#!/usr/bin/expect -f
log_file -a /tmp/ar_debug.log
log_user 1

# Lokasi File ini pada Wazuh Server (192.168.160.70) : /var/ossec/active-response/bin

# Eksekusi manual : sudo ./block_aruba_telnet.sh <alamat_ip>
set attacker_ip [lindex $argv 0]

# config switch
set switch_ip "192.168.161.215"
# Untuk alasan keamanan, kredensial diubah menjadi placeholder
set username "<username_switch>"
set password "<password_switch"
set timeout_secs 10

# cari port dari ip
set port "unknown"
set f [open "/var/ossec/active-response/bin/ip_port_map.txt" r]
while {[gets $f line] != -1} {
    set parts [split $line " "]
    if {[lindex $parts 0] == $attacker_ip} {
        set port [lindex $parts 1]
        break
    }
}
close $f

# Jika tidak ditemukan port, keluar
if {$port == "unknown"} {
    puts "Error: Tidak ada mapping port yang ditemukan untuk IP $attacker_ip di file $map_file.1~Error: Tidak ada mapping port yang ditemukan untuk IP $attacker_ip di file $map_file."
    exit 1
}

# telnet switch aruba
spawn /usr/bin/telnet $switch_ip
expect "Username:" { send "$username\r" }
expect "Password:" { send "$password\r" }
expect -re ".*#.*" { send "conf t\r" }
expect -re ".*\\(config\\)#" { send "int $port\r" }
expect -re ".*\\(eth-$port\\)#" { send "disable\r" }
expect -re ".*\\(eth-$port\\)#" { send "exit\r" }
expect -re ".*\\(config\\)#" { send "exit\r" }
expect -re ".*#.*" { send "exit\r" }
expect -re ".*>.*" { send "exit\r" }
expect -re ".*Do you want to log out (y/n)?.*" { send "y\r" }

puts "Port $port (IP $attacker_ip) telah dinonaktifkan selama $timeout_secs detik."

exec nohup bash -c "sleep $timeout_secs && /var/ossec/active-response/bin/unblock_aruba_telnet.sh $attacker_ip" &