Setting Up PHP::Interpreter
Setting up PHP::Interpreter is basically a standard Perl module installation procedure. You can get it from search.cpan.org/dist/PHP-Interpreter. Unpack it, and create the Makefile:
perl Makefile.PL
Compile it:
make
And, install it:
make install
We also use the CPAN module File::Tail, which allows us to monitor a log file continuously. You can get this module from search.cpan.org/dist/File-Tail.
Unpack it, and create the Makefile:
perl MakeFile.PL
make
make install
Now, fire up a text editor, and start coding:
1. use PHP::Interpreter;
2. use File::Tail;
3. use threads ('yield', 'stack_size' =>64 * 4096, 'exit'
=>'threads_only');
4. use Thread;
5. my $php = PHP::Interpreter->new;
6. my $ref=tie *FH,"File::Tail",(name=>'/var/log/messages');
7. while ()
8. {
9. if($_=~/sshd/) #checks for message from sshd
10. {
11. if($_=!/Failed password for/) #check for a failed password attempt
12. {
13. $ind = rindex($str,'from');
14. $rind = rindex($str,'port');
15. $ip = substr($str,$ind+4,$rind-$ind-4);
16. $thr = new Thread &writems, $ip;
17. $thr->join();
18. }
19. }
20. }
21. sub writems
22. {
23. `iptables -I INPUT -s $ip -j DROP`
24. $php->include(*"*writems.php*"*);
25. $php->writeIP('ssqlserver','sshwatch','sshusr','sshpass',$_[0]);
26. print $php->eval("echo Succeeded!");
27. }
In a separate file, write the following script (the file should be named writems.php):
1.
2. function writeIP($dbhost,$dbname,$dbuser,$dbpass,$ip)
3. {
4. $conn = mssql_connect($dbhost,$dbuser,$dbpass)
5. or die("Couldn't connect to SQL Server on $dbhost");
6. $db = mssql_select_db($dbname, $s)
7. or die("Couldn't open database $myDB");
8. set_time_limit(0);
9. $squery="insert into sshwatch(currentdate,ip)
10. values('".date('Y/m/d')."','".$ip."')"; mssql_query($squery);
11. }
12. ?>
To run the application, simply run the Perl script:
