net/yate/files/banbrutes.pl

   1 #!/usr/bin/perl
   2
   3 # This yate module will monitor failed authentications and send the source
   4 # IP addresses of users who fail to authenticate to the iptables extension
   5 # "recent" for filtering.
   6 #
   7 # You have to have the iptables extension "recent" installed and you need to
   8 # create and reference a "recent" list in your firewall configuration.
   9 # For most people it's probably enough to add this custom firewall rule
  10 # to /etc/firewall.user:
  11 #
  12 #  iptables -A input_rule -m recent --name yate_auth_failures --rcheck --seconds 3600 --hitcount 5 -j DROP
  13 #
  14 # This line will drop all incoming traffic from users who have failed to
  15 # authenticate 5 consecutive times within the last hour.
  16 #
  17 # To enable this script in yate, add this script to the [scripts] section
  18 # in /etc/yate/extmodule.conf.
  19
  20
  21 use strict;
  22 use warnings;
  23 use lib '/usr/share/yate/scripts';
  24 use Yate;
  25
  26 my $RECENT_LIST_NAME = '/proc/net/xt_recent/yate_auth_failures';
  27
  28 sub OnAuthenticationRequest($) {
  29   my $yate = shift;
  30   my $remote_ip = $yate->param('ip_host');
  31
  32   if ($yate->header('processed') eq 'true') {
  33     # Successful authentication, forget previous failures
  34     `echo -$remote_ip > $RECENT_LIST_NAME`;
  35     return;
  36   }
  37
  38   `echo +$remote_ip > $RECENT_LIST_NAME`;
  39 }
  40
  41
  42 my $yate = new Yate();
  43
  44 if (! -f $RECENT_LIST_NAME) {
  45   $yate->output("iptables recent list $RECENT_LIST_NAME does not exist");
  46   exit 1;
  47 }
  48
  49 $yate->install_watcher('user.auth', \&OnAuthenticationRequest);
  50 $yate->listen();