maltfilter: maltfilter annotate

annotate maltfilter @ 114:200aafa2e88d

Update copyrights.

author	Matti Hamalainen <ccr@tnsp.org>
date	Thu, 15 Nov 2012 09:03:04 +0200
parents	ee4a55fb7d23
children	91a5194de522

rev	line source
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1 #!/usr/bin/perl -w
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	2 #############################################################################
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	3 #
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	4 # Malicious Attack Livid Termination Filter daemon (maltfilter)
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	5 # Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org>
114 200aafa2e88d Update copyrights. Matti Hamalainen <ccr@tnsp.org> parents: 112 diff changeset	6 # (C) Copyright 2009-2012 Tecnic Software productions (TNSP)
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	7 #
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	8 #############################################################################
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	9 use strict;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	10 use Date::Parse;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	11 use Net::IP;
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	12 use Net::DNS;
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	13 use LWP::UserAgent;
79 9095db0fad8f v0.18.0: Bunch of bugfixes; logfile trailing/scanning speed improved; memory Matti Hamalainen <ccr@tnsp.org> parents: 76 diff changeset	14 use IO::Seekable;
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	15
114 200aafa2e88d Update copyrights. Matti Hamalainen <ccr@tnsp.org> parents: 112 diff changeset	16 my $progversion = "0.20.5";
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	17 my $progbanner =
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	18 "Malicious Attack Livid Termination Filter daemon (maltfilter) v$progversion\n".
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	19 "Programmed by Matti 'ccr' Hamalainen <ccr\@tnsp.org>\n".
114 200aafa2e88d Update copyrights. Matti Hamalainen <ccr@tnsp.org> parents: 112 diff changeset	20 "(C) Copyright 2009-2012 Tecnic Software productions (TNSP)\n";
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	21
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	22
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	23 #############################################################################
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	24 ### Default settings and configuration
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	25 #############################################################################
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	26 my %settings = (
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	27 "VERBOSITY" => 3,
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	28 "DRY_RUN" => 1,
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	29 "LOGFILE" => "",
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	30 "STATS_MAX_AGE" => 336, # in hours
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	31
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	32 "PASSWD" => "/etc/passwd",
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	33 "SYSACCT_MIN_UID" => 1,
69 b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	34 "SYSACCT_MAX_UID" => 999,
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	35
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	36 "FILTER" => 0,
102 1cbefe9c26c1 Swap defaults for filter and dronebl threshold values. Matti Hamalainen <ccr@tnsp.org> parents: 97 diff changeset	37 "FILTER_THRESHOLD" => 5,
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	38 "FILTER_MAX_AGE" => 168, # in hours
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	39 "FILTER_TARGET" => "DROP",
93 55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	40 "FILTER_CHAIN" => "INPUT",
55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	41 "FILTER_TABLE" => "filter",
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	42 "IPTABLES" => "/sbin/iptables",
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	43
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	44 "FULL_TIME" => 1,
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	45 "STATUS_FILE_PLAIN" => "",
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	46 "STATUS_FILE_HTML" => "",
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	47 "STATUS_FILE_CSS" => "",
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	48 "WHOIS_URL" => "http://whois.domaintools.com/",
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	49
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	50 "CHK_SSHD" => 1,
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	51 "CHK_KNOWN_CGI" => 1,
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	52 "CHK_PHP_XSS" => 1,
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	53 "CHK_PROXY_SCAN" => 1,
4 b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	54 "CHK_ROOT_SSH_PWD" => 0,
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	55 "CHK_SYSACCT_SSH_PWD" => 0,
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	56 "CHK_GOOD_HOSTS" => "",
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	57
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	58 "EVIDENCE" => 0,
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	59 "EVIDENCE_DIR" => "",
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	60
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	61 "DRONEBL" => 0,
102 1cbefe9c26c1 Swap defaults for filter and dronebl threshold values. Matti Hamalainen <ccr@tnsp.org> parents: 97 diff changeset	62 "DRONEBL_THRESHOLD" => 3,
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	63 "DRONEBL_MAX_AGE" => 30, # in minutes
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	64 "DRONEBL_RPC_URI" => "http://dronebl.org/RPC2",
109 4c394e57387d Added configurable linking to dronebl entries. Matti Hamalainen <ccr@tnsp.org> parents: 107 diff changeset	65 "DRONEBL_LOOKUP_URL" => "http://www.dronebl.org/lookup?ip=%s", # %s will expand ONCE into the host IP
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	66 "DRONEBL_RPC_KEY" => "",
109 4c394e57387d Added configurable linking to dronebl entries. Matti Hamalainen <ccr@tnsp.org> parents: 107 diff changeset	67 "DRONEBL_MAX_ERRORS" => 2,
83 532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	68 "DRONEBL_SUSPEND" => 10,
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	69 );
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	70
69 b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	71 # List loopback and private netblocks by default here
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	72 my @noaction_ips_def = (
69 b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	73 "127.0.0.0/8",
b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	74 "10.0.0.0/8",
b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	75 "172.16.0.0/12",
b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	76 "192.168.0.0/16"
7 ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	77 );
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	78
93 55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	79 # Valid target tables for FILTER_TABLE
55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	80 my %filter_valid_tables = ("filter", "nat", "mangle", "raw");
55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	81
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	82 my %systemacct = ();
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	83 sub check_add_hit($$$$$$);
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	84
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	85
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	86 #############################################################################
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	87 ### Check given logfile line for matches
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	88 #############################################################################
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	89 sub check_log_line($)
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	90 {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	91 # (1) SSHD scans
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	92 if (/^(\S+\s+\d+\s+\d\d:\d\d:\d\d)\s+\S+\s+sshd\S?: (.)/) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	93 my $mdate = $1;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	94 my $merr = $2;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	95
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	96 # (1.1) Generic login scan attempts
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	97 if ($merr =~ /^Failed password for invalid user (\S+) from (\d+\.\d+\.\d+\.\d+)/) {
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	98 check_add_hit($2, $mdate, "SSH login scan", "", 13, $settings{"CHK_SSHD"});
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	99 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	100 # (1.2) Root account SSH login password bruteforcing attempts.
76 4769aad8bd14 Root password bruteforcing check was not always working, fixed. Matti Hamalainen <ccr@tnsp.org> parents: 74 diff changeset	101 elsif ($merr =~ /^Failed password for root from (\d+\.\d+\.\d+\.\d+)/) {
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	102 check_add_hit($1, $mdate, "Root SSH password bruteforce", "", 13, $settings{"CHK_ROOT_SSH_PWD"});
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	103 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	104 # (1.3) System account SSH login password bruteforcing attempts.
76 4769aad8bd14 Root password bruteforcing check was not always working, fixed. Matti Hamalainen <ccr@tnsp.org> parents: 74 diff changeset	105 elsif ($merr =~ /^Failed password for (\S+) from (\d+\.\d+\.\d+\.\d+)/) {
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	106 my $mip = $2; my $macct = $1;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	107 if (defined($systemacct{$macct})) {
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	108 check_add_hit($mip, $mdate, "SSH system account bruteforce", $macct, 13, $settings{"CHK_SYSACCT_SSH_PWD"});
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	109 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	110 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	111 }
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	112
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	113 # (2) Common/known vulnerable CGI/PHP software scans (like phpMyAdmin)
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	114 elsif (/^\[(.+?)\]\s+\[error\]\s+\[client\s+(\d+\.\d+\.\d+\.\d+)\]\s+(.+)$/) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	115 my $mdate = $1;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	116 my $mip = $2;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	117 my $merr = $3;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	118 if ($merr =~ /^File does not exist: (.+)$/) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	119 my $tmp = $1;
112 ee4a55fb7d23 Add some checks; On html output, make links to open in new tabs/windows via target=_blank attribute. Bump version. Matti Hamalainen <ccr@tnsp.org> parents: 111 diff changeset	120 if ($tmp =~ /\/mss2\|\/pma\|cpanel\|admin\|\/sql\|mysql\|websql\|\/SSI.php\|\/horde\|\/rc$\|\/xmlrpc.php\|sqladm\|dbadm\|\/roundcube\|\/webmail\|\/mail\|\/email\|xampp\|\/zen.*cart\|\/cart\|\/shop\|\/store\|mailto:\|appserv\|roundcube\|_vti_bin\|wiki\|bugtrack\|mantis\|mantisbt\|phpmanager\|commerce\|SID_box_notns_path\|\/tinybrowser.php\?type=file\&folder=/i) {
97 3dbd9d392986 Change XSS style attack DroneBL class to 6. Still not exactly what we want, though. Matti Hamalainen <ccr@tnsp.org> parents: 95 diff changeset	121 check_add_hit($mip, $mdate, "CGI vuln scan", $tmp, 6, $settings{"CHK_KNOWN_CGI"});
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	122 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	123 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	124 }
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	125
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	126 # (3) Apache common logging format checks
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	127 elsif (/(\d+\.\d+\.\d+\.\d+)\s+-\s+-\s+\[(.+?)\]\s+\"GET (\S*?) HTTP\//) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	128 my $mdate = $2;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	129 my $mip = $1;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	130 my $merr = $3;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	131
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	132 # (3.1) Simple match for generic PHP XSS vulnerability scans
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	133 if ($merr =~ /\.php\?\S*?=http:\/\/([^\/]+)/) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	134 if (!check_hosts($settings{"CHK_GOOD_HOSTS"}, $1)) {
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	135 if ($merr =~ /\.php\?\S*?=(http:\/\/[^\&\?]+\??)/) {
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	136 evidence_queue($mip, $1, $merr);
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	137 }
111 4b3b1724c995 Added check for miscellaneous PHP XSS vulnerabilities, and renamed PHP XSS class to "PHP XSS Include", because it checks for include type XSS vulnerability scans. Matti Hamalainen <ccr@tnsp.org> parents: 109 diff changeset	138 check_add_hit($mip, $mdate, "PHP XSS Include", $merr, 6, $settings{"CHK_PHP_XSS"});
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	139 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	140 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	141 # (3.2) Try to match proxy scanning attempts
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	142 elsif ($merr =~ /^http:\/\/([^\/]+)/) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	143 if (!check_hosts($settings{"CHK_GOOD_HOSTS"}, $1)) {
97 3dbd9d392986 Change XSS style attack DroneBL class to 6. Still not exactly what we want, though. Matti Hamalainen <ccr@tnsp.org> parents: 95 diff changeset	144 check_add_hit($mip, $mdate, "Proxy scan", $merr, 6, $settings{"CHK_PROXY_SCAN"});
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	145 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	146 }
111 4b3b1724c995 Added check for miscellaneous PHP XSS vulnerabilities, and renamed PHP XSS class to "PHP XSS Include", because it checks for include type XSS vulnerability scans. Matti Hamalainen <ccr@tnsp.org> parents: 109 diff changeset	147 # (3.3) Match for miscellaneous PHP XSS vulnerabilities
4b3b1724c995 Added check for miscellaneous PHP XSS vulnerabilities, and renamed PHP XSS class to "PHP XSS Include", because it checks for include type XSS vulnerability scans. Matti Hamalainen <ccr@tnsp.org> parents: 109 diff changeset	148 elsif ($merr =~ /\.php\?\S*?=(phpinfo\()/) {
4b3b1724c995 Added check for miscellaneous PHP XSS vulnerabilities, and renamed PHP XSS class to "PHP XSS Include", because it checks for include type XSS vulnerability scans. Matti Hamalainen <ccr@tnsp.org> parents: 109 diff changeset	149 check_add_hit($mip, $mdate, "PHP XSS Misc", $merr, 6, $settings{"CHK_PHP_XSS"});
4b3b1724c995 Added check for miscellaneous PHP XSS vulnerabilities, and renamed PHP XSS class to "PHP XSS Include", because it checks for include type XSS vulnerability scans. Matti Hamalainen <ccr@tnsp.org> parents: 109 diff changeset	150 }
