14.01.2019

Run multiple notify scripts from FastNetMon in text mode

FastNetMon can call single script directly but if you need more scripts to execute multiple actions you will need additional script.

We offer example for “text” mode notify script which can call multiple notify scripts.

Create file /etc/fastnetmon_wrapper.sh with following content:

#!/usr/bin/env bash

# This script will get following params:
#  $1 client_ip_as_string
#  $2 data_direction
#  $3 pps_as_string
#  $4 action (ban or unban)

# You can run as much as you want scripts here one by one
declare -a notify_scripts=("/opt/fastnetmon_script1.sh" "/opt/fastnetmon_script2.sh")

if [ "$4" = "unban" ]; then
    # No details arrived to stdin here

    for script in "${notify_scripts[@]}"
    do
        $script $@
    done

    exit 0
fi

if [ "$4" = "ban" ]; then
    # Save attack details in temp file
    cat > /tmp/fastnetmon.attack.details_$
  
    for script in "${notify_scripts[@]}"
    do
        cat /tmp/fastnetmon.attack.details_$ | $script $@
    done

    exit 0
fi

Make this script executable:

sudo chmod +x /etc/fastnetmon_wrapper.sh

And specify it for FastNetMon:

sudo fcli set main notify_script_path /etc/fastnetmon_wrapper.sh
sudo fcli set main notify_script_format text
sudo fcli set main notify_script_pass_details enable
sudo fcli commit

Before using it in production, please test this script.

Example ban:

echo "Attack details" | /etc/fastnetmon_wrapper.sh 11.22.33.44 incoming 100500 ban

Example unban:

/etc/fastnetmon_wrapper.sh 11.22.33.44 incoming 100500 unban