ammobot - Tail threat messages to ThreatNet from log files
> ammobot path/to/ammobot.conf # In your ammobot.conf Version=0.09 Nick=ammobot Server=irc.freenode.org # ServerPassword=optional Channel=#threatnet # Uncomment the following to allow flooding. # (Needed for bots that burst over 1/second to prevent state-damaging queues) # Flood=1 [ /full/path/to/file/to/tail.log ] # If no options, just looks for valid threat messages [ /another/full/path/to/tail.log ] # Use a filter to convert to valid threat messages. # The dir the config file is in will be added to the # @INC module search path. Filter=MyModule
ammobot is the basic foot soldier of the ThreatNet bot eco-system, fetching ammunition and bringing it to the channel.
ammobot
It connects to a single ThreatNet channel, and then tails one or more files scanning for threat messages while following the basic channel rules.
When it sees a ThreatNet::Message::IPv4-compatible message appear at the end of the file, it will report it to the channel (subject to the appropriate channel rules).
Its main purpose is to make it as easy as possible to connect any system capable of writing a log file to ThreatNet. If an application can be configured or coded to spit out the appropriately formatted messages to a file, then ammobot will patiently watch for them and then haul them off to the channel for you (so you don't have to).
It the data can be extracted from an existing file format, then a Filter property can be set which will specify a class to be used as a customer POE::Filter for the event stream.
Filter
Here is an example of a custom filter module I use to get threats from my mail log.
It lives at MyMailFilter.pm, in the same directory as my ammobot.conf file.
ammobot.conf
package MyMailFilter; use base 'POE::Filter::Line'; use POE::Filter::Line (); sub get { my $self = shift; my $array = $self->SUPER::get( @_ ); # Filter my @out = (); foreach ( @$array ) { s/^.+\bpostfix\/smtpd\[\d+\]\:\s+// or next; s/^NOQUEUE\:\s+reject\:\s+// or next; if ( s/^RCPT\s[^:]+?\[([\d\.]+)\]\:\s+// ) { push @out, "$1 - $_"; } else { next; } } return \@out; } # Because for some reason POE::Filter::Grep->isa('POE::Filter') # returns false, fake it. # This should be fixed in a future version of POE. sub isa { my $either = shift; return 1 if $_[0] eq 'POE::Filter'; $either->SUPER::isa(@_); } 1;
IRC is a somewhat unstable medium, and sometimes the bots fall off for various reasons.
To get past this, ammobot is designed to be extremely cron-friendly.
It has an internal check for duplicates that is completely safe and will never leave stale locks around.
It is recommended that you simple add something like the following to cron.
# Taken from Adam K's crontab 0,10,20,30,40,50 * * * * cd /home/adam/ammobot; nohup /usr/local/bin/ammobot /home/adam/ammobot/bot.conf &
- Add support for additional outbound filters
All bugs should be filed via the bug tracker at
http://rt.cpan.org/NoAuth/ReportBug.html?Queue=ThreatNet-Bot-AmmoBot
For other issues, or commercial enhancement and support, contact the author
Adam Kennedy, http://ali.as/, cpan@ali.as
http://ali.as/devel/threatnetwork.html, POE
Copyright (c) 2005 Adam Kennedy. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
The full text of the license can be found in the LICENSE file included with this module.
To install ThreatNet, copy and paste the appropriate command in to your terminal.
cpanm
cpanm ThreatNet
CPAN shell
perl -MCPAN -e shell install ThreatNet
For more information on module installation, please visit the detailed CPAN module installation guide.