mirror of
https://github.com/pavel-odintsov/fastnetmon
synced 2024-05-10 21:06:22 +02:00
We deprecated configuration field notify_script_pass_details and set it to true by default. You need to read stdin attack information for both ban and attack_details actions
This commit is contained in:
parent
bfde24946e
commit
4f27cf0657
|
@ -164,11 +164,6 @@ sflow_read_packet_length_from_ip_header = off
|
|||
# This script executed for ban, unban and attack detail collection
|
||||
notify_script_path = /usr/local/bin/notify_about_attack.sh
|
||||
|
||||
# pass attack details to notify_script via stdin
|
||||
# Pass details only in case of "ban" call
|
||||
# No details will be passed for "unban" call
|
||||
notify_script_pass_details = on
|
||||
|
||||
# collect a full dump of the attack with full payload in pcap compatible format
|
||||
collect_attack_pcap_dumps = off
|
||||
|
||||
|
|
|
@ -148,9 +148,6 @@ unsigned int maximum_time_since_bucket_start_to_remove = 120;
|
|||
|
||||
FastnetmonPlatformConfigurtion fastnetmon_platform_configuration;
|
||||
|
||||
// Send or not any details about attack for ban script call over stdin
|
||||
bool notify_script_pass_details = true;
|
||||
|
||||
bool notify_script_enabled = true;
|
||||
|
||||
// We could collect attack dumps in pcap format
|
||||
|
@ -481,8 +478,7 @@ void RunApiServer() {
|
|||
|
||||
void sigpipe_handler_for_popen(int signo) {
|
||||
logger << log4cpp::Priority::ERROR << "Sorry but we experienced error with popen. "
|
||||
<< "Please check your scripts. They should receive data on stdin! Optionally you could disable "
|
||||
"passing any details with configuration param: notify_script_pass_details = no";
|
||||
<< "Please check your scripts. They must receive data on stdin";
|
||||
|
||||
// Well, we do not need exit here because we have another options to notifying about atatck
|
||||
// exit(1);
|
||||
|
@ -959,10 +955,6 @@ bool load_configuration_file() {
|
|||
fastnetmon_platform_configuration.notify_script_path = configuration_map["notify_script_path"];
|
||||
}
|
||||
|
||||
if (configuration_map.count("notify_script_pass_details") != 0) {
|
||||
notify_script_pass_details = configuration_map["notify_script_pass_details"] == "on" ? true : false;
|
||||
}
|
||||
|
||||
if (file_exists(fastnetmon_platform_configuration.notify_script_path)) {
|
||||
notify_script_enabled = true;
|
||||
} else {
|
||||
|
|
|
@ -120,7 +120,6 @@ extern bool mongodb_enabled;
|
|||
extern std::string mongodb_database_name;
|
||||
#endif
|
||||
|
||||
extern bool notify_script_pass_details;
|
||||
extern unsigned int number_of_packets_for_pcap_attack_dump;
|
||||
extern patricia_tree_t *lookup_tree_ipv4, *whitelist_tree_ipv4;
|
||||
extern patricia_tree_t *lookup_tree_ipv6, *whitelist_tree_ipv6;
|
||||
|
@ -1230,7 +1229,7 @@ void call_attack_details_handlers(uint32_t client_ip, attack_details_t& current_
|
|||
" " + attack_direction + " " + pps_as_string + " attack_details";
|
||||
|
||||
// We should execute external script in separate thread because any lag in this code
|
||||
// will be very distructive
|
||||
// will be very destructive
|
||||
boost::thread exec_with_params_thread(exec_with_stdin_params, script_params, attack_fingerprint);
|
||||
exec_with_params_thread.detach();
|
||||
|
||||
|
@ -1604,17 +1603,11 @@ void call_ban_handlers(uint32_t client_ip,
|
|||
logger << log4cpp::Priority::INFO << "Call script for ban client: " << client_ip_as_string;
|
||||
|
||||
// We should execute external script in separate thread because any lag in this code will be
|
||||
// very distructive
|
||||
// very destructive
|
||||
|
||||
if (notify_script_pass_details) {
|
||||
// We will pass attack details over stdin
|
||||
boost::thread exec_thread(exec_with_stdin_params, script_call_params, full_attack_description);
|
||||
exec_thread.detach();
|
||||
} else {
|
||||
// Do not pass anything to script
|
||||
boost::thread exec_thread(exec_no_error_check, script_call_params);
|
||||
exec_thread.detach();
|
||||
}
|
||||
// We will pass attack details over stdin
|
||||
boost::thread exec_thread(exec_with_stdin_params, script_call_params, full_attack_description);
|
||||
exec_thread.detach();
|
||||
|
||||
logger << log4cpp::Priority::INFO << "Script for ban client is finished: " << client_ip_as_string;
|
||||
}
|
||||
|
|
|
@ -49,17 +49,10 @@ This is the first buggy version, you are welcome to add more features.
