martillo-maldito/src/main.rs

pub mod iptables_save;
pub mod login_attempt;

use linemux::MuxedLines;
use login_attempt::LoginAttempt;
use std::{collections::HashMap, thread::sleep, time::Duration};

#[tokio::main]
async fn main() -> std::io::Result<()> {
    let iptables = iptables::new(false).unwrap();
    let mut lines = MuxedLines::new()?;
    lines.add_file("/host_ssh/auth.log").await?;
    let mut login_attempts: HashMap<String, usize> = HashMap::new();

    let seconds_iptables = Duration::from_secs(60);
    println!(
        "starting iptables-save, run every {} seconds",
        seconds_iptables.as_secs()
    );
    tokio::spawn(async move {
        loop {
            sleep(seconds_iptables);
            iptables_save::save_iptables();
            println!("saved iptables rules");
        }
    });

    println!("listening to changes over /host_ssh/auth.log");
    while let Ok(Some(line)) = lines.next_line().await {
        if let Some(login_attempt) = LoginAttempt::capture(line.line()) {
            println!(
                "failed login attempt from {}@{}:{}",
                login_attempt.user, login_attempt.ip, login_attempt.port
            );
            match login_attempts.get_mut(&login_attempt.ip) {
                Some(count) => {
                    *count += 1;

                    if *count == 3 {
                        match iptables.append_unique(
                            "filter",
                            "INPUT",
                            &format!("--source {} -j DROP", login_attempt.ip),
                        ) {
                            Ok(_) => {
                                println!("{} banned", login_attempt.ip);
                            }
                            Err(_) => {
                                println!("{} already banned", login_attempt.ip);
                            }
                        }
                        login_attempts.remove(&login_attempt.ip);
                    }
                }
                None => {
                    login_attempts.insert(login_attempt.ip.clone(), 1);
                }
            }
        }
    }
    Ok(())
}
better err handling, and WIP iptables asve 2024-05-12 14:03:26 +02:00			`pub mod iptables_save;`
first commit with test logic 2024-05-12 13:46:11 +02:00			`pub mod login_attempt;`

			`use linemux::MuxedLines;`
			`use login_attempt::LoginAttempt;`
iptables-save every minute 2024-05-12 14:54:47 +02:00			`use std::{collections::HashMap, thread::sleep, time::Duration};`
first commit with test logic 2024-05-12 13:46:11 +02:00
			`#[tokio::main]`
			`async fn main() -> std::io::Result<()> {`
			`let iptables = iptables::new(false).unwrap();`
			`let mut lines = MuxedLines::new()?;`
			`lines.add_file("/host_ssh/auth.log").await?;`
			`let mut login_attempts: HashMap<String, usize> = HashMap::new();`

iptables-save every minute 2024-05-12 14:54:47 +02:00			`let seconds_iptables = Duration::from_secs(60);`
			`println!(`
			`"starting iptables-save, run every {} seconds",`
			`seconds_iptables.as_secs()`
			`);`
			`tokio::spawn(async move {`
			`loop {`
			`sleep(seconds_iptables);`
			`iptables_save::save_iptables();`
			`println!("saved iptables rules");`
			`}`
			`});`

better err handling, and WIP iptables asve 2024-05-12 14:03:26 +02:00			`println!("listening to changes over /host_ssh/auth.log");`
first commit with test logic 2024-05-12 13:46:11 +02:00			`while let Ok(Some(line)) = lines.next_line().await {`
better err handling, and WIP iptables asve 2024-05-12 14:03:26 +02:00			`if let Some(login_attempt) = LoginAttempt::capture(line.line()) {`
			`println!(`
			`"failed login attempt from {}@{}:{}",`
			`login_attempt.user, login_attempt.ip, login_attempt.port`
			`);`
first commit with test logic 2024-05-12 13:46:11 +02:00			`match login_attempts.get_mut(&login_attempt.ip) {`
			`Some(count) => {`
			`*count += 1;`

			`if *count == 3 {`
better err handling, and WIP iptables asve 2024-05-12 14:03:26 +02:00			`match iptables.append_unique(`
			`"filter",`
			`"INPUT",`
			`&format!("--source {} -j DROP", login_attempt.ip),`
			`) {`
			`Ok(_) => {`
			`println!("{} banned", login_attempt.ip);`
			`}`
			`Err(_) => {`
			`println!("{} already banned", login_attempt.ip);`
			`}`
			`}`
first commit with test logic 2024-05-12 13:46:11 +02:00			`login_attempts.remove(&login_attempt.ip);`
			`}`
			`}`
			`None => {`
			`login_attempts.insert(login_attempt.ip.clone(), 1);`
			`}`
			`}`
			`}`
			`}`
			`Ok(())`
			`}`