#!/bin/sh # #NADDS Agent - http://nadds.drmadcow.net/ #Monitors IPTABLES for firewall rule changes. #Agent Author: David Blizard #Date: 2003-May-28 (V2.2) . /usr/local/bcnu/etc/bcnuenv . $BCNUHOME/agent/agent_head #setup file handles and variables DIFFILE=$BCNUTMP/${BCNUAGENT}.diff CURTABLES=$BCNUTMP/${BCNUAGENT}.cur.tables ERRFILE=$BCNUTMP/${BCNUAGENT}.err OKTABLES=$BCNUHOME/data/${BCNUAGENT}-archive/${BCNUAGENT}.ok.tables RESTORE=$BCNUHOME/data/${BCNUAGENT}-archive/${BCNUAGENT}.restore.tables OK=0 IPTABLESLIST="sudo /sbin/iptables -L -n" IPTABLESSAVE="sudo /sbin/iptables-save -c" rm -f $CURTABLES $DIFFILE $ERRFILE 2>/dev/null if [ ! -d $BCNUHOME/data/${BCNUAGENT}-archive ] ;then mkdir -p $BCNUHOME/data/${BCNUAGENT}-archive 2>/dev/null fi $IPTABLESLIST > $CURTABLES 2>$ERRFILE if [ $? -ne 0 ] ;then BCNUMSG="$BCNU -m 'warning - iptables command failed' -f $ERRFILE -e $BCNU_WARN -t $BCNUHOSTTYPE $BCNUHOST" bcnu_warn_send exit 1 fi if [ ! -f $OKTABLES ] ;then $IPTABLESLIST > $OKTABLES 2>/dev/null $IPTABLESSAVE > $RESTORE 2>/dev/null fi #compare original tables to current tables diff $CURTABLES $OKTABLES > $DIFFILE 2>$ERRFILE OK=$? #if tables differ report error otherwise ok if [ $OK -eq 0 ] ;then BCNUMSG="$BCNU -m 'ok - firewall tables unchanged' -f $CURTABLES -e $BCNU_OK -t $BCNUHOSTTYPE $BCNUHOST" bcnu_send elif [ $OK -eq 1 ] ;then #get timestamp for error log DATE=`date` TIMESTAMP=`date %Y%m%d%H%M%S` #make bakup and restore files BAKUP=${BCNUAGENT}.$TIMESTAMP.bakup.tables RES=${BCNUAGENT}.$TIMESTAMP.restore.tables TAR=${BCNUAGENT}.$TIMESTAMP.tgz ARCHIVE=$BCNUHOME/data/${BCNUAGENT}-archive/$TAR #bakup old tables mv -f $OKTABLES $BCNUHOME/data/${BCNUAGENT}-archive/$BAKUP 2>/dev/null mv -f $RESTORE $BCNUHOME/data/${BCNUAGENT}-archive/$RES 2>/dev/null cd $BCNUHOME/data/${BCNUAGENT}-archive/ 2>/dev/null tar cfpz $TAR $RES $BAKUP 2>/dev/null rm -f $BCNUHOME/data/${BCNUAGENT}-archive/$RES $BCNUHOME/data/${BCNUAGENT}-archive/$BAKUP 2>/dev/null #generate new tables $IPTABLESLIST > $OKTABLES 2>/dev/null $IPTABLESSAVE > $RESTORE 2>/dev/null #send error message echo -e "\n****Firewall tables changed on $DATE****\n\tchange backed up in $ARCHIVE\n\n****Current firewall tables****\n" >> $DIFFILE 2>/dev/null; cat $CURTABLES >> $DIFFILE 2>/dev/null; BCNUMSG="$BCNU -m 'error - firewall tables changed, tables backed up' -f $DIFFILE -e $BCNU_ERR -t $BCNUHOSTTYPE $BCNUHOST" bcnu_err_send elif [ $OK -eq 2 ] ;then BCNUMSG="$BCNU -m 'warning - diff command failed - No such file' -f $ERRFILE -e $BCNU_WARN -t $BCNUHOSTTYPE $BCNUHOST" bcnu_warn_send else BCNUMSG="$BCNU - m 'warning - unknown error - diff command' -f $ERRFILE -e $BCNU_WARN -t $BCNUHOSTTYPE $BCNUHOST" bcnu_warn_send fi