#!/bin/sh
# Name:          attack.sh
# Author:        Dominic J. Eidson
# Last modified: Mon Nov  1 16:10:32 CST 1999
# Description:   This script is to be run through portsentry, it will
#                add entries to /etc/rc.d/rc.firewall, and echo a cleanup
#                script to be run in N days/weeks/however long.
# Arguments:     $1 contains the IP of the attacker.

# Additional files:
#	/etc/rc.d/rc.firewall: script containing lines to re-instate any
#                              firewall rules after a reboot.
#	cleanup.sh: Script to be run in N many days/weeks to remove the
#                   created entries in various files.

# Init time.
export ATTACK_PID="${$}"		    # Do not change.
QUIET="no"				    # Set default "wall" behavior
CLEAN_SCR="/usr/local/psionic/portsentry/cleanup.sh -a" # Cleanup script
FWALL_SCR="/etc/rc.d/rc.firewall"	    # rc.firewall script
USERS="root"				    # users to get e-mail notification

# Programs
IPTABLES="/usr/sbin/iptables"		    # Path to iptables

set -- `getopt q $* 2>/dev/null`
if [ ${?} -ne 0 ]
then
    echo "USAGE: `basename ${0}` [-q] ipaddress [port]"
    exit 1
fi
for i
do  
    case "$i"
    in  
        -q) 
            QUIET="yes"; shift;;
    esac
done

# Get rid of "--"
shift       

# Do we have enough arguments left?
if [ $# -lt 1 ]
then
    echo "USAGE: `basename ${0}` [-q] ipaddress [port]"
    exit 1
fi

# Add line to /etc/rc.d/rc.firewall
# /etc/rc.d/rc.firewall is run upon startup to reinstate the firewall rules.
echo "$IPTABLES -A INPUT -j DROPANDLOG -s $1" >> $FWALL_SCR &
#echo "$IPTABLES -A INPUT -j DROP -s $1" >>  $FWALL_SCR &

# Schedule at(1) job for "now + 2 weeks"
echo "$CLEAN_SCR $1" | at 'now + 2 weeks' 1> /dev/null 2>&1 &

if [ "$QUIET" = "no" ]; then
  # Send wall message
  echo "Attack from $1" | wall &
fi

# Send e-mail notification
echo "Attack from $1 Port: $2" | mail -s "Attack from $1" ${USERS} &