Category Archives: Perl

Ossim lookup ip script – Execute using a rule

lookup_ip.pl

This script parse an ip address looking up geoip information and populating a database with its information and suricata ids information.

#!/usr/bin/perl

use Geo::IP::PurePerl;
use Email::MIME;
use Email::Sender::Simple qw(sendmail);
use Net::IP::Match::Regexp qw( create_iprange_regexp match_ip );
use DBI;

my $gi = Geo::IP::PurePerl->new("/usr/local/share/GeoIP/GeoIP.dat", GEOIP_STANDARD);
my $srcip = $ARGV[0];
my $country = $gi->country_code_by_addr($ARGV[0]);
my $date = qx(date +%Y-%m-%d);
my $time = qx(date +%H:%M:%S);
my $sidname = $ARGV[1];
my $srcport = $ARGV[2];
my $protocol = $ARGV[3];
my $dstip = $ARGV[4];
my $dstport = $ARGV[5];

open (MYFILE, '>/tmp/temp.txt');
foreach $argnum (0 .. $#ARGV) {
 print MYFILE "$ARGV[$argnum]\n";
}
close (MYFILE);

my $regexp = create_iprange_regexp('192.168.0.0/16','10.0.0.0/8','172.16.0.0/16','172.17.0.0/16');
if ( match_ip($srcip, $regexp) ) {
 print "ip interna \n";
 exit 0;
} else {
 print "ip externa \n";
}

my $dbh = DBI->connect("DBI:Pg:dbname=siem;host=localhost", "database", "password", {'RaiseError' => 1});
my $registry = $dbh->do("INSERT INTO ips_db (date,time,sensor,sid_name,src_ip,src_port,dst_ip,dst_port,src_country,action) VALUES ('$date','$time','192.168.56.10','$sidname','$srcip','$srcport','$dstip','$dstport','$country','database')");
Advertisements

Perl transfer files using ssh (shortcut command)

transfer.pl

#!/usr/bin/perl

use Term::ANSIColor;

if (! defined $ARGV[0]) {
 print "Don't be stupid please...";
 exit 0;
}

my $file = "/home/user/hosts.txt";
my $keysdir = "/home/user/keys";
my $username = $ARGV[1];
my $remote_hostname = $ARGV[0];
my $xfer = $ARGV[2];
my $time = qx/date/;

if ( $ARGV[0] =~ /edit/) {
 my $command = "vim $file";
 system ($command);
 exit 0;
}

if ( $ARGV[0] =~ /list/) {
 print "\n";
 open (my $data, "<" , "$file")
 or die "Failed to open file: $!\n";
 while (my $row = <$data>) {
 chomp $row;
 print "$row\n"
 }
 exit 0;
}

if (! defined $ARGV[2]) {
 print "Please load a file!";
 exit 0;
}

open (my $data, "<" , "$file")
or die "Failed to open file: $!\n";

while (my $row = <$data>) {
 chomp $row;
 if ( $row =~ /$remote_hostname/) {
 if ( defined $ARGV[3] ) {
 my @args = ($row, $ARGV[3]);
 ssh_transfer_key(@args);
 exit 0;
 }
 else {
 ssh_transfer($row);
 exit 0;
 }
 }
}

print "Remote host not found!";

sub ssh_transfer() {

 my $row = $_[0];
 my @parts = split(",",$row);
 my $hostname = $parts[0];
 my $ipaddress = $parts[1];
 my $port = $parts[2];
 print $time;
 print "Transfering file to $hostname ...\n";
 print color("red"), "scp -P $port $xfer $username@$ipaddress:/tmp \n", color("reset");
 my $command = "scp -P $port $xfer $username"."@"."$ipaddress:/tmp/";
 system($command);
 exit 0;

}

sub ssh_transfer_key() {

 my $row = $_[0];
 my $key = $_[1];
 my @parts = split(",",$row);
 my $hostname = $parts[0];
 my $ipaddress = $parts[1];
 my $port = $parts[2];
 print $time;
 print "Transfering file to $hostname ...\n";
 print color("red"), "scp -i $keysdir/$key -P $port $xfer $username"."@"."$ipaddress:/tmp \n", color("reset");
 my $command = "scp -i $keysdir/$key -P $port $xfer $username"."@"."$ipaddress:/tmp/";
 system($command);
 exit 0;

