maltfilter: maltfilter annotate

annotate maltfilter @ 16:87c0cdc048f5

Many changes and cleanups. Works again.

author	Matti Hamalainen <ccr@tnsp.org>
date	Sat, 15 Aug 2009 19:41:03 +0300
parents	b05d0f0ff106
children	fe220b5a975a

rev	line source
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1 #!/usr/bin/perl -w
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	2 #############################################################################
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	3 #
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	4 # Malicious Attack Livid Termination Filter daemon (maltfilter)
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	5 # Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org>
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	6 # (C) Copyright 2009 Tecnic Software productions (TNSP)
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	7 #
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	8 #############################################################################
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	9 use strict;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	10 use Date::Parse;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	11 use Net::IP;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	12
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	13 my $progversion = "0.9";
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	14 my $progbanner =
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	15 "Malicious Attack Livid Termination Filter daemon (maltfilter) v$progversion\n".
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	16 "Programmed by Matti 'ccr' Hamalainen <ccr\@tnsp.org>\n".
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	17 "(C) Copyright 2009 Tecnic Software productions (TNSP)\n";
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	18
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	19 #############################################################################
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	20 ### Settings / configuration
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	21 #############################################################################
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	22 my %settings = (
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	23 "VERBOSITY" => 3,
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	24 "DRY_RUN" => 1,
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	25 "WEEDPERIOD" => 150,
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	26 "TRESHOLD" => 3,
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	27 "ACTION" => "DROP",
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	28 "LOGFILE" => "",
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	29 "IPTABLES" => "/sbin/iptables",
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	30
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	31 "STATUS_FILE_PLAIN" => "",
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	32 "STATUS_FILE_HTML" => "",
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	33 "STATUS_FILE_CSS" => "",
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	34
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	35 "CHK_SSHD" => 1,
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	36 "CHK_KNOWN_CGI" => 1,
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	37 "CHK_PHP_XSS" => 1,
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	38 "CHK_PROXY_SCAN" => 1,
4 b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	39 "CHK_ROOT_SSH_PWD" => 0,
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	40 "CHK_GOOD_HOSTS" => "",
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	41 );
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	42
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	43 # Default logfiles to monitor (SCANFILES setting of configuration overrides these)
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	44 my @scanfiles_def = (
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	45 "/var/log/auth.log",
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	46 "/var/log/httpd/error.log",
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	47 "/var/log/httpd/access.log"
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	48 );
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	49
7 ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	50 my @noblock_ips_def = (
ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	51 "127.0.0.1",
ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	52 );
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	53
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	54 #############################################################################
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	55 ### Script code
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	56 #############################################################################
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	57 my $reportmode = 0; # Full report mode
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	58 my @scanfiles = (); # Files to scan
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	59 my @noblock_ips = (); # IPs not to block
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	60 my %filehandles = (); # Global hash holding opened scanned log filehandles
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	61 my $pid_file = ""; # Name of Maltfilter daemon pid file
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	62 my $LOGFILE; # Maltfilter logfile handle
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	63
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	64 # IPs currently blocked in Netfilter $blocklist{$ip} = date
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	65 my %blocklist = ();
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	66
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	67 # Gathered information about hosts
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	68 # $statlist{$ip}->
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	69 # "date1" = timestamp of first hit
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	70 # "date2" = timestamp of latest hit
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	71 # "hits" = number of hits to this IP
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	72 # $statlist{$ip}{"reason"}{$class}->
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	73 # "msg" = reason message (array if $reportmode)
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	74 # "hits" = hits to this class
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	75 # "date1" = timestamp of first hit
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	76 # "date2" = timestamp of latest hit
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	77 my %statlist = ();
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	78
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	79 # Gathered information about ignored hits (e.g. hits for tests that are not enabled)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	80 # Same fields as in %statlist
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	81 my %ignorelist = ();
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	82
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	83
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	84 ### Check given logfile line for matches
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	85 sub check_log_line($)
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	86 {
4 b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	87 # (1) SSHD scans
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	88 if (/^(\S+\s+\d+\s+\d\d:\d\d:\d\d)\s+\S+\s+sshd\S?: (.)/) {
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	89 my $mdate = $1;
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	90 my $merr = $2;
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	91
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	92 # (1.1) Generic login scan attempts
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	93 if ($merr =~ /^Failed password for invalid user \S+ from (\d+\.\d+\.\d+\.\d+)/) {
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	94 check_add_hit($1, $mdate, "SSH login scan", "", $settings{"CHK_SSHD"});
4 b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	95 }
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	96 # (1.2) Root SSH login password bruteforcing attempts
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	97 # NOTICE! Do not enable this setting, if you allow SSH root logins via
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	98 # password authentication! Mistyping password may get you blocked then. :)
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	99 elsif (/^Failed password for root from (\d+\.\d+\.\d+\.\d+)/) {
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	100 check_add_hit($1, $mdate, "Root SSH password bruteforce", "", $settings{"CHK_ROOT_SSH_PWD"});
4 b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	101 }
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	102 }
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	103 # (2) Common/known exploitable CGI/PHP software scans (like phpMyAdmin)
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	104 # NOTICE! This matches ERRORLOG, thus it only works if you DO NOT have
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	105 # any or some of these installed. Preferably none, or use uncommon
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	106 # paths and prefixes.
