#!/bin/sh
## Copyright (c) 2000 WebWeaving.org Consultancy. All rights reserved.
##		 Dirk-Willem van Gulik <dirkx@webweaving.org>
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted provided that the following conditions
## are met:
##
## 1. Redistributions of source code must retain the above copyright
##    notice, this list of conditions and the following disclaimer. 
##
## 2. Redistributions in binary form must reproduce the above copyright
##    notice, this list of conditions and the following disclaimer in
##    the documentation and/or other materials provided with the
##    distribution.
##
##
## THIS SOFTWARE IS PROVIDED BY THE WEBWEAVING ``AS IS'' AND ANY
## EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
## PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL WEBWEAVING OR
## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
## NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
## STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
## OF THE POSSIBILITY OF SUCH DAMAGE.
## ====================================================================
##
## Version 0.0 - first release 11/2000
##         0.1 - added from spoofing.
#
# Ran by crontab at regular intervals
#
# Your author/userid and reporting address for dshield.org
# Note that the From address much match too.
#
ME=12345
WHOM="Dshield reporter on host.com"
FROM="root@this.machine"

# The address to report to; change to report@dshield.org
# after testing and debugging.
#
ADDRESS=test@dshield.org

# Sendmail's location - as we forge the from's - be
# sure to run this as a user which is allowed do use
# those -F/-f flags.
#
SENDMAIL=/usr/sbin/sendmail

# sigHUP for IPmon (started at boot time with 
# ipmon_flags='-D /var/log/ipf.logs'
#
PID=`cat /var/run/ipmon.pid`
LOG=/var/log/ipf

# Location of perl converter of ipf format
# to dshield format (as documented on 
# http://www.dshield.org/specs.html).

IPF2DSHIELD=/root/ipf2dshield.pl

if [ ! -s $LOG ]; then
	echo No $LOG
	exit 1
fi

# rotate log file
#
mv $LOG $LOG.$$
kill -HUP $PID \
	|| exit 1

# and send out mail
#
(

	echo From: $WHOM \<$FROM\>
	echo Subject: FORMAT DSHIELD USERID $ME
	echo To: $ADDRESS
	# echo Cc: your@address.perhaps
	echo
	cat $LOG.$$ | $IPF2DSHIELD $ME # | pgps -fat

) 	| $SENDMAIL -v -F "$WHOM" -f $FROM -t \
	|| exit 1


# We only delete on success - so you should
# not easily loose a log file.
#
rm $LOG.$$ || exit 1
#
# gzip $LOG.$$
# mv $LOG.$$.gz /usr/log/ipf.`date +%Y%m%d%H%M%S`