77 lines
1.9 KiB
Python
77 lines
1.9 KiB
Python
#!/usr/bin/python3
|
|
|
|
# simple ip blackhole list :)
|
|
# afx Nov 2016
|
|
#
|
|
# requires Pygtail
|
|
# should be installed to iptables filtered machine with DROP and LOG policy
|
|
# the idea is that any traffic coming to this serviceless machine can be assumed
|
|
# as bad and then listed for further processing
|
|
|
|
from pygtail import Pygtail
|
|
|
|
import sys
|
|
import signal
|
|
import re
|
|
import time
|
|
import json
|
|
|
|
kernlog = '/var/log/kern.log'
|
|
dbfile = '/var/www/html/blacklist.txt'
|
|
|
|
#add whitelisted ips here:
|
|
whitelist = [ '1.2.3.4',
|
|
'5.6.7.8' ]
|
|
|
|
######
|
|
|
|
def signal_handler(signal, frame):
|
|
print('You\'ve pressed Ctrl+C. Listing stats and exiting...')
|
|
print('')
|
|
print(json.dumps(stats))
|
|
sys.exit(0)
|
|
|
|
signal.signal(signal.SIGINT, signal_handler)
|
|
|
|
print('.o.oOo.o. blackhole.py by afx .o.oOo.o.')
|
|
print('^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^')
|
|
print('Whitelist: {}'.format(whitelist))
|
|
blacklist = []
|
|
stats = {}
|
|
try:
|
|
blackfile = open(dbfile, 'r')
|
|
for item in blackfile:
|
|
blacklist.append(item.strip())
|
|
blackfile.close()
|
|
print('Blacklist: {}'.format(blacklist))
|
|
except Exception as e:
|
|
print(e)
|
|
print('Blacklist empty.')
|
|
print('')
|
|
|
|
while True:
|
|
time.sleep(1)
|
|
for line in Pygtail(kernlog):
|
|
query = re.findall( r'SRC=[0-9]+(?:\.[0-9]+){3}', line )
|
|
newip = query[0][4:]
|
|
if newip in whitelist:
|
|
print('{} whitelisted'.format(newip))
|
|
continue
|
|
elif newip in blacklist:
|
|
try:
|
|
oldcounter = stats[newip]
|
|
except:
|
|
oldcounter = 0
|
|
counter = oldcounter + 1
|
|
stats.update({ newip: counter })
|
|
print('{} -> {}'.format(newip, str(stats[newip])))
|
|
else:
|
|
print('{} blackholed'.format(newip))
|
|
blacklist.append(newip)
|
|
blackfile = open(dbfile, 'w')
|
|
for item in blacklist:
|
|
blackfile.write("%s\n" % item)
|
|
blackfile.close()
|
|
|
|
#EOF
|