Removed attack_details actions from all scripts as we removed this active while ago

Adjusted tool naming
Update fastnetmon_juniper.php
2024-05-10 04:26:11 +02:00 · 2023-10-27 13:51:58 +01:00 · 2023-10-27 13:45:38 +01:00 · 2023-10-27 13:43:44 +01:00 · 2023-10-27 13:42:14 +01:00 · 2023-10-27 13:41:50 +01:00
7 changed files with 11 additions and 37 deletions
--- a/src/a10_plugin/fastnetmon_a10_v0.3.py
+++ b/src/a10_plugin/fastnetmon_a10_v0.3.py
@ -53,7 +53,7 @@ if action == "unban":
 
    sys.exit(0)

-elif action == "ban" or action == "attack_details":
+elif action == "ban":
    
    r = axapi_action(mitigator_base_url+ddos_dst_zone_path, method='GET', signature=signature)
    try: 
--- a/src/juniper_plugin/fastnetmon_juniper.php
+++ b/src/juniper_plugin/fastnetmon_juniper.php
@ -61,7 +61,7 @@ $conn = new Device($cfg);
 switch($ACTION_ATTACK){
    case 'ban':
        try{
-            $desc = 'FastNetMon Guard: IP '. $IP_ATTACK .' unblocked because '. $DIRECTION_ATTACK .' attack with power '. $POWER_ATTACK .' pps | at '.$fecha_now;
+            $desc = 'FastNetMon Community: IP '. $IP_ATTACK .' unblocked because '. $DIRECTION_ATTACK .' attack with power '. $POWER_ATTACK .' pps | at '.$fecha_now;
            $conn->connect(); //Try conect or catch NetconfException (Wrong username, Timeout, Device not found, etc)
            $locked = $conn->lock_config(); //Equivalent of "configure exclusive" on Juniper CLI
            if($locked){
@ -83,7 +83,7 @@ switch($ACTION_ATTACK){
        break;
    case 'unban':
        try{
-            $desc = 'FastNetMon Guard: IP '. $IP_ATTACK .' remove from blacklist.';
+            $desc = 'FastNetMon Community: IP '. $IP_ATTACK .' remove from blacklist.';
            $conn->connect(); //Try conect or catch NetconfException (Wrong username, Timeout, Device not found, etc)
            $locked = $conn->lock_config(); //Equivalent of "configure exclusive" on Juniper CLI
            if($locked){
--- a/src/mikrotik_plugin/fastnetmon_mikrotik.php
+++ b/src/mikrotik_plugin/fastnetmon_mikrotik.php
@ -65,7 +65,7 @@ $API = new RouterosAPI();
 if ( $API->connect( $cfg[ ip_mikrotik ], $cfg[ api_user ], $cfg[ api_pass ] ) ) {
    //add Blocking by route blackhole
    if ( $ACTION_ATTACK == "ban" ) {
-        $comment_rule = 'FastNetMon Guard: IP ' . $IP_ATTACK . ' blocked because ' . $DIRECTION_ATTACK . ' attack with power ' . $POWER_ATTACK . ' pps | at '.$fecha_now;
+        $comment_rule = 'FastNetMon Community: IP ' . $IP_ATTACK . ' blocked because ' . $DIRECTION_ATTACK . ' attack with power ' . $POWER_ATTACK . ' pps | at '.$fecha_now;
        $API->write( '/ip/route/add', false );
        $API->write( '=dst-address=' . $IP_ATTACK, false );
        $API->write( '=type=blackhole', false );
@ -79,7 +79,7 @@ if ( $API->connect( $cfg[ ip_mikrotik ], $cfg[ api_user ], $cfg[ api_pass ] ) )
    }
    if ( $ACTION_ATTACK == "unban" ) {
        // remove the blackhole rule 
-        $comment_rule = 'FastNetMon Guard: IP ' . $IP_ATTACK . ' remove from blacklist ';
+        $comment_rule = 'FastNetMon Community: IP ' . $IP_ATTACK . ' remove from blacklist ';
        $API->write( '/ip/route/print', false );
        $API->write( '?dst-address=' . $IP_ATTACK . "/32" );
        $ID_ARRAY = $API->read();
--- a/src/notify_about_attack.sh
+++ b/src/notify_about_attack.sh
@ -11,7 +11,7 @@

 email_notify="please_fix_this_email@domain.com"

-# For ban and attack_details actions we will receive attack details to stdin
+# For ban action we will receive attack details to stdin
 # Please do not remove "cat" command because
 # FastNetMon will crash in this case as it expects read of data from script side
 #
@ -19,7 +19,7 @@ email_notify="please_fix_this_email@domain.com"
 if [ "$4" = "ban" ]; then
    # This action receives multiple statistics about attack's performance and attack's sample to stdin

-    cat | mail -s "FastNetMon Guard: IP $1 blocked because $2 attack with power $3 pps" $email_notify;
+    cat | mail -s "FastNetMon Community: IP $1 blocked because $2 attack with power $3 pps" $email_notify;
    
