-
-
Notifications
You must be signed in to change notification settings - Fork 570
/
Copy pathfastnetmon_juniper.php
121 lines (114 loc) · 4.16 KB
/
fastnetmon_juniper.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
#!/usr/bin/php
<?php
/*****************************
*
* Juniper PHP Integration for Fastnetmon
*
* This script connect to Juniper Router and add or remove a blackhole's rule for the IP attack
*
* Author: Christian David <[email protected]>
*
* Credits for the Netconf API By Juniper/netconf-php <https://github.com/Juniper/netconf-php>
* Script based on Mikrotik Plugin by Maximiliano Dobladez <[email protected]>
*
* Made based on a MX5 CLI and not tested yet, please feedback-us in Issues on github
*
* LICENSE: GPLv2 GNU GENERAL PUBLIC LICENSE
*
*
* v1.0 - 5 Dec 18 - initial version
******************************/
define( "_VER", '1.0' );
$date = date("Y-m-d H:i:s", time());
// You need to enable NETCONF on your juniper
// https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/netconf-ssh-connection-establishing.html#task-netconf-service-over-ssh-enabling
$cfg['hostname'] = "10.0.0.1"; // Juniper IP
$cfg['port'] = 880; //NETCONF Port
$cfg['username'] = "user"; //user
$cfg['password'] = "password"; //pass
/*
PARAMS(
$argv[1] = STRING (IP)
$argv[2] = STRING (ATTACK DIRECTION)
$argv[3] = STRING (PPS)
$argv[4] = STRING (ACTION = BAN OR UNBAN)
)
*/
$IP_ATTACK = $argv[ 1 ];
$DIRECTION_ATTACK = $argv[ 2 ];
$POWER_ATTACK = $argv[ 3 ];
$ACTION_ATTACK = $argv[ 4 ];
if ( $argc <= 4 ) {
$msg .= "Juniper API Integration for FastNetMon - Ver: " . _VER . "\n";
$msg .= "missing arguments";
$msg .= "php fastnetmon_juniper.php [IP] [data_direction] [pps_as_string] [action] \n";
echo $msg;
exit( 1 );
}
//NOTE help
if ( $argv[ 1 ] == "help" ) {
$msg = "Juniper API Integration for FastNetMon - Ver: " . _VER;
echo $msg;
exit( 1 );
}
require_once "netconf/netconf/Device.php";
$conn = new Device($cfg);
switch($ACTION_ATTACK){
case 'ban':
try{
$desc = 'FastNetMon Community: IP '. $IP_ATTACK .' unblocked because '. $DIRECTION_ATTACK .' attack with power '. $POWER_ATTACK .' pps | at '.$fecha_now;
$conn->connect(); //Try conect or catch NetconfException (Wrong username, Timeout, Device not found, etc)
$locked = $conn->lock_config(); //Equivalent of "configure exclusive" on Juniper CLI
if($locked){
//Community 65535:666 = BLACKHOLE
$conn->load_set_configuration("set routing-options static route {$IP_ATTACK} community 65535:666 discard");
$conn->commit();
}
$conn->unlock(); //Unlock the CLI
$conn->close(); //Close the connection
_log($desc);
}
catch(NetconfException $e){
$msg = "Couldn't connect to " . $cfg['hostname'] . '\nLOG: '.$e;
_log( $msg );
echo $msg;
exit( 1 );
}
break;
case 'unban':
try{
$desc = 'FastNetMon Community: IP '. $IP_ATTACK .' remove from blacklist.';
$conn->connect(); //Try conect or catch NetconfException (Wrong username, Timeout, Device not found, etc)
$locked = $conn->lock_config(); //Equivalent of "configure exclusive" on Juniper CLI
if($locked){
$conn->load_set_configuration("delete routing-options static route {$IP_ATTACK}/32");
$conn->commit();
}
$conn->unlock(); //Unlock the CLI
$conn->close(); //Close the connection
_log($desc);
}
catch(NetconfException $e){
$msg = "Couldn't connect to " . $cfg['hostname'] . '\nLOG: '.$e;
_log( $msg );
echo $msg;
exit( 1 );
}
break;
default:
$msg = "Juniper API Integration for FastNetMon - Ver: " . _VER;
echo $msg;
exit( 1 );
break;
}
/**
* [_log Write a log file]
* @param [type] $msg [text to log]
* @return [type]
*/
function _log( $msg ) {
$FILE_LOG_TMP = "/tmp/fastnetmon_api_juniper.log";
if ( !file_exists( $FILE_LOG_TMP ) ) exec( "echo `date` \"- [FASTNETMON] - " . $msg . " \" > " . $FILE_LOG_TMP );
else exec( "echo `date` \"- [FASTNETMON] - " . $msg . " \" >> " . $FILE_LOG_TMP );
}
?>