|
|||
|
||||
3. Set executable bit ```sudo chmod +x /etc/fastnetmon/scripts/notify_about_attack.sh```
|
||||
|
||||
4. For FastNetMon Advanced, please disable details:
|
||||
|
||||
```
|
||||
sudo fcli set main notify_script_pass_details disable
|
||||
sudo fcli commit
|
||||
```
|
||||
|
||||
Changelog
|
||||
---------
|
||||
v1.0 - 5 Dec 18 - Initial version
|
||||
|
||||
Author: Christian David <davidchristia@gmail.com>
|
||||
|
||||
Based on Mikrotik Plugin by Maximiliano Dobladez <info@mkesolutions.net>
|
||||
Based on Mikrotik Plugin by Maximiliano Dobladez <info@mkesolutions.net>
|
||||
|
|
|
@ -43,11 +43,6 @@ sudo fcli set main notify_script_path /etc/fastnetmon/scripts/notify_about_attac
|
|||
sudo fcli set main notify_script_format text
|
||||
sudo fcli commit
|
||||
```
|
||||
And disable passing details to this script:
|
||||
```
|
||||
sudo fcli set main notify_script_pass_details disable
|
||||
sudo fcli commit
|
||||
```
|
||||
|
||||
Changelog
|
||||
---------
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
#
|
||||
# Hello, lovely FastNetMon customer! I'm really happy to see you here!
|
||||
# Hello, lovely FastNetMon customer. I'm really happy to see you here
|
||||
# Pavel Odintsov, author
|
||||
#
|
||||
|
||||
|
@ -14,7 +14,7 @@
|
|||
email_notify="root,please_fix_this_email@domain.ru"
|
||||
|
||||
#
|
||||
# Please be careful ! You should not remove cat >
|
||||
# Please be careful. You should not remove cat >
|
||||
#
|
||||
|
||||
if [ "$4" = "unban" ]; then
|
||||
|
@ -26,20 +26,17 @@ fi
|
|||
|
||||
#
|
||||
# For ban and attack_details actions we will receive attack details to stdin
|
||||
# if option notify_script_pass_details enabled in FastNetMon's configuration file
|
||||
#
|
||||
# If you do not need this details, please set option notify_script_pass_details to "no".
|
||||
#
|
||||
# Please do not remove "cat" command if you have notify_script_pass_details enabled, because
|
||||
# FastNetMon will crash in this case (it expect read of data from script side).
|
||||
# Please do not remove "cat" command because
|
||||
# FastNetMon will crash in this case as it expects read of data from script side
|
||||
#
|
||||
|
||||
if [ "$4" = "ban" ]; then
|
||||
cat | mail -s "FastNetMon Guard: IP $1 blocked because $2 attack with power $3 pps" $email_notify;
|
||||
# You can add ban code here!
|
||||
# You can add ban code here
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Advanced edition does not use this action and passes all details in ban action
|
||||
if [ "$4" == "attack_details" ]; then
|
||||
cat | mail -s "FastNetMon Guard: IP $1 blocked because $2 attack with power $3 pps" $email_notify;
|
||||
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
# - Copy this script to /usr/local/bin/
|
||||
# - Edit /etc/fastnetmon.conf and set:
|
||||
# notify_script_path = /usr/local/bin/notify_with_discord.sh
|
||||
# notify_script_pass_details = no
|
||||
# - Add your Discord channel webhook to discord_url.
|
||||
#
|
||||
# Notes:
|
||||
|
@ -29,8 +28,12 @@ if [ -z "$fastnetmon_ip" ] || [ -z "$webhook_url" ]; then
|
|||
fi
|
||||
|
||||
if [ "$fastnetmon_action" = "ban" ]; then
|
||||
# Read data from stdin
|
||||
cat > /dev/null
|
||||
color="14425373"
|
||||
elif [ "$fastnetmon_action" = "attack_details" ]; then
|
||||
# Read data from stdin
|
||||
cat > /dev/null
|
||||
color="16765184"
|
||||
elif [ "$fastnetmon_action" = "unban" ]; then
|
||||
color="3857437"
|
||||
|
|
|
@ -23,11 +23,7 @@
|
|||
|
||||
#
|
||||
# For ban and attack_details actions we will receive attack details to stdin
|
||||
# if option notify_script_pass_details enabled in FastNetMon's configuration file
|
||||
#
|
||||
# If you do not need this details, please set option notify_script_pass_details to "no".
|
||||
#
|
||||
# Please do not remove the following command if you have notify_script_pass_details enabled, because
|
||||
# Please do not remove the following command because
|
||||
# FastNetMon will crash in this case (it expect read of data from script side).
|
||||
#
|
||||
|
||||
|
|
Loading…
Reference in New Issue