midefos/martillo-maldito
1
0
Fork 0
Code Activity

removing ban service (moving to another project)

Browse Source
This commit is contained in:
midefos
2024-12-31 13:17:58 +01:00
parent 20f1038ff8
commit b736875510
12 changed files with 7 additions and 573 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/cli.rs
View File

@ -1,13 +1,8 @@
use structopt::StructOpt;
#[derive(Debug, StructOpt)]
#[structopt(
name = "martillo_maldito",
about = "A IPTables wrapper, including a ban service"
)]
#[structopt(name = "martillo_maldito", about = "A IPTables wrapper")]
pub enum Cli {
#[structopt(about = "Initialize ban service, monitoring SSH logs for login attempts")]
BanService,
#[structopt(about = "List all banned ips")]
GetBannedIps {
#[structopt(name = "Docker", short = "d", long = "docker")]

2
src/lib.rs
View File

@ -1,3 +1 @@
pub mod cli;
pub mod login_attempt;
pub mod martillo_maldito;

27
src/login_attempt.rs
View File

@ -1,27 +0,0 @@
use regex::Regex;
pub struct LoginAttempt {
pub ip: String,
pub user: String,
pub port: String,
}
impl LoginAttempt {
pub fn new(ip: &str, user: &str, port: &str) -> Self {
Self {
ip: ip.to_string(),
user: user.to_string(),
port: port.to_string(),
}
}
pub fn capture(line: &str) -> Option<Self> {
let regex = Regex::new(r#"Failed password for (?:invalid user )?(?P<user>\S+) from (?P<ip>\S+) port (?P<port>\d+)"#).unwrap();
let captured = regex.captures(line)?;
Some(Self::new(
captured.name("ip").unwrap().as_str(),
captured.name("user").unwrap().as_str(),
captured.name("port").unwrap().as_str(),
))
}
}

98
src/main.rs
View File

@ -1,27 +1,11 @@
use env_logger::Builder;
use log::{error, info};
use martillo_maldito::{cli::Cli, login_attempt::LoginAttempt, martillo_maldito::MartilloMaldito};
use std::{
collections::HashMap,
io::BufRead,
process::{Child, Command, Stdio},
thread::{sleep, spawn},
time::Duration,
};
mod cli;
use cli::Cli;
use martillo_maldito::martillo_maldito::MartilloMaldito;
use structopt::StructOpt;
#[tokio::main]
async fn main() {
fn main() {
match Cli::from_args() {
Cli::BanService => {
start_logger();
if let Err(err) = start_ban_service().await {
error!(err = err.to_string().as_str();
"Ban service"
);
}
}
Cli::GetBannedIps { docker } => {
let banned_ips = MartilloMaldito::ipv4(docker).get_banned_ips();
println!("{}", serde_json::to_string(&banned_ips).unwrap());
@ -73,75 +57,3 @@ async fn main() {
}
}
}
async fn start_ban_service() -> std::io::Result<()> {
let seconds_iptables = Duration::from_secs(60);
info!(every_seconds = seconds_iptables.as_secs();
"Saving IPTables"
);
spawn(move || loop {
sleep(seconds_iptables);
MartilloMaldito::save_rules().expect("Failed to save rules");
});
let child: Child = Command::new("journalctl")
.arg("-D")
.arg("/var/log/journal")
.arg("-u")
.arg("ssh")
.arg("-f")
.stdout(Stdio::piped())
.spawn()
.expect("Failed to start journalctl");
let stdout = child.stdout.expect("Failed to capture stdout");
let mut reader = std::io::BufReader::new(stdout);
let martillo_maldito = MartilloMaldito::ipv4(false);
let mut login_attempts: HashMap<String, usize> = HashMap::new();
loop {
let mut line = String::new();
if let Err(err) = reader.read_line(&mut line) {
error!(err = err.to_string().as_str();
"Reading line"
);
continue;
}
if line.is_empty() {
continue;
}
if let Some(login_attempt) = LoginAttempt::capture(&line) {
info!(ip = login_attempt.ip.as_str(),
user = login_attempt.user.as_str();
"Login attempt",
);
match login_attempts.get_mut(&login_attempt.ip) {
Some(count) => {
*count += 1;
if *count == 3 {
if martillo_maldito.ban_ip(&login_attempt.ip).is_ok() {
info!(ip = login_attempt.ip.as_str();
"Banned IP"
);
}
login_attempts.remove(&login_attempt.ip);
}
}
None => {
login_attempts.insert(login_attempt.ip, 1);
}
}
}
}
}
fn start_logger() {
Builder::from_default_env().init();
}