}

close $data;

Cisco Wireless Controller – WPA PSK passphrase change Script and HTTP Publish

change_wlc_ssid_passphrase.pl

#!/usr/bin/perl

use Net::SSH::Expect;

my $ssh = Net::SSH::Expect->new (
 host => "192.168.10.3",
 raw_pty => 1
);

my $pass = generatePassword(10);
print ("Generating new WPA passphrase: ".$pass."\n");
print ("Getting into WLC...\n");
$ssh->run_ssh() or die "SSH process couldn't start: $!";
$ssh->waitfor('User:', 10) or die "prompt 'User' not found after 10 second";
$ssh->send("user");
$ssh->waitfor('Password:', 3) or die "prompt 'Password' not found after 3 second";
$ssh->send("password");
$ssh->waitfor('(Cisco Controller)', 3) or die "prompt 'Cisco Controller' not found";
print ("Disabling SSID Wlan\n");
$ssh->exec("config wlan disable 7");
print ("Setting passphrase to SSID Wlan\n");
$ssh->exec("config wlan security wpa akm psk set-key ascii $pass 7");
print ("Enabling SSID Wlan\n");
$ssh->exec("config wlan enable 7");
$ssh->exec("logout");
$ssh->send("y");

open (MYFILE, '>temp.txt');
my $html_prefix = '<strong><font size="12">';
my $html_suffix = '</font></strong>';
print MYFILE ($html_prefix.$pass.$html_suffix."\n");
close (MYFILE);
system("cp -rf temp.txt /var/www/html/wireless/index.html");
print ("Job done!\n");

sub generatePassword {
$length = shift;
$possible = 'abcdefghijkmnpqrstuvwxyz23456789ABCDEFGHJKLMNPQRSTUVWXYZ';
while (length($password) < $length)
 { $password .= substr($possible, (int(rand(length($possible)))), 1);
}
return $password
}

Send email Perl with attached files and remove file after sent

send_email_file_report.pl

#!/usr/bin/perl

use MIME::Lite;

my $attached_file = $ARGV[0];
my $report_directory = "/mnt/reports";

my $msg = MIME::Lite->new(
 From => 'xxxx@xxxx.com',
 To => 'xxx@xxx.com',
 Cc => 'xxxx@xxxx.com, xxxxx@xxxx.com',
 Bcc => 'xxx@xxx.com, xxx@xxx.com',
 Subject => "$attached_file",
 Type => 'multipart/mixed',
);

$msg->attach(
 Type => 'TEXT',
 Data => "Mensaje : $attached_file \nNota: Este correo ha sido generado autom√°ticamente por favor no responda a este mensaje.",
);

$msg->attach(
 Type => 'text/plain',
 Path => "$report_directory/$attached_file",
 Filename => "$attached_file",
 Disposition => 'attachment'
);

$msg->send or die "Mensaje no enviado";

system("rm -rf $report_directory/$attached_file");


------------ bash execution ------------------------

#!/bin/bash

report_directory="/mnt/reports"
exec_directory="/root/bin"

cd $report_directory
for i in *.csv; do $exec_directory/send_email_file_report.pl $i; done

Connect ssh hosts list (shortcut command)

connect.pl
#!/usr/bin/perl

use Term::ANSIColor;

if (! defined $ARGV[0]) {
 print "Don't be stupid please...";
 exit 0;
}

my $file = "/home/user/hosts.txt";
my $keysdir = "/home/user/keys";
my $username = $ARGV[1];
my $remote_hostname = $ARGV[0];
my $time = qx/date/;

if ( $ARGV[0] =~ /edit/) {
 my $command = "vim $file";
 system ($command);
 exit 0;
}

if ( $ARGV[0] =~ /list/) {
 print "\n";
 open (my $data, "<" , "$file")
 or die "Failed to open file: $!\n";
 while (my $row = <$data>) {
 chomp $row;
 print "$row\n"
 }
 exit 0;
}

open (my $data, "<" , "$file")
or die "Failed to open file: $!\n";

