-
-
Save bompus/d17a11283f23596ce18b74d5106f9a20 to your computer and use it in GitHub Desktop.
Revisions
-
bdtech created this gist
Jun 17, 2013 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,46 @@ #!/bin/sh # Adds an IP to Cloudflare IP block list # Path: /var/ossec/active-response/bin/cloudflare-ban.sh # ACTION=$1 USER=$2 IP=$3 PWD=`pwd` TKN='CF API KEY' CFEMAIL='[email protected]' # Logging the call echo "`date` $0 $1 $2 $3 $4 $5" >> /var/ossec/logs/active-responses.log # IP Address must be provided if [ "x${IP}" = "x" ]; then echo "$0: Missing argument <action> <user> (ip)" exit 1; fi # Adding the ip to null route if [ "x${ACTION}" = "xadd" ]; then curl https://www.cloudflare.com/api_json.html \ -d 'a=ban' \ -d 'key='${IP} \ -d 'tkn='${TKN} \ -d 'email='${CFEMAIL} | /usr/bin/mail -s "CLOUDFLARE BANNED - ${IP}" root exit 0; # Deleting from null route # be carefull not to remove your default route elif [ "x${ACTION}" = "xdelete" ]; then curl https://www.cloudflare.com/api_json.html \ -d 'a=nul' \ -d 'key='${IP} \ -d 'tkn='${TKN} \ -d 'email='${CFEMAIL} | /usr/bin/mail -s "CLOUDFLARE UNBANNED - ${IP}" root exit 0; # Invalid action else echo "$0: invalid action: ${ACTION}" fi exit 1;
bdtech
created
this gist