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	151 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	152 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	153
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	154
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	155 #############################################################################
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	156 ### Global variables
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	157 #############################################################################
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	158 my $reportmode = 0; # Full report mode
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	159 my @scanfiles = (); # Files to scan
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	160 my @scanfiles_once = (); # Files to scan only once during startup or HUP (e.g. not continuously followed)
69 b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	161 my @noaction_ips = (); # IPs not to filter
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	162 my %filehandles = (); # Global hash holding opened scanned log filehandles
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	163 my $pid_file = ""; # Name of Maltfilter daemon pid file
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	164 my @configfiles = (); # Array of configuration file names
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	165 my $LOGFILE; # Maltfilter logfile handle
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	166 my %dronebl = ();
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	167
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	168 # IPs currently blocked in Netfilter $filterlist{$ip} = date
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	169 my %filterlist = ();
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	170
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	171 # Gathered information about hosts
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	172 # $statlist{$ip}->
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	173 # "date1" = timestamp of first hit
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	174 # "date2" = timestamp of latest hit
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	175 # "hits" = number of hits to this IP
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	176 # "dronebl" = 0 == n/a, 1 == queued for submission, 2 == submitted
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	177 # $statlist{$ip}{"reason"}{$class}->
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	178 # "msg" = reason message (array if $reportmode)
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	179 # "hits" = hits to this class
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	180 # "date1" = timestamp of first hit
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	181 # "date2" = timestamp of latest hit
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	182 my %statlist = ();
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	183
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	184 # Gathered information about ignored hits (e.g. hits for tests that are not enabled)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	185 # Same fields as in %statlist
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	186 my %ignorelist = ();
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	187
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	188
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	189 #############################################################################
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	190 ### Status output functionality
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	191 #############################################################################
83 532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	192 ## Return string expressing given UNIX timestamp or "?" if not valid
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	193 sub get_time_str($)
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	194 {
83 532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	195 return ($_[0] >= 0) ? (scalar localtime($_[0])) : "?";
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	196 }
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	197
83 532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	198 ## Return string expressing how long ago given UNIX timestamp is from current time
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	199 my @paskat = (30246060, 7246060, 246060, 60*60, 60);
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	200 my @opaskat = ("months", "weeks", "days", "hours", "minutes");
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	201 my @upaskat = ("month", "week", "day", "hour", "minute");
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	202
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	203 sub get_ago_str($)
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	204 {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	205 return get_time_str($_[0]) if ($settings{"FULL_TIME"});
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	206 if ($_[0] >= 0) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	207 my $str = "";
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	208 my $cur = time() - $_[0];
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	209 my ($r, $k, $p, $n);
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	210 $n = 0;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	211 foreach my $div (@paskat) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	212 $r = int($cur / $div);
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	213 $k = ($cur % $div);
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	214 if ($r > 0) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	215 $p = ($r > 1) ? $opaskat[$n] : $upaskat[$n];
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	216 $str .= ", " if ($str ne "");
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	217 $str .= sprintf("%d %s", $r, $p);
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	218 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	219 $cur = $k;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	220 $n++;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	221 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	222 return $str." ago";
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	223 } else {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	224 return "?";
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	225 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	226 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	227
83 532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	228 ## Convert non-alphanumeric characters in strong to hex-coded URI style
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	229 sub urlencode($)
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	230 {
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	231 my $value = $_[0];
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	232 $value =~ s/([^a-zA-Z_0-9 ])/"%" . uc(sprintf "%lx" , unpack("C", $1))/eg;
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	233 $value =~ tr/ /+/;
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	234 return $value;
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	235 }
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	236
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	237 my %entities = (
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	238 "<" => "lt",
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	239 ">" => "gt",
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	240 "&" => "amp",
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	241 );
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	242
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	243 ## Convert special characters to HTML/XML entities
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	244 sub htmlentities($)
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	245 {
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	246 my $value = $_[0];
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	247 $value =~ s/$_/\&$entities{$_}\;/g foreach (keys %entities);
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	248 return $value;
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	249 }
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	250
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	251
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	252 sub printH($$$$)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	253 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	254 my $fh = $_[1];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	255 if ($_[0]) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	256 print $fh "<h".$_[2].">".$_[3]."</h".$_[2].">\n";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	257 } else {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	258 my $c = ($_[2] <= 1) ? "=" : "-";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	259 print $fh $_[3]."\n". $c x length($_[3]) ."\n";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	260 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	261 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	262
32 e7e484c89dbc Added highlighting of blocked entries in summary tables. Matti Hamalainen <ccr@tnsp.org> parents: 30 diff changeset	263 sub printTD
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	264 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	265 my $fh = $_[1];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	266 if ($_[0]) {
52 8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	267 my $s = defined($_[3]) ? " ".$_[3]." " : "";
32 e7e484c89dbc Added highlighting of blocked entries in summary tables. Matti Hamalainen <ccr@tnsp.org> parents: 30 diff changeset	268 print $fh "<td".$s.">".$_[2]."</td>";
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	269 } else {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	270 print $fh $_[2];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	271 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	272 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	273
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	274 sub printP($$$)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	275 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	276 my $fh = $_[1];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	277 if ($_[0]) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	278 print $fh "<p>\n".$_[2]."</p>\n";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	279 } else {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	280 print $fh $_[2]."\n";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	281 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	282 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	283
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	284 sub printElem
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	285 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	286 my $fh = $_[1];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	287 if ($_[0]) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	288 print $fh $_[2];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	289 } elsif (defined($_[3])) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	290 print $fh $_[3];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	291 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	292 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	293
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	294 sub bb($)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	295 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	296 return $_[0] ? "<b>" : "";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	297 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	298
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	299 sub eb($)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	300 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	301 return $_[0] ? "</b>" : "";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	302 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	303
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	304 sub pe($$)
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	305 {
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	306 return $_[0] ? "<$_[1]>" : "";
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	307 }
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	308
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	309 sub get_link($$)
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	310 {
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	311 if ($settings{"WHOIS_URL"} ne "") {
112 ee4a55fb7d23 Add some checks; On html output, make links to open in new tabs/windows via target=_blank attribute. Bump version. Matti Hamalainen <ccr@tnsp.org> parents: 111 diff changeset	312 return $_[0] ? "<a target=\"_blank\" href=\"".$settings{"WHOIS_URL"}.$_[1].
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	313 "\">".htmlentities($_[1])."</a>" : $_[1];
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	314 } else {
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	315 return $_[0];
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	316 }
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	317 }
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	318
109 4c394e57387d Added configurable linking to dronebl entries. Matti Hamalainen <ccr@tnsp.org> parents: 107 diff changeset	319 sub get_dronebl_link($)
4c394e57387d Added configurable linking to dronebl entries. Matti Hamalainen <ccr@tnsp.org> parents: 107 diff changeset	320 {
4c394e57387d Added configurable linking to dronebl entries. Matti Hamalainen <ccr@tnsp.org> parents: 107 diff changeset	321 if ($settings{"DRONEBL_LOOKUP_URL"} ne "") {
112 ee4a55fb7d23 Add some checks; On html output, make links to open in new tabs/windows via target=_blank attribute. Bump version. Matti Hamalainen <ccr@tnsp.org> parents: 111 diff changeset	322 return sprintf(" [<a target=\"_blank\" href=\"".$settings{"DRONEBL_LOOKUP_URL"}."\">*</a>]", $_[0]);
109 4c394e57387d Added configurable linking to dronebl entries. Matti Hamalainen <ccr@tnsp.org> parents: 107 diff changeset	323 } else {
4c394e57387d Added configurable linking to dronebl entries. Matti Hamalainen <ccr@tnsp.org> parents: 107 diff changeset	324 return "";
4c394e57387d Added configurable linking to dronebl entries. Matti Hamalainen <ccr@tnsp.org> parents: 107 diff changeset	325 }
4c394e57387d Added configurable linking to dronebl entries. Matti Hamalainen <ccr@tnsp.org> parents: 107 diff changeset	326 }
4c394e57387d Added configurable linking to dronebl entries. Matti Hamalainen <ccr@tnsp.org> parents: 107 diff changeset	327
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	328 sub print_table1($$$$$$)
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	329 {
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	330 my ($m, $f, $table, $keys, $func, $class) = @_;
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	331 my $ntotal = 0;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	332
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	333 printElem($m, $f,
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	334 "<table class=\"".$class."\">\n".
