Merge branch 'master' of github.com:krebscode/painload

3 files changed, 21 insertions, 15 deletions

diff --git a/filebitch/README b/filebitch/README
index 177bb374..5ae3a666 100644
--- a/filebitch/README
+++ b/filebitch/README
@@ -1,12 +1,14 @@
-The connec_sh script morses the IP + "connected" when a user connects to filebitchs proftpd server. 
+The connect_narf.pl script morses the IP + "connected" when a user connects to filebitchs proftpd server. 
+The disconnect_narf.pl scritp will do the obvious opposite.
 It will hopefully drive someone crazy.
 
 To make it run you need to add some lines to your proftpd config.
 I decided not to let Krebs do this as I didn't want to break your FTP Server (I know FTP is broken by default).
 The 5 necessary lines are:
-ExtendedLog     /var/log/proftpd/ftp_auth.log AUTH auth
+
 <IfModule mod_exec.c>
     ExecEngine on
-    ExecOnConnect "/krebs/filebitch/connect_narf.pl"
+    ExecOnConnect "/krebs/filebitch/connect_narf.pl %a"
+    ExecOnExit "/krebs/filebitch/disconnect_narf.pl %a"
 </IfModule>
 
diff --git a/filebitch/connect_narf.pl b/filebitch/connect_narf.pl
index fd2742dc..8e984150 100755
--- a/filebitch/connect_narf.pl
+++ b/filebitch/connect_narf.pl
@@ -4,12 +4,15 @@
 #and
 #<IfModule mod_exec.c>
 #    ExecEngine on
-#    ExecOnConnect "/krebs/filebitch/connect_narf.pl"
+#    ExecOnConnect "/krebs/filebitch/connect_narf.pli %a"
 #</IfModule>
 
-#$ip = system("tail -n 1 /var/log/proftpd/ftp_auth.log");
+$ip = $ARGV[0];
 #I'm very sorry for this regex, but i only wanted it to get _real_ IPv4 Adresses of the log file, not any kind of timestamp bullshit
-#$ip =~ s/\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b//g;
+$ip =~ s/\b(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\b//g;
 #getting some guys sitting next to the Server pissed :)
-my $ip = "USER";
-system("beep -l 42 -f 2000 -D 42 -n -l 42 -f 3337");
+system("morse -l 42 -f 2000 $ip");
+system("morse -l 42 -f 3000 \"connected\"");
+
+# Uncomment the beep below to play the enterprise connect sound
+# system("beep -l 42 -f 2000 -D 42 -n -l 42 -f 3337");
diff --git a/filebitch/disconnect_narf.pl b/filebitch/disconnect_narf.pl
index af7bea6c..77fbf743 100755
--- a/filebitch/disconnect_narf.pl
+++ b/filebitch/disconnect_narf.pl
@@ -1,15 +1,16 @@
 #!/usr/bin/perl
 #Please add the following to your proftpd config file 
-#ExtendedLog     /var/log/proftpd/ftp_auth.log AUTH auth
-#and
 #<IfModule mod_exec.c>
 #    ExecEngine on
-#    ExecOnExit "/krebs/filebitch/disconnect_narf.pl"
+#    ExecOnExit "/krebs/filebitch/connect_narf.pli %a"
 #</IfModule>
 
-#$ip = system("tail -n 1 /var/log/proftpd/ftp_auth.log");
+$ip = $ARGV[0];
 #I'm very sorry for this regex, but i only wanted it to get _real_ IPv4 Adresses of the log file, not any kind of timestamp bullshit
-#$ip =~ s/\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b//g;
+$ip =~ s/\b(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\b//g;
 #getting some guys sitting next to the Server pissed :)
-my $ip = "USER";
-system("beep -l 42 -f 2000 -D 42 -n -l 42 -f 1000");
+system("morse -l 42 -f 2000 $ip");
+system("morse -l 42 -f 3000 \"disconnected\"");
+
+# Uncomment the beep below to play the enterprise connect sound
+# system("beep -l 42 -f 2000 -D 42 -n -l 42 -f 3337");