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	107 elsif (/^\[(.+?)\]\s+\[error\]\s+\[client\s+(\d+\.\d+\.\d+\.\d+)\]\s+(.+)$/) {
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	108 my $mdate = $1;
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	109 my $mip = $2;
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	110 my $merr = $3;
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	111 if ($merr =~ /^File does not exist: (.+)$/) {
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	112 my $tmp = $1;
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	113 if ($tmp =~ /\/mss2\|\/pma\|admin\|sql\|\/roundcube\|\/webmail\|\/bin\|\/mail\|xampp\|zen\|mailto:\|appserv\|cube\|round\|_vti_bin\|wiki/i) {
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	114 check_add_hit($mip, $mdate, "CGI vuln scan", $tmp, $settings{"CHK_KNOWN_CGI"});
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	115 }
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	116 }
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	117 }
4 b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	118 # (3) Match Apache common logging format GET requests here
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	119 elsif (/(\d+\.\d+\.\d+\.\d+)\s+-\s+-\s+\[(.+?)\]\s+\"GET (\S*?) HTTP\//) {
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	120 my $mdate = $2;
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	121 my $mip = $1;
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	122 my $merr = $3;
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	123
4 b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	124 # (3.1) Simple match for generic PHP XSS vulnerability scans
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	125 # NOTICE! If your site genuinely uses (checked) PHP parameters with
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	126 # URIs, you should set CHK_GOOD_HOSTS to match your hostname(s)/IP(s)
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	127 # used in the URIs.
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	128 if ($merr =~ /\.php\?\S*?=http:\/\/([^\/]+)/) {
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	129 if (!check_hosts($settings{"CHK_GOOD_HOSTS"}, $1)) {
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	130 check_add_hit($mip, $mdate, "PHP XSS", $merr, $settings{"CHK_PHP_XSS"});
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	131 }
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	132 }
4 b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	133 # (3.2) Try to match proxy scanning attempts
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	134 elsif ($merr =~ /^http:\/\/([^\/]+)/) {
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	135 if (!check_hosts($settings{"CHK_GOOD_HOSTS"}, $1)) {
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	136 check_add_hit($mip, $mdate, "Proxy scan", $merr, $settings{"CHK_PROXY_SCAN"});
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	137 }
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	138 }
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	139 }
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	140 }
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	141
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	142
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	143 #############################################################################
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	144 ### Status output functionality
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	145 #############################################################################
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	146 sub printH($$$$)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	147 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	148 my $fh = $_[1];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	149 if ($_[0]) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	150 print $fh "<h".$_[2].">".$_[3]."</h".$_[2].">\n";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	151 } else {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	152 my $c = ($_[2] <= 1) ? "=" : "-";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	153 print $fh $_[3]."\n". $c x length($_[3]) ."\n";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	154 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	155 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	156
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	157 sub printTD($$$)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	158 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	159 my $fh = $_[1];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	160 if ($_[0]) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	161 print $fh "<td>".$_[2]."</td>";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	162 } else {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	163 print $fh $_[2];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	164 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	165 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	166
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	167 sub printP($$$)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	168 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	169 my $fh = $_[1];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	170 if ($_[0]) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	171 print $fh "<p>\n".$_[2]."</p>\n";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	172 } else {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	173 print $fh $_[2]."\n";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	174 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	175 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	176
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	177 sub printElem
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	178 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	179 my $fh = $_[1];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	180 if ($_[0]) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	181 print $fh $_[2];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	182 } elsif (defined($_[3])) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	183 print $fh $_[3];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	184 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	185 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	186
