全部博文(1144)
分类: LINUX
2009-12-09 11:54:02
#!/usr/local/bin/perl # # Hunnypot: Copyright 2004 Jeremy Kister # Released under Perl's Artistic License. # Function: make a tcprules file with information from the honeypot # Author: Jeremy Kister (hunnypot-devel @t jeremykister.com) # # put any rules that you need in /var/qmail/etc/tcp.smtp.template use strict; use DBI; my $dbun = 'dbun'; my $dbpw = 'dbpw'; my $driver = 'mysql'; my $dsn = "DBI:${driver}:"; my $dbserver = 'mysql.example.net'; my $dbname = 'dbname'; if($driver =~ /Sybase/){ $dsn .= "server=$dbserver"; }else{ $dsn .= "host=${dbserver};database=${dbname}"; } open(T, '/var/qmail/etc/tcp.smtp.template') || die "cannot open tcp.smtp.template: $!\n"; open(N, '>/var/qmail/etc/tcp.smtp.$$') || die "cannot write to tcp.smtp.tmp.$$: $!\n"; while(){ print N; } close T; my $old = ($^T - 172800); my $dbh = DBI->connect($dsn, $dbun, $dbpw, {RaiseError => 1}); my $sql = 'SELECT distinct ip FROM hunnypot WHERE timestamp > ' . $old; my $sth = $dbh->prepare($sql); $sth->execute; while(my $row = $sth->fetchrow_hashref){ my $ip = $row->{ip}; my $sqla = 'SELECT times FROM hunnypot WHERE ip = ' . $dbh->quote($ip); my $stha = $dbh->prepare($sqla); $stha->execute; my $count=0; while(my $rowa = $stha->fetchrow_hashref){ my $times = $rowa->{times}; $count += $times; } if($count > 3){ print N "${ip}:allow,REASON=\"hunnypot\",MAXCONNIP=\"1\",DIEMSG=\"421 please try later.\",RBLSMTPD=\"See \"\n"; } } $dbh->disconnect; print N ':allow,MAXCONNIP="2",MAXCONNC="8",DIEMSG="421 please try later."' . "\n"; close N; rename('/var/qmail/etc/tcp.smtp.$$','/var/qmail/etc/tcp.smtp') || die "cannot rename: $!\n";