1 /* $Id: ssp_snmp_interface_down.c,v 2.3 2009/11/27 01:39:40 fknobbe Exp $
2 *
3 * Copyright (c) 2005-2008 Ali BASEL <ali@basel.name.tr>
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 *
27 *
28 * ssp_snmp_interface_shutdown.c
29 *
30 * Purpose:
31 *
32 * This SnortSam plugin calls the trackersnmp program of the tracker(http://www.basel.name.tr) to
33 * shutdown the switch ports of the local intruders to block the IP addresses.
34 *
35 */
36
37 #ifndef __SSP_SNMPINTERFACEDOWN_C__
38 #define __SSP_SNMPINTERFACEDOWN_C__
39
40
41 #include "snortsam.h"
42 #include "ssp_snmp_interface_down.h"
43
44
45 #include <stdio.h>
46 #include <string.h>
47
48
49 /* Parsing config options
50 */
SNMPINTERFACEDOWNParse(char * val,char * file,unsigned long line,DATALIST * plugindatalist)51 void SNMPINTERFACEDOWNParse(char *val, char *file, unsigned long line, DATALIST *plugindatalist)
52 {
53 char *p2,msg[STRBUFSIZE+2];
54
55 SNMPINTERFACEDOWNDATA *snmpinterfacedownp=NULL;
56
57 #ifdef FWSAMDEBUG
58 printf("Debug: [snmp_interface_down] Plugin Parsing...\n");
59 #endif
60
61 /* Allocate data structure */
62 snmpinterfacedownp=(SNMPINTERFACEDOWNDATA *)safemalloc(sizeof(SNMPINTERFACEDOWNDATA),"SNMPDOWNParse","snmpinterfacedownp");
63 plugindatalist->data=snmpinterfacedownp;
64 snmpinterfacedownp->trackersnmppath[0]=0; /* Set defaults */
65 snmpinterfacedownp->logflag=FALSE;
66
67 while(*val) /* cycle through the line options */
68 { p2=val;
69 while(*p2 && !myisspace(*p2))
70 p2++;
71 if(*p2)
72 *p2++ =0;
73
74 if(!stricmp(val,"log")) /* If the option is log, we set the logging flag */
75 snmpinterfacedownp->logflag=TRUE;
76 else
77 safecopy(snmpinterfacedownp->trackersnmppath, val); /* Otherwise is should be the path to fltcon.exe */
78
79 val=p2;
80 while(*val && myisspace(*val)) /* skip over spaces */
81 val++;
82 }
83 if(*(snmpinterfacedownp->trackersnmppath))
84 { snprintf(msg,sizeof(msg)-1,"snmp_interface_down: Will call '%s' to initiate blocks%s.",snmpinterfacedownp->trackersnmppath, snmpinterfacedownp->logflag?" with logging":"");
85 logmessage(3,msg,"snmp_interface_down",0);
86 }
87 else
88 { snprintf(msg,sizeof(msg)-1,"Warning: [%s: %lu] No trackersnmp executable specified. Using just \"trackersnmp\" by default (and hope it's in the path...)",file,line);
89 safecopy(snmpinterfacedownp->trackersnmppath,"trackersnmp");
90 logmessage(2,msg,"snmp_interface_down",0);
91 }
92 }
93
94
95 /* This routine initiates the block by calling trackersnmp
96 */
SNMPINTERFACEDOWNBlock(BLOCKINFO * bd,void * data,unsigned long qp)97 void SNMPINTERFACEDOWNBlock(BLOCKINFO *bd,void *data,unsigned long qp)
98 {
99 char cmd[STRBUFSIZE+2],msg[STRBUFSIZE+2];
100 const char pref[]="ldap do nostdout host scanner.sabanciuniv.edu to netadmin@scanner.sabanciuniv.edu ";
101 /* #ifdef FWSAMDEBUG
102 unsigned long threadid=GetCurrentThreadId();
103 #endif
104 */
105 SNMPINTERFACEDOWNDATA *snmpinterfacedownp;
106
107 if(!data) return;
108 snmpinterfacedownp=(SNMPINTERFACEDOWNDATA *)data;
109
110 if(bd->block) {
111 snprintf(cmd,sizeof(cmd)-1,"%s %s %s shut", snmpinterfacedownp->trackersnmppath, inettoa(bd->blockip), pref);
112 logmessage(2, cmd, "snmp_interface_down",0);
113 /* #ifdef FWSAMDEBUG
114 printf("Debug: [snmp_interface_down][%lx] Calling: %s\n", threadid, cmd);
115 #endif
116 */
117 /* Run the command */
118 if( system(cmd) ) {
119 snprintf(msg,sizeof(msg)-1,"Error: Command \"%s\" Failed", cmd);
120 logmessage(1,msg,"snmpinterfacedown",0);
121 }
122 else {
123 snprintf(msg,sizeof(msg)-1,"Info: Command \"%s\" Executed Successfully", cmd);
124 logmessage(1, msg, "snmpinterfacedown",0);
125 }
126 }
127 else {
128 snprintf(cmd,sizeof(cmd)-1,"%s %s %s noshut", snmpinterfacedownp->trackersnmppath, inettoa(bd->blockip), pref);
129 logmessage(2, cmd, "snmp_interface_down",0);
130 /* Run the command */
131 if( system(cmd) ) {
132 snprintf(msg,sizeof(msg)-1,"Error: Command \"%s\" Failed", cmd);
133 logmessage(1, msg, "snmpinterfacedown", 0);
134 }
135 else {
136 snprintf(msg,sizeof(msg)-1,"Info: Command \"%s\" Executed Successfully", cmd);
137 logmessage(1, msg, "snmpinterfacedown", 0);
138 }
139 }
140 }
141
142 #endif /* __SSP_SNMPINTERFACEDOWN_C__ */
143