next »

[Rhidalin]

I'm working on a plugin that parses the console_mp.log for bad rcon's from unidentified ips (not on white list) and then issues an operating system level command to ban them quite permanently by ip. I've run into quite the snag though because we're on Win2k3 server. The command that I've been building my template on is

Code: python

ip = '192.168.200.200'
o = sys.platform
listbancommand = (r'netsh ipsec dynamic show qmfilter all srcaddr = %s' % ip) // This is loaded from xml for flexibility
p = subprocess.Popen(listbancommand, stdout=subprocess.PIPE, close_fds=False, stderr=subprocess.PIPE, shell=(o), stdin=subprocess.PIPE)
text = p.stdout
for line in text print line:

output is
 ', mode 'rU' at 0x00.....

First off, I'm hating python 2.6 at the moment because popen2 was depreciated and subprocess.popen while it seems to do the same thing, isn't returning the results which I need. My first thought is to pipe the command to a temp.log file and then read and parse the output, do what I need to with it and then discard the file. It seems a redneck fix but for all intents and purposes, it should work, provided nothing gets out of line and tries to close the file before the parse is done and the file hangs, preventing new files from being created.

The results should be a listing of all services blocked for which the ip's can be re.compile'd out, not a byte level memory location I'm not a programmer by trade but this should be a simple process according to most stories I've read. (looking into winprocess.py as well but that's a lot of overhead if I'm to share this plugin)

current version can be seen at http://github.com/Rhidalin-Bytes/Badrcon

Rhidalin Bytes

-  py·thon - p?-?thän - any of various large constricting snakes however lacking opposable thumbs, are unable to open windows efficiently - ME

[Courgette]

Here what I did :

test.py

Code: python

import sys
import subprocess

o = sys.platform  
listbancommand = (r'netsh firewall show allowedprogram')
p = subprocess.Popen(listbancommand, stdout=subprocess.PIPE, close_fds=False, stderr=subprocess.PIPE, shell=(o), stdin=subprocess.PIPE)  
text = p.stdout  
for line in text:
    print line

running this command on windows XP Pro 2002 SP3 with python 2.6 :

Code:

C:\tmp>c:\Python26\python.exe test.py


Configuration des programmes autorisés pour le profil Domaine :

Mode     Nom / programme

-------------------------------------------------------------------

Activer  Assistance à distance / C:\WINDOWS\system32\sessmgr.exe

Activer  Diagnostics du réseau pour Windows XP / C:\WINDOWS\Network Diagnostic\x
pnetdiag.exe

Activer  VMware Authd / C:\Program Files\VMware\VMware Player\vmware-authd.exe



Configuration des programmes autorisés pour le profil Standard :

Mode     Nom / programme

-------------------------------------------------------------------

Activer  Assistance à distance / C:\WINDOWS\system32\sessmgr.exe

Activer  Diagnostics du réseau pour Windows XP / C:\WINDOWS\Network Diagnostic\x
pnetdiag.exe

Activer  VMware Authd / C:\Program Files\VMware\VMware Player\vmware-authd.exe

So it seems to work fine

[Rhidalin]

Of course, along with my spelling errors, there may be a flaw in my development cycle. I've been doing most of my test.py testing on my Windows 7 64bit with python26-amd64, therein may lie the issue. I'll give it a go over on the remote desktop and I'll bet it will work, if so, tomorrow's gonna be a busy day Want to get this thing working

[Courgette]

another way might be to forget about making this plugin crossplatform and making it rely on other tech than just spawning a shell. I'm thinking about WMI or COM objects

[Rhidalin]

I was looking into the COM object approach, it's intriguing. Ultimately, I want to make this accessible for the widest variety of users possible. Would a COM call, check, write to IPSEC table apply to anything other than a single server class? As I understand it, IPSEC has changed drastically between Win2k, Win2k3 and Win2k8 both in front end as well as back end functionality. I do know that on a Win2k8 machine, COM would be easier to make it through the elevated privileges needed to run from command line, using a secure COM approach would be calling a runas on COM object where installing user creates a single use username / password (much the same as necking down a unix user to isolate the samba processes).

What I do know though, is calling the command lines is doable for me at the moment. Believe it or not, what you see in my code is about 4 months of me teaching myself python I may be looking into a career change because of this. I am just a construction worker but it's all beginning to make some sense. I'm lacking in core skills so re-education is definitely on the menu. 

[Courgette]

From what I've read of your 2 plugins code you've been going deep into understanding how the B3 code is structured and organised.
You're definitely one of the valued plugin developer this community is looking for

[Rhidalin]

Leaving this run on my server this week, seems to be working properly. Only issue I'm having is error detection in the os command which I kind of knew I'd run into, keeps failing the try: while looking for ERR in a blank line (#171). I've deliberately not added the appropriate policy so that it fails but debug isn't showing any text in line.

Code:

100719 04:50:45 DEBUG AdminPlugin: OnSay handle 5:"!stickip 192.168.200.100"
100719 04:50:45 DEBUG AdminPlugin: Handle command !stickip 192.168.200.100
100719 04:50:45 DEBUG BadrconPlugin: ip is 192.168.200.100
100719 04:50:45 DEBUG BadrconPlugin: 6
100719 04:50:45 DEBUG BadrconPlugin: 5
100719 04:50:45 DEBUG BadrconPlugin: netsh ipsec static add filter filterlist="BannedIPS" srcaddr=192.168.200.100 dstaddr=me description=192.168.200.100 protocol=any srcport=0 dstport=0
100719 04:50:45 DEBUG BadrconPlugin: line is


100719 04:50:45 VERBOSE RCON sending (192.168.1.105:28965) tell 4 ^0(^2b3^0)^7: ^3[pm]^7 OS Error: 192.168.200.100 is not bannned

Thanks for the encouragement

[Strawhidy]

How goes your development? I'm interested in using it my self but how would it work if B3 ran locally where the COD4 server is hosted?

[MordyT]

I am wondering if this can get compiled into a plugin for use? With idiot proof instructions?