    # Please add actions to run when we ban host
    exit 0
--- a/src/scripts/fastnetmon_notify.py
+++ b/src/scripts/fastnetmon_notify.py
@ -53,7 +53,7 @@ def mail(subject, body):


 if action == "unban":
-    subject = "Fastnetmon Guard: IP %(client_ip_as_string)s unblocked because %(data_direction)s attack with power %(pps_as_string)d pps" % {
+    subject = "FastNetMon Community: IP %(client_ip_as_string)s unblocked because %(data_direction)s attack with power %(pps_as_string)d pps" % {
        'client_ip_as_string': client_ip_as_string,
        'data_direction': data_direction,
        'pps_as_string' : pps_as_string,
@ -63,7 +63,7 @@ if action == "unban":
    mail(subject, "unban")
    sys.exit(0)
 elif action == "ban":
-    subject = "Fastnetmon Guard: IP %(client_ip_as_string)s blocked because %(data_direction)s attack with power %(pps_as_string)d pps" % {
+    subject = "FastNetMon Community: IP %(client_ip_as_string)s blocked because %(data_direction)s attack with power %(pps_as_string)d pps" % {
        'client_ip_as_string': client_ip_as_string,
        'data_direction': data_direction,
        'pps_as_string' : pps_as_string,
@ -73,18 +73,6 @@ elif action == "ban":
    body = "".join(sys.stdin.readlines())
    mail(subject, body)

-    sys.exit(0)
-elif action == "attack_details":
-    subject = "Fastnetmon Guard: IP %(client_ip_as_string)s blocked because %(data_direction)s attack with power %(pps_as_string)d pps" % {
-        'client_ip_as_string': client_ip_as_string,
-        'data_direction': data_direction,
-        'pps_as_string' : pps_as_string,
-        'action' : action
-    }
-    body = "".join(sys.stdin.readlines())
-
-
-    mail(subject, body)
    sys.exit(0)
 else:
    sys.exit(0)
--- a/src/scripts/notify_with_discord.sh
+++ b/src/scripts/notify_with_discord.sh
@ -31,10 +31,6 @@ if [ "$fastnetmon_action" = "ban" ]; then
    # Read data from stdin
    cat > /dev/null
    color="14425373"
-elif [ "$fastnetmon_action" = "attack_details" ]; then
-    # Read data from stdin
-    cat > /dev/null
-    color="16765184"
 elif [ "$fastnetmon_action" = "unban" ]; then
    color="3857437"
 else
--- a/src/scripts/notify_with_slack.sh
+++ b/src/scripts/notify_with_slack.sh
@ -21,12 +21,12 @@
 # Redhat: yum install bind-utils

 #
-# For ban and attack_details actions we will receive attack details to stdin
+# For ban action we will receive attack details to stdin
 # Please do not remove the following command because
 # FastNetMon will crash in this case (it expect read of data from script side).
 #

-if [ "$4" = "ban" ] || [ "$4" = "attack_details" ]; then
+if [ "$4" = "ban" ]; then
    fastnetmon_output=$(</dev/stdin)
 fi

@ -51,8 +51,6 @@ slack_action=${4}
 function slackalert () {
    if [ ! -z $slack_url  ] && [ "$slack_action" = "ban" ]; then
        local slack_color="danger"
-    elif [ ! -z $slack_url  ] && [ "$slack_action" = "attack_details" ]; then
-        local slack_color="warning"
    elif [ ! -z $slack_url  ] && [ "$slack_action" = "unban" ]; then
        local slack_color="good"
    else
@ -79,11 +77,3 @@ if [ "$4" = "ban" ]; then
    # iptables -A INPUT -d $1 -j DROP
    exit 0
 fi
-
-if [ "$4" = "attack_details" ]; then
-    # Email Alert:
-    echo "${fastnetmon_output}" | mail -s "FastNetMon Analysis: IP $1 blocked because of $2 attack with power $3 pps" $email_notify;
-    # Slack Alert:
-    slackalert
-    exit 0
-fi
Author	SHA1	Message	Date
Pavel Odintsov	1faae9e401	Removed attack_details actions from all scripts as we removed this active while ago	2023-10-27 13:51:58 +01:00
Pavel Odintsov	964f1f1e3f	Adjusted tool naming	2023-10-27 13:45:38 +01:00
Pavel Odintsov	495ecda9e4	Update fastnetmon_juniper.php	2023-10-27 13:43:44 +01:00
Pavel Odintsov	48f8504a22	Update fastnetmon_mikrotik.php	2023-10-27 13:42:14 +01:00
Pavel Odintsov	b0f7fdb064	Update fastnetmon_notify.py	2023-10-27 13:41:50 +01:00
Pavel Odintsov	7102f666b0	Switched product name to explicitly tell that we deal with Community edition	2023-10-27 13:41:12 +01:00