Kategorie: core it Support

Die Beschreibung zur Verwendung befindet sich im Quellcode.

#/usr/bin/perl -w

##############################################################################
# CGPro Honeypot 2 Fortigate Threat Feed
# Version 1.0
# Maintained by Juergen P. [core.at]
#
# This sample script writes Temporary Blacklisted IP's from a CommuniGate Pro SMTP/SIP Honeypot
# to a File for offloading BAD host blocking to a Fortigate Firewall with Forti OS 6x
# via the Fortigate Threat Feed Connector. You should adopt it to your needs.
# The Script should be run via cron (i suggest every 5 minutes) and write the o utput
# to a textfile into a specific CGPro users webspace(public) for downloading to the firewall
# via the following FortiOS CLI configuration commands:
######
# config system external-resource
# edit <name>
# set type {category | address | domain}
# set category <value>
# set comments [comments]
# set resource <resource-url>
# set refresh-rate <minutes>
# set last-update <datetime>
# next
# end
#####
#
# The Threat feed connector flushes the Table at each run, so IPs which are not blocked anymore, are removed.
# The size of the file can be a maximum of 10 MB, or 128,000 lines of text, whic hever is most restrictive.
#####
# Replace $CGServerAddress, $Login and $Password below with the correct Values in Section 2
# To run in interactive mode for testing, uncomment Section 1 and comment out S ection 2
# Replace $filename with the filename you defined in the Fortinet Fortigate con fig.
#
##############################################################################
use strict;

# Make sure the "CLI.pm" is in current directory
use CLI;
use LWP::UserAgent;
my $Data ="";
my $x =""; #counter
my $filename ="/var/CommuniGate/SharedDomains/my.domain/postmaster.macnt/account.w eb/honeypotlist.txt";
my $ua=new LWP::UserAgent;
my $request="";
my $response="";
my $content="";
my $url="";
####
#### Section 1
####
# print "Server address: "; # Print the server name prompt
# my $CGServerAddress = <STDIN>; # Read the domain name from standard inp ut
# chomp $CGServerAddress; # Remove \n if present
#
# print "Login (Enter for \"postmaster\"): ";
# my $Login = <STDIN>;
# chomp $Login;
# if ($Login eq '') { $Login = "postmaster"; }
#
# print "Password: ";
# my $Password = <STDIN>;
# chomp $Password;
#
#### End of Section 1

### Section 2

my $CGServerAddress = "1.2.3.4"; # CGPro Server IP
my $Login="postmaster"; # CGPro postmaster Account
my $Password="MyPassword"; # CGPro postmaster Password

#### End of Section 2

# Open TCP connection to given address port 106 (PWD, or CGPro CLI).
# Submit username and password. If login fail, the program will stop.

my $cli = new CGP::CLI( { PeerAddr => $CGServerAddress,
PeerPort => 106,
login => $Login,
password => $Password } )
|| die "Can't login to CGPro: ".$CGP::ERR_STRING."\n";

if($Data = $cli->GetTempBlacklistedIPs()) {
# my $a = split(/,/,$Data); # Number of Elements (uncomment, if needed)
my @b = split(/,/,$Data); # Array of IPs including time in seconds
open(my $OUTFILE, '>', "$filename") || die "could not open output file: $!" ;
select $OUTFILE;
foreach $x (@b) {
$x=~ s/\].*//; # remove everything after "]"
$x= substr $x,1; # remove first "["
print "$x\n"; # write IP to file

$ua->timeout(120);
$url='http://my.rbl.domain/drop.php?ipaddress='.$x.'&black orwhite=b&notes=blacklisted';
$request = new HTTP::Request('GET', $url);
$response = $ua->request($request);
$content = $response->content();
print $url;
print $content;

}
#print "$a\n"; # Print Number of elements

}
else
{
($cli->isSuccess) ? print "No Output created.\n"
: die "Error: ".$cli->getErrMessage.", quitting"; }

$cli->Logout; # Close the CLI session and disconnect

__END__