Merge branch 'master' of github.com:krebscode/painload

5 files changed, 65 insertions, 0 deletions

diff --git a/filebitch/COPYING b/filebitch/COPYING
new file mode 100644
index 00000000..65d1a2e9
--- /dev/null
+++ b/filebitch/COPYING
@@ -0,0 +1,14 @@
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+                    Version 2, December 2004
+
+ Copyright (C) 2004 Sam Hocevar <momo@shackspace.de>
+
+ Everyone is permitted to copy and distribute verbatim or modified
+ copies of this license document, and changing it is allowed as long
+ as the name is changed.
+
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. You just DO WHAT THE FUCK YOU WANT TO.
+
diff --git a/filebitch/README b/filebitch/README
new file mode 100644
index 00000000..5ae3a666
--- /dev/null
+++ b/filebitch/README
@@ -0,0 +1,14 @@
+The connect_narf.pl script morses the IP + "connected" when a user connects to filebitchs proftpd server. 
+The disconnect_narf.pl scritp will do the obvious opposite.
+It will hopefully drive someone crazy.
+
+To make it run you need to add some lines to your proftpd config.
+I decided not to let Krebs do this as I didn't want to break your FTP Server (I know FTP is broken by default).
+The 5 necessary lines are:
+
+<IfModule mod_exec.c>
+    ExecEngine on
+    ExecOnConnect "/krebs/filebitch/connect_narf.pl %a"
+    ExecOnExit "/krebs/filebitch/disconnect_narf.pl %a"
+</IfModule>
+
diff --git a/filebitch/TODO b/filebitch/TODO
new file mode 100644
index 00000000..aa2af36a
--- /dev/null
+++ b/filebitch/TODO
@@ -0,0 +1,2 @@
+Buid a blacklist so some IPs(e.g. monitoring servers) don't trigger a beep
+
diff --git a/filebitch/connect_narf.pl b/filebitch/connect_narf.pl
new file mode 100755
index 00000000..7c713d3b
--- /dev/null
+++ b/filebitch/connect_narf.pl
@@ -0,0 +1,19 @@
+#!/usr/bin/perl
+#Please add the following to your proftpd config file 
+#ExtendedLog     /var/log/proftpd/ftp_auth.log AUTH auth
+#and
+#<IfModule mod_exec.c>
+#    ExecEngine on
+#    ExecOnConnect "/krebs/filebitch/connect_narf.pli %a"
+#</IfModule>
+
+$ip = $ARGV[0];
+#I'm very sorry for this regex, but i only wanted it to get _real_ IPv4 Adresses of the log file, not any kind of timestamp bullshit
+$ip =~ s/\b(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\b//g;
+if($ip ne "10.42.0.107"){
+#getting some guys sitting next to the Server pissed :)
+    system("morse -l 42 -f 2000 $ip");
+    system("morse -l 42 -f 3000 \"connected\"");
+}
+# Uncomment the beep below to play the enterprise connect sound
+# system("beep -l 42 -f 2000 -D 42 -n -l 42 -f 3337");
diff --git a/filebitch/disconnect_narf.pl b/filebitch/disconnect_narf.pl
new file mode 100755
index 00000000..77fbf743
--- /dev/null
+++ b/filebitch/disconnect_narf.pl
@@ -0,0 +1,16 @@
+#!/usr/bin/perl
+#Please add the following to your proftpd config file 
+#<IfModule mod_exec.c>
+#    ExecEngine on
+#    ExecOnExit "/krebs/filebitch/connect_narf.pli %a"
+#</IfModule>
+
+$ip = $ARGV[0];
+#I'm very sorry for this regex, but i only wanted it to get _real_ IPv4 Adresses of the log file, not any kind of timestamp bullshit
+$ip =~ s/\b(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[1]?[0-9][0-9]?)\b//g;
+#getting some guys sitting next to the Server pissed :)
+system("morse -l 42 -f 2000 $ip");
+system("morse -l 42 -f 3000 \"disconnected\"");
+
+# Uncomment the beep below to play the enterprise connect sound
+# system("beep -l 42 -f 2000 -D 42 -n -l 42 -f 3337");