[ SEA-GHOST MINI SHELL]
#!/usr/bin/perl -s
##
## IP Filter UCD-SNMP pass module
##
## Allows read IP Filter's tables (In, Out, AccIn, AccOut),
## fetching rules, hits and bytes (for accounting tables only).
##
## Author: Yaroslav Terletsky <ts@polynet.lviv.ua>
## Date: $ Tue Dec 1 10:24:08 EET 1998 $
## Version: 1.1a
# Put this file in /usr/local/bin/ipf-mod.pl and then add the following
# line to your snmpd.conf file (without the # at the front):
#
# pass .1.3.6.1.4.1.2021.13.2 /usr/local/bin/ipf-mod.pl
# enterprises.ucdavis.ucdExperimental.ipFilter = .1.3.6.1.4.1.2021.13.2
# ipfInTable.ipfInEntry.ipfInIndex integer = 1.1.1
# ipfInTable.ipfInEntry.ipfInRule string = 1.1.2
# ipfInTable.ipfInEntry.ipfInHits counter = 1.1.3
# ipfOutTable.ipfOutEntry.ipfOutIndex integer = 1.2.1
# ipfOutTable.ipfOutEntry.ipfOutRule string = 1.2.2
# ipfOutTable.ipfOutEntry.ipfOutHits counter = 1.2.3
# ipfAccInTable.ipfAccInEntry.ipfAccInIndex integer = 1.3.1
# ipfAccInTable.ipfAccInEntry.ipfAccInRule string = 1.3.2
# ipfAccInTable.ipfAccInEntry.ipfAccInHits counter = 1.3.3
# ipfAccInTable.ipfAccInEntry.ipfAccInBytes counter = 1.3.4
# ipfAccOutTable.ipfAccOutEntry.ipfAccOutIndex integer = 1.4.1
# ipfAccOutTable.ipfAccOutEntry.ipfAccOutRule string = 1.4.2
# ipfAccOutTable.ipfAccOutEntry.ipfAccOutHits counter = 1.4.3
# ipfAccOutTable.ipfAccOutEntry.ipfAccOutBytes counter = 1.4.4
# variables types
%type = ('1.1.1', 'integer', '1.1.2', 'string', '1.1.3', 'counter',
'2.1.1', 'integer', '2.1.2', 'string', '2.1.3', 'counter',
'3.1.1', 'integer', '3.1.2', 'string', '3.1.3', 'counter',
'3.1.4', 'counter',
'4.1.1', 'integer', '4.1.2', 'string', '4.1.3', 'counter',
'4.1.4', 'counter');
# getnext sequence
%next = ('1.1.1', '1.1.2', '1.1.2', '1.1.3', '1.1.3', '2.1.1',
'2.1.1', '2.1.2', '2.1.2', '2.1.3', '2.1.3', '3.1.1',
'3.1.1', '3.1.2', '3.1.2', '3.1.3', '3.1.3', '3.1.4',
'3.1.4', '4.1.1',
'4.1.1', '4.1.2', '4.1.2', '4.1.3', '4.1.3', '4.1.4');
# ipfilter's commands to fetch needed information
$ipfstat_comm="/sbin/ipfstat";
$ipf_in="$ipfstat_comm -ih 2>/dev/null";
$ipf_out="$ipfstat_comm -oh 2>/dev/null";
$ipf_acc_in="$ipfstat_comm -aih 2>/dev/null";
$ipf_acc_out="$ipfstat_comm -aoh 2>/dev/null";
$OID=$ARGV[0];
$IPF_OID='.1.3.6.1.4.1.2021.13.2';
$IPF_OID_NO_DOTS='\.1\.3\.6\.1\.4\.1\.2021\.13\.2';
# exit if OID is not one of IPF-MIB's
exit if $OID !~ /^$IPF_OID_NO_DOTS(\D|$)/;
# get table, entry, column and row numbers
$tecr = $OID;
$tecr =~ s/^$IPF_OID_NO_DOTS(\D|$)//;
($table, $entry, $col, $row, $rest) = split(/\./, $tecr);
# parse 'get' request
if($g) {
# exit if OID is wrong specified
if(!defined $table or !defined $entry or !defined $col or !defined $row or defined $rest) {
print "[1] NO-SUCH NAME\n" if $d;
exit;
}
# get the OID's value
$value = &get_value($table, $entry, $col, $row);
print "value=$value\n" if $d;
# exit if OID does not exist
print "[2] NO-SUCH NAME\n" if $d and !defined $value;
exit if !defined $value;
# set ObjectID and reply with response
$tec = "$table.$entry.$col";
$ObjectID = "${IPF_OID}.${tec}.${row}";
&response;
}
# parse 'get-next' request
if($n) {
# set values if 0 or unspecified
$table = 1, $a = 1 if !$table or !defined $table;
$entry = 1, $a = 1 if !$entry or !defined $entry;
