diff options
author | JeffWDH <jeffwdh@github.com> | 2023-10-28 09:42:07 -0400 |
---|---|---|
committer | JeffWDH <jeffwdh@github.com> | 2023-10-28 09:42:07 -0400 |
commit | e3f6196ffc904b6bfe349bac6dfb396c17535494 (patch) | |
tree | d1beb4ad93297ca328e50c1258ba6049b1d1006a /src | |
parent | ced9ddc3fa635b3bf79b506b0ddfd457b522f5c3 (diff) | |
download | vyos-1x-e3f6196ffc904b6bfe349bac6dfb396c17535494.tar.gz vyos-1x-e3f6196ffc904b6bfe349bac6dfb396c17535494.zip |
T5661: Add show ssh dynamic-protection and show log ssh dynamic-protection
Diffstat (limited to 'src')
-rwxr-xr-x | src/op_mode/ssh.py | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/src/op_mode/ssh.py b/src/op_mode/ssh.py index 4de9521b5..89db7b3d3 100755 --- a/src/op_mode/ssh.py +++ b/src/op_mode/ssh.py @@ -15,6 +15,7 @@ # You should have received a copy of the GNU Lesser General Public # License along with this library. If not, see <http://www.gnu.org/licenses/>. +import json import sys import glob import vyos.opmode @@ -60,3 +61,40 @@ def show_fingerprints(raw: bool, ascii: bool): return [] else: return "No SSH server public keys are found." + +def show_dynamic_protection(raw: bool): + config = ConfigTreeQuery() + if not config.exists("service ssh dynamic-protection"): + raise vyos.opmode.UnconfiguredSubsystem("SSH server dynamic-protection is not enabled.") + + attackers = [] + try: + # IPv4 + attackers = attackers + json.loads(cmd("sudo nft -j list set ip sshguard attackers"))["nftables"][1]["set"]["elem"] + except: + pass + try: + # IPv6 + attackers = attackers + json.loads(cmd("sudo nft -j list set ip6 sshguard attackers"))["nftables"][1]["set"]["elem"] + except: + pass + if attackers: + if raw: + return attackers + else: + output = "Blocked attackers:\n" + "\n".join(attackers) + return output + else: + if raw: + return [] + else: + return "No blocked attackers." + +if __name__ == '__main__': + try: + res = vyos.opmode.run(sys.modules[__name__]) + if res: + print(res) + except (ValueError, vyos.opmode.Error) as e: + print(e) + sys.exit(1) |