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	335 "<tr><th>Hits</th><th>IP-address</th><th>First hit</th><th>Latest hit</th><th>Reason(s)</th></tr>\n",
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	336
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	337 "Hits \| IP-address \| First hit \| Latest hit \| Reason(s)\n"
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	338 );
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	339
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	340 foreach my $mip (sort { $func->($table, $a, $b) } keys %{$keys}) {
68 bac5931b8312 Cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 67 diff changeset	341 my $blocked = defined($filterlist{$mip}) ? "filtered" : "unfiltered";
32 e7e484c89dbc Added highlighting of blocked entries in summary tables. Matti Hamalainen <ccr@tnsp.org> parents: 30 diff changeset	342 printElem($m, $f, " <tr class=\"$blocked\">");
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	343 printTD($m, $f, sprintf(bb($m)."%-10d".eb($m), $table->{$mip}{"hits"}));
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	344 printElem(!$m, $f, " \| ");
109 4c394e57387d Added configurable linking to dronebl entries. Matti Hamalainen <ccr@tnsp.org> parents: 107 diff changeset	345 printTD($m, $f, sprintf("%-15s%s", get_link($m, $mip), get_dronebl_link($mip)));
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	346 printElem(!$m, $f, " \| ");
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	347 printTD($m, $f, get_ago_str($table->{$mip}{"date1"}));
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	348 printElem(!$m, $f, " \| ");
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	349 printTD($m, $f, get_ago_str($table->{$mip}{"date2"}));
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	350 printElem(!$m, $f, " \| ");
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	351 my @reasons = ();
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	352 foreach my $class (sort keys %{$table->{$mip}{"reason"}}) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	353 my $msgs;
18 b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	354 if ($class ne "IPTABLES") {
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	355 if ($reportmode) {
18 b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	356 my @tmp = reverse(@{$table->{$mip}{"reason"}{$class}{"msg"}});
100 075b2b626d17 Fix check for number of SCANFILEs and SCANFILE_ONCEs. Matti Hamalainen <ccr@tnsp.org> parents: 97 diff changeset	357 if (scalar @tmp > 5) { $#tmp = 5; }
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	358 foreach (@tmp) { $_ = htmlentities($_); }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	359 $msgs = join(" ".bb($m)."\|".eb($m)." ", @tmp);
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	360 } else {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	361 $msgs = $table->{$mip}{"reason"}{$class}{"msg"};
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	362 }
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	363 push(@reasons, bb($m).$class.eb($m)." #".$table->{$mip}{"reason"}{$class}{"hits"}.
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	364 " ( ".$msgs." )");
18 b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	365 }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	366 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	367 printTD($m, $f, join(", ", @reasons));
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	368 printElem($m, $f, "</tr>\n", "\n");
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	369 $ntotal++;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	370 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	371 printElem($m, $f, "</table>\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	372 printP($m, $f, bb($m).$ntotal.eb($m)." entries total.\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	373 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	374
52 8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	375 sub cmp_ips($$$)
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	376 {
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	377 my @ipa = split(/\./, $_[1]);
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	378 my @ipb = split(/\./, $_[2]);
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	379 for (my $i = 0; $i < 4; $i++) {
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	380 return -1 if ($ipa[$i] > $ipb[$i]);
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	381 return 1 if ($ipa[$i] < $ipb[$i]);
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	382 }
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	383 return 0;
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	384 }
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	385
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	386 sub test_ips($$)
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	387 {
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	388 my @ipa = split(/\./, $_[0]);
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	389 my @ipb = split(/\./, $_[1]);
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	390 for (my $i = 0; $i < 3; $i++) {
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	391 return $i if ($ipa[$i] != $ipb[$i]);
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	392 }
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	393 return 4;
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	394 }
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	395
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	396 my @ipcolors = (
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	397 "#666",
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	398 "#777",
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	399 );
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	400
87 cbe5761897f4 Use ("No", "Queue", "Sent") for DroneBL information in status reports. Matti Hamalainen <ccr@tnsp.org> parents: 86 diff changeset	401 my @drone_status = ("No", "Queue", "Sent");
cbe5761897f4 Use ("No", "Queue", "Sent") for DroneBL information in status reports. Matti Hamalainen <ccr@tnsp.org> parents: 86 diff changeset	402
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	403 sub print_table2($$$$$$)
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	404 {
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	405 my ($m, $f, $table, $keys, $func, $class) = @_;
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	406 my $nhits = 0;
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	407 my $str = "<th>IP-address</th><th>Hits</th><th>DroneBL?</th><th>First hit</th><th>Latest hit</th><th>Class</th>";
88 3bcc17b754bf Remove nbsp from status output. Matti Hamalainen <ccr@tnsp.org> parents: 87 diff changeset	408 my $str2 = "IP-address \| Hits \| DroneBL \| First hit \| Latest hit \| Class ";
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	409
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	410 printElem($m, $f,
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	411 "<table class=\"".$class."\">\n<tr>". $str."<th> </th>".$str ."</tr>\n",
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	412 $str2." \|\| ".$str2."\n");
52 8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	413
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	414 my @previp = ("0.0.0.0", "0.0.0.0");
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	415 my @ncolor = (0, 0);
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	416
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	417 my $printEntry = sub {
68 bac5931b8312 Cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 67 diff changeset	418 my $blocked = "class=\"".(defined($filterlist{$_[0]}) ? "filtered" : "unfiltered")."\"";
52 8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	419 if (test_ips($previp[$_[1]], $_[0]) < 3) {
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	420 $ncolor[$_[1]]++;
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	421 }
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	422 $previp[$_[1]] = $_[0];
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	423 my $str = "style=\"background: ".$ipcolors[$ncolor[$_[1]] % scalar @ipcolors].";\"";
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	424
109 4c394e57387d Added configurable linking to dronebl entries. Matti Hamalainen <ccr@tnsp.org> parents: 107 diff changeset	425 printTD($m, $f, sprintf("%-15s%s", get_link($m, $_[0]), get_dronebl_link($_[0])), $str);
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	426 printElem(!$m, $f, " \| ");
32 e7e484c89dbc Added highlighting of blocked entries in summary tables. Matti Hamalainen <ccr@tnsp.org> parents: 30 diff changeset	427 printTD($m, $f, sprintf("%-8d ", $table->{$_[0]}{"hits"}), $blocked);
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	428 printElem(!$m, $f, " \| ");
87 cbe5761897f4 Use ("No", "Queue", "Sent") for DroneBL information in status reports. Matti Hamalainen <ccr@tnsp.org> parents: 86 diff changeset	429 printTD($m, $f, sprintf("%-6s ", $drone_status[$table->{$_[0]}{"dronebl"}]), $blocked);
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	430 printElem(!$m, $f, " \| ");
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	431 printTD($m, $f, get_ago_str($table->{$_[0]}{"date1"}), $blocked);
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	432 printElem(!$m, $f, " \| ");
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	433 printTD($m, $f, get_ago_str($table->{$_[0]}{"date2"}), $blocked);
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	434 printElem(!$m, $f, " \| ");
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	435 my $tmp = join(", ", sort keys %{$table->{$_[0]}{"reason"}});
32 e7e484c89dbc Added highlighting of blocked entries in summary tables. Matti Hamalainen <ccr@tnsp.org> parents: 30 diff changeset	436 printTD($m, $f, sprintf("%-30s", $tmp), $blocked);
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	437 $nhits += $table->{$_[0]}{"hits"};
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	438 };
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	439
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	440 my @mkeys = sort { $func->($table, $a, $b) } keys %{$keys};
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	441 my $nkeys = scalar @mkeys;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	442 my $kmax = $nkeys / 2;
52 8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	443
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	444 for (my $i = 0; $i <= $kmax; $i++) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	445 printElem($m, $f, " <tr>");
18 b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	446 if ($i < $kmax) {
52 8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	447 $printEntry->($mkeys[$i], 0);
18 b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	448 printElem($m, $f, "<th> </th>", " \|\| ");
b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	449 }
52 8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	450 if ($i + $kmax + 1 < $nkeys) { $printEntry->($mkeys[$i + $kmax + 1], 1); }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	451 printElem($m, $f, "</tr>\n", "\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	452 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	453
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	454 printElem($m, $f, "</table>\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	455 printP($m, $f, bb($m).$nkeys.eb($m)." entries total, ".bb($m).$nhits.eb($m)." hits total.\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	456 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	457
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	458 sub cmp_hits($$$)
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	459 {
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	460 my $s1 = $_[0]->{$_[1]};
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	461 my $s2 = $_[0]->{$_[2]};
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	462
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	463 return -1 if ($s2->{"date2"} < $s1->{"date2"});
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	464 return 1 if ($s2->{"date2"} > $s1->{"date2"});
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	465 return $s2->{"hits"} <=> $s1->{"hits"};
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	466 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	467
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	468 sub get_period($)
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	469 {
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	470 my ($str, $r, $k);
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	471 if ($_[0] > 30 * 24) {
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	472 $r = $_[0] / (30 * 24);
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	473 $k = $_[0] % (30 * 24);
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	474 $str = sprintf("%d months", $r);
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	475 $str .= sprintf(", %d days", $k) if ($k > 0);
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	476 } elsif ($_[0] > 24 * 7) {
29 6d3e33e9ee9b Oops, fix printing of weeks. Matti Hamalainen <ccr@tnsp.org> parents: 27 diff changeset	477 $str = sprintf("%1.1f weeks", $_[0] / (24.0 * 7.0));
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	478 } elsif ($_[0] > 24) {
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	479 $r = $_[0] / 24;
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	480 $k = $_[0] % 24;
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	481 $str = sprintf("%d days", $r);
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	482 $str .= sprintf(", %d hours", $k) if ($k > 0);
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	483 } else {
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	484 $str = sprintf("%d hours", $_[0]);
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	485 }
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	486 return $str;
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	487 }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	488
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	489 sub generate_status($$)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	490 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	491 my $filename = shift;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	492 my $m = shift;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	493
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	494 return unless ($filename ne "");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	495
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	496 open(STATUS, ">", $filename) or mdie("Could not open '".$filename."'!\n");
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	497 my $f = \*STATUS;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	498
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	499 printElem($m, $f, "
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	500 <html>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	501 <head>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	502 <title>Maltfilter status report</title>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	503 ");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	504
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	505 printElem($m, $f, "<link href=\"".$settings{"STATUS_FILE_CSS"}."\" rel=\"stylesheet\" type=\"text/css\" />")
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	506 if ($settings{"STATUS_FILE_CSS"});
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	507
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	508 printElem($m, $f, "
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	509 </head>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	510 <body>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	511 ");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	512
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	513 printH($m, $f, 1, "Maltfilter v$progversion status report");
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	514 my $period = get_period($settings{"STATS_MAX_AGE"});
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	515
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	516 printP($m, $f,
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	517 "Generated ".bb($m).get_time_str(time()).eb($m).". Data computed from ".
