 |
blacklist.rb - honeypot - A custom version of kippo used for SSH honeypot analy… |
 |
git clone git://jay.scot/honeypot |
 |
Log |
|
Files |
|
Refs |
|
README |
|
--- |
|
blacklist.rb (1039B) |
|
--- |
|
1 #!/usr/bin/ruby |
|
2 |
|
3 |
|
4 require 'rubygems' |
|
5 require 'mysql' |
|
6 |
|
7 # Set the dates we want to start at |
|
8 date = Time.new |
|
9 |
|
10 # Change pass to your password. |
|
11 con_kippo = Mysql.new('localhost', 'kippo', 'pass', 'kippo') |
|
12 |
|
13 rs_list = con_kippo.query("SELECT ip |
|
14 FROM sessions |
|
15 WHERE starttime LIKE '2011-#{date.month}%' |
|
16 GROUP BY ip |
|
17 ORDER BY ip") |
|
18 |
|
19 ip_list = Array.new |
|
20 |
|
21 while row = rs_list.fetch_row do |
|
22 ip_list.push row[0] |
|
23 end |
|
24 |
|
25 rs_list.free |
|
26 |
|
27 # You may want to define the absolute path in the following code blocks. |
|
28 File.open('ip-list.txt', 'w') do |f2| |
|
29 ip_list.each do|ip| |
|
30 f2.puts ip |
|
31 end |
|
32 end |
|
33 |
|
34 File.open('ip-list-iptables.txt', 'w') do |f2| |
|
35 ip_list.each do|ip| |
|
36 f2.puts "iptables -A INPUT -s #{ip} -j LOG --log-prefix \"Blocked: J… |
|
37 f2.puts "iptables -A INPUT -s #{ip} -j DROP" |
|
38 end |
|
39 end |
|
40 |
|
41 File.open('ip-list-cisco.txt', 'w') do |f2| |
|
42 ip_list.each do|ip| |
|
43 f2.puts "access-list 1 deny host #{ip}" |
|
44 end |
|
45 f2.puts "access-list 1 permit any" |
|
46 end |
|
47 |
|
48 |
|
49 con_kippo.close |
