action {
|
||||
Some(ConfigTomlAction { script }) => script.unwrap_or("".to_owned()),
|
||||
None => "".to_owned()
|
||||
};
|
||||
|
||||
Config {
|
||||
bind_addr,
|
||||
bind_port,
|
||||
log_file,
|
||||
log_level,
|
||||
delay,
|
||||
database_location
|
||||
database_location,
|
||||
action_script
|
||||
}
|
||||
}
|
||||
}
|
||||
|
10
src/main.rs
10
src/main.rs
@ -25,6 +25,7 @@ use log4rs::append::console::ConsoleAppender;
|
||||
use log4rs::config::{Appender, Config, Root};
|
||||
use log4rs::encode::pattern::PatternEncoder;
|
||||
use rusqlite::Connection;
|
||||
use std::process::Command;
|
||||
|
||||
struct Server {
|
||||
socket: UdpSocket,
|
||||
@ -62,7 +63,14 @@ impl Server {
|
||||
log::info!("Suspicious peer: {}", peer.ip());
|
||||
match add_suspicious(&db_con, str_peer_ip.as_str()) {
|
||||
Ok(_) => {
|
||||
// TODO: launch action script
|
||||
// launch action script
|
||||
let output = Command::new(config.action_script.to_owned())
|
||||
.arg(str_peer_ip.as_str())
|
||||
.output();
|
||||
match output {
|
||||
Ok(_) => log::info!("Action script executed"),
|
||||
Err(e) => log::info!("Error executing action script {}", e)
|
||||
}
|
||||
},
|
||||
Err(_) => return Err(io::Error::new(io::ErrorKind::Other, "Error adding suspicious peer to database")),
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user