Chinaunix首页 | 论坛 | 博客
  • 博客访问: 5352271
  • 博文数量: 1144
  • 博客积分: 11974
  • 博客等级: 上将
  • 技术积分: 12312
  • 用 户 组: 普通用户
  • 注册时间: 2005-04-13 20:06
文章存档

2017年(2)

2016年(14)

2015年(10)

2014年(28)

2013年(23)

2012年(29)

2011年(53)

2010年(86)

2009年(83)

2008年(43)

2007年(153)

2006年(575)

2005年(45)

分类: LINUX

2009-12-09 11:54:02

#!/usr/local/bin/perl
#
# Hunnypot: Copyright 2004 Jeremy Kister
# Released under Perl's Artistic License.
# Function: make a tcprules file with information from the honeypot
# Author: Jeremy Kister (hunnypot-devel @t jeremykister.com) 
#

# put any rules that you need in /var/qmail/etc/tcp.smtp.template

use strict;
use DBI;

my $dbun = 'dbun';
my $dbpw = 'dbpw';
my $driver = 'mysql';
my $dsn = "DBI:${driver}:";
my $dbserver = 'mysql.example.net';
my $dbname = 'dbname';

if($driver =~ /Sybase/){
   $dsn .= "server=$dbserver";
}else{
   $dsn .= "host=${dbserver};database=${dbname}";
}

open(T, '/var/qmail/etc/tcp.smtp.template') || die "cannot open tcp.smtp.template: $!\n";
open(N, '>/var/qmail/etc/tcp.smtp.$$') || die "cannot write to tcp.smtp.tmp.$$: $!\n";
while(){
	print N;
}
close T;

my $old = ($^T - 172800);
my $dbh = DBI->connect($dsn, $dbun, $dbpw, {RaiseError => 1});
my $sql = 'SELECT distinct ip FROM hunnypot WHERE timestamp > ' . $old;
my $sth = $dbh->prepare($sql);
$sth->execute;
while(my $row = $sth->fetchrow_hashref){
	my $ip = $row->{ip};
	my $sqla = 'SELECT times FROM hunnypot WHERE ip = ' . $dbh->quote($ip);
	my $stha = $dbh->prepare($sqla);
	$stha->execute;
	my $count=0;
	while(my $rowa = $stha->fetchrow_hashref){
		my $times = $rowa->{times};
		$count += $times;
	}
	if($count > 3){
		print N "${ip}:allow,REASON=\"hunnypot\",MAXCONNIP=\"1\",DIEMSG=\"421 please try later.\",RBLSMTPD=\"See \"\n";
	}
}
$dbh->disconnect;

print N ':allow,MAXCONNIP="2",MAXCONNC="8",DIEMSG="421 please try later."' . "\n";
close N;
rename('/var/qmail/etc/tcp.smtp.$$','/var/qmail/etc/tcp.smtp') || die "cannot rename: $!\n";

阅读(464) | 评论(0) | 转发(0) |
0

上一篇:rbld.pl

下一篇:mailqoute.pl

给主人留下些什么吧!~~