static void Main2()
{
//Initialise
ScutaConfig.load();
HelperFunctions.configure(3, 1, false, true, "", "Application", "Scuta");
HelperFunctions.debugMessage(0, ("Scuta v" + Assembly.GetExecutingAssembly().GetName().Version + " is starting..."), 0, 100, HelperFunctions.MessageType.Information);
FWCtrl.Setup();
if (ScutaConfig.enableIOT)
{
IOTCtrl.Initialise(ScutaConfig.iotHubConnectionString, ScutaConfig.iotHubDeviceName, ScutaConfig.iotHubUri);
}
if (ScutaConfig.enableMessageForwarding)
{
MsgForwarding.Setup(ScutaConfig.messageForwardingIP, ScutaConfig.messageForwardingPort);
}
if (ScutaConfig.watchEventLog)
{
EventLogWorker newWorker = new EventLogWorker();
ThreadManager.LaunchWorker(newWorker);
}
if (ScutaConfig.watchLogFile)
{
LogFileWorker logFileWorker = new LogFileWorker(ScutaConfig.watchLogFilePath, ScutaConfig.watchLogFileName);
ThreadManager.LaunchWorker(logFileWorker);
}
}
protected override void OnStart(string[] args)
{
base.OnStart(args);
//Initialise
ScutaConfig.load();
HelperFunctions.configure(3, 3, false, true, "", "Scuta", "Scuta Service");
HelperFunctions.debugMessage(0, ("Scuta v" + Assembly.GetExecutingAssembly().GetName().Version + " is starting..."), 0, 100, HelperFunctions.MessageType.Information);
FWCtrl.Setup();
httpClient = new HttpClient();
if (ScutaConfig.enableIOT)
{
IOTCtrl.Initialise(ScutaConfig.iotHubConnectionString, ScutaConfig.iotHubDeviceName, ScutaConfig.iotHubUri);
}
if (ScutaConfig.enablePBI)
{
PowerBICtrl.serviceURI = ScutaConfig.pbiServiceUri; PowerBICtrl.enableDebugToLog = true;
}
;
if (ScutaConfig.enableMessageForwarding)
{
MsgForwarding.Setup(ScutaConfig.messageForwardingIP, ScutaConfig.messageForwardingPort);
}
if (ScutaConfig.watchEventLog)
{
EventLogWorker newWorker = new EventLogWorker();
rootThread = ThreadManager.LaunchWorker(newWorker);
}
if (ScutaConfig.watchLogFile)
{
LogFileWorker logFileWorker = new LogFileWorker(ScutaConfig.watchLogFilePath, ScutaConfig.watchLogFileName);
ThreadManager.LaunchWorker(logFileWorker);
}
}
public void ban(string sshdmessage)
{
// Ban the IP indicated in the event log message
Regex IPV4 = new Regex(@"\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b");
Regex User = new Regex(@"(?<=user ).*?(?= from)");
Match ip = IPV4.Match(sshdmessage);
Match user = User.Match(sshdmessage);
if (ScutaConfig.enableIOT)
{
}
;
if (ScutaConfig.enableMessageForwarding)
{
MsgForwarding forwarder = new MsgForwarding(); forwarder.SendMessage(String.Format("Banning user {0} from {1}", user.Value, ip.Value));
}
FWCtrl.ban(ip.Value, ScutaConfig.banMinutes, user.Value);
}
public void ban(string ip, string user)
{
// Ban the IP indicated in the event log message
FWCtrl.ban(ip, ScutaConfig.banMinutes, user);
if (ScutaConfig.enableIOT)
{
recordToIOT(ip, user);
}
;
if (ScutaConfig.enablePBI)
{
recordToPBI(ip, user);
}
;
if (ScutaConfig.enableMessageForwarding)
{
MsgForwarding forwarder = new MsgForwarding(); forwarder.SendMessage(String.Format("Banning user {0} from {1}", user, ip));
}
}
static void Main1(string[] args)
{
FWCtrl ctrl = new FWCtrl();
}
private void logCheck(object sender, FileSystemEventArgs e)
{
try
{
if (e.Name.StartsWith("ex"))
{
if (DateTime.Now.Minute >= lastCheck.Minute + 5)
{
if (lastCheck.Hour == DateTime.Now.Hour)
{
logFileBefore = logFileNow;
logFileNow = e;
}
else
{
logFileBefore = logFileNow;
}
lastCheck = DateTime.Now;
System.IO.StreamReader file = new System.IO.StreamReader(e.FullPath);
var aLine = file.ReadLine();
string[] lineSplit = null;
while (aLine != null)
{
if (aLine.Contains(DateTime.Now.Year.ToString()))
{
lineSplit = aLine.Split(' ');
if (lineSplit[9].Contains("Invalid+Username+or+Password"))
{
if (totalIpDictionary.ContainsKey(lineSplit[2]))
{
totalIpDictionary.TryGetValue(lineSplit[2], out int oldValue);
totalIpDictionary[lineSplit[2]] = oldValue + 1;
}
else
{
totalIpDictionary.Add(lineSplit[2], 1);
}
}
}
aLine = file.ReadLine();
}
file.Close();
string pathToWrite = @"C:\fileCheckerBlockedIPList.txt";
System.IO.StreamWriter myFileOpener = new System.IO.StreamWriter(pathToWrite, true);
myFileOpener.Close();
System.IO.StreamReader myFileReader = new System.IO.StreamReader(pathToWrite);
List <string> ipListOnFile = new List <string>();
string line = myFileReader.ReadLine();
while (line != null)
{
ipListOnFile.Add(line);
line = myFileReader.ReadLine();
}
myFileReader.Close();
System.IO.StreamWriter myFileWriter = new System.IO.StreamWriter(pathToWrite, true);
var matches = totalIpDictionary.Where(element => element.Value > 2);
for (int j = 0; j < matches.ToList().Count; j++)
{
if (!ipListOnFile.Contains(matches.ToArray()[j].Key))
{
totalIPDictionaryToBlock.Add(matches.ToArray()[j].Key, matches.ToArray()[j].Value);
myFileWriter.WriteLine(matches.ToArray()[j].Key);
FWCtrl fw = new FWCtrl();
fw.ipAddToList(matches.ToArray()[j].Key);
}
}
myFileWriter.Close();
IPListView.Items.Clear();
for (int i = 0; i < totalIPDictionaryToBlock.Count; i++)
{
string[] bilgiler =
{
totalIPDictionaryToBlock.Keys.ToArray()[i],
DateTime.Now.ToString(),
totalIPDictionaryToBlock.Values.ToArray()[i].ToString()
};
var n = new ListViewItem(bilgiler);
IPListView.Items.Add(n);
IPListView.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
}
if (totalIPDictionaryToBlock.Count > 50)
{
totalIPDictionaryToBlock.Clear();
}
if (totalIpDictionary.Count > 100)
{
totalIpDictionary.Clear();
}
}
}
}
catch (Exception)
{
}
}