API tools faq
paste
Advertisement
Marionumber1

monitor.sh

Marionumber1
Apr 23rd, 2020
861
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 0.80 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. ct_num=$1
  4.  
  5. if [ $ct_num -eq "101" ]; then
  6.     ct_ip="172.20.0.2"
  7. else
  8.     ct_ip="172.20.0.3"
  9. fi
  10.  
  11. while read a
  12. do
  13.     # Monitor for login event
  14.     accepted_line=$(echo "$a" | grep "sshd" | grep "Accepted password for")
  15.     if [ ! -z "$accepted_line" ]; then
  16.     # Extract IP address
  17.     ip_addr=$(echo "$a" | awk -F" " '{ print $11 }')
  18.  
  19.     echo "New connection from $ip_addr"
  20.  
  21.     # Allow only the attacker in the container
  22.     iptables --table filter --insert FORWARD 1 --protocol tcp --out-interface vmbr0 --source $ip_addr --destination $ct_ip --destination-port 22 --jump ACCEPT
  23.     iptables --table filter --insert FORWARD 2 --protocol tcp --out-interface vmbr0 --source 0.0.0.0/0 --destination $ct_ip --destination-port 22 --jump DROP
  24.  
  25.     /root/wait.sh $ct_num $ip_addr &
  26.     exit
  27.     fi
  28. done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!