#!/usr/bin/perl -w
#
# unlist.pl Version 2.7
#
#  This code is meant to work with the sshblack script.
#     See http://www.pettingers.org/code/sshblack.html
#     for details on this and a complete README.TXT file and INSTALL.TXT file
#
#  Use this program to instantly, manually un-blacklist people. Simply
#  run the script name followed by the IP address you want to remove from 
#  the blacklist.
#    e.g.  "./unlist 192.168.100.123"
#  You need to confirm that the $CACHE variable the $DELRULE variable
#  Are set correctly below for your implementation of sshblack.
#
#  NOTE:  There is no file locking implemented with this script or sshblack.
#         There is the potential for collisions between this program and sshblack
#         both trying to access the CACHE file at the same time.  This may result
#         in an indeterminate state of your CACHE file.  This is unlikely but is a
#         possibility.  sshblack may terminate if it can not correctly open the
#         CACHE file when it needs to.  Check your logs after running this script.
#
##############################################################################

use strict;
#
########### Configure Parameters Below ###############
#
# The text database file to keep track of attackers
my($CACHE) = '/var/tmp/ssh-blacklist-pending';

# Set $DELRULE to the complete command line instruction for REMOVING 
# attackers from the blacklist with the following change:
# - Substitute the literal string 'ipaddress' in the location where 
# you want the attacker's IP address to be.
#
# ######### ########### ROUTE VERSION ############ ###########
#          # generally routing to localhost (127.0.0.1) works fine
#
# my($DELRULE) = '/sbin/route del -host ipaddress gw 127.0.0.1'; #RH/Fedora
# my($DELRULE) = 'route delete ipaddress 127.0.0.1'; #Solaris?
#
# ######### ########### IPTABLES VERSION ############ ###########
#
 my($DELRULE) = '/sbin/iptables -D BLACKLIST -s ipaddress -j DROP';
# my($DELRULE) = '/sbin/iptables -D INPUT -s ipaddress -j DROP'; #Generic
#
#
########### No user defined paramters below ################
#


   my ($ip) = $ARGV[0];
   my ($line) = '';
   my (@loser, @buildlist) = ();


        open(LIST, $CACHE) || print STDERR "Error opening $CACHE: $!\n";
        while ($line = <LIST>) {
           @loser = split(/,/, $line);
           # [0] is IP, [1] is time, [2] is hits
           if ($loser[0] ne $ip) {
              push (@buildlist, $line);
           }
           else {
              freeIp($ip);
           } #set free after $RELEASEDAYS
           
        } # End while reading
        close (LIST);
        # open for writing
        open (LIST, ">$CACHE") || print STDERR "Error opening $CACHE: $!\n";
        print LIST @buildlist;
        close (LIST);


#############################################
sub freeIp {
#
# This subroutine removes an attacker from the blacklist.  The literal string
# 'ipaddress' in the $DELRULE string is replaced with the IP address of the attacker
# and the command is executed.
#
   my($ip) = @_;
   my($rule) = $DELRULE;
   $rule =~ s/ipaddress/$ip/;

   system("$rule");

   return;
} # End sub freeIp


# End sshblack.pl
