ak-db.sh — Adaptive Kernun 4.7 blacklist control tool
ak-db.sh
[-h
] [-f
] [db-file
-v
] [
] table
|db
[command
]parameters
Utility ak-db.sh provides a user interface to the blacklist database of the Adaptive Kernun 4.7 (see ak47(7) manual page) module.
For the list of tables, see the ak47(7) manual page, or run the script with
the -h
option.
db
createCreates a new AK47 IDS or IPS database file.
db
remove
[-y
]Removes a AK47 database.
If the -y
option is used,
the script does not query to confirm the removal.
db
listPrints list of tables in given database file.
db
find
{
IP-address
|
regular-expression
}
Finds all occurences of an IP address or an IP address pattern in all tables of given database.
table
show
[-uR
]
[-tc
]
[-r
]
[-n num
]
[-fF flag
]
Displays content of a database table. By default, it sorts the output by IP addresses.
The output format for all tables begins by four columns
(ADDRESS, FLAGS, COUNT, LAST).
For the SSHD table, there is another colmun at the end of line
showing the difference (in seconds) between the LAST occurence
and the occurence number num
given by the -n
option.
If the -c
option is used,
the items are sorted by number of occurences.
If the -f
option is used,
only the items having given flag set are printed.
If the -F
option is used,
only the items having given flag unset are printed.
If the -r
option is used,
the items are sorted in reverted (descending) order.
If the -R
option is used,
the items are printed in raw format (no formatting).
If the -t
option is used,
the items are sorted by time of last occurence.
If the -u
option is used,
the times are shown in UTC instead of local time.
table
add
[flag
]
IP-address
{
+
time-offset
|
-
time-offset
|
0 }...SSHD table version...
Adds given client to the table with any number of recent occurences set as current time plus/minus given offset(s) and flag set accordingly.
table
add
[flag
]
{
+
time-offset
|
-
time-offset
|
0 }
IP-address
...Non-SSHD table version...
Adds given clients to the table with last time set as current time plus/minus given offset and flag set accordingly.
table
del
IP-address
...Deletes given clients from the database.
Prepares a new IPS database from the data in the IDS one.