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	187 sub bb($)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	188 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	189 return $_[0] ? "<b>" : "";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	190 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	191
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	192
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	193 sub eb($)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	194 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	195 return $_[0] ? "</b>" : "";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	196 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	197
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	198 sub pe($$)
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	199 {
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	200 return $_[0] ? "<$_[1]>" : "";
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	201 }
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	202
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	203 sub getLink($$)
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	204 {
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	205 return $_[0] ? "<a href=\"http://whois.domaintools.com/$_[1]\">$_[1]</a>" : $_[1];
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	206 }
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	207
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	208 sub printTable1($$$$$)
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	209 {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	210 my ($m, $f, $table, $keys, $func) = @_;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	211 my $ntotal = 0;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	212
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	213 printElem($m, $f,
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	214 "<table class=\"detailed\">\n<tr>".
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	215 "<th>Hits</th><th>IP-address</th><th>First hit</th><th>Latest hit</th><th>Reason(s)</th>".
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	216 "</tr>\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	217
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	218 foreach my $mip (sort { $func->($table, $a, $b) } keys %{$keys}) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	219 printElem($m, $f, " <tr>");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	220 printTD($m, $f, sprintf("%-10d", $table->{$mip}{"hits"}));
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	221 printTD($m, $f, sprintf("%-15s", getLink($m, $mip)));
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	222 printElem(!$m, $f, " : ");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	223 printTD($m, $f, scalar localtime($table->{$mip}{"date1"}));
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	224 printElem(!$m, $f, " : ");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	225 printTD($m, $f, scalar localtime($table->{$mip}{"date2"}));
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	226 printElem(!$m, $f, " : ");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	227 my @reasons = ();
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	228 foreach my $class (sort keys %{$table->{$mip}{"reason"}}) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	229 my $msgs;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	230 if ($reportmode) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	231 my @tmp = @{$table->{$mip}{"reason"}{$class}{"msg"}};
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	232 if ($#tmp > 5) { $#tmp = 5; }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	233 $msgs = join(" ".bb($m)."\|".eb($m)." ", @tmp);
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	234 } else {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	235 $msgs = $table->{$mip}{"reason"}{$class}{"msg"};
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	236 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	237 push(@reasons, bb($m).$class.eb($m)." #".$table->{$mip}{"reason"}{$class}{"hits"}." ( ".$msgs." )");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	238 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	239 printTD($m, $f, join(", ", @reasons));
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	240 printElem($m, $f, "</tr>", "\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	241 $ntotal++;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	242 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	243 printElem($m, $f, "</table>\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	244 printP($m, $f, bb($m).$ntotal.eb($m)." entries total.\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	245 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	246
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	247 sub printTable2($$$$$)
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	248 {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	249 my ($m, $f, $table, $keys, $func) = @_;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	250 my $nhits = 0;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	251 my $str = "<th>IP-address</th><th>Hits</th><th>Latest hit</th><th>Class(es)</th>";
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	252
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	253 printElem($m, $f, "<table class=\"summary\">\n<tr>". $str."<th> </th>".$str ."</tr>\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	254
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	255 my $printEntry = sub {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	256 printTD($m, $f, sprintf("%-15s", getLink($m, $_[0])));
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	257 printElem(!$m, $f, " : ");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	258 printTD($m, $f, sprintf("%-8d ", $table->{$_[0]}{"hits"}));
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	259 printElem(!$m, $f, " : ");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	260 printTD($m, $f, scalar localtime($table->{$_[0]}{"date2"}));
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	261 printElem(!$m, $f, " : ");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	262 my $tmp = join(", ", sort keys %{$table->{$_[0]}{"reason"}});
