Last active
August 29, 2015 14:01
-
-
Save lumenpink/cc38cfce39f63f40e477 to your computer and use it in GitHub Desktop.
BASH SSH Port Knock Tabajara 2014.1 http://goo.gl/4AgdRM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| IP=^^ | |
| if who --ips | grep " "${IP}$ >/dev/null | |
| then | |
| ###Reagendar | |
| echo reagendar | |
| cat /usr/local/bin/knock-agenda | | |
| sed 's/\^\^/'${IP}'/' | | |
| at `date --date="+2 hours" "+%H:%M %m/%d/%Y"` | |
| else | |
| echo bloquear | |
| iptables -D INPUT -s $IP -ptcp --dport 29 -j ACCEPT | |
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Array de definição das portas | |
| #Para acrescentar uma porta, edite a variável | |
| #$portas abaixo | |
| portas=(34 1032 43231) | |
| #ip da interface que irá efetuar o port knock | |
| ipLocal=177.70.2.30 | |
| #Bloquear todos os acessos ao SSH | |
| #iptables -A INPUT -ptcp --dport 22 -j DROP | |
| quad2dec(){ | |
| ip=$1 | |
| ip1=`echo $ip | cut -f1 -d\.` | |
| ip2=`echo $ip | cut -f2 -d\.` | |
| ip3=`echo $ip | cut -f3 -d\.` | |
| ip4=`echo $ip | cut -f4 -d\.` | |
| val1=$(($ip1*256*256*256)) | |
| val2=$(($ip2*256*256)) | |
| val3=$(($ip3*256)) | |
| val4=$(($ip4*1)) | |
| valor=$(($val1+$val2+$val3+$val4)) | |
| echo $valor | |
| } | |
| tshark -l -n -f "tcp and dst $ipLocal and tcp[tcpflags] & (tcp-syn) != 0 and tcp[tcpflags] & (tcp-ack) = 0" -E separator=":" -Tfields -e ip.src -e tcp.dstport | | |
| while read tshark | |
| do | |
| ip=$( echo $tshark | cut -f1 -d: ) | |
| porta=$( echo $tshark | cut -f2 -d: ) | |
| if [ ${portas[0]} -eq $porta ] | |
| then echo "Tentativa de conexão do IP $ip na primeira porta $porta" | |
| passo[$(quad2dec $ip)]=0 | |
| else | |
| if [ -z ${passo[$(quad2dec $ip)]} ] | |
| then echo "Tentativa de conexão do IP $ip na porta errada $porta" | |
| else | |
| if [ $porta -eq ${portas[$((${passo[$(quad2dec $ip)]}+1))]} ] | |
| then passo[$(quad2dec $ip)]=$((${passo[$(quad2dec $ip)]}+1)) | |
| echo "Tentativa de conexão do IP $ip na porta $porta em processo ja iniciado" | |
| if [ ${passo[$(quad2dec $ip)]} -ge $((${#portas[*]}-1)) ] | |
| then echo "Vou desbloquear o IP $ip" | |
| iptables -I INPUT -s $ip -ptcp --dport 29 -j ACCEPT | |
| cat /usr/local/bin/knock-agenda | | |
| sed 's/\^\^/'${ip}'/' | | |
| at `date --date="+2 hours" "+%H:%M %m/%d/%Y"` | |
| unset passo[$(quad2dec $ip)] | |
| fi | |
| elif [ $porta -eq ${portas[ ${passo[$(quad2dec $ip)]} ]} ] | |
| then echo "Tentativa de conexão do IP $ip na porta $porta em processo ja iniciado - REPETIDO" | |
| else unset passo[$(quad2dec $ip)] | |
| echo "Tentativa de conexão do IP $ip na porta errada $porta em processo ja iniciado - ELIMINADO" | |
| fi | |
| fi | |
| fi | |
| echo passo[$(quad2dec $ip)]=${passo[$(quad2dec $ip)]} | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment