-
Notifications
You must be signed in to change notification settings - Fork 1
/
watchmanfw
executable file
·141 lines (124 loc) · 4.07 KB
/
watchmanfw
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
#!/usr/bin/env python
# -*- coding:utf-8 -*-
# Name: WatchmanFW
#
# Author: Tomasz Kruk futszak@gmail.com
# version 0.25
import signal
import sys
import os
import follow
import time
import socket
import sndmail
import routeros_api
import configparser
configini = configparser.ConfigParser()
configini.read('/etc/watchmanfw/watchmanfw.ini')
def signal_handler(signal, frame):
print('You pressed Ctrl+C!')
sys.exit(0)
def getmails():
files = []
for r, d, f in os.walk('.'):
for file in f:
if '@' in file:
files.append(os.path.join(file))
return(files)
def logsend(s):
"""Write log."""
try:
port = int(configini['syslog']['port'])
except:
port = 514
try:
nt = (configini['script']['procname'])+" "+str((int(time.time())))+': '
ip = configini['syslog']['address']
sock.sendto((nt+str(s)+'\n'), (ip, port))
except:
print ("no logs")
def whitelist(line):
a,b=line.split("from")
c,d=b.split("port")
ip=(c.replace(" ", ""))
addip(ip,line)
def timestamp():
a = int(float(time.time()))
return(a)
def isonlist(ip,api,list_queues):
list_queues = api.get_resource('/ip/firewall/address-list')
for a in list_queues.get():
if ((a['address']) == ip):
if (a['list'] == configini['mikrotik']['whitelist']):
return(1)
return(0)
def addip(ip,line):
address = configini['mikrotik']['address']
username = configini['mikrotik']['username']
password = configini['mikrotik']['password']
whitelist = configini['mikrotik']['whitelist']
timeout = configini['mikrotik']['timeout']
try:
sender = configini['email']['sender']
reciever = configini['email']['reciever']
hostname = configini['email']['server']
mail = True
except:
mail = False
subject = ip + " added to "+whitelist
connection = routeros_api.RouterOsApiPool(address, username=username, password=password)
api = connection.get_api()
list_queues = api.get_resource('/ip/firewall/address-list')
if isonlist(ip,api,list_queues):
print("Address is already on the list")
else:
list_queues.add(address=ip, list=whitelist, timeout=timeout)
if mail:
sndmail.sndmail(hostname,sender,reciever,subject,line)
def getstringtab():
stringtab = []
for mail in getmails():
lines = [line.rstrip('\n') for line in open(mail)]
# loop in lines
for line in lines:
# loop in line
record = ()
for lstrint in line.split(","):
record = record + (lstrint,)
record = record + (mail,)
stringtab.append(record)
return(stringtab)
stringtab = getstringtab()
def stringexist(line):
emails = []
for string in stringtab:
if not (string[0]==''):
include = True
for position in range(0,len(string)-1):
if not string[position] in line:
include = False
if include:
emails.append(str(string[len(string)-1]))
return(emails)
signal.signal(signal.SIGINT, signal_handler)
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) # for UDP logging
pid = str(os.getpid())
if os.path.isfile(configini['script']['pidfile']):
os.remove(configini['script']['pidfile'])
file(configini['script']['pidfile'], 'w').write(pid)
logsend("Service start at PID "+str(pid))
eserver = configini['email']['server']
esender = configini['email']['sender']
ereciever = configini['email']['reciever']
sndmail.sndmail(eserver,esender,ereciever,"Service start at PID "+str(pid))
if __name__ == '__main__':
logfile = open(configini['syslog']['logfile'],"r")
loglines = follow.follow(logfile)
for line in loglines:
if configini['machine']['name'] in line:
if configini['machine']['lstring'] in line:
if configini['machine']['user']:
whitelist(line)
if stringexist(line):
for email in stringexist(line):
sndmail.sndmail(eserver,esender,email,line)