Hi!
I've created a patch for BlockHosts which enables alerts being sent out via email whenever a host is added to hosts.deny or .allow.
It's highly untested and is made public on a "it works for me"-basis.
It should be noted that except for applying the patch, in order to use it efficiently (or even at all), you'll need to either modify your config or supply the arguments on command line.
The new default config file entries are:
SMTP_SERVER = "localhost"
SMTP_USER = ''
SMTP_PASSWD = ''
NOTIFY_ADDRESS = "interested.user\@domain.tld"
SENDER_ADDRESS = "BlockHosts <blockhosts@somedomain.tld>"
Note that the addresses are escaped, which is necessary. To fully disable emailing, simply leave the NOTIFY_ADDRESS entry blank (but then again, why apply the patch in the first place?)
SMTP_USER and SMTP_PASSWD is obviously for SMTP authentiction. If you ISP/MSP doesn't require authentication, leave those empty.
The patch is located here
And the blockhosts.py in it's entirety is located here
Questions and/or comments are slightly welcome to erik [-at-] ibiblio dot 0rg
Regards,
Erik Ljungström
Reading, UK
Standalone script?
Was wondering if instead of modifying blockhosts.py itself, if it would be possible to create a standalone program that would be called after blockhosts.py, and then it would figure out what changed and send email alerts.
If such a problem were called "bh.email", could add it to the hosts.allow file in this way:
sshd: ALL: spawn (/usr/bin/blockhosts.py --echo "%c-%s" ; /usr/bin/bh-email) & : allow
Instead of serial execution, maybe even use | - pipe output of
blockhosts.py into bh.email if that helps.
Apt point but..
Hi again,
I can see how you wish to keep your code 100% yours and
obviously, this is totally your show and you make the calls, but I wrote this on someone elses behalf, to scratch an itch. That itch has been scratched and I don't consider myself having the time or energy to rewrite this functionality. Thank you for your work though, it saved me quite some time.
Furthermore, I'm wondering a bit what the benefit of that would be? The python interpreter (or whatever language the mailing script would be written in) would have to be initiated twice for each connection to a monitored service. It would mean that some routines were to be executed twice (such as config file parsing), the hosts.* would also have to be parsed twice, which really contradicts my idea of good software design. Also, there'd be an extra source file to maintain and keep track of, and it'd seem overly complicated for such a pretty straight forward task.
I mean no offence in this, these are just my views. Again, it's your show, you make the calls. I'm sure what you're saying is doable, but I just can't find the motivation or time to do it.
Thanks in advance,
Erik Ljungström
Reading, UK
That's fine...
Oh, that is fine - just wanted to keep to the philosophy of "do one thing, and it good", and following the old Unix model of writing simple programs that can be used together.
But - I can take it from here.
There may be a middle ground - change blockhosts.py to output data that would be useful to post-processors (email programs, SNMP triggers, HTTP posting, etc) in a general manner.
Handy feature
This feature would actually be quite handy as when the blocklist is changed (especially when hosts are added) I would personally like to know about it by an email to me.
Michael.
Thanks!
Great! This is actually a feature I missed in the releases, I definitely want to know when something's blocked so I can react quickly if it's a legit host being blocked. Thanks a lot Erik!
Will it be included in future releases/will the patch be updated to work with new ones?
Thanks again!
//Terry
Utility added to package
Based on this patch, there is now a
bhmail.py
utility available with BlockHosts version 1.1 or later.The bhmail.py script can be run sequentially after each run of blockhosts.py (to get notification if currently connecting IP address will be blocked in future), or can be run periodically using cron (to get list of all
blocked addresses).
Example hosts.allow script:
(/usr/bin/blockhosts.py --echo "%c-%s" ; /usr/bin/bhmail.py --check-ip "%h" --echo "%h")
Example cron run:
/usr/bin/bhmail.py --echo "cron"
Coming soon: a bhrss.py utility, to provide a RSS feed of the currently blocked addresses.