Class: Dvash::Linux

Inherits:
Core
  • Object
show all
Defined in:
lib/dvash/os/linux.rb

Overview

Used by Linux systems to leverage IPTables for blocking all of the peoples

Instance Method Summary collapse

Methods inherited from Core

#client_ip, #load_conf, #load_honeyport, #random_data, #valid_ip?, #valid_user?, #validate_os

Constructor Details

#initializeLinux

Returns a new instance of Linux.



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/dvash/os/linux.rb', line 7

def initialize
  # Make sure we have binaries for iptables using the paths
  # set in the configuration file
  unless File.exist?(@@cfgfile['iptables']['ipv4'])
    # TODO: Use [logger] gem to output debug information
    puts "can't find iptables"
    exit
  end
  # Do not create a new iptables chain if one already exists
  unless `"#{@@cfgfile['iptables']['ipv4']}" -L INPUT`.include?('DVASH')
    # Create a new DVASH chain
    system("#{@@cfgfile['iptables']['ipv4']} -N DVASH")
    # Flush the DVASH chain
    system("#{@@cfgfile['iptables']['ipv4']} -F DVASH")
    # Associate the DVASH chain to INPUT chain
    system("#{@@cfgfile['iptables']['ipv4']} -I INPUT -j DVASH")
  end
  # Do not create a new ip6tables chain if one already exists
  unless `"#{@@cfgfile['iptables']['ipv6']}" -L INPUT`.include?('DVASH')
    # Create a new DVASH chain
    system("#{@@cfgfile['iptables']['ipv6']} -N DVASH")
    # Flush the DVASH chain
    system("#{@@cfgfile['iptables']['ipv6']} -F DVASH")
    # Associate the DVASH chain to INPUT chain
    system("#{@@cfgfile['iptables']['ipv6']} -I INPUT -j DVASH")
  end
end

Instance Method Details

#block_ip(address) ⇒ Object 



35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/dvash/os/linux.rb', line 35

def block_ip(address)
  # Block the client IP address using iptables binaries set in the conf file
  if IPAddr.new("#{address}").ipv4? then
    system("#{@@cfgfile['iptables']['ipv4']} -I DVASH -s #{address} -j DROP")
  end

  # Block the client IP address using ip6tables binaries set in the conf file
  if IPAddr.new("#{address}").ipv6? then
    system("#{@@cfgfile['iptables']['ipv6']} -I DVASH -s #{address} -j DROP")
  end
end