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	518 ($reportmode ? "complete logfile scan" : "a period of last $period").".\n");
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	519
18 b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	520 printP($m, $f, "The hit classes marked as 'IPTABLES' are a pseudo-class meaning an\n".
68 bac5931b8312 Cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 67 diff changeset	521 "filtered IP that was in Netfilter before Maltfilter was started.\n");
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	522
68 bac5931b8312 Cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 67 diff changeset	523 if ($settings{"FILTER"} > 0) {
bac5931b8312 Cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 67 diff changeset	524 printH($m, $f, 2, "Currently filtered entries");
bac5931b8312 Cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 67 diff changeset	525 $period = get_period($settings{"FILTER_MAX_AGE"});
bac5931b8312 Cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 67 diff changeset	526 printP($m, $f, "List of IPs that are currently filtered (or would be, if this is\n".
bac5931b8312 Cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 67 diff changeset	527 "a report-only mode). Data from period of $period.\n");
bac5931b8312 Cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 67 diff changeset	528 print_table1($m, $f, \%statlist, \%filterlist, \&cmp_hits, "filtered");
bac5931b8312 Cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 67 diff changeset	529 }
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	530
68 bac5931b8312 Cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 67 diff changeset	531 printH($m, $f, 2, "Summary of entries");
18 b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	532 printP($m, $f, "List of 'hits' of suspicious activity noticed by Maltfilter, but not\n".
b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	533 "necessarily acted upon. Sorted by descending IP address.\n");
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	534 print_table2($m, $f, \%statlist, \%statlist, \&cmp_ips, "global");
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	535
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	536 printH($m, $f, 2, "Ignored entries");
52 8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	537 printP($m, $f, "List of hits that were ignored (not acted upon), because the test was disabled.\n".
8cfb71b296da Added colour-coded grouping of IP addresses in summary table. Matti Hamalainen <ccr@tnsp.org> parents: 49 diff changeset	538 "Notice that the entry may be blocked due to other checks, however.\n");
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	539 print_table1($m, $f, \%ignorelist, \%ignorelist, \&cmp_hits, "ignored");
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	540
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	541 printElem($m, $f, "</body>\n</html>\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	542 close(STATUS);
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	543 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	544
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	545
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	546 #############################################################################
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	547 ### DroneBL submission support
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	548 #############################################################################
83 532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	549 my $dronebl_errors = 0;
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	550 my $dronebl_suspend = 0;
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	551
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	552 sub dronebl_process
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	553 {
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	554 return unless ($settings{"DRONEBL"} > 0);
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	555
100 075b2b626d17 Fix check for number of SCANFILEs and SCANFILE_ONCEs. Matti Hamalainen <ccr@tnsp.org> parents: 97 diff changeset	556 # If suspended, bail out until it's time to retry
86 4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	557 if ($dronebl_suspend > 0) {
4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	558 $dronebl_suspend--;
4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	559 return;
4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	560 }
4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	561
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	562 # Create submission data
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	563 my $xml = "<?xml version=\"1.0\"?>\n<request key=\"".$settings{"DRONEBL_RPC_KEY"}."\">\n";
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	564 my $entries = 0;
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	565 while (my ($ip, $entry) = each(%dronebl)) {
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	566 if ($entry->{"sent"} == 0 && $entry->{"tries"} < 3) {
83 532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	567 $xml .= "<add ip=\"".$ip."\" type=\"".$entry->{"type"}."\" />\n";
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	568 # $xml .= "<add ip=\"".$ip."\" type=\"1\" />\n";
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	569 $entries++;
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	570 }
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	571 }
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	572 $xml .= "</request>\n";
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	573
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	574 # Bait out if no entries to submit
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	575 return unless ($entries > 0);
67 8df5d52436a1 More work towards DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 66 diff changeset	576 if ($settings{"DRY_RUN"}) {
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	577 mlog(2, "[DroneBL] Would submit $entries entries.\n");
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	578 return;
67 8df5d52436a1 More work towards DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 66 diff changeset	579 } else {
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	580 mlog(2, "[DroneBL] Trying to submit $entries entries.\n");
67 8df5d52436a1 More work towards DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 66 diff changeset	581 }
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	582
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	583 # Submit via HTTP XML-RPC
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	584 my $tmp = LWP::UserAgent->new;
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	585 $tmp->agent("Maltfilter/".$progversion);
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	586 $tmp->timeout(10);
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	587 my $req = HTTP::Request->new(POST => $settings{"DRONEBL_RPC_URI"});
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	588 $req->content_type("text/xml");
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	589 $req->content($xml);
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	590 $req->user_agent("Maltfilter/".$progversion);
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	591 my $res = $tmp->request($req);
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	592
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	593 if ($res->is_success) {
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	594 mlog(3, "[DroneBL] HTTP response [".$res->code."] ".$res->message."\n");
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	595 my $str = $res->content;
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	596 my ($type, $msg);
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	597 $str =~ tr/\n/ /;
69 b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	598
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	599 if ($str =~ /<response\stype=.(success\|error).>(.?)<\/response>/gm) {
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	600 $type = $1; $msg = $2;
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	601 } elsif ($str =~ /<response\stype=.(success\|error). \/>/gm) {
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	602 $type = $1; $msg = "";
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	603 }
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	604
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	605 if ($type eq "success") {
83 532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	606 $dronebl_errors = 0;
86 4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	607 mlog(1, "[DroneBL] Succesfully submitted $entries entries.\n");
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	608 while (my ($ip, $entry) = each(%dronebl)) {
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	609 $entry->{"sent"} = 1;
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	610 $statlist{$ip}{"dronebl"} = 2 if defined($statlist{$ip});
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	611 }
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	612 } elsif ($type eq "error") {
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	613 # If we don't have a valid key, disable further submissions.
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	614 if ($msg =~ /<code>403<\/code>/) {
87 cbe5761897f4 Use ("No", "Queue", "Sent") for DroneBL information in status reports. Matti Hamalainen <ccr@tnsp.org> parents: 86 diff changeset	615 mlog(-1, "[DroneBL] Disabling submissions due to invalid key.\n");
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	616 $settings{"DRONEBL"} = 0;
83 532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	617 } else {
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	618 $dronebl_errors++;
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	619 }
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	620 # Log error message mangled
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	621 $msg =~ s{\s*</?[^>]+>}{ }g;
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	622 mlog(-1, "[DroneBL] Error in submission: $msg\n");
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	623 } else {
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	624 mlog(-1, "[DroneBL] Unsupported response message ".$str."\n");
83 532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	625 $dronebl_errors++;
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	626 }
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	627 } else {
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	628 mlog(-1, "[DroneBL] HTTP request failed: [".$res->code."] ".$res->message."\n");
83 532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	629 $dronebl_errors++;
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	630 }
532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	631
86 4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	632 # Check error counts
83 532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	633 if ($dronebl_errors >= $settings{"DRONEBL_MAX_ERRORS"}) {
86 4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	634 # Only log suspension message if don't have recent previous errors
4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	635 mlog(-1, "Temporarily disabling DroneBL submissions due to too many errors for next ".$settings{"DRONEBL_SUSPEND"}. " rounds.\n")
4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	636 if ($dronebl_errors == $settings{"DRONEBL_MAX_ERRORS"});
83 532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	637 $dronebl_suspend = $settings{"DRONEBL_SUSPEND"};
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	638 }
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	639
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	640 # Clean up expired entries, warn/note about unsubmitted ones.
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	641 while (my ($ip, $entry) = each(%dronebl)) {
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	642 if (!check_time3($entry->{"date"})) {
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	643 mlog(1, "[DroneBL] $ip submission expired.\n") unless ($entry->{"sent"} > 0);
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	644 delete($dronebl{$ip});
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	645 }
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	646 }
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	647 }
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	648
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	649 sub dronebl_queue($$$)
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	650 {
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	651 my ($mip, $mdate, $mtype) = @_;
69 b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	652
b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	653 return unless ($settings{"DRONEBL"} > 0);
100 075b2b626d17 Fix check for number of SCANFILEs and SCANFILE_ONCEs. Matti Hamalainen <ccr@tnsp.org> parents: 97 diff changeset	654
075b2b626d17 Fix check for number of SCANFILEs and SCANFILE_ONCEs. Matti Hamalainen <ccr@tnsp.org> parents: 97 diff changeset	655 # Check against noaction IPs
69 b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	656 return if check_hosts_array(\@noaction_ips, $mip);
b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	657
100 075b2b626d17 Fix check for number of SCANFILEs and SCANFILE_ONCEs. Matti Hamalainen <ccr@tnsp.org> parents: 97 diff changeset	658 # If we have the host/IP in "recent memory", and it has been submitted
075b2b626d17 Fix check for number of SCANFILEs and SCANFILE_ONCEs. Matti Hamalainen <ccr@tnsp.org> parents: 97 diff changeset	659 # or queued already, do not requeue.
