#!/usr/bin/perl
#
# Simple execute script to find blacklist candidates.
#
# Written by Simon Carr <code@simoncarr.com>, 2004
#
# Parses Postfix 1.x logs for variables.  upon identification
# it creates an epoch timestamped file for examination by 
# the other script called execute.
#

## Perl modules here.  No touchy.
use File::Copy;

#### Configuration variables.

## We block for this long, in seconds. 
$time = 86400; # 24 hours in seconds 
#$time = 43200; # 12 hours in seconds 

## We search these directories for our files generated by 
# identify. 
$scourdir = "/Users/scarr/tmp/hitterblock"; 
$scourdir_done = "/Users/scarr/tmp/hitterblock/done";

## All the variables below deal with the "command setups".
# Our device.
$lvs = "lvs1-1"; 
# The blackhole command.
$blackhole = "/usr/local/scripts/blackhole";
# the unblackhole command.
$unblackhole = "/usr/local/scripts/unblackhole"; 
# The blackhole command in full.
$command_setup_blackhole = "/usr/bin/ssh ".$lvs." ".$blackhole;
# The unblackhole command in full.
$command_setup_unblackhole = "/usr/bin/ssh ".$lvs." ".$unblackhole;


#### -- MAIN -- ####

## Phase 1, scan for IPs to remove
opendir(DIR, $scourdir_done) or die "can't opendir $scourdir_done: $!";
while (defined($file = readdir(DIR))) {
	next if $file =~ /^\.\.?$/;     # skip . and ..
	next if $file !~ m/^blackhole/; # if the file doesn't have blackhole in the name, skip it. 
	($blah,$timestamp,$ip) = split("_",$file); 
	
	# Let's make a list of the IPs we've seen here. 
	push (@ips,$ip);
	
	$timestamp = (time() - $timestamp); 
	## Check the timestamp here
	if($time < $timestamp) { 
		## this is where we'd put the unblackhole subroutine
		#print "unblackhole $ip\n";
		unblackhole($ip);
		#print "delete $scourdir_done/$file\n";
		unlink("$scourdir_done/$file") or die "Can't unlink $file: $!";
	}#if
	
}#while
closedir(DIR);

## Phase 2, scan for IPs to add
opendir(DIR, $scourdir) or die "can't opendir $scourdir: $!";
while (defined($file = readdir(DIR))) {
        next if $file =~ /^\.\.?$/;     # skip . and ..
        next if $file !~ m/^blackhole/;
        ($blah,$timestamp,$ip) = split("_",$file);

	# checking for duplicate IPs, if so notify and delete dupe from $scourdir
	foreach $seenit (@ips) {
		if($ip eq $seenit) { 
			$skipit=1;
			unlink("$scourdir/$file");
		}#if 
	}#foreach
	
        $timestamp = (time() - $timestamp);
        ## Check the timestamp here
        if($time > $timestamp && !$skipit) {
                ## this is where we'd put the unblackhole subroutine
                #print "blackhole $ip\n";
		blackhole($ip);
                #print "move $scourdir/$file to $scourdir_done/$file\n";
		move("$scourdir/$file","$scourdir_done/$file") or die "move failed: $!";
        }#if 
	else { 
		#print "$ip is a dupe, skipping $ip and removing the entry\n";
		undef($skipit); 
	}#else

}#while
closedir(DIR);

## for right now, all these do is create output.  If I felt like being 
# a bit more tricky I'd make them actually execute the commands. 
sub blackhole() { 
	($ipinq) = @_; 
	$command = $command_setup_blackhole." ".$ipinq."'\n";	
	print "$command";
}#sub

###
sub unblackhole() {
	($ipinq) = @_;
	$command = $command_setup_unblackhole." ".$ipinq."'\n";
	print "$command";
}#sub