while (my $row = <$data>) {
 chomp $row;
 if ( $row =~ /$remote_hostname/) {
 if ( defined $ARGV[2] ) {
 my @args = ($row, $ARGV[2]);
 ssh_connect_key(@args);
 exit 0;
 }
 else {
 ssh_connect($row);
 exit 0;
 }
 }
}

print "Remote host not found!";

sub ssh_connect() {

 my $row = $_[0];
 my @parts = split(",",$row);
 my $hostname = $parts[0];
 my $ipaddress = $parts[1];
 my $port = $parts[2];
 print $time;
 print "Connecting to $hostname ...\n";
 print color("red"), "ssh $ipaddress -p $port -l $username \n", color("reset");
 my $command = "ssh $ipaddress -p $port -l $username";
 system($command);
 exit 0;

}

sub ssh_connect_key() {

 my $row = $_[0];
 my $key = $_[1];
 my @parts = split(",",$row);
 my $hostname = $parts[0];
 my $ipaddress = $parts[1];
 my $port = $parts[2];
 print $time;
 print "Connecting to $hostname ...\n";
 print color("red"), "ssh $ipaddress -p $port -l $username -i $keysdir/$key \n", color("reset");
 my $command = "ssh $ipaddress -p $port -l $username -i $keysdir/$key";
 system($command);
 exit 0;

}

close $data;

Change relay routing and postfix parameter perl script for postfix (failover relay)

change_relay.pl

#!/usr/bin/perl

use Term::ANSIColor;

my $relay_04_gw = "10.24.0.1";
my $relay_03_gw = "10.24.25.1";
my $relay_04_gw_interface = "eth0";
my $relay_03_gw_interface = "eth1";
my @file = split( " ", qx+cat /etc/postfix/main.cf | grep ^myhostname+);
my $hostname = $file[2];
chomp $hostname;

print color("green"), "Estado: ".$hostname."\n", color("reset");
print "Escoja la opción:\n";
print "1. Cambiar a relay-03.xxx.com\n";
print "2. Cambiar a relay-04.xxx.com\n";
my $answer = <>;
chomp $answer;

if ( $answer eq "1" ){
 my $new_hostname = "relay-03.xxx.com";
 check_hostname($new_hostname);
 change_iptables("25", "tcp", "drop");
 change_routing("delete", $relay_04_gw, $relay_04_gw_interface);
 change_routing("add", $relay_03_gw, $relay_03_gw_interface);
 system("sed -i s/$hostname/$new_hostname/g /etc/postfix/main.cf");
 system("/etc/init.d/postfix restart");
 change_iptables("25", "tcp", "accept");
 print color("red"), "Cambiado a ".$new_hostname."\n", color("reset");
}

if ( $answer eq "2" ){
 my $new_hostname = "relay-04.xxx.com";
 check_hostname($new_hostname);
 change_iptables("25", "tcp", "drop");
 change_routing("delete", $relay_03_gw, $relay_03_gw_interface);
 change_routing("add", $relay_04_gw, $relay_04_gw_interface);
 system("sed -i s/$hostname/$new_hostname/g /etc/postfix/main.cf");
 system("/etc/init.d/postfix restart");
 change_iptables("25", "tcp", "accept");
 print color("red"), "Cambiado a ".$new_hostname."\n", color("reset");
}

sub change_routing() {
 my $action = $_[0];
 my $gateway = $_[1];
 my $interface = $_[2];
 if ( $action eq "add" ){
 system("ip route add default via $gateway dev $interface");
 }
 if ( $action eq "delete" ){
 system("ip route del default via $gateway dev $interface");
 }
}

sub change_iptables() {
 my $port = $_[0];
 my $protocol = $_[1];
 my $action = $_[2];
 if ( $action eq "drop" ){
 system("iptables -I INPUT -p $protocol --dport $port -j DROP");
 }
 if ( $action eq "accept"){
 system("iptables -D INPUT -p $protocol --dport $port -j DROP");
 }
}

sub check_hostname() {
 my $new_hostname = $_[0];
 if ( $new_hostname eq $hostname ){
 die "$hostname ya se encuentra asignado\n";
 }
}