diff options
| author | Freemor <freemor@freemor.ca> | 2019-10-26 15:16:12 -0300 |
|---|---|---|
| committer | Freemor <freemor@freemor.ca> | 2019-10-26 15:16:12 -0300 |
| commit | d73601f33d6e0285845a43bca10b09d9a0b6bc6e (patch) | |
| tree | 19ccb08c6035869ebc2dffa6440c45ab306475c4 | |
| parent | 2e78c4a7a986e656360328456fa6412487852b3f (diff) | |
Code and output clean-ups.
| -rwxr-xr-x | theDrain | 25 |
1 files changed, 10 insertions, 15 deletions
@@ -3,12 +3,12 @@ # Watch for floods and blacklist # Lets get some Variables defined -max_ho=5 # Max # of Half Open Connections -host_ip="<Your_Host_IP>" # IP addy of host machine -log_file="/var/log//drain.txt" # Directory to log to. -alert_to="" # Who to mail Alerts to -alert_level=50 # How man Half Open before we send an e-mail - +readonly max_ho=5 # Max # of Half Open Connections +readonly host_ip="$(hostname -i | cut -d\ -f 1)" # IP addy of host machine +readonly log_file="~/Drain.txt" # Directory to log to. +readonly alert_to="foo@example.com" # Who to mail Alerts to +readonly alert_level=50 # How man Half Open before we send an e-mail +readonly server_name="$(hostname)" # Name of your server. For E-mail alerts, defaults to hostmane # This Function scans for half open TCP connections (Sign of a SYN flood) # and outputs a list of: @@ -43,15 +43,10 @@ function blackList () { number_of_ho=$(netstat -tn | grep SYN_RECV | wc -l) # Helps us to spot distributed attacks that floodCheck may miss # E-mail Alerts -if [[ "$number_of_ho" -gt "$alert_level" ]]; then - if [[ ! -e tmp/ALERTED_FLAG ]]; then - echo -e "$number_of_ho half open connections on Winston.\n \ - Potential SYN Flood situation.\n \ - Please checkwhat is going on.\n \ - Please clear /tmp/ALERTED_FLAG when the situation is Resolved.\n\n \ - WInston" | mail -s "SYN Flood Warning" -t "$alert_to" - touch /tmp/ALERTED_FLAG - fi +if [[ "$number_of_ho" -gt "$alert_level" ]] && [[ ! -e /tmp/ALERTED_FLAG ]]; then + echo -e "$number_of_ho half open connections on $server_name.\nPotential SYN Flood situation.\nPlease checkwhat is going on.\nPlease clear ALERTED_FLAG when the situation is Resolved.\n\n \ + $server_name" | mail -s "SYN Flood Warning" -t "$alert_to" + touch /tmp/ALERTED_FLAG fi # Display and Logging. (Probably should seperate the two) |