Creating a Saved Script to Block a Destination IP Address
To create a saved script to block a destination IP address, we create a Python script to generate the email, and then call that script from Stellar Cyber.
Creating the Python Script
To create the Python script:
-
Create a file named blockip.py.
-
Make note of where you created it. Ours is in the home/aella/ directory.
-
Enter your script. A sample script is:
#!/usr/bin/env python # -*- coding: utf-8 -*- # -*- author: Christian Rasmussen -*- # -*- github: http://github.com/apoltix/blockip -*- # -*- license: MIT License -*-# blockip: easy-to-use command to add or delete an IP address to the blocklist in iptablesimport sys import getopt import subprocess_name = "blockip" _version = "0.1"def main(argv): try: opts, args = getopt.getopt(argv, "ha:d:lv", ["help", "add=", "delete=", "list", "version"]) if len(opts) == 0: # Adding without -a or --add: iptables 1.2.3.4 2.3.4.5 if len(args) > 0: opts = [] for arg in args: opts.append(("-a", arg)) # Display help if no args exist else: opts = [("-h","")] exit_code = 0 for opt, arg in opts: if opt in ("-h", "--help"): help() elif opt in ("-v", "--version"): print version() elif opt in ("-a", "--add"): exit_code = subprocess.call(["iptables", "-A", "INPUT", "-s", arg, "-j", "DROP"]) elif opt in ("-d", "--delete"): exit_code = subprocess.call(["iptables", "-D", "INPUT", "-s", arg, "-j", "DROP"]) elif opt in ("-l", "--list"): exit_code = subprocess.call(["iptables", "-L", "-n"]) sys.exit(exit_code) except getopt.GetoptError, err: print "blockip error: " + str(err) sys.exit(2) def version(): global _name, _version return _name + " " + _version def help(): print version() print "Usage: blockip [ips|-h|-a ip|-d ip|-l]\n" print "-h, --help: Displays this message." print "ips: Adds IP-addresses to the block list. Example:\n\tblockip 1.2.3.4 2.3.4.5" print "-a ip, --add ip: Adds an IP-address to the block list. Example:\n\tblockip -a 1.2.3.4" print "-d ip, --delete ip: Removes an IP-address from the block list. Example:\n\tblockip -d 1.2.3.4" print "-l, --list: Lists the blocked IP-addresses." print "-v, --version: Displays the version of the utility." if __name__ == "__main__": main(sys.argv[1:])
-
Save the file.
Calling the Python Script from Stellar Cyber
To call the Python script from Stellar Cyber:
- Log in to Stellar Cyber.
-
Click System | Configuration | Saved Scripts. The Script Template page appears.
-
Click Create to add a new script. The Add Script Template screen appears.
- Enter the Name. Each script must have a unique name. This field does not support multibyte characters. You cannot edit the name after you submit. We entered Block Destination IP Address in Python.
- Choose a Tenant Name. We chose Root Tenant. You cannot edit the tenant after you submit.
-
In the Script Body, call the script you created earlier. Our Script Body is:
sudo python /home/aella/blockip.py -a {{_source.dstip}}
- Click Submit. The script is saved and added to the table.