Cisco-Port-Knocking-EEM-applet

Материал из noname.com.ua
Перейти к навигацииПерейти к поиску


Port Knocking EEM applet

Оригинал: https://davideaves.com/2014/11/cisco-port-knocking-eem/ 


event manager environment KNOCK_ACL outside-in4
no event manager applet KNOCK
event manager applet KNOCK
 event syslog pattern "%FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image:  list outside-in4 permitted tcp *"
 action 1.0 regexp "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" "$_syslog_msg" ADDR
 action 1.1 regexp "\([0-9]+\)," "$_syslog_msg" PORT
 action 1.2 regexp "[0-9]+" "$PORT" PORT
 action 2.0 syslog msg "Received a knock from $ADDR on port $PORT..."
 action 2.1 syslog msg "Adding $ADDR to the $KNOCK_ACL ACL"
 action 3.0 cli command "enable"
 action 3.1 cli command "configure terminal"
 action 3.2 cli command "ip access-list extended $KNOCK_ACL"
 action 3.3 cli command "1 permit tcp host $ADDR any eq 22"
 action 3.4 cli command "2 permit tcp host $ADDR any eq 23"
 action 4.0 wait 60
 action 5.0 syslog msg "Removing $ADDR to the $KNOCK_ACL ACL"
 action 6.0 cli command "no permit tcp host $ADDR any eq 22"
 action 6.1 cli command "no permit tcp host $ADDR any eq 23"
 action 6.2 cli command "exit"
!
exit
Источник — https://noname.com.ua/mediawiki/index.php?title=Cisco-Port-Knocking-EEM-applet&oldid=13565