![[core] IT](https://core.at/wp-content/uploads/2020/01/CORE-LOGO-BLAU-NEU-2019-text-1-300x131.png){kind=logo}
#/usr/bin/perl -w
##############################################################################
# CGPro Honeypot 2 Fortigate Threat Feed
# Version 1.0
# Maintained by Juergen P. [core.at]
#
# This script writes Temporary Blacklisted IP’s from a CommuniGate Pro SMTP/SIP Honeypot
# to a File for offloading BAD host blocking to a Fortigate Firewall with FortiOS 6x
# through the Fortigate Threat Feed Connector.
# The Script should be run by cron (i suggest every 5 minutes) and write the output
# to a textfile into a specific CGPro users webspace(public) for downloading to the firewall
# with the following FortiOS CLI configuration commands:
######
# config system external-resource
# edit
# set type {category | address | domain}
# set category
# set comments [comments]
# set resource
# set refresh-rate
# set last-update
# next
# end
#####
# The Threat feed connector flushes the Table at each run, so IPs which are not blocked anymore, are removed.
# The size of the file can be a maximum of 10 MB, or 128,000 lines of text, whichever is most restrictive.
#####
# Replace $CGServerAddress, $Login and $Password below with the correct Values in Section 2
# To run in interactive mode for testing, uncomment Section 1 and comment out Section 2
# Replace $filename with the filename you defined in the Fortinet Fortigate config.
#
##############################################################################
use strict;
# Make sure the „CLI.pm“ is in current directory
use CLI;
my $Data =““;
my $x =““; #counter
my $filename =“/var/CommuniGate/SharedDomains/core.at/postmaster.macnt/account.web/honeypotlist.txt“;
####
#### Section 1
####
# print „Server address: „; # Print the server name prompt
# my $CGServerAddress =
# chomp $CGServerAddress; # Remove \n if present
#
# print „Login (Enter for \“postmaster\“): „;
# my $Login =
# chomp $Login;
# if ($Login eq “) { $Login = „postmaster“; }
#
# print „Password: „;
# my $Password =
# chomp $Password;
#
#### End of Section 1
### Section 2
my $CGServerAddress = „x.x.x.x“; # CGPro Server IP
my $Login=“postmaster“; # CGPro postmaster Account
my $Password=“myPassword“; # CGPro postmaster Password
#### End of Section 2
# Open TCP connection to given address port 106 (PWD, or CGPro CLI).
# Submit username and password. If login fail, the program will stop.
my $cli = new CGP::CLI( { PeerAddr => $CGServerAddress,
PeerPort => 106,
login => $Login,
password => $Password } )
|| die „Can’t login to CGPro: „.$CGP::ERR_STRING.“\n“;
if($Data = $cli->GetTempBlacklistedIPs()) {
# my $a = split(/,/,$Data); # Number of Elements (uncomment, if needed)
my @b = split(/,/,$Data); # Array of IPs including time in seconds
open(my $OUTFILE, ‚>‘, „$filename“) || die „could not open output file: $!“;
select $OUTFILE;
foreach $x (@b) {
$x=~ s/\].*//; # remove everything after „]“
$x= substr $x,1; # remove first „[“
print „$x\n“ # write IP to file
}
#print „$a\n“; # Print Number of elements
}
else
{
($cli->isSuccess) ? print „No Output created.\n“
: die „Error: „.$cli->getErrMessage.“, quitting“; }
$cli->Logout; # Close the CLI session and disconnect
__END__