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	263 printTD($m, $f, sprintf("%-30s", $tmp));
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	264 $nhits += $table->{$_[0]}{"hits"};
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	265 };
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	266
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	267 my @mkeys = sort { $func->($table, $a, $b) } keys %{$keys};
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	268 my $nkeys = scalar @mkeys;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	269 my $kmax = $nkeys / 2;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	270 for (my $i = 0; $i <= $kmax; $i++) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	271 printElem($m, $f, " <tr>");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	272 if ($i < $kmax) { $printEntry->($mkeys[$i]); }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	273 printElem($m, $f, "<th> </th>", " \|\| ");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	274 if ($i + $kmax + 1 < $nkeys) { $printEntry->($mkeys[$i + $kmax + 1]); }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	275 printElem($m, $f, "</tr>\n", "\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	276 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	277
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	278 printElem($m, $f, "</table>\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	279 printP($m, $f, bb($m).$nkeys.eb($m)." entries total, ".bb($m).$nhits.eb($m)." hits total.\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	280 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	281
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	282 sub cmp_ips($$$)
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	283 {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	284 my @ipa = split(/\./, $_[1]);
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	285 my @ipb = split(/\./, $_[2]);
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	286 for (my $i = 0; $i < 4; $i++) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	287 return -1 if ($ipa[$i] > $ipb[$i]);
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	288 return 1 if ($ipa[$i] < $ipb[$i]);
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	289 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	290 return 0;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	291 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	292
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	293 sub cmp_hits($$$)
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	294 {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	295 return $_[0]->{$_[2]}{"hits"} <=> $_[0]->{$_[1]}{"hits"};
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	296 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	297
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	298
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	299 ###
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	300 ###
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	301 ###
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	302 sub generate_status($$)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	303 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	304 my $filename = shift;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	305 my $m = shift;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	306
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	307 return unless ($filename ne "");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	308
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	309 open(STATUS, ">", $filename) or die("Could not open '".$filename."'!\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	310 my $f = \*STATUS;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	311 my $mtime = scalar localtime();
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	312
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	313 printElem($m, $f, "
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	314 <html>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	315 <head>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	316 <title>Maltfilter status report</title>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	317 ");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	318
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	319 printElem($m, $f, "<link href=\"".$settings{"STATUS_FILE_CSS"}."\" rel=\"stylesheet\" type=\"text/css\" />")
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	320 if ($settings{"STATUS_FILE_CSS"});
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	321
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	322 printElem($m, $f, "
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	323 </head>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	324 <body>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	325 ");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	326
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	327 printH($m, $f, 1, "Maltfilter v$progversion status report");
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	328 my $val = $settings{"WEEDPERIOD"};
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	329 my $period;
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	330
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	331 if ($val > 30 * 24) {
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	332 $period = sprintf("%1.1f months", $val / (30.0 * 24.0));
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	333 } elsif ($val > 24 * 7) {
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	334 $period = sprintf("%1.1f weeks", $val / 24);
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	335 } elsif ($val > 24) {
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	336 $period = sprintf("%d days", $val / 24);
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	337 } else {
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	338 $period = sprintf("%d hours", $val);
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	339 }
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	340
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	341 printP($m, $f,
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	342 "Generated ".bb($m).$mtime.eb($m).". Data computed from ".
