NAME
ammobot - Tail threat messages to ThreatNet from log files
SYNOPIS
> ammobot path/to/ammobot.conf
# In your ammobot.conf
Version=0.08
Nick=ammobot
Server=irc.freenode.org
# ServerPassword=optional
Channel=#threatnet
[ /full/path/to/file/to/tail.log ]
# If no options, just looks for valid threat messages
[ /another/full/path/to/tail.log ]
# Use a filter to convert to valid threat messages.
# The dir the config file is in will be added to the
# @INC module search path.
Filter=MyModule
DESCRIPTION
ammobot
is the basic foot soldier of the ThreatNet bot eco-system, fetching ammunition and bringing it to the channel.
It connects to a single ThreatNet channel, and then tails one or more files scanning for threat messages while following the basic channel rules.
When it sees a ThreatNet::Message::IPv4-compatible message appear at the end of the file, it will report it to the channel (subject to the appropriate channel rules).
Its main purpose is to make it as easy as possible to connect any system capable of writing a log file to ThreatNet. If an application can be configured or coded to spit out the appropriately formatted messages to a file, then ammobot
will patiently watch for them and then haul them off to the channel for you (so you don't have to).
It the data can be extracted from an existing file format, then a Filter
property can be set which will specify a class to be used as a customer POE::Filter for the event stream.
Writing Filter Modules
Here is an example of a custom filter module I use to get threats from my mail log.
It lives at MyMailFilter.pm, in the same directory as my ammobot.conf
file.
package MyMailFilter;
use base 'POE::Filter::Line';
use POE::Filter::Line ();
sub get {
my $self = shift;
my $array = $self->SUPER::get( @_ );
# Filter
my @out = ();
foreach ( @$array ) {
s/^.+\bpostfix\/smtpd\[\d+\]\:\s+// or next;
s/^NOQUEUE\:\s+reject\:\s+// or next;
if ( s/^RCPT\s[^:]+?\[([\d\.]+)\]\:\s+// ) {
push @out, "$1 - $_";
} else {
next;
}
}
return \@out;
}
# Because for some reason POE::Filter::Grep->isa('POE::Filter')
# returns false, fake it.
# This should be fixed in a future version of POE.
sub isa {
my $either = shift;
return 1 if $_[0] eq 'POE::Filter';
$either->SUPER::isa(@_);
}
1;
Configuring With Cron
IRC is a somewhat unstable medium, and sometimes the bots fall off for various reasons.
To get past this, ammobot
is designed to be extremely cron-friendly.
It has an internal check for duplicates that is completely safe and will never leave stale locks around.
It is recommended that you simple add something like the following to cron.
# Taken from Adam K's crontab
0,10,20,30,40,50 * * * * cd /home/adam/ammobot; nohup /usr/local/bin/ammobot /home/adam/ammobot/bot.conf &
TO DO
- Add support for additional outbound filters
SUPPORT
All bugs should be filed via the bug tracker at
http://rt.cpan.org/NoAuth/ReportBug.html?Queue=ThreatNet-Bot-AmmoBot
For other issues, or commercial enhancement and support, contact the author
AUTHORS
Adam Kennedy, http://ali.as/, cpan@ali.as
SEE ALSO
http://ali.as/devel/threatnetwork.html, POE
COPYRIGHT
Copyright (c) 2005 Adam Kennedy. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
The full text of the license can be found in the LICENSE file included with this module.