2023-03-06 11:49:28 +01:00
|
|
|
#!/bin/sh
|
2013-10-18 14:06:19 +02:00
|
|
|
|
2015-06-16 21:09:02 +02:00
|
|
|
#
|
2023-07-20 22:12:07 +02:00
|
|
|
# This script will get following arguments from FastNetMon:
|
2015-06-16 21:09:02 +02:00
|
|
|
#
|
2023-07-20 22:12:07 +02:00
|
|
|
# $1 IP of host which is under attack (incoming attack) or source of attack (outgoing attack)
|
|
|
|
# $2 Attack direction: incoming or outgoing
|
|
|
|
# $3 Attack bandwidth in packets per second
|
|
|
|
# $4 Attack action: ban or unban
|
2015-06-16 21:09:02 +02:00
|
|
|
#
|
2013-10-18 14:06:19 +02:00
|
|
|
|
2023-07-20 22:12:07 +02:00
|
|
|
email_notify="please_fix_this_email@domain.com"
|
2014-10-21 09:20:18 +02:00
|
|
|
|
2015-06-16 21:09:02 +02:00
|
|
|
# For ban and attack_details actions we will receive attack details to stdin
|
2022-08-03 23:40:41 +02:00
|
|
|
# Please do not remove "cat" command because
|
|
|
|
# FastNetMon will crash in this case as it expects read of data from script side
|
2015-06-16 21:09:02 +02:00
|
|
|
#
|
|
|
|
|
2014-11-27 16:43:00 +01:00
|
|
|
if [ "$4" = "ban" ]; then
|
2023-07-20 22:12:07 +02:00
|
|
|
# This action receives multiple statistics about attack's performance and attack's sample to stdin
|
|
|
|
|
2023-10-27 14:41:12 +02:00
|
|
|
cat | mail -s "FastNetMon Community: IP $1 blocked because $2 attack with power $3 pps" $email_notify;
|
2023-07-20 22:12:07 +02:00
|
|
|
|
|
|
|
# Please add actions to run when we ban host
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$4" = "unban" ]; then
|
|
|
|
# No details provided to stdin here
|
|
|
|
|
|
|
|
# Please add actions to run when we unban host
|
2014-11-27 16:43:00 +01:00
|
|
|
exit 0
|
|
|
|
fi
|