Beiträge

CommuniGate Pro Honeypot blacklisted IPs für einen Fortigate Threat Feed exportieren

#/usr/bin/perl -w
##############################################################################
#  CGPro Honeypot 2 Fortigate Threat Feed 
#  Version 1.0
#  Maintained by Juergen P. [core.at]
#
#  This script writes Temporary Blacklisted IP's from a CommuniGate Pro SMTP/SIP Honeypot 
#  to a File for offloading BAD host blocking to a Fortigate Firewall with FortiOS 6x
#  through the Fortigate Threat Feed Connector.
#  The Script should be run by cron (i suggest every 5 minutes) and write the output 
#  to a textfile into a specific CGPro users webspace(public) for downloading to the firewall
#  with the following FortiOS CLI configuration commands:
######
#  config system external-resource
#  edit <name>
#     set type {category | address | domain}
#     set category <value>
#     set comments [comments]
#     set resource <resource-url>   
#     set refresh-rate <minutes>
#     set last-update <datetime>
#     next
#   end
#####
# The Threat feed connector flushes the Table at each run, so IPs which are not blocked anymore, are removed.
# The size of the file can be a maximum of 10 MB, or 128,000 lines of text, whichever is most restrictive.
#####
#  Replace $CGServerAddress, $Login and $Password below with the correct Values in Section 2
#  To run in interactive mode for testing, uncomment Section 1 and comment out Section 2
#  Replace $filename with the filename you defined in the Fortinet Fortigate config.
#
##############################################################################
use strict;
# Make sure the "CLI.pm" is in current directory
use CLI;
my $Data ="";
my $x =""; #counter
my $filename ="/var/CommuniGate/SharedDomains/core.at/postmaster.macnt/account.web/honeypotlist.txt";
####
#### Section 1
####
#       print "Server address: ";       # Print the server name prompt
#       my $CGServerAddress = <STDIN>;  # Read the domain name from standard input
#       chomp $CGServerAddress;        # Remove \n if present
#
#       print "Login (Enter for \"postmaster\"): ";
#       my $Login = <STDIN>;
#       chomp $Login;
#       if ($Login eq '') { $Login = "postmaster"; }
#
#       print "Password: ";
#       my $Password = <STDIN>;
#       chomp $Password;
#
#### End of Section 1
### Section 2
my $CGServerAddress = "x.x.x.x";        # CGPro Server IP
my $Login="postmaster";                 # CGPro postmaster Account
my $Password="myPassword";              # CGPro postmaster Password
#### End of Section 2
# Open TCP connection to given address port 106 (PWD, or CGPro CLI).
# Submit username and password. If login fail, the program will stop.
my $cli = new CGP::CLI( { PeerAddr => $CGServerAddress,
PeerPort => 106,
login    => $Login,
password => $Password } )
|| die "Can't login to CGPro: ".$CGP::ERR_STRING."\n";
if($Data = $cli->GetTempBlacklistedIPs()) {
#    my $a = split(/,/,$Data);     # Number of Elements (uncomment, if needed)
my @b = split(/,/,$Data);     # Array of IPs including time in seconds
open(my $OUTFILE, '>', "$filename") || die "could not open output file: $!";
select $OUTFILE;
foreach $x (@b) {
$x=~ s/\].*//;   # remove everything after "]"
$x= substr $x,1; # remove first "["
print "$x\n"     # write IP to file
}
#print "$a\n";  # Print Number of elements
}
else
{
($cli->isSuccess) ? print "No Output created.\n"
: die "Error: ".$cli->getErrMessage.", quitting";  }
$cli->Logout;                 # Close the CLI session and disconnect
__END__