#/usr/bin/perl -w
##############################################################################
# CGPro Honeypot 2 Fortigate Threat Feed
# Version 1.0
# Maintained by Juergen P. [core.at]
#
# This script writes Temporary Blacklisted IP's from a CommuniGate Pro SMTP/SIP Honeypot
# to a File for offloading BAD host blocking to a Fortigate Firewall with FortiOS 6x
# through the Fortigate Threat Feed Connector.
# The Script should be run by cron (i suggest every 5 minutes) and write the output
# to a textfile into a specific CGPro users webspace(public) for downloading to the firewall
# with the following FortiOS CLI configuration commands:
######
# config system external-resource
# edit <name>
# set type {category | address | domain}
# set category <value>
# set comments [comments]
# set resource <resource-url>
# set refresh-rate <minutes>
# set last-update <datetime>
# next
# end
#####
# The Threat feed connector flushes the Table at each run, so IPs which are not blocked anymore, are removed.
# The size of the file can be a maximum of 10 MB, or 128,000 lines of text, whichever is most restrictive.
#####
# Replace $CGServerAddress, $Login and $Password below with the correct Values in Section 2
# To run in interactive mode for testing, uncomment Section 1 and comment out Section 2
# Replace $filename with the filename you defined in the Fortinet Fortigate config.
#
##############################################################################
use strict;
# Make sure the "CLI.pm" is in current directory
use CLI;
my $Data ="";
my $x =""; #counter
my $filename ="/var/CommuniGate/SharedDomains/core.at/postmaster.macnt/account.web/honeypotlist.txt";
####
#### Section 1
####
# print "Server address: "; # Print the server name prompt
# my $CGServerAddress = <STDIN>; # Read the domain name from standard input
# chomp $CGServerAddress; # Remove \n if present
#
# print "Login (Enter for \"postmaster\"): ";
# my $Login = <STDIN>;
# chomp $Login;
# if ($Login eq '') { $Login = "postmaster"; }
#
# print "Password: ";
# my $Password = <STDIN>;
# chomp $Password;
#
#### End of Section 1
### Section 2
my $CGServerAddress = "x.x.x.x"; # CGPro Server IP
my $Login="postmaster"; # CGPro postmaster Account
my $Password="myPassword"; # CGPro postmaster Password
#### End of Section 2
# Open TCP connection to given address port 106 (PWD, or CGPro CLI).
# Submit username and password. If login fail, the program will stop.
my $cli = new CGP::CLI( { PeerAddr => $CGServerAddress,
PeerPort => 106,
login => $Login,
password => $Password } )
|| die "Can't login to CGPro: ".$CGP::ERR_STRING."\n";
if($Data = $cli->GetTempBlacklistedIPs()) {
# my $a = split(/,/,$Data); # Number of Elements (uncomment, if needed)
my @b = split(/,/,$Data); # Array of IPs including time in seconds
open(my $OUTFILE, '>', "$filename") || die "could not open output file: $!";
select $OUTFILE;
foreach $x (@b) {
$x=~ s/\].*//; # remove everything after "]"
$x= substr $x,1; # remove first "["
print "$x\n" # write IP to file
}
#print "$a\n"; # Print Number of elements
}
else
{
($cli->isSuccess) ? print "No Output created.\n"
: die "Error: ".$cli->getErrMessage.", quitting"; }
$cli->Logout; # Close the CLI session and disconnect
__END__
![[core] IT](https://core.at/wp-content/uploads/2019/04/corelogo-transparent-2-300x131.png)