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	343 ($reportmode ? "complete logfile scan" : "a period of last $period").".\n");
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	344
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	345 printH($m, $f, 2, "Currently blocked entries");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	346 printP($m, $f, "List of IPs that are currently blocked (or would be, if this is a report-only mode).");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	347 printTable1($m, $f, \%statlist, \%blocklist, \&cmp_hits);
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	348
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	349 printH($m, $f, 2, "Summary of non-ignored entries");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	350 printP($m, $f, "List of 'hits' of suspicious activity noticed by Maltfilter, but not necessarily acted upon.\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	351 printTable2($m, $f, \%statlist, \%statlist, \&cmp_ips);
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	352
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	353 printH($m, $f, 2, "Ignored entries");
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	354 printP($m, $f, "List of hits that were ignored (not acted upon), because the test was disabled.\n");
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	355 printTable1($m, $f, \%ignorelist, \%ignorelist, \&cmp_hits);
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	356
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	357 printElem($m, $f, "</body>\n</html>\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	358 close(STATUS);
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	359 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	360
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	361
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	362 #############################################################################
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	363 ### Entry management / handling functions
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	364 #############################################################################
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	365 ### Check if given IP or host exists in array
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	366 sub check_hosts_array($$)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	367 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	368 my $chk_host = $_[1];
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	369 my $chk_ip = new Net::IP($chk_host);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	370 foreach my $host (@{$_[0]}) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	371 if ($chk_host eq $host) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	372 return 1;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	373 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	374 my $ip = new Net::IP($host);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	375 if (defined($chk_ip) && defined($ip)) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	376 if ($chk_ip->binip() eq $ip->binip()) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	377 return 1;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	378 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	379 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	380 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	381 return 0;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	382 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	383
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	384 ### Check IP/host against \| separated list of IPs/hosts
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	385 sub check_hosts($$)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	386 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	387 my @tmp = split(/\s\\|\s/, $_[0]);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	388 return check_hosts_array(\@tmp, $_[1]);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	389 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	390
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	391 ### Execute iptables
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	392 sub exec_iptables(@)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	393 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	394 my @args = ($settings{"IPTABLES"}, @_);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	395 if ($settings{"DRY_RUN"}) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	396 mlog(3, ":: ".join(" ", @args)."\n");
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	397 } else {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	398 system(@args) == 0 or print join(" ", @args)." failed: $?\n";
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	399 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	400 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	401
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	402 ### Get current Netfilter INPUT table entries that match
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	403 ### entry types we manage, e.g. blocklist
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	404 sub update_blocklist($)
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	405 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	406 my $mdate = $_[0];
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	407 open(STATUS, $settings{"IPTABLES"}." -v -n -L INPUT \|") or
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	408 die("Could not execute ".$settings{"IPTABLES"}."\n");
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	409 %blocklist = ();
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	410 undef(%blocklist);
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	411 while (<STATUS>) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	412 chomp;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	413 if (/^\s(\d+)\s+\d+\s+$settings{"ACTION"}\s+all\s+--\s+\\s+\\s+(\d+\.\d+\.\d+\.\d+)\s+0\.0\.0\.0\/0\s$/) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	414 my $mip = $2;
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	415 if (!defined($blocklist{$mip}) && $mdate > 0) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	416 mlog(2, "* $mip appeared in iptables.");
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	417 }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	418 $blocklist{$2} = $mdate;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	419 update_entry(\%statlist, $mip, $mdate, "?", "From iptables.");
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	420 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	421 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	422 close(STATUS);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	423 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	424
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	425 ### Check if given timestamp is _newer_ than weedperiod threshold.
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	426 ### Returns false if timestamp is over weed period, e.g. needs weeding.
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	427 sub check_time($)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	428 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	429 return ($_[0] >= time() - ($settings{"WEEDPERIOD"} * 60 * 60));
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	430 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	431
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	432 ### Weed out old entries
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	433 sub weed_do($)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	434 {
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	435 my $mtime = $blocklist{$_[0]};
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	436 mlog(2, "* Weeding $_[0] (".($mtime >= 0 ? scalar localtime($mtime) : $mtime)."\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	437 exec_iptables("-D", "INPUT", "-s", $_[0], "-d", "0.0.0.0/0", "-j", $settings{"ACTION"});
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	438 delete($blocklist{$_[0]});
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	439 delete($statlist{$_[0]});
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	440 delete($ignorelist{$_[0]});
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	441 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	442
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	443 sub weed_entries()
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	444 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	445 # Don't weed in report mode.
