Current File : //usr/local/bin/csf/ConfigServer/KillSSH.pm

###############################################################################
# Copyright 2006-2018, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################
## no critic (RequireUseWarnings, ProhibitExplicitReturnUndef, ProhibitMixedBooleanOperators, RequireBriefOpen)
# start main
package ConfigServer::KillSSH;

use strict;
use lib '/usr/local/csf/lib';
use Fcntl qw(:DEFAULT :flock);
use ConfigServer::Logger;

use Exporter qw(import);
our $VERSION     = 1.00;
our @ISA         = qw(Exporter);
our @EXPORT_OK   = qw();

# end main
###############################################################################
# start iplookup
sub find {
	my $ip = shift;
	my $ports = shift;

	my %inodes;

	if ($ports eq "" or $ip eq "") {return}

	foreach my $proto ("tcp","tcp6") {
		open (my $IN, "<", "/proc/net/$proto");
		flock ($IN, LOCK_SH);
		while (<$IN>) {
			my @rec = split();
			if ($rec[9] =~ /uid/) {next}

			my ($dip,$dport) = split(/:/,$rec[2]);
			$dport = hex($dport);

			my ($sip,$sport) = split(/:/,$rec[1]);
			$sport = hex($sport);

			$dip = &hex2ip($dip);
			$sip = &hex2ip($sip);

			if ($sip eq '0.0.0.1') {next}
			if ($dip eq $ip) {
				foreach my $port (split(/\,/, $ports)) {
					if ($port eq $sport) {
						$inodes{$rec[9]} = 1;
					}
				}
			}
		}
		close ($IN);
	}

	opendir (my $PROCDIR, "/proc");
	while (my $pid = readdir($PROCDIR)) {
		if ($pid !~ /^\d+$/) {next}
		opendir (DIR, "/proc/$pid/fd") or next;
		while (my $file = readdir (DIR)) {
			if ($file =~ /^\./) {next}
			my $fd = readlink("/proc/$pid/fd/$file");
			if ($fd =~ /^socket:\[?([0-9]+)\]?$/) {
				if ($inodes{$1} and readlink("/proc/$pid/exe") =~ /sshd/) {
					kill (9,$pid);
					ConfigServer::Logger::logfile("*PT_SSHDKILL*: Process PID:[$pid] killed for blocked IP:[$ip]");
				}
			}
		}
		closedir (DIR);
	}
	closedir ($PROCDIR);
	return;
}
# end find
###############################################################################
## start hex2ip
sub hex2ip {
    my $bin = pack "C*" => map hex, $_[0] =~ /../g;
    my @l = unpack "L*", $bin;
    if (@l == 4) {
        return join ':', map { sprintf "%x:%x", $_ >> 16, $_ & 0xffff } @l;
    }
    elsif (@l == 1) {
        return join '.', map { $_ >> 24, ($_ >> 16 ) & 0xff, ($_ >> 8) & 0xff, $_ & 0xff } @l;
    }
}
## end hex2ip
###############################################################################

1;