95 b1f9df8bb084 Do not resubmit entries to DroneBL that are still at "submitted" OR Matti Hamalainen <ccr@tnsp.org> parents: 93 diff changeset	660 if (defined($statlist{$mip}) && defined($statlist{$mip}{"dronebl"})) {
b1f9df8bb084 Do not resubmit entries to DroneBL that are still at "submitted" OR Matti Hamalainen <ccr@tnsp.org> parents: 93 diff changeset	661 return if ($statlist{$mip}{"dronebl"} > 0);
b1f9df8bb084 Do not resubmit entries to DroneBL that are still at "submitted" OR Matti Hamalainen <ccr@tnsp.org> parents: 93 diff changeset	662 }
b1f9df8bb084 Do not resubmit entries to DroneBL that are still at "submitted" OR Matti Hamalainen <ccr@tnsp.org> parents: 93 diff changeset	663
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	664 if (!defined($dronebl{$mip})) {
86 4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	665 mlog(2, "[DroneBL] Queueing $mip \@ $mdate (type $mtype)\n");
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	666 $dronebl{$mip}{"type"} = $mtype;
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	667 $dronebl{$mip}{"date"} = $mdate;
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	668 $dronebl{$mip}{"sent"} = 0;
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	669 $dronebl{$mip}{"tries"} = 0;
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	670 $statlist{$mip}{"dronebl"} = 1 if defined($statlist{$mip});
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	671 }
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	672 }
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	673
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	674 #############################################################################
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	675 ### Evidence gathering
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	676 #############################################################################
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	677 my %evidence = ();
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	678
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	679 sub evidence_queue($$$)
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	680 {
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	681 my ($mip, $mdata, $mfull) = @_;
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	682
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	683 return unless ($settings{"EVIDENCE"} > 0);
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	684
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	685 my $tmp = $mdata;
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	686 $tmp =~ s/http:\/\///;
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	687 $tmp =~ s/^\.+/_/;
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	688 $tmp =~ s/[^A-Za-z0-9:\.]/_/g;
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	689
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	690 $evidence{$mdata}{"coll"} = $tmp;
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	691 $evidence{$mdata}{"hosts"}{$mip} = 1;
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	692 $evidence{$mdata}{"full"}{$mfull} = 1;
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	693 }
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	694
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	695 sub evidence_fetch($$)
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	696 {
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	697 my $tmp = LWP::UserAgent->new;
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	698 $tmp->agent("-");
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	699 $tmp->timeout(10);
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	700 $tmp->default_headers->referer($_[1]);
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	701 my $req = HTTP::Request->new(GET => $_[0]);
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	702 return $tmp->request($req);
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	703 }
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	704
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	705 my $evidence_dir = 0;
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	706 sub evidence_gather
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	707 {
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	708 my $dns = Net::DNS::Resolver->new;
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	709 my $base = $settings{"EVIDENCE_DIR"};
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	710
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	711 return unless ($settings{"EVIDENCE"} > 0);
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	712
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	713 if (! -e $base) {
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	714 mlog(-1, "Evidence directory '$base' has disappeared.\n") unless ($evidence_dir > 0);
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	715 mdie("Evidence directory '$base' has been absent for $evidence_dir cycles, dying.\n") if ($evidence_dir++ > 10);
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	716 return;
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	717 } else {
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	718 $evidence_dir = 0;
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	719 }
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	720
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	721 my $fetched = 0;
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	722 foreach my $url (keys %evidence) {
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	723 my $filename = $base."/".$evidence{$url}{"coll"}.".data";
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	724 my $filename2 = $base."/".$evidence{$url}{"coll"}.".hosts";
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	725 my $filename3 = $base."/".$evidence{$url}{"coll"}.".info";
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	726
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	727 # Get data contents only once
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	728 if (! -e $filename) {
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	729 $fetched++;
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	730 mlog(1, "Fetching evidence for $url\n");
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	731 my $res = evidence_fetch($url, "");
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	732 open(FILE, ">:raw", $filename) or mdie("Could not open '$filename' for writing.\n");
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	733 binmode(FILE, ":raw");
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	734 if ($res->is_success && $res->code >= 200 && $res->code <= 201) {
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	735 print FILE $res->content;
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	736 }
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	737 close(FILE);
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	738
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	739 open(FILE, ">:raw", $filename3) or mdie("Could not open '$filename3' for writing.\n");
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	740 binmode(FILE, ":raw");
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	741 print FILE "XSS URI : $url\n";
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	742 print FILE "Time of retrieval : ".get_time_str(time())."\n";
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	743 print FILE "HTTP return code : [".$res->code."] ".$res->message."\n";
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	744 print FILE "Content-Type : ".($res->content_type ? $res->content_type : "?")."\n";
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	745 print FILE "Last modified : ".($res->last_modified ? $res->last_modified : "?")."\n";
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	746 print FILE "------ HTTP Headers ------\n".$res->headers_as_string."\n";
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	747 print FILE "------ Requests ------\n";
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	748 print FILE $_."\n" foreach (keys %{$evidence{$url}{"full"}});
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	749 close(FILE);
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	750 }
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	751
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	752 # Check if we are appending hosts to existing data
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	753 if (-e $filename2) {
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	754 open(FILE, "<", $filename2) or mdie("Could not open '$filename2' for reading.\n");
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	755 while (<FILE>) {
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	756 if (/^(\d+\.\d+\.\d+\.\d+) *\\|/) {
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	757 if (defined($evidence{$url}{"hosts"}{$1})) {
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	758 delete($evidence{$url}{"hosts"}{$1});
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	759 }
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	760 }
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	761 }
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	762 close(FILE);
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	763 open(FILE, ">>", $filename2) or mdie("Could not open '$filename2' for appending.\n");
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	764 } else {
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	765 open(FILE, ">", $filename2) or mdie("Could not open '$filename2' for writing.\n");
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	766 }
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	767 foreach my $host (sort keys %{$evidence{$url}{"hosts"}}) {
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	768 my $query = $dns->search($host);
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	769 my @names = ();
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	770 undef(@names);
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	771 if ($query) {
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	772 foreach my $rr ($query->answer) {
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	773 push(@names, $rr->{"ptrdname"}) if defined($rr->{"ptrdname"});
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	774 }
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	775 }
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	776 printf FILE "%-15s \| %s\n", $host, join(" \| ", @names);
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	777 }
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	778 close(FILE);
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	779
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	780 # This entry has been handled, delete it
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	781 delete($evidence{$url});
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	782
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	783 # If not in report mode, handle only 5 fetched entries at time
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	784 return unless ($reportmode \|\| $fetched < 5);
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	785 }
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	786 }
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	787
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	788
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	789 #############################################################################
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	790 ### Entry management / handling functions
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	791 #############################################################################
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	792 ### Check if given IP or host exists in array
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	793 sub check_hosts_array($$)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	794 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	795 my $chk_host = $_[1];
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	796 my $chk_ip = new Net::IP($chk_host);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	797 foreach my $host (@{$_[0]}) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	798 my $ip = new Net::IP($host);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	799 if (defined($chk_ip) && defined($ip)) {
69 b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	800 my $res = $chk_ip->overlaps($ip);
b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	801 if (defined($res)) {
b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	802 return 1 if ($res == $IP_IDENTICAL);
b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	803 return 2 if ($res == $IP_B_IN_A_OVERLAP);
b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	804 return 3 if ($res == $IP_A_IN_B_OVERLAP);
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	805 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	806 }
69 b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	807 return 4 if ($chk_host eq $host);
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	808 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	809 return 0;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	810 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	811
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	812 ### Check IP/host against \| separated list of IPs/hosts
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	813 sub check_hosts($$)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	814 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	815 my @tmp = split(/\s\\|\s/, $_[0]);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	816 return check_hosts_array(\@tmp, $_[1]);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	817 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	818
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	819 ### Execute iptables
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	820 sub exec_iptables(@)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	821 {
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	822 $ENV{"PATH"} = "";
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	823 my @args = ($settings{"IPTABLES"}, @_);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	824 if ($settings{"DRY_RUN"}) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	825 mlog(3, ":: ".join(" ", @args)."\n");
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	826 } else {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	827 system(@args) == 0 or print join(" ", @args)." failed: $?\n";
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	828 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	829 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	830
93 55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	831 ### Get current Netfilter table entries that match entry types we
55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	832 ### manage, e.g. filterlist
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	833 sub update_filterlist($)
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	834 {
79 9095db0fad8f v0.18.0: Bunch of bugfixes; logfile trailing/scanning speed improved; memory Matti Hamalainen <ccr@tnsp.org> parents: 76 diff changeset	835 my $first = $_[0];
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	836 return unless ($settings{"FILTER"} > 0);
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	837
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	838 $ENV{"PATH"} = "";
93 55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	839 open(STATUS, $settings{"IPTABLES"}." -v -n -t ".$settings{"FILTER_TABLE"}." -L ".$settings{"FILTER_CHAIN"}." \|") or
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	840 mdie("Could not execute ".$settings{"IPTABLES"}."\n");
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	841 my %newlist = ();
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	842 undef(%newlist);
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	843 while (<STATUS>) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	844 chomp;
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	845 if (/^\s(\d+)\s+\d+\s+$settings{"FILTER_TARGET"}\s+all\s+--\s+\\s+\\s+(\d+\.\d+\.\d+\.\d+)\s+0\.0\.0\.0\/0\s$/) {
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	846 my $mip = $2;
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	847 if (!defined($filterlist{$mip})) {
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	848 mlog(2, "* $mip appeared in iptables.\n") unless ($first < 0);
79 9095db0fad8f v0.18.0: Bunch of bugfixes; logfile trailing/scanning speed improved; memory Matti Hamalainen <ccr@tnsp.org> parents: 76 diff changeset	849 $filterlist{$2} = time();
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	850 }
79 9095db0fad8f v0.18.0: Bunch of bugfixes; logfile trailing/scanning speed improved; memory Matti Hamalainen <ccr@tnsp.org> parents: 76 diff changeset	851 $newlist{$2} = 1;
53 dc072a56f343 Don't add hits when updating entries from netfilter. Matti Hamalainen <ccr@tnsp.org> parents: 52 diff changeset	852 update_entry(\%statlist, $mip, -1, "IPTABLES", "", 0);
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	853 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	854 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	855 close(STATUS);
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	856
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	857 foreach my $mip (keys %filterlist) {
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	858 if (!defined($newlist{$mip})) {
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	859 mlog(2, "* $mip removed from iptables.\n");
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	860 delete($filterlist{$mip});
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	861 }
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	862 }
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	863 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	864
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	865 ### Check if given timestamp is _newer_ than weedperiod threshold.