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	446 # return if ($reportmode);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	447
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	448 my @mips = keys %blocklist;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	449 foreach my $mip (@mips) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	450 if (defined($blocklist{$mip})) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	451 if ($blocklist{$mip} >= 0) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	452 weed_do($mip) unless check_time($blocklist{$mip});
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	453 } else {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	454 weed_do($mip);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	455 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	456 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	457 }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	458 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	459
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	460 ### Update one entry of
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	461 sub update_entry($$$$$)
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	462 {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	463 my ($struct, $mip, $mdate, $mclass, $mreason) = @_;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	464
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	465 my $cnt = $struct->{$mip}{"hits"}++;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	466 $struct->{$mip}{"reason"}{$mclass}{"hits"}++;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	467
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	468 if ($reportmode) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	469 push(@{$struct->{$mip}{"reason"}{$mclass}{"msg"}}, $mreason);
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	470 } else {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	471 $struct->{$mip}{"reason"}{$mclass}{"msg"} = $mreason;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	472 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	473
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	474 if (!defined($struct->{$mip}{"date1"})) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	475 $struct->{$mip}{"date1"} = $mdate;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	476 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	477 $struct->{$mip}{"date2"} = $mdate;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	478
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	479 if (!defined($struct->{$mip}{"reason"}{$mclass}{"date2"})) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	480 $struct->{$mip}{"reason"}{$mclass}{"date2"} = $mdate;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	481 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	482 $struct->{$mip}{"reason"}{$mclass}{"date2"} = $mdate;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	483
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	484 return $cnt;
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	485 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	486
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	487 ### Check if given "try count" exceeds treshold and if entry
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	488 ### is NOT in Netfilter already, then add it if so.
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	489 sub check_add_hit($$$$$)
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	490 {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	491 my $mip = $_[0];
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	492 my $mdate = str2time($_[1]);
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	493 my $mclass = $_[2];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	494 my $mreason = $_[3];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	495 my $mcond = $_[4];
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	496 my $cnt;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	497
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	498 if (check_hosts_array(\@noblock_ips, $mip)) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	499 mlog(3, "Hit to NOBLOCK_IPS($mip): [$mclass] $mreason\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	500 return;
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	501 }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	502
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	503 # If condition is true, we add to regular statlist
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	504 if ($mcond) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	505 $cnt = update_entry(\%statlist, $mip, $mdate, $mclass, $mreason);
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	506 } else {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	507 # This is an ignored hit (for disabled test), add to ignorelist
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	508 update_entry(\%ignorelist, $mip, $mdate, $mclass, $mreason);
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	509 return;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	510 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	511
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	512 # Check if we have exceeded treshold etc.
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	513 if ($cnt >= $settings{"TRESHOLD"} && check_time($mdate)) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	514 # Add to blocklist, unless already there.
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	515 if (!defined($blocklist{$mip})) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	516 mlog(1, "* Adding $mip ($mdate): [$mclass] $mreason\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	517 exec_iptables("-I", "INPUT", "1", "-s", $mip, "-j", $settings{"ACTION"});
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	518 }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	519 # Update date of last hit
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	520 $blocklist{$mip} = $mdate;
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	521 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	522 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	523
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	524
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	525 #############################################################################
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	526 ### Main helper functions
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	527 #############################################################################
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	528 ### Print log entry
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	529 sub mlog
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	530 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	531 my $level = shift;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	532 my $msg = shift;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	533 if (defined($LOGFILE)) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	534 print $LOGFILE "[".scalar localtime()."] ".$msg if ($settings{"VERBOSITY"} > $level);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	535 } elsif ($settings{"DRY_RUN"}) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	536 print STDERR $msg if ($settings{"VERBOSITY"} > $level);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	537 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	538 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	539
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	540 ### Initialize
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	541 sub malt_init {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	542 mlog(0, "Updating initial blocklist from netfilter.\n");
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	543 update_blocklist(-1);
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	544
3 368182409eac More variable cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 2 diff changeset	545 foreach my $filename (@scanfiles) {
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	546 local *INFILE;
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	547 mlog(0, "Parsing ".$filename." ...\n");
3 368182409eac More variable cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 2 diff changeset	548 open(INFILE, "<", $filename) or die("Could not open '".$filename."'!\n");
368182409eac More variable cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 2 diff changeset	549 $filehandles{$filename} = *INFILE;
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	550 while (<INFILE>) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	551 chomp;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	552 check_log_line($_);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	553 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	554 }
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	555
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	556 mlog(0, "Weeding old entries.\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	557 weed_entries();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	558 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	559
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	560 ### Quick cleanup (not complete shutdown)
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	561 sub malt_cleanup {
3 368182409eac More variable cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 2 diff changeset	562 foreach my $filename (keys %filehandles) {
368182409eac More variable cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 2 diff changeset	563 close($filehandles{$filename});
