#!/bin/bash PROGNAME=`basename $0` # ============================= Functions ============================ ############################## Debugging Functions ###################### function BUGPAUSE { echo " " echo "-----------------------------------------------------------" echo " MANUAL BUG CHECK!" echo " Is the program doing what you expect? Please " echo " review preceeding output for correctness. Thank you." echo "-----------------------------------------------------------" echo " " echo "Args so far:" echo "ARG1: $ARG1 " echo "ARG2: $ARG2 " echo "ARG3: $ARG3 " echo "ARG4: $ARG4 " echo " " ask "Continue? [Y/n]" if [ $? -ne 0 ]; then { exit 100 } fi } #### #### # # Error Handler. # #### #### function ERROR { clear echo "----------------" echo "| ABEND: Code $1 |" echo "-------------------------------------------------------------------------" echo " Bummer! An error occurred!" echo " Don't you just hate it when..." echo "${2}?" echo "==========================" echo " Maybe this will help...." echo "==========================" SYNTAX exit $1 } #### #### # # - SYNTAX -------- Bet you cannot guess what this does. # #### #### function SYNTAX { MORE "Do you wish to view the Syntax for `VERSION`" y echo "SYNTAX: Program $PROGNAME" echo "This one's simple: Just edit up the intruder_list file with" echo "a listing of the IP's you want to investigate, then run" echo "`basename $0`. The program will mumble over your list and " echo "then return files containing complete WHOIS reports for each" echo "ip address or hostname in intruder_list." MORE "Do you wish to continue?" y echo "NOTES: " echo " " echo "To avoid issues with the WHOIS terminating your account" echo "for use of automated high-speed/high-volume queries" echo "this program inserts a 1 minute delay between each query." echo "Sorry about this. You don't like it, you can edit it out. It's" echo "in the loop in the MAIN section." MORE "Do you wish to continue?" y echo "NOTES:" echo " " echo "**** End of help. Don't you wish there was more? ****" echo "Strike a key to exit help." read DUMMY return } #### #### # # MORE # #### #### function MORE() { ask "$1 [y/n]" $2 if [ $? -eq 0 ]; then return else exit 0 fi } #### #### # # - CHECKCMD --------- Locates the system cammands used by this script.------- # This makes sure the commands we need exist. If a command is missing, # this function will cause the script to abort. # #### #### function CHECKCMD { # Check for required *NIX executable commands. echo "---->In CHECKCMD...." for i in id seq echo hostname touch cp mv rm whois ask; do which $i; if [ $? -ne 0 ]; then ERROR 1 "the command $i is missing from the system" fi; done ## Check for individual specifically required files if [ -f intruder_list ]; then echo ' intruder_list file found. Proceeding.' else ERROR 2 'when the intruder_list file is missing or not in the current directory' fi } #### #### # # CHECK_HOST ----Aborts the program if the hostname keyfile is missing. # #### #### function CHECK_HOST() { AUTHORIZED_BACKUP_HOST=`cat /root/bin/snapback_hostkey` if [ $AUTHORIZED_BACKUP_HOST = `hostname` ]; then { echo "Host $AUTHORIZED_BACKUP_HOST validated." } else { ERROR 20 "When you try to run `basename $0` on an unauthorized backup host" } fi } #### #### # # - R_U_ROOT ----- Aborts the program if the person running it is not root. # #### #### function R_U_ROOT { ID=`id -u` if [ $ID -ne 0 ]; then { echo "$PROGNAME is a potentially dangerous program." echo "Therefore it is only to be run by the root user." echo "You appear to be running it as `id -nu`." echo "Please try again as root or have the system administrator run" echo "$PROGNAME for you." ERROR 10 "you forget to log in as root first" } fi } #### #### # # - GETARGS ----------- Converts command-line args to appropriate parameters. Otherwise, # it prompts for the necessary arguments. # #### #### function GETARGS { echo "IN GETARGS...." if [ -z $1 ]; then { echo "Defaulting to intruder_list as input." ARG1=intruder_list } else ARG1=$1 fi if [ -z $2 ]; then ARG2=6 else { ARG2=$2 if [ $? -ne 0 ]; then ERROR 101 "you don't enter a valid argument for the sleep delay function" fi } fi } #### #### # # Reports the version for this program. # #### #### function VERSION { echo "$PROGNAME Version 11132k3-b, NEWSCRIPT Version 11032k3c" } #======================================= No more functions. ========== ############################################################################# ################################# #################################### ################################# MAIN #################################### ################################# #################################### ############################################################################# case "$1" in v|V|-v|-V|--version|--VERSION|--Version|-version|-Version|-VERSION--ver|--Ver|--VER|-ver|-Ver|-VER) VERSION exit 0 ;; h|H|-h|-H|--help|--HELP|--Help|HELP|help|Help|-help|-HELP|-Help) SYNTAX exit 0 ;; esac #CHECK_HOST #R_U_ROOT VERSION CHECKCMD GETARGS $1 $2 echo "IN MAIN-------->>>>>>>" for i in `cat ./$ARG1`; do { echo "++++++++++++++++++++++++++++++++++++++++" echo "Processing >>> $i <<< in file $ARG1" echo "++++++++++++++++++++++++++++++++++++++++" echo "============================================" >>${i}_intruder.txt echo ' INTRUSION ATTEMPT/ABUSE REPORT ' >>${i}_intruder.txt echo "Date of Report: " `date` >>${i}_intruder.txt echo "============================================" >>${i}_intruder.txt echo "Someone with IP address" >>${i}_intruder.txt echo " " >>${i}_intruder.txt echo "-------> $i <------">>${i}_intruder.txt echo " " >>${i}_intruder.txt echo "has apparently made an intrusion attempt" >>${i}_intruder.txt echo "against one of our company networks." >>${i}_intruder.txt echo " " >>${i}_intruder.txt echo "If you would kindly investigate this matter, we would very much">>${i}_intruder.txt echo "appreciate it. We consider this type of intrusion or intrusion">>${i}_intruder.txt echo "attempt to be not only an invasion of our privacy, but also to ">>${i}_intruder.txt echo "be a CRIMINAL ACT against us.">>${i}_intruder.txt echo "====================================================================" >>${i}_intruder.txt echo " Additional information or log entries may appear in this section." >>${i}_intruder.txt echo "--------------------------------------------------------------------">>${i}_intruder.txt echo " ">>${i}_intruder.txt echo " ">>${i}_intruder.txt echo " ">>${i}_intruder.txt echo "--------------------------------------------------------------------">>${i}_intruder.txt echo "====================================================================">>${i}_intruder.txt echo "The information identifying you as $i's ISP appears below." >>${i}_intruder.txt echo "********************************************************************">>${i}_intruder.txt echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< ">>${i}_intruder.txt whois -H $i >> ${i}_intruder.txt #REMOVE following if-then to disable delay (and risk losing right to use whois!) sleep $ARG2 echo " >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<">>${i}_intruder.txt echo "********************************************************************">>${i}_intruder.txt echo "If this publicly available information is incorrect, please ">>${i}_intruder.txt echo "accept our apologies.">>${i}_intruder.txt echo "--------------------------------------------------------------------">>${i}_intruder.txt echo "Output file for $i was ${i}_intruder.txt." } done echo "End run--------------<<<<<<<".