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	866 ### Returns false if timestamp is over weed period, e.g. needs weeding.
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	867 sub check_time1($)
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	868 {
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	869 return ($_[0] > time() - ($settings{"FILTER_MAX_AGE"} * 60 * 60));
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	870 }
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	871
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	872 sub check_time2($)
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	873 {
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	874 return ($_[0] > time() - ($settings{"STATS_MAX_AGE"} * 60 * 60));
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	875 }
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	876
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	877 sub check_time3($)
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	878 {
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	879 return ($_[0] > time() - ($settings{"DRONEBL_MAX_AGE"} * 60));
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	880 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	881
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	882 ### Weed out old entries
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	883 sub weed_do($)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	884 {
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	885 my $mtime = $filterlist{$_[0]};
59 69c39b5c6277 Typofix. Matti Hamalainen <ccr@tnsp.org> parents: 58 diff changeset	886 mlog(2, "* Weeding $_[0] (".get_time_str($mtime).")\n");
93 55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	887 exec_iptables("-t", $settings{"FILTER_TABLE"}, "-D", $settings{"FILTER_CHAIN"}, "-s", $_[0], "-d", "0.0.0.0/0", "-j", $settings{"FILTER_TARGET"});
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	888 delete($filterlist{$_[0]});
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	889 delete($statlist{$_[0]});
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	890 delete($ignorelist{$_[0]});
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	891 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	892
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	893 sub weed_entries()
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	894 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	895 # Don't weed in report mode.
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	896 return unless ($settings{"FILTER"} > 0 && $reportmode == 0);
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	897
25 34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	898 # Weed blocked entries.
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	899 my @mips = keys %filterlist;
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	900 foreach my $mip (@mips) {
79 9095db0fad8f v0.18.0: Bunch of bugfixes; logfile trailing/scanning speed improved; memory Matti Hamalainen <ccr@tnsp.org> parents: 76 diff changeset	901 if (defined($statlist{$mip})) {
9095db0fad8f v0.18.0: Bunch of bugfixes; logfile trailing/scanning speed improved; memory Matti Hamalainen <ccr@tnsp.org> parents: 76 diff changeset	902 if ($statlist{$mip}{"date2"} >= 0) {
9095db0fad8f v0.18.0: Bunch of bugfixes; logfile trailing/scanning speed improved; memory Matti Hamalainen <ccr@tnsp.org> parents: 76 diff changeset	903 weed_do($mip) unless check_time1($statlist{$mip}{"date2"});
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	904 } else {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	905 weed_do($mip);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	906 }
79 9095db0fad8f v0.18.0: Bunch of bugfixes; logfile trailing/scanning speed improved; memory Matti Hamalainen <ccr@tnsp.org> parents: 76 diff changeset	907 } elsif (defined($filterlist{$mip})) {
9095db0fad8f v0.18.0: Bunch of bugfixes; logfile trailing/scanning speed improved; memory Matti Hamalainen <ccr@tnsp.org> parents: 76 diff changeset	908 weed_do($mip);
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	909 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	910 }
25 34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	911
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	912 # Clean up old entries from other lists
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	913 foreach my $mip (keys %statlist) {
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	914 if (defined($statlist{$mip})) {
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	915 my $mtime = $statlist{$mip}{"date2"};
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	916 if (!check_time2($mtime) && !defined($filterlist{$mip})) {
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	917 mlog(3, "* Deleting stale $mip (".get_time_str($mtime).")\n");
25 34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	918 delete($statlist{$mip});
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	919 }
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	920 }
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	921 }
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	922
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	923 foreach my $mip (keys %ignorelist) {
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	924 if (defined($ignorelist{$mip})) {
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	925 my $mtime = $ignorelist{$mip}{"date2"};
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	926 if (!check_time2($mtime)) {
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	927 mlog(3, "* Deleting stale ignored $mip (".get_time_str($mtime).")\n");
25 34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	928 delete($ignorelist{$mip});
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	929 }
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	930 }
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	931 }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	932 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	933
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	934 ### Update one entry data
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	935 sub update_date($$)
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	936 {
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	937 if (!defined($_[0]->{"date1"}) \|\| ($_[1] > 0 && $_[0]->{"date1"} < 0)) {
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	938 $_[0]->{"date1"} = $_[1];
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	939 }
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	940 if (!defined($_[0]->{"date2"}) \|\| $_[1] > $_[0]->{"date2"}) {
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	941 $_[0]->{"date2"} = $_[1];
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	942 }
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	943 }
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	944
53 dc072a56f343 Don't add hits when updating entries from netfilter. Matti Hamalainen <ccr@tnsp.org> parents: 52 diff changeset	945 sub update_entry($$$$$$)
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	946 {
53 dc072a56f343 Don't add hits when updating entries from netfilter. Matti Hamalainen <ccr@tnsp.org> parents: 52 diff changeset	947 my ($struct, $mip, $mdate, $mclass, $mreason, $addhits) = @_;
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	948
69 b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	949 return if check_hosts_array(\@noaction_ips, $mip);
b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	950
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	951 $struct->{$mip} = {} unless defined($struct->{$mip});
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	952 my $entry = $struct->{$mip};
62 924720517cf9 Fix initialization of hash structure part, this fixes resetting of class hits to 1. Matti Hamalainen <ccr@tnsp.org> parents: 60 diff changeset	953 $entry->{"reason"}{$mclass} = {} unless defined($entry->{"reason"}{$mclass});
924720517cf9 Fix initialization of hash structure part, this fixes resetting of class hits to 1. Matti Hamalainen <ccr@tnsp.org> parents: 60 diff changeset	954 my $reason = $entry->{"reason"}{$mclass};
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	955
70 adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	956 $entry->{"dronebl"} = 0 unless defined($entry->{"dronebl"});
adb4795f451e Finished DroneBL support (hopefully). Matti Hamalainen <ccr@tnsp.org> parents: 69 diff changeset	957
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	958 # Add hits only when requested
53 dc072a56f343 Don't add hits when updating entries from netfilter. Matti Hamalainen <ccr@tnsp.org> parents: 52 diff changeset	959 if ($addhits) {
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	960 $entry->{"hits"}++;
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	961 $reason->{"hits"}++;
53 dc072a56f343 Don't add hits when updating entries from netfilter. Matti Hamalainen <ccr@tnsp.org> parents: 52 diff changeset	962 } else {
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	963 $entry->{"hits"} = 1 unless defined($entry->{"hits"});
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	964 $reason->{"hits"} = 1 unless defined($reason->{"hits"});
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	965 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	966
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	967 # Messages is an array in reportmode
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	968 if ($reportmode) {
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	969 push(@{$reason->{"msg"}}, $mreason);
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	970 } else {
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	971 $reason->{"msg"} = $mreason;
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	972 }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	973
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	974 # Update timestamps (generic and reason)
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	975 update_date($entry, $mdate);
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	976 update_date($reason, $mdate);
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	977
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	978 return $entry->{"hits"};
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	979 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	980
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	981 ### Check if given "try count" exceeds threshold and if entry
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	982 ### is NOT in Netfilter already, then add it if so.
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	983 sub check_add_hit($$$$$$)
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	984 {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	985 my $mip = $_[0];
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	986 my $mdate = str2time($_[1]);
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	987 my $mclass = $_[2];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	988 my $mreason = $_[3];
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	989 my $mtype = $_[4];
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	990 my $mcond = $_[5];
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	991 my $cnt;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	992
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	993 if (check_hosts_array(\@noaction_ips, $mip)) {
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	994 mlog(2, "Hit to NOACTION_IPS($mip): [$mclass] $mreason\n");
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	995 return;
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	996 }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	997
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	998 # If condition is true, we add to regular statlist
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	999 if ($mcond) {
53 dc072a56f343 Don't add hits when updating entries from netfilter. Matti Hamalainen <ccr@tnsp.org> parents: 52 diff changeset	1000 $cnt = update_entry(\%statlist, $mip, $mdate, $mclass, $mreason, 1);
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	1001 } else {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	1002 # This is an ignored hit (for disabled test), add to ignorelist
53 dc072a56f343 Don't add hits when updating entries from netfilter. Matti Hamalainen <ccr@tnsp.org> parents: 52 diff changeset	1003 update_entry(\%ignorelist, $mip, $mdate, $mclass, $mreason, 1);
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	1004 return;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	1005 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	1006
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	1007 # Check if we have exceeded threshold etc.
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1008 if ($settings{"FILTER"} > 0 && $cnt >= $settings{"FILTER_THRESHOLD"} && check_time1($mdate)) {
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1009 # Add to filterlist, unless already there.
