Am 30.05.2014 23:18, schrieb li...@rhsoft.net:
>
> Am 30.05.2014 22:48, schrieb Wietse Venema:
>> li...@rhsoft.net:
>>>> You also need to drop "secondary groups". On UNIX, that's
>>>> done with setgroups() or initgroups(), before dropping
>>>> root privileges
>>>
>>> thanks for the hint, looks not that it's supported
>>> http://www.php.net/manual/en/book.posix.php
>>
>> It took me a few seconds to find that PHP has initgroups.
>>
>> site:php.net initgroups
>
> indeed - no excuse except blindness :-(
> implemented - thanks!
>
> in the meantime i installed and configured the mysql-server
> scary, my first from-scratch mysql-setup after 11 years
>
> most i likely wrote the code for insert/update (currently
> untested) and also planned a 'dnsbl_auto' feature which is
> set by the honeypot-service for auto-expires and remove
> old entries will skip records where it is 0 to provide
> a webinterface later to add blocked IP's manually
well, some typos in column-names and script fixend
it works, even before written the init-script the first manual start
caught IP's connecting to a not as MTA anncounced machine which answers
the question if it's worth the work and was not clear at start
it took five seconds until 220.225.200.7 was caught
mysql> select * from dnsbl;
+-----------+-----------------+-----------------+------------+
| dnsbl_key | dnsbl_ip | dnsbl_timestamp | dnsbl_auto |
+-----------+-----------------+-----------------+------------+
| 1 | ***myip*** | 1401485331 | 1 |
| 2 | 220.225.200.7 | 1401485584 | 1 |
| 3 | 96.242.95.29 | 1401485528 | 1 |
| 4 | 112.120.65.223 | 1401485552 | 1 |
| 5 | 212.174.252.130 | 1401485693 | 1 |
+-----------+-----------------+-----------------+------------+
5 rows in set (0.00 sec)
CREATE TABLE `dnsbl` (
`dnsbl_key` int(10) unsigned NOT NULL AUTO_INCREMENT,
`dnsbl_ip` varchar(255) COLLATE latin1_german1_ci NOT NULL DEFAULT '',
`dnsbl_timestamp` int(10) unsigned NOT NULL DEFAULT '0',
`dnsbl_auto` tinyint(1) unsigned NOT NULL DEFAULT '0',
PRIMARY KEY (`dnsbl_key`),
UNIQUE KEY `dnsbl_ip` (`dnsbl_ip`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1
COLLATE=latin1_german1_ci;
____________________________________________________
#!/usr/bin/php
<?php
/** listen on all interfaces */
$address = '0.0.0.0';
/** tcp port to listen */
settype($_SERVER['argv'], 'array');
settype($_SERVER['argv'][1], 'integer');
if(empty($_SERVER['argv'][1]))
{
$port = 25;
}
else
{
$port = $_SERVER['argv'][1];
}
/** configuration */
$whitelist = array();
$simulation = false;
$ttl = 3600 * 24 * 7;
/** database account */
$db_host = 'localhost';
$db_user = 'dnsbl';
$db_db = 'dnsbl';
$db_table = 'dnsbl';
$db_port = 3307;
$db_pwd = '************';
/** disable output buffering */
ob_implicit_flush();
/** create the socket */
if(($sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP) ) === false)
{
exit('socket_create() failed: reason: ' .
socket_strerror(socket_last_error()) . "\n");
}
if(@socket_bind($sock, $address, $port) === false)
{
exit('socket_bind() failed: reason: ' .
socket_strerror(socket_last_error($sock)) . "\n");
}
if(@socket_listen($sock, 5) === false)
{
exit('socket_listen() failed: reason: ' .
socket_strerror(socket_last_error($sock)) . "\n");
}
/** drop privileges to 'nobody' */
if(!@posix_initgroups('nobody', 99) || !@posix_setgid(99) ||
!@posix_setuid(99))
{
exit('Drop privileges failed' . "\n");
}
/** service loop */
while(1 == 1)
{
/** accept connection */
$msgsock = @socket_accept($sock);
/** get the remote address */
$remote_ip = '';
@socket_getpeername($msgsock , $remote_ip);
/** insert remote adress to database or update the timestamp to avoid expire
if it already exists */
if(!empty($remote_ip) && !in_array($remote_ip, $whitelist))
{
switch($simulation)
{
/** database mode */
case false:
/** connect to database */
$db_conn = mysqli_init();
$rw = mysqli_real_connect($db_conn, $db_host, $db_user, $db_pwd, $db_db,
$db_port);
if($rw)
{
/** try to find existing record and update only timestamp */
$fehler = 0;
$result = mysqli_query($db_conn, 'select dnsbl_key from ' . $db_table .
' where dnsbl_ip=\'' .
mysqli_real_escape_string($db_conn, $remote_ip) . '\';', MYSQLI_STORE_RESULT)
or $fehler = 1;
if($fehler)
{
echo 'SQL-ERROR: ' . mysqli_error($db_conn) . "\n";
}
else
{
if(mysqli_num_rows($result))
{
$row = mysqli_fetch_row($result);
mysqli_free_result($result);
$fehler = 0;
$result = mysqli_query($db_conn, 'update ' . $db_table . ' set
dnsbl_timestamp=' . time() . ' where
dnsbl_key=' . intval($row[0]) . ';', MYSQLI_USE_RESULT) or $fehler = 1;
if($fehler)
{
echo 'SQL-ERROR: ' . mysqli_error($db_conn) . "\n";
}
}
/** insert new ip into database */
else
{
mysqli_free_result($result);
$fehler = 0;
$result = mysqli_query($db_conn, 'insert into ' . $db_table .
'(dnsbl_ip, dnsbl_timestamp, dnsbl_auto)
values (\'' . mysqli_real_escape_string($db_conn, $remote_ip) . '\',' . time()
. ', 1);', MYSQLI_USE_RESULT) or
$fehler = 1;
if($fehler)
{
echo 'SQL-ERROR: ' . mysqli_error($db_conn) . "\n";
}
}
}
mysqli_close($db_conn);
}
break;
/** debug: echo connecting remote address on stdout */
case true:
echo $remote_ip . "\n";
break;
}
}
/** close connection */
@socket_close($msgsock);
}
?>