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	564 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	565 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	566
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	567 sub malt_finish {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	568 # Unlink pid-file
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	569 if ($pid_file ne "" && -e $pid_file) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	570 unlink $pid_file;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	571 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	572 # Close logfile
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	573 close($LOGFILE) if (defined($LOGFILE));
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	574 undef($LOGFILE);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	575 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	576
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	577 ### Signal handlers
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	578 sub malt_int {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	579 mlog(-1, "\nCaught Interrupt (^C), aborting.\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	580 malt_cleanup();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	581 malt_finish();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	582 exit(1);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	583 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	584
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	585 sub malt_term {
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	586 mlog(-1, "Received TERM, quitting.\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	587 malt_cleanup();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	588 malt_finish();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	589 exit(1);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	590 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	591
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	592 sub malt_hup {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	593 mlog(-1, "Received HUP, reinitializing.\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	594 malt_cleanup();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	595 malt_init();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	596 mlog(-1, "Reinitialization finished, resuming scanning.\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	597 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	598
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	599 ### Main scanning function
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	600 sub malt_scan {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	601 mlog(1, "Entering main scanning loop.\n");
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	602 my $counter = -1;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	603 while (1) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	604 my %filepos = ();
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	605 foreach my $filename (keys %filehandles) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	606 for ($filepos{$filename} = tell($filehandles{$filename}); $_ = <$filehandles{$filename}>; $filepos{$filename} = tell($filehandles{$filename})) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	607 chomp;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	608 check_log_line($_);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	609 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	610 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	611 if ($counter < 0 \|\| $counter++ >= 30) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	612 # Every once in a while, update known IP list from iptables
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	613 # (in case entries have appeared there from "outside")
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	614 # and perform weeding of old entries.
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	615 $counter = 0;
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	616 update_blocklist(time());
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	617 weed_entries();
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	618 generate_status($settings{"STATUS_FILE_PLAIN"}, 0);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	619 generate_status($settings{"STATUS_FILE_HTML"}, 1);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	620 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	621 sleep(5);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	622 foreach my $filename (keys %filehandles) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	623 seek($filehandles{$filename}, $filepos{$filename}, 0);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	624 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	625 }
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	626 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	627
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	628 ### Read one configuration file
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	629 sub malt_read_config($)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	630 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	631 my $filename = $_[0];
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	632 my $errors = 0;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	633 my $line = 0;
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	634
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	635 open(CONFFILE, "<", $filename) or die("Could not open configuration '".$filename."'!\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	636 while (<CONFFILE>) {
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	637 $line++;
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	638 chomp;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	639 if (/(^\s#\|^\s$)/) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	640 # Ignore comments and empty lines
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	641 } elsif (/^\s\"?([a-zA-Z0-9_]+)\"?\s=>?\s(\d+),?\s$/) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	642 my $key = uc($1);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	643 my $value = $2;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	644 if (defined($settings{$key})) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	645 $settings{$key} = $value;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	646 } else {
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	647 print STDERR "[$filename:$line] Unknown setting '$key' = $value\n";
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	648 $errors = 1;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	649 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	650 } elsif (/^\s\"?([a-zA-Z0-9_]+)\"?\s=>?\s\"(.?)\",?\s*$/) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	651 my $key = uc($1);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	652 my $value = $2;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	653 if ($key eq "SCANFILE") {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	654 push(@scanfiles_def, $value);
8 29ddb6b9b521 Moar changes! Matti Hamalainen <ccr@tnsp.org> parents: 7 diff changeset	655 } elsif ($key eq "NOBLOCK_IPS") {
7 ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	656 push(@noblock_ips_def, $value);
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	657 } elsif (defined($settings{$key})) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	658 $settings{$key} = $value;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	659 } else {
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	660 print STDERR "[$filename:$line] Unknown setting '$key' = '$value'\n";
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	661 $errors = 1;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	662 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	663 } else {
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	664 print STDERR "[$filename:$line] Syntax error: $_\n";
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	665 $errors = 1;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	666 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	667 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	668 close(CONFFILE);
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	669 return $errors;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	670 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	671
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	672
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	673 #############################################################################
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	674 ###
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	675 ### Main program
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	676 ###
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	677 #############################################################################
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	678 # Setup signal handlers
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	679 $SIG{'INT'} = 'malt_int';
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	680 $SIG{'TERM'} = 'malt_term';
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	681 $SIG{'HUP'} = 'malt_hup';
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	682
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	683 # Print banner and help if no arguments
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	684 my $argc = $#ARGV + 1;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	685 if ($argc < 1) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	686 print $progbanner.