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1010 if (!defined($filterlist{$mip})) {
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1011 mlog(1, "* Adding $mip \@ ".get_time_str($mdate).": [$mclass] $mreason\n");
93 55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	1012 exec_iptables("-t", $settings{"FILTER_TABLE"}, "-I", $settings{"FILTER_CHAIN"}, "1", "-s", $mip, "-j", $settings{"FILTER_TARGET"});
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1013 }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	1014 # Update date of last hit
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1015 $filterlist{$mip} = $mdate;
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1016 }
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	1017
d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	1018 # Separate check for DroneBL
69 b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	1019 if ($mtype > 0 && $cnt >= $settings{"DRONEBL_THRESHOLD"} && check_time3($mdate)) {
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1020 dronebl_queue($mip, $mdate, $mtype);
65 d2e2b82dd2f2 Work on DroneBL support. Matti Hamalainen <ccr@tnsp.org> parents: 63 diff changeset	1021 }
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1022 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1023
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1024
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1025 #############################################################################
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	1026 ### Main helper functions
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1027 #############################################################################
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1028 ### Print log entry
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1029 sub mlog($$)
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1030 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1031 my $level = shift;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1032 my $msg = shift;
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	1033 if ($LOGFILE) {
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	1034 print $LOGFILE "[".get_time_str(time())."] ".$msg if ($settings{"VERBOSITY"} > $level);
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1035 } elsif ($settings{"DRY_RUN"}) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1036 print STDERR $msg if ($settings{"VERBOSITY"} > $level);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1037 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1038 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1039
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	1040 ### Like Perl's die(), but also print a logfile entry.
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1041 sub mdie($)
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1042 {
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1043 mlog(-1, $_[0]) if ($LOGFILE);
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1044 die($_[0]);
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1045 }
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1046
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1047 ### Initialize
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	1048 sub malt_init
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	1049 {
57 a70493b6c916 Clear %statlist and %ignorelist when re-initializing (due to HUP), so we don't count stats twice. Matti Hamalainen <ccr@tnsp.org> parents: 55 diff changeset	1050 %statlist = ();
a70493b6c916 Clear %statlist and %ignorelist when re-initializing (due to HUP), so we don't count stats twice. Matti Hamalainen <ccr@tnsp.org> parents: 55 diff changeset	1051 undef(%statlist);
a70493b6c916 Clear %statlist and %ignorelist when re-initializing (due to HUP), so we don't count stats twice. Matti Hamalainen <ccr@tnsp.org> parents: 55 diff changeset	1052 %ignorelist = ();
a70493b6c916 Clear %statlist and %ignorelist when re-initializing (due to HUP), so we don't count stats twice. Matti Hamalainen <ccr@tnsp.org> parents: 55 diff changeset	1053 undef(%ignorelist);
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1054 update_filterlist(-1);
57 a70493b6c916 Clear %statlist and %ignorelist when re-initializing (due to HUP), so we don't count stats twice. Matti Hamalainen <ccr@tnsp.org> parents: 55 diff changeset	1055
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1056 foreach my $filename (@scanfiles_once) {
58 a780a23e19a8 Change parsing status log messages. Matti Hamalainen <ccr@tnsp.org> parents: 57 diff changeset	1057 mlog(0, "Parsing [ONCE] ".$filename." ...\n");
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1058 if (open(INFILE, "<", $filename)) {
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1059 while (<INFILE>) {
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1060 chomp;
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1061 check_log_line($_);
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1062 }
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1063 } else {
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1064 mlog(-1, "Could not open '".$filename."', skipping now.\n");
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1065 }
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1066 close(INFILE);
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1067 }
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1068
3 368182409eac More variable cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 2 diff changeset	1069 foreach my $filename (@scanfiles) {
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1070 local *INFILE;
58 a780a23e19a8 Change parsing status log messages. Matti Hamalainen <ccr@tnsp.org> parents: 57 diff changeset	1071 mlog(0, "Initial parsing ".$filename." ...\n");
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1072 if (open(INFILE, "<", $filename)) {
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1073 $filehandles{$filename} = *INFILE;
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1074 while (<INFILE>) {
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1075 chomp;
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1076 check_log_line($_);
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1077 }
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1078 } else {
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1079 mlog(-1, "Could not open '".$filename."', skipping now.\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1080 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1081 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1082 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1083
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1084 ### Quick cleanup (not complete shutdown)
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	1085 sub malt_cleanup
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	1086 {
3 368182409eac More variable cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 2 diff changeset	1087 foreach my $filename (keys %filehandles) {
368182409eac More variable cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 2 diff changeset	1088 close($filehandles{$filename});
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1089 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1090 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1091
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	1092 sub malt_finish
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	1093 {
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1094 # Unlink pid-file
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1095 if ($pid_file ne "" && -e $pid_file) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1096 unlink $pid_file;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1097 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1098 # Close logfile
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1099 close($LOGFILE) if (defined($LOGFILE));
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1100 undef($LOGFILE);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1101 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1102
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	1103 ### Signal handlers
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	1104 sub malt_int
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	1105 {
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1106 mlog(-1, "\nCaught Interrupt (^C), aborting.\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1107 malt_cleanup();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1108 malt_finish();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1109 exit(1);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1110 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1111
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	1112 sub malt_term
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	1113 {
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	1114 mlog(-1, "Received TERM, quitting.\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1115 malt_cleanup();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1116 malt_finish();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1117 exit(1);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1118 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1119
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	1120 sub malt_hup
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	1121 {
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1122 mlog(-1, "Received HUP, reinitializing.\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1123 malt_cleanup();
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1124 malt_configure();
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1125 malt_init();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1126 mlog(-1, "Reinitialization finished, resuming scanning.\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1127 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1128
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1129 sub malt_maintenance
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1130 {
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1131 update_filterlist(time());
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1132 weed_entries();
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1133 generate_status($settings{"STATUS_FILE_PLAIN"}, 0);
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1134 generate_status($settings{"STATUS_FILE_HTML"}, 1);
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1135 evidence_gather();
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1136 dronebl_process();
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1137 }
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1138
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1139 ### Main scanning function
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	1140 sub malt_scan
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	1141 {
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1142 mlog(1, "Entering main scanning loop.\n");
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1143 my $counter = -1;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1144 while (1) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1145 my %filepos = ();
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1146 foreach my $filename (keys %filehandles) {
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1147 for ($filepos{$filename} = tell($filehandles{$filename});
79 9095db0fad8f v0.18.0: Bunch of bugfixes; logfile trailing/scanning speed improved; memory Matti Hamalainen <ccr@tnsp.org> parents: 76 diff changeset	1148 $_ = readline($filehandles{$filename});
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1149 $filepos{$filename} = tell($filehandles{$filename})) {
79 9095db0fad8f v0.18.0: Bunch of bugfixes; logfile trailing/scanning speed improved; memory Matti Hamalainen <ccr@tnsp.org> parents: 76 diff changeset	1150 chomp($_);
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1151 check_log_line($_);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1152 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1153 }
79 9095db0fad8f v0.18.0: Bunch of bugfixes; logfile trailing/scanning speed improved; memory Matti Hamalainen <ccr@tnsp.org> parents: 76 diff changeset	1154 sleep(1);
9095db0fad8f v0.18.0: Bunch of bugfixes; logfile trailing/scanning speed improved; memory Matti Hamalainen <ccr@tnsp.org> parents: 76 diff changeset	1155 foreach my $filename (keys %filehandles) {
9095db0fad8f v0.18.0: Bunch of bugfixes; logfile trailing/scanning speed improved; memory Matti Hamalainen <ccr@tnsp.org> parents: 76 diff changeset	1156 seek($filehandles{$filename}, $filepos{$filename}, 0);
9095db0fad8f v0.18.0: Bunch of bugfixes; logfile trailing/scanning speed improved; memory Matti Hamalainen <ccr@tnsp.org> parents: 76 diff changeset	1157 }
83 532169789f52 Add automatic temporary suspension of DroneBL submissions if enough HTTP Matti Hamalainen <ccr@tnsp.org> parents: 80 diff changeset	1158 if ($counter < 0 \|\| $counter >= 60) {
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1159 # Every once in a while, execute maintenance functions
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1160 $counter = 0;
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1161 malt_maintenance();
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1162 }
80 4e3f87470426 Only execute maintenance procedures every 5 minutes or so. Matti Hamalainen <ccr@tnsp.org> parents: 79 diff changeset	1163 $counter++;
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1164 }
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1165 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1166
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	1167 ### Read one configuration file
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1168 sub malt_read_config($)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1169 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1170 my $filename = $_[0];
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1171 my $errors = 0;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1172 my $line = 0;
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1173
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1174 open(CONFFILE, "<", $filename) or mdie("Could not open configuration '".$filename."'!\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1175 while (<CONFFILE>) {
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1176 $line++;
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1177 chomp;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1178 if (/(^\s#\|^\s$)/) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1179 # Ignore comments and empty lines
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1180 } elsif (/^\s\"?([a-zA-Z0-9_]+)\"?\s=>?\s(\d+),?\s$/) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1181 my $key = uc($1);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1182 my $value = $2;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1183 if (defined($settings{$key})) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1184 $settings{$key} = $value;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1185 } else {
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1186 mlog(-1, "[$filename:$line] Unknown setting '$key' = $value\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1187 $errors = 1;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1188 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1189 } elsif (/^\s\"?([a-zA-Z0-9_]+)\"?\s=>?\s\"(.?)\",?\s*$/) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1190 my $key = uc($1);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1191 my $value = $2;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1192 if ($key eq "SCANFILE") {
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1193 push(@scanfiles, $value);
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1194 } elsif ($key eq "SCANFILE_ONCE") {
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1195 push(@scanfiles_once, $value);
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1196 } elsif ($key eq "NOACTION_IPS") {
69 b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	1197 push(@noaction_ips, $value);
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1198 } elsif (defined($settings{$key})) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1199 $settings{$key} = $value;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1200 } else {
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1201 mlog(-1, "[$filename:$line] Unknown setting '$key' = '$value'\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1202 $errors = 1;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1203 }
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	1204 # Force dry run mode if we are reporting only
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	1205 if ($reportmode) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	1206 $settings{"DRY_RUN"} = 1;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	1207 }