$col = 1, $a = 1 if !$col or !defined $col;
$row = 1, $a = 1 if !$row or !defined $row;
if($a) {
# get the OID's value
$value = &get_value($table, $entry, $col, $row);
print "value=$value\n" if $d;
# set ObjectID and reply with response
$tec = "$table.$entry.$col";
$ObjectID = "${IPF_OID}.${tec}.${row}";
&response;
}
# get next OID's value
$row++;
$value = &get_value($table, $entry, $col, $row);
# choose new table/column if rows exceeded
if(!defined $value) {
$tec = "$table.$entry.$col";
$tec = $next{$tec} if !$a;
$table = $tec;
$entry = $tec;
$col = $tec;
$table =~ s/\.\d\.\d$//;
$entry =~ s/^\d\.(\d)\.\d$/$1/;
$col =~ s/^\d\.\d\.//;
$row = 1;
# get the OID's value
$value = &get_value($table, $entry, $col, $row);
print "value=$value\n" if $d;
}
# set ObjectID and reply with response
$tec = "$table.$entry.$col";
$ObjectID = "${IPF_OID}.${tec}.${row}";
&response;
}
##############################################################################
# fetch values from 'ipfInTable' and 'ipfOutTable' tables
sub fetch_hits_n_rules {
local($row, $col, $ipf_output) = @_;
local($asdf, $i, @ipf_lines, $length);
# create an entry if no rule exists
$ipf_output = "0 empty list for ipfilter" if !$ipf_output;
@ipf_lines = split("\n", $ipf_output);
$length = $#ipf_lines + 1;
for($i = 1; $i < $length + 1; $i++) {
$hits{$i} = $ipf_lines[$i-1];
$hits{$i} =~ s/^(\d+).*$/$1/;
$rule{$i} = $ipf_lines[$i-1];
$rule{$i} =~ s/^\d+ //;
if($i == $row) {
return $i if $col == 1;
return $rule{$i} if $col == 2;
return $hits{$i} if $col == 3;
}
}
# return undefined value
undef $asdf;
return $asdf;
}
# fetch values from 'ipfAccInTable' and 'ipfAccOutTable' tables
sub fetch_hits_bytes_n_rules {
local($row, $col, $ipf_output) = @_;
local($asdf, $i, @ipf_lines, $length);
# create an entry if no rule exists
$ipf_output = "0 0 empty list for ipacct" if !$ipf_output;
@ipf_lines = split("\n", $ipf_output);
$length = $#ipf_lines + 1;
for($i = 1; $i < $length + 1; $i++) {
$hits{$i} = $ipf_lines[$i-1];
$hits{$i} =~ s/^(\d+) .*$/$1/;
$bytes{$i} = $ipf_lines[$i-1];
$bytes{$i} =~ s/^\d+ (\d+) .*/$1/;
$rule{$i} = $ipf_lines[$i-1];
$rule{$i} =~ s/^\d+ \d+ //;
if($i == $row) {
return $i if $col == 1;
return $rule{$i} if $col == 2;
return $hits{$i} if $col == 3;
return $bytes{$i} if $col == 4;
}
}
# return undefined value
undef $asdf;
return $asdf;
}
# get the values from ipfilter's tables
sub get_value {
local($table, $entry, $col, $row) = @_;
if($table == 1) {
# fetch ipfInTable data
$ipf_output = `$ipf_in`;
$value = &fetch_hits_n_rules($row, $col, $ipf_output);
} elsif($table == 2) {
# fetch ipfOutTable data
$ipf_output = `$ipf_out`;
$value = &fetch_hits_n_rules($row, $col, $ipf_output);
} elsif($table == 3) {
# fetch ipfAccInTable data
$ipf_output = `$ipf_acc_in`;
$value = &fetch_hits_bytes_n_rules($row, $col, $ipf_output);
} elsif($table == 4) {
# fetch ipfAccOutTable data
$ipf_output = `$ipf_acc_out`;
$value = &fetch_hits_bytes_n_rules($row, $col, $ipf_output);
}
return $value;
}
# generate response to 'get' or 'get-next' request
sub response {
# print ObjectID, its type and the value
if(defined $ObjectID and defined $type{$tec} and defined $value) {
print "$ObjectID\n";
print "$type{$tec}\n";
print "$value\n";
}
exit;
}
SEA-GHOST - SHELL CODING BY SEA-GHOST