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	687 "\n".
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	688 "Usage: maltfilter <pid filename> [config filename] [config filename...]\n".
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	689 " maltfilter -f [config filename] [config filename...]\n".
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	690 "-f turns on the full report mode.\n";
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	691 exit;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	692 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	693
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	694 # Test pid file existence unless report mode
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	695 $pid_file = shift;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	696 if ($pid_file eq "-f") {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	697 $reportmode = 1;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	698 } else {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	699 die("'$pid_file' already exists, not starting.\n".
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	700 "If the daemon is NOT running, remove the pid-file and re-start.\n")
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	701 if (-e $pid_file);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	702 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	703
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	704 # Read configuration files
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	705 if (defined(my $filename = shift)) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	706 # Let user define his/her own logfiles to scan
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	707 @scanfiles_def = ();
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	708 undef(@scanfiles_def);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	709 die("Errors in configuration file '$filename', bailing out.\n")
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	710 unless (malt_read_config($filename) == 0);
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	711 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	712
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	713 # Force dry run mode if we are reporting only
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	714 if ($reportmode) {
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	715 $settings{"DRY_RUN"} = 1;
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	716 $settings{"VERBOSITY"} = 1;
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	717 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	718
7 ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	719 # Clean up certain arrays duplicate entries
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	720 my %saw = ();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	721 @scanfiles = grep(!$saw{$_}++, @scanfiles_def);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	722
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	723 %saw = ();
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	724 @noblock_ips = grep(!$saw{$_}++, @noblock_ips_def);
7 ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	725 undef(%saw);
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	726
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	727 # Open logfile
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	728 if ($settings{"DRY_RUN"}) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	729 print $progbanner.
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	730 "*********************************************\n".
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	731 "* NOTICE! DRY-RUN MODE ENABLED! No changes *\n".
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	732 "* will actually get committed to netfilter! *\n".
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	733 "*********************************************\n";
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	734 } elsif ($settings{"LOGFILE"} ne "") {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	735 open($LOGFILE, ">>", $settings{"LOGFILE"}) or die("Could not open logfile '".$settings{"LOGFILE"}."' for writing!\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	736 mlog(-1, "Log started\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	737 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	738
7 ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	739 # Test existence of iptables
ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	740 if (! -e $settings{"IPTABLES"} \|\| ! -x $settings{"IPTABLES"}) {
ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	741 my $msg = "iptables binary does not exist or is not executable: ".$settings{"IPTABLES"}."\n";
ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	742 mlog(-1, $msg);
ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	743 die($msg);
ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	744 }
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	745
8 29ddb6b9b521 Moar changes! Matti Hamalainen <ccr@tnsp.org> parents: 7 diff changeset	746 mlog(-1, "Not blocking following IPs: ".join(", ", @noblock_ips)."\n");
29ddb6b9b521 Moar changes! Matti Hamalainen <ccr@tnsp.org> parents: 7 diff changeset	747
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	748 # Initialize
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	749 malt_init();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	750
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	751 # Fork to background, unless dry-running
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	752 if ($settings{"DRY_RUN"}) {
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	753 if ($reportmode) {
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	754 mlog(-1, "Outputting report files.\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	755 generate_status($settings{"STATUS_FILE_PLAIN"}, 0);
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	756 generate_status($settings{"STATUS_FILE_HTML"}, 1);
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	757 malt_cleanup();
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	758 } else {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	759 malt_scan();
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	760 malt_cleanup();
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	761 }
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	762 } else {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	763 if (my $pid = fork) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	764 open(PIDFILE, ">", $pid_file) or die("Could not open pid file '".$pid_file."' for writing!\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	765 print PIDFILE "$pid\n";
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	766 close(PIDFILE);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	767 } else {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	768 malt_scan();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	769 malt_cleanup();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	770 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	771 }

Mercurial > hg > maltfilter

annotate maltfilter @ 16:87c0cdc048f5