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1208 } else {
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1209 mlog(-1, "[$filename:$line] Syntax error: $_\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1210 $errors = 1;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1211 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1212 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1213 close(CONFFILE);
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1214 return $errors;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1215 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1216
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1217 ### Read all configuration files
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1218 sub malt_configure
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1219 {
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1220 # Let user define his/her own logfiles to scan
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1221 @scanfiles = ();
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1222 undef(@scanfiles);
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1223
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1224 @scanfiles_once = ();
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1225 undef(@scanfiles_once);
69 b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	1226
b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	1227 @noaction_ips = ();
b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	1228 undef(@noaction_ips);
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1229
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1230 foreach my $filename (@configfiles) {
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1231 mdie("Errors in configuration file '$filename', bailing out.\n")
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1232 unless (malt_read_config($filename) == 0);
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1233 }
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	1234
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1235 # Clean up certain arrays duplicate entries
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1236 my %saw = ();
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1237 @scanfiles = grep(!$saw{$_}++, @scanfiles);
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1238
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1239 %saw = ();
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1240 @scanfiles_once = grep(!$saw{$_}++, @scanfiles_once);
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1241
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1242 %saw = ();
69 b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	1243 push(@noaction_ips, @noaction_ips_def);
b090ddfccdab Cleanups. Improve IP/host definitions. Matti Hamalainen <ccr@tnsp.org> parents: 68 diff changeset	1244 @noaction_ips = grep(!$saw{$_}++, @noaction_ips);
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1245 undef(%saw);
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1246
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1247 mlog(-1, "Not acting on IPs: ".join(", ", @noaction_ips)."\n");
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1248
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1249 # Check if we have anything to do
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1250 if ($reportmode) {
100 075b2b626d17 Fix check for number of SCANFILEs and SCANFILE_ONCEs. Matti Hamalainen <ccr@tnsp.org> parents: 97 diff changeset	1251 mdie("Nothing to do, no SCANFILE(s) or SCANFILE_ONCE(s) defined in configuration.\n") unless (scalar @scanfiles > 0 \|\| scalar @scanfiles_once > 0);
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1252 } else {
100 075b2b626d17 Fix check for number of SCANFILEs and SCANFILE_ONCEs. Matti Hamalainen <ccr@tnsp.org> parents: 97 diff changeset	1253 mdie("Nothing to do, no SCANFILE(s) defined in configuration.\n") unless (scalar @scanfiles > 0);
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1254 }
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1255
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1256 # General settings
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1257 my $val = $settings{"STATS_MAX_AGE"};
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1258 mdie("Invalid STATS_MAX_AGE value $val, must be > 0.\n") unless ($val > 0);
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1259
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1260 # Filtering
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1261 if ($settings{"FILTER"} > 0) {
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1262 $val = $settings{"FILTER_MAX_AGE"};
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1263 mdie("Invalid FILTER_MAX_AGE value $val, must be > 0.\n") unless ($val > 0);
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1264
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1265 $val = $settings{"FILTER_THRESHOLD"};
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1266 mdie("Invalid FILTER_THRESHOLD value $val, must be >= 0.\n") unless ($val >= 0);
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1267
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1268 $val = $settings{"IPTABLES"};
93 55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	1269 mdie("Iptables binary does not exist or is not executable: $val\n") unless (-e $val && -x $val);
55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	1270
55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	1271 $val = $settings{"FILTER_TARGET"};
55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	1272 mdie("Value of FILTER_TARGET must not be empty!\n") unless ($val ne "");
55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	1273
55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	1274 my $mtable = $settings{"FILTER_TABLE"};
55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	1275 mdie("Value of FILTER_TABLE should be one of ".join(", ", keys %filter_valid_tables).".\n")
55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	1276 unless defined($filter_valid_tables{$mtable});
55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	1277
55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	1278 $val = $settings{"FILTER_CHAIN"};
55670dabda5a Add support for FILTER_CHAIN and FILTER_TABLE settings. Matti Hamalainen <ccr@tnsp.org> parents: 88 diff changeset	1279 mdie("Value of FILTER_CHAIN must not be empty!\n") unless ($val ne "");
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1280 } else {
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1281 mlog(1, "Netfilter handling disabled.\n");
54 19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1282 }
19dace24ad46 Remove default scanfiles; Clean up update_entry() code; Add "SCANFILE_ONCE" Matti Hamalainen <ccr@tnsp.org> parents: 53 diff changeset	1283
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	1284 # Check evidence settings
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1285 if ($settings{"EVIDENCE"} > 0) {
60 38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	1286 my $base = $settings{"EVIDENCE_DIR"};
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	1287 mdie("Evidence directory (EVIDENCE_DIR) not set in configuration.\n") if ($base eq "");
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	1288 mdie("Evidence directory '$base' does not exist.\n") unless (-e $base);
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	1289 mdie("Path '$base' is not a directory.\n") unless (-d $base);
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	1290 mdie("Evidence directory '$base' is not writable by euid.\n") unless (-w $base);
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	1291 }
38885f5f34f6 Added evidence gathering functionality. Matti Hamalainen <ccr@tnsp.org> parents: 59 diff changeset	1292
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1293 # Sanitize DroneBL configuration
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1294 if ($settings{"DRONEBL"} > 0) {
86 4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	1295 mdie("DroneBL enabled, but DRONEBL_RPC_KEY not set.\n") unless ($settings{"DRONEBL_RPC_KEY"} ne "");
4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	1296
4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	1297 $val = $settings{"DRONEBL_MAX_AGE"};
4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	1298 mdie("Invalid DRONEBL_MAX_AGE value $val, must be > 10.\n") unless ($val > 10);
4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	1299
4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	1300 $val = $settings{"DRONEBL_THRESHOLD"};
4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	1301 mdie("Invalid DRONEBL_THRESHOLD value $val, must be >= 0.\n") unless ($val >= 0);
4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	1302
4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	1303 $val = $settings{"DRONEBL_MAX_ERRORS"};
4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	1304 mdie("Invalid DRONEBL_MAX_ERRORS value $val, must be >= 0.\n") unless ($val >= 0);
4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	1305
4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	1306 $val = $settings{"DRONEBL_SUSPEND"};
4362bf9e52e4 Add sanity checking of DroneBL configuration values; Misc. cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 83 diff changeset	1307 mdie("Invalid DRONEBL_SUSPEND value $val, must be >= 1.\n") unless ($val >= 1);
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1308 }
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1309
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1310 # Check system account / passwd settings
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	1311 mdie("SYSACCT_MIN_UID must be >= 1.\n") unless ($settings{"SYSACCT_MIN_UID"} >= 1);
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	1312 mdie("SYSACCT_MAX_UID must be >= SYSACCT_MIN_UID.\n") unless ($settings{"SYSACCT_MAX_UID"} >= $settings{"SYSACCT_MIN_UID"});
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	1313
44 471731c79bb3 Add configuration setting for PASSWD file. Matti Hamalainen <ccr@tnsp.org> parents: 40 diff changeset	1314 open(PASSWD, "<", $settings{"PASSWD"}) or mdie("Could not open '".$settings{"PASSWD"}."' for reading!\n");
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	1315 while (<PASSWD>) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	1316 my @fields = split(/\s:\s/);
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	1317 if ($fields[2] >= $settings{"SYSACCT_MIN_UID"} && $fields[2] <= $settings{"SYSACCT_MAX_UID"}) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	1318 $systemacct{$fields[0]} = $fields[2];
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	1319 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	1320 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	1321 close(PASSWD);
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1322 }
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1323
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1324 #############################################################################
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1325 ###
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1326 ### Main program
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1327 ###
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1328 #############################################################################
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1329 # Setup signal handlers
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1330 $SIG{'INT'} = 'malt_int';
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1331 $SIG{'TERM'} = 'malt_term';
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1332 $SIG{'HUP'} = 'malt_hup';
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1333
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1334 # Print banner and help if no arguments
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1335 my $argc = $#ARGV + 1;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1336 if ($argc < 1) {
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1337 print STDERR $progbanner.
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1338 "\n".
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1339 "Usage: maltfilter <pid filename> [config filename] [config filename...]\n".
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1340 " maltfilter -f [config filename] [config filename...]\n".
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1341 "-f turns on the full report mode.\n";
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1342 exit;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1343 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1344
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1345 # Test pid file existence unless report mode
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1346 $pid_file = shift;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1347 if ($pid_file eq "-f") {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1348 $reportmode = 1;
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1349 print STDERR $progbanner;
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1350 } else {
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1351 mdie("'$pid_file' already exists, not starting.\n".
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1352 "If the daemon is NOT running, remove the pid-file and re-start.\n")
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1353 if (-e $pid_file);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1354 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1355
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1356 # Read configuration files
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1357 while (defined(my $filename = shift)) {
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1358 push(@configfiles, $filename);
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1359 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1360
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1361 malt_configure();
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1362
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1363 # Open logfile
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1364 if ($settings{"DRY_RUN"}) {
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1365 print STDERR
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1366 "*********************************\n".
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1367 "* NOTICE! DRY-RUN MODE ENABLED! *\n".
42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1368 "*********************************\n";
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1369 } elsif ($settings{"LOGFILE"} ne "") {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1370 open($LOGFILE, ">>", $settings{"LOGFILE"}) or die("Could not open logfile '".$settings{"LOGFILE"}."' for writing!\n");
63 6917de5b91be Disable output buffering of logfile. Matti Hamalainen <ccr@tnsp.org> parents: 62 diff changeset	1371 select((select($LOGFILE), $\| = 1)[0]);
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1372 mlog(-1, "Log started\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1373 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1374
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1375 # Initialize
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1376 malt_init();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1377
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1378 # Fork to background, unless dry-running
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1379 if ($settings{"DRY_RUN"}) {
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	1380 if ($reportmode) {
66 42889eed0ce8 Lots of cleanups, etc. Documentation updates. Matti Hamalainen <ccr@tnsp.org> parents: 65 diff changeset	1381 malt_maintenance();
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	1382 malt_cleanup();
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	1383 } else {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	1384 malt_scan();
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	1385 malt_cleanup();
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	1386 }
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1387 } else {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1388 if (my $pid = fork) {
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	1389 open(PIDFILE, ">", $pid_file) or mdie("Could not open pid file '".$pid_file."' for writing!\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1390 print PIDFILE "$pid\n";
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1391 close(PIDFILE);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1392 } else {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1393 malt_scan();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1394 malt_cleanup();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1395 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1396 }

Mercurial > hg > maltfilter

annotate maltfilter @ 114:200aafa2e88d