I recently discovered IRCcat, which is an IRC bot based off of PircBot. IRCcat’s claim to fame is that it listens on a TCP port and, by sending data to that port, you can “cat” it to IRC. For example, the command
$ echo "hi" | netcat -q0 localhost 12345
results in:
20:22:43: <irccat> hi
.. as long as you have configured irccat to listen on localhost:12345. This obviously depends on netcat being installed.
This was cool and all, but I couldn’t really think of anything to do with it until I was going through my DenyHosts configuration file. There, I saw the PLUGIN_DENY line:
# PLUGIN_DENY: If set, this value should point to an executable
# program that will be invoked when a host is added to the
# HOSTS_DENY file. This executable will be passed the host
# that will be added as its only argument.
“Hm.. that might be easy,” I thought. Well, it mostly was. There is a bug where, when a new host is denied, all denied hosts will be passed to this executable. See the bug for the fix, and Debian users may see this article for how to roll their own debs, which is useful if you have multiple DenyHosts installations on different machines.
Here’s my shell script that reports new blocked hosts:
#!/bin/bash
DEST="localhost"
PORT=12345
HOSTNAME=`hostname --short`
TYPE=""
NAME=${0##*/} # get what we were called as, probably a bashism
REV=`host -q -t PTR ${@} | awk '/Name/ {print $2}'` # DenyHosts usually passes an IP, this will get the reverse DNS as well
if [ "$REV" != "" ]; then
REV="(${REV})"
fi
if [ "$NAME" = "dh-deny" ]; then
TYPE="BLOCKED:"
else
if [ "$NAME" = "dh-purge" ]; then
TYPE="purged:"
fi
fi
echo -e "\x02DenyHosts\x02/\x02${HOSTNAME}\x02: ${TYPE} ${@} ${REV}" | netcat -q0 ${DEST} ${PORT}
If you name this file dh-deny and then symlink dh-purge to it, and then in DenyHosts’ configuration point PLUGIN_DENY at dh-deny and PLUGIN_PURGE at dh-purge, you can get reports in IRC for both new blocked hosts and for old ones being purged. I personally did not define PLUGIN_PURGE.
I’ve also started developing a perl script to relay mail (postfix) activity to IRC. I don’t know of a plugin mechanism for postfix, so this is accomplished by using File::Tail to watch /var/log/mail.log and parse the file. I’m not ready to release source, but it’s coming along well:
01:32:18: <irccat> Postfix/karrde: REJECT: AdelinedwarfLouis@capwiz.com (unknown[200.93.173.57]) to null@kiserai.net: 571 5.7.1 Service unavailable; Client host [200.93.173.57] blocked using sbl-xbl.spamhaus.org; http://www.spamhaus.org/query/bl?ip=200.93.173.57
20:27:36: <irccat> Postfix/karrde: REJECT: null@kiserai.net (karrde2.kiserai.net[207.192.69.84]) to jsmith@example.com: 450 4.1.2 <jsmith@example.com>: Recipient address rejected: Domain not found
The possibilities for irccatting are nearly endless. If I a) have any readers that b) have opinions on this, what else might be useful to pipe to IRC?
Comment
Commenting is closed for this article.
Automatic excerpts on Textpattern Musings on various flavors of Unix