no changes, cleanup scripts

scripts/shield-trigger

@@ -23,9 +23,6 @@
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 
 null_route() {
-    #
-    # louzy detection of IPv4 or IPv6 address
-    #
     TASK="$1"
     INET=""
     GW="127.0.0.1"
@@ -34,31 +31,25 @@ null_route() {
         GW="::1"
     fi
 
-    if [ -x /sbin/ip ]
-    then
-        if [ "$TASK" = "show" ]; then
+    if [ -x /sbin/ip ] ; then
+        if [ "$TASK" = "show" ] ; then
             if /sbin/ip $INET route "$TASK" "$2" | read -r _x ; then
                 return
             fi
             TASK="add"
         fi
         /sbin/ip $INET route "$TASK" blackhole "$2" 2>/dev/null
     else
-        if [ -n "$INET" ]
-        then
-            INET="-A inet6"
-        fi
+        [ -n "$INET" ] && INET="-A inet6"
         /sbin/route $INET "$TASK" -host "$2" gw "$GW" dev lo
     fi
-
-# mail -s "[security] pam_shield blocked $2" root <<EOF
-# Another monkey kept off our backs ...
-# EOF
 }
 
-
 ### usually no editing is needed beyond this point ###
 
+log() {
+    logger -i -t shield-trigger -p authpriv.info "$*"
+}
 
 usage() {
     echo "shield-trigger"
@@ -68,42 +59,31 @@ usage() {
     exit 1
 }
 
-
 PATH=/sbin:/usr/sbin:/bin:/usr/bin
 
-if [ -z "$2" ]
-then
-    usage
-fi
+[ -z "$2" ] && usage
 
 case "$1" in
     add)
-        logger -i -t shield-trigger -p authpriv.info "blocking $2"
-
+        log "blocking $2"
         CMD="add"
-        IP=$2
         ;;
 
     del)
-        logger -i -t shield-trigger -p authpriv.info "unblocking $2"
-
+        log "unblocking $2"
         CMD="del"
-        IP=$2
         ;;
 
     sync)
-        logger -i -t shield-trigger -p authpriv.info "sync $2"
+        log "sync $2"
         CMD="show"
-        IP=$2
         ;;
 
     *)
         usage
         ;;
 esac
 
-null_route "$CMD" "$IP"
+null_route "$CMD" "$2"
 
 exit 0 # make pam_shield happy
-
-# EOB

scripts/shield-trigger-iptables

@@ -25,53 +25,39 @@ run_iptables() {
     IPT="iptables"
     [ "${2#*:}" != "$2" ] && IPT="ip6tables"
 
-# switch -A for iptables to -I
-if [ "$1" = "-A" ]
-then
-    TASK="-I"
-else
+    # switch -A for iptables to -I
     TASK=$1
-fi
+    [ "$1" = "-A" ] && TASK="-I"
 
-# check to see if pam_shield chain exists and create if necessary
-CHAIN_TEST=$($IPT -L pam_shield 2>/dev/null)
-if [ -z "$CHAIN_TEST" ]
-then
-    "$IPT" -N pam_shield
-    "$IPT" -I pam_shield -j DROP
-    if [ "$TASK" = "-D" ]; then
-        return
+    # check to see if pam_shield chain exists and create if necessary
+    if [ -z "$($IPT -L pam_shield 2>/dev/null)" ] ; then
+        "$IPT" -N pam_shield
+        "$IPT" -I pam_shield -j DROP
+        [ "$TASK" = "-D" ] && return
     fi
-fi
 
-#
-# CUSTOMIZE THIS RULE if you want to
-#
-# $TASK is the iptables command: -A/-I or -D
-# $2 is the IP number
-#
-# * put in the correct chain name (pam_shield or INPUT)
-# * put in the correct network interface name (e.g. -i eth0)
-#   Currently blocks on all interfaces
-# * put in a port number (e.g.--destination-port 22 for ssh only) 
-#   Currently blocks all ports
-# * add additional rules for additional services as needed
-#
-
-if ! "$IPT" "$TASK" INPUT -p tcp -s "$2" -j pam_shield ; then
-    if [ "$TASK" = "-C" ]; then
-        run_iptables "-I" "$2"
+    # CUSTOMIZE THIS RULE if you want to
+    #
+    # $TASK is the iptables command: -A/-I or -D
+    # $2 is the IP number
+    #
+    # * put in the correct chain name (pam_shield or INPUT)
+    # * put in the correct network interface name (e.g. -i eth0)
+    #   Currently blocks on all interfaces
+    # * put in a port number (e.g.--destination-port 22 for ssh only) 
+    #   Currently blocks all ports
+    # * add additional rules for additional services as needed
+
+    if ! "$IPT" "$TASK" INPUT -p tcp -s "$2" -j pam_shield ; then
+        [ "$TASK" = "-C" ] && run_iptables "-I" "$2"
     fi
-fi
-
-# mail -s "[security] pam_shield blocked $2" root <<EOF
-# Another monkey kept off our backs ...
-# EOF
 }
 
-
 ### usually no editing is needed beyond this point ###
 
+log() {
+    logger -i -t shield-trigger -p authpriv.info "$*"
+}
 
 usage() {
     echo "shield-trigger-iptables"
@@ -81,39 +67,28 @@ usage() {
     exit 1
 }
 
-
 PATH=/sbin:/usr/sbin:/bin:/usr/bin
 
-if [ -z "$2" ]
-then
-    usage
-fi
+[ -z "$2" ] && usage
 
 case "$1" in
     add)
-        logger -i -t shield-trigger -p authpriv.info "blocking $2"
-
+        log "blocking $2"
         CMD="-A"
-        IP=$2
         ;;
 
     del)
-        logger -i -t shield-trigger -p authpriv.info "unblocking $2"
-
+        log "unblocking $2"
         CMD="-D"
-        IP=$2
         ;;
 
     sync)
-        logger -i -t shield-trigger -p authpriv.info "sync $2"
+        log "sync $2"
         CMD="-C"
-        IP=$2
         ;;
     *)
         usage
         ;;
 esac
 
-run_iptables "$CMD" "$IP"
-
-# EOB
+run_iptables "$CMD" "$2"

scripts/shield-trigger-ufw

@@ -21,6 +21,10 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 
+log() {
+    logger -i -t shield-trigger -p authpriv.info "$*"
+}
+
 usage() {
     echo "shield-trigger-ufw"
     echo "usage: ${0##*/} [add|del] <IP number>"
@@ -29,34 +33,22 @@ usage() {
     exit 1
 }
 
-
 PATH=/sbin:/usr/sbin:/bin:/usr/bin
 
-if [ -z "$2" ]
-then
-    usage
-fi
+[ -z "$2" ] && usage
 
 case "$1" in
     add)
-        logger -i -t shield-trigger-ufw -p authpriv.info "blocking $2"
+        log "blocking $2"
         ufw insert 1 deny from "$2"
-        # mail -s "[security] pam_shield blocked $2" root <<EOF
-        # Another monkey kept off our backs ...
-        # EOF
         ;;
 
     del)
-        logger -i -t shield-trigger-ufw -p authpriv.info "unblocking $2"
+        log "unblocking $2"
         ufw delete deny from "$2"
-        # mail -s "[security] pam_shield unblocked $2" root <<EOF
-        # Another monkey kept off our backs ...
-        # EOF
         ;;
 
     *)
         usage
         ;;
 esac
-
-# EOB