-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathhawk.init
executable file
·169 lines (160 loc) · 3.4 KB
/
hawk.init
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
#!/bin/bash
#
# hawk
# Bruteforce attacks intrusion detection protection and logging system.
#
# chkconfig: 2345 99 17
# description: [Hawk] daemon monitors various files for unsuccessfull login attempts, block the offenders and store the attack info in a database
# probe: true
# version: 3.0.2
VERSION='3.0.2'
pidfile='/var/run/hawk.pid'
program='/var/lib/hawk/hawk.pl'
cron_program='/var/lib/hawk/bin/hawk-unblock.sh'
conf='/etc/hawk.conf'
check_status() {
check=0;
okcount=0;
for i in 1 2 3 4 5; do
if [ -f $pidfile ]; then
if [ "$1" == 0 ]; then
if [ -d /proc/$(cat $pidfile) ]; then
if [ "$okcount" -gt '1' ]; then
check=1;
continue 6;
fi
let okcount++;
fi
else
if [ ! -d /proc/$(cat $pidfile) ]; then
check=1;
continue 6;
fi
fi
else
if [ "$1" != 0 ]; then
check=1
continue 6
fi
fi
sleep 1
done
if [ $check == "1" ]; then
echo -e "OK"
else
echo -e "FAILED"
fi
}
# Starting Hawk
start_program() {
# TODO
# Make sure that the in_hawk exists and create it if needed
echo -n "Checking if in_hawk exists ... "
if ( ! iptables -t filter -L in_hawk -n >> /dev/null 2>&1 ); then
echo -n "[ NO ] ... "
if ( ! iptables -t filter -N in_hawk ); then
echo "iptables -t filter -N in_hawk FAILED"
exit 1
fi
if ( ! iptables -I INPUT -j in_hawk ); then
echo "iptables -I INPUT -j in_hawk FAILED"
exit 1
fi
echo "[ CREATED ]"
else
if ( ! iptables -t filter -F in_hawk ); then
echo "Failed to flush the old rules from in_hawk"
fi
echo "[ YES ]"
fi
block_list=$(awk -F = '/block_list/{print $2}' $conf)
if [ -x "$block_list" ]; then
echo -n "Restoring the rules from $block_list ... "
if ( ! $block_list ); then
echo "[ FAILED ]"
else
echo "[ OK ]"
fi
fi
if [ -x $program ]; then
if [ "$1" == 'debug' ]; then
$program debug
else
$program
fi
echo -n 'Starting Hawk: '
fi
check_status 0
}
# Stop the Hawk
stop_program() {
echo -n 'Stopping Hawk: '
if [ -f $pidfile ]; then
pid=`cat $pidfile`
if [ -d /proc/$pid ]; then
kill -15 $pid
fi
rm -f $pidfile
fi
pkill -f Hawk >> /dev/null 2>&1
check_status 1
}
check_run() {
if [ ! -f $pidfile ]; then
start_program
else
pid=`cat $pidfile`;
if [ ! -d /proc/$pid ]; then
start_program
fi
fi
}
# change the DB password for all hawk tools
change_hawk_pass() {
echo "Changing Hawk password"
newpass=$(head -n 5 /dev/urandom | md5sum |cut -c 1-12)
#echo "New password: $newpass"
psql -Upostgres -c "ALTER USER hawk PASSWORD '$newpass'" template1
sed -i '/hawk/D' /root/.pgpass
echo "*:*:hawk:hawk:$newpass" >> /root/.pgpass
chmod 600 /root/.pgpass
sed -i "/dbpass/s/=.*/=$newpass/" $conf
stop_program
sleep 1
start_program
}
# Control structure
case "$1" in
'start')
start_program
;;
'stop')
stop_program
;;
'restart')
stop_program
sleep 1
start_program
;;
'debug')
start_program debug
;;
'reload')
kill -HUP `cat $pidfile`
;;
'changepass')
change_hawk_pass
;;
'checkdb')
check_db
;;
'status')
echo -n 'Hawk status: '
check_status 0
;;
'check_run')
check_run
;;
*)
echo -e "usage $0 OPTION\nBasic options:\t\tstart|stop|restart|status\nAdvanced options:\tdebug|reload|changepass"
esac