Die Beschreibung zur Verwendung befindet sich im Quellcode.
#/usr/bin/perl -w ############################################################################## # CGPro Honeypot 2 Fortigate Threat Feed # Version 1.0 # Maintained by Juergen P. [core.at] # # This sample script writes Temporary Blacklisted IP's from a CommuniGate Pro SMTP/SIP Honeypot # to a File for offloading BAD host blocking to a Fortigate Firewall with Forti OS 6x # via the Fortigate Threat Feed Connector. You should adopt it to your needs. # The Script should be run via cron (i suggest every 5 minutes) and write the o utput # to a textfile into a specific CGPro users webspace(public) for downloading to the firewall # via the following FortiOS CLI configuration commands: ###### # config system external-resource # edit <name> # set type {category | address | domain} # set category <value> # set comments [comments] # set resource <resource-url> # set refresh-rate <minutes> # set last-update <datetime> # next # end ##### # # The Threat feed connector flushes the Table at each run, so IPs which are not blocked anymore, are removed. # The size of the file can be a maximum of 10 MB, or 128,000 lines of text, whic hever is most restrictive. ##### # Replace $CGServerAddress, $Login and $Password below with the correct Values in Section 2 # To run in interactive mode for testing, uncomment Section 1 and comment out S ection 2 # Replace $filename with the filename you defined in the Fortinet Fortigate con fig. # ############################################################################## use strict; # Make sure the "CLI.pm" is in current directory use CLI; use LWP::UserAgent; my $Data =""; my $x =""; #counter my $filename ="/var/CommuniGate/SharedDomains/my.domain/postmaster.macnt/account.w eb/honeypotlist.txt"; my $ua=new LWP::UserAgent; my $request=""; my $response=""; my $content=""; my $url=""; #### #### Section 1 #### # print "Server address: "; # Print the server name prompt # my $CGServerAddress = <STDIN>; # Read the domain name from standard inp ut # chomp $CGServerAddress; # Remove \n if present # # print "Login (Enter for \"postmaster\"): "; # my $Login = <STDIN>; # chomp $Login; # if ($Login eq '') { $Login = "postmaster"; } # # print "Password: "; # my $Password = <STDIN>; # chomp $Password; # #### End of Section 1 ### Section 2 my $CGServerAddress = "1.2.3.4"; # CGPro Server IP my $Login="postmaster"; # CGPro postmaster Account my $Password="MyPassword"; # CGPro postmaster Password #### End of Section 2 # Open TCP connection to given address port 106 (PWD, or CGPro CLI). # Submit username and password. If login fail, the program will stop. my $cli = new CGP::CLI( { PeerAddr => $CGServerAddress, PeerPort => 106, login => $Login, password => $Password } ) || die "Can't login to CGPro: ".$CGP::ERR_STRING."\n"; if($Data = $cli->GetTempBlacklistedIPs()) { # my $a = split(/,/,$Data); # Number of Elements (uncomment, if needed) my @b = split(/,/,$Data); # Array of IPs including time in seconds open(my $OUTFILE, '>', "$filename") || die "could not open output file: $!" ; select $OUTFILE; foreach $x (@b) { $x=~ s/\].*//; # remove everything after "]" $x= substr $x,1; # remove first "[" print "$x\n"; # write IP to file $ua->timeout(120); $url='http://my.rbl.domain/drop.php?ipaddress='.$x.'&black orwhite=b¬es=blacklisted'; $request = new HTTP::Request('GET', $url); $response = $ua->request($request); $content = $response->content(); print $url; print $content; } #print "$a\n"; # Print Number of elements } else { ($cli->isSuccess) ? print "No Output created.\n" : die "Error: ".$cli->getErrMessage.", quitting"; } $cli->Logout; # Close the CLI session and disconnect __END__