#!/usr/bin/perl -w
#
# list.pl Version 2.7
#
#  This code is meant to work with the sshblack script.
#     See http://www.pettingers.org/code/sshblack.html 
#     for details on this and a complete README.TXT file and INSTALL.TXT file
#
#  Use this program to instantly, manually blacklist people. Simply
#  run the script name followed by the IP address you want to blacklist.
#    e.g.  "./list 192.168.100.123"
#  You need to confirm that the $CACHE variable the $ADDRULE variable
#  Are set correctly below for your implementation of sshblack.
# 
#  NOTE:  There is no file locking implemented with this script or sshblack.
#         There is the potential for collisions between this program and sshblack
#         both trying to access the CACHE file at the same time.  This may result
#         in an indeterminate state of your CACHE file.  This is unlikely but is a
#         possibility.  sshblack may terminate if it can not correctly open the
#         CACHE file when it needs to.  Check your logs after running this script.
# 
##############################################################################

use strict;
#
########### Configure Parameters Below ###############
#
# The text database file to keep track of attackers
my($CACHE) = '/var/tmp/ssh-blacklist-pending';
#
# 
# Set $ADDRULE to the complete command line instruction for ADDING
# attackers to the blacklist with the following change:
# - Substitute the literal string 'ipaddress' in the location where
# you want the attacker's IP address to be.
#
# ######### ########### ROUTE VERSION ############ ###########
#
# my($ADDRULE) = '/sbin/route add -host ipaddress gw 127.0.0.1'; #RH/Fedora
# my($ADDRULE) = 'route add ipaddress 127.0.0.1'; #Solaris?
#
# ######### ########### IPTABLES VERSION ############ ###########
#
 my($ADDRULE) = '/sbin/iptables -I BLACKLIST -s ipaddress -j DROP';
# my($ADDRULE) = '/sbin/iptables -A INPUT -s ipaddress -j DROP'; #Generic
#
#
########### No user defined paramters below ################
#





   my($ip) = $ARGV[0];
   my $loser= "$ip," . time() . ",6\n";
   blockIp($ip);   
                 
   open (LIST, ">>$CACHE") || print STDERR "Error opening $CACHE: $!\n";
   print LIST $loser;
   close (LIST);



#################################################
sub blockIp {
#
#

   my($ip) = @_;
   my($rule) = $ADDRULE;

   $rule =~ s/ipaddress/$ip/;

   system("$rule");

   return;
} # End sub blockIp


# End sshblack.pl
