Sophie

Sophie

distrib > Mandriva > current > i586 > media > contrib-release-src > by-pkgid > 9758220406ce8a820904a50857f4f85b > files > 4

ossec-hids-1.4-4mdv2010.0.src.rpm

--- active-response/firewall-drop.sh		2007-11-26 06:46:04.000000000 -0500
+++ active-response/firewall-drop.sh		2007-11-26 06:48:50.000000000 -0500
@@ -23,6 +23,10 @@ RULEID=""
 ACTION=$1
 USER=$2
 IP=$3
+TIMESTAMP=`date +%s`
+OHOME="/var/ossec/"
+
+
 
 LOCAL=`dirname $0`;
 cd $LOCAL
@@ -52,9 +56,15 @@ if [ "X${UNAME}" = "XLinux" ]; then
    if [ "x${ACTION}" = "xadd" ]; then
       ARG1="-I INPUT -s ${IP} -j DROP"
       ARG2="-I FORWARD -s ${IP} -j DROP"
+      # ASL (track IP for web gui)
+      touch $OHOME/var/shun-${TIMESTAMP}-${IP}-$5
    else
       ARG1="-D INPUT -s ${IP} -j DROP"
       ARG2="-D FORWARD -s ${IP} -j DROP"
+      # ASL (track IP for web gui)
+      if [ -f $OHOME/var/*${IP}* ]; then
+        rm -f  $OHOME/var/*${IP}*
+      fi
    fi
    
    # Checking if iptables is present

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional