File: gather_ip_data.lua

package info (click to toggle)
modsecurity-crs 2.2.9-1+deb8u1
  • links: PTS
  • area: main
  • in suites: jessie
  • size: 3,064 kB
  • ctags: 219
  • sloc: perl: 1,002; ansic: 727; ruby: 69; makefile: 18
file content (37 lines) | stat: -rwxr-xr-x 1,132 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/usr/bin/lua
require("io");

function main()
local anomaly_score = m.getvar("TX.ANOMALY_SCORE", "none");
	m.log(4, "Anomaly Score is: " .. anomaly_score .. ".");
local remote_addr = m.getvar("ARGS.REMOTE_ADDR", "none");
	m.log(4, "Remote IP is: " .. remote_addr .. ".");
local ip_hostname = m.getvar("IP.HOSTNAME", "none");

if ((anomaly_score ~= nil) and (ip_hostname == nil)) then
local hostname = "NONE";
local abuse_contact = "NONE";
	n = os.tmpname ()
	os.execute ("nslookup '" .. remote_addr .. "' > " .. n)
	os.execute ("whois '" .. remote_addr .. "' >> " .. n)
	for line in io.lines (n) do
	  if string.match(line, "name = ") then
		hostname = line
	  end

	  if string.match(line, "abuse") then
                abuse_contact = line
          end
	end
                m.log(4, "Hostname is: " .. hostname .. ".");
                m.setvar("tx.hostname", hostname);

                m.log(4, "Abuse Contact is: " .. abuse_contact .. ".");
                m.setvar("tx.abuse_contact", abuse_contact);

	os.remove (n)
return("Nslookup: " .. hostname .. " and WHOIS Abuse Info: " .. abuse_contact .. "");

end
return nil;
end