maltfilter: maltfilter annotate

annotate maltfilter @ 15:b05d0f0ff106

Cleanups in progress, does not work.

author	Matti Hamalainen <ccr@tnsp.org>
date	Fri, 14 Aug 2009 19:12:14 +0300
parents	fc053b001027
children	87c0cdc048f5

rev	line source
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1 #!/usr/bin/perl -w
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	2 #############################################################################
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	3 #
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	4 # Malicious Attack Livid Termination Filter daemon (maltfilter)
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	5 # Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org>
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	6 # (C) Copyright 2009 Tecnic Software productions (TNSP)
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	7 #
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	8 #############################################################################
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	9 use strict;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	10 use Date::Parse;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	11 use Net::IP;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	12
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	13 my $progversion = "0.9";
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	14 my $progbanner =
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	15 "Malicious Attack Livid Termination Filter daemon (maltfilter) v$progversion\n".
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	16 "Programmed by Matti 'ccr' Hamalainen <ccr\@tnsp.org>\n".
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	17 "(C) Copyright 2009 Tecnic Software productions (TNSP)\n";
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	18
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	19 #############################################################################
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	20 ### Settings / configuration
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	21 #############################################################################
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	22 my %settings = (
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	23 "VERBOSITY" => 3,
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	24 "DRY_RUN" => 1,
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	25 "WEEDPERIOD" => 150,
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	26 "TRESHOLD" => 3,
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	27 "ACTION" => "DROP",
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	28 "LOGFILE" => "",
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	29 "IPTABLES" => "/sbin/iptables",
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	30
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	31 "STATUS_FILE_PLAIN" => "",
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	32 "STATUS_FILE_HTML" => "",
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	33 "STATUS_FILE_CSS" => "",
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	34
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	35 "CHK_SSHD" => 1,
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	36 "CHK_KNOWN_CGI" => 1,
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	37 "CHK_PHP_XSS" => 1,
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	38 "CHK_PROXY_SCAN" => 1,
4 b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	39 "CHK_ROOT_SSH_PWD" => 0,
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	40 "CHK_GOOD_HOSTS" => "",
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	41 );
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	42
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	43 # Default logfiles to monitor (SCANFILES setting of configuration overrides these)
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	44 my @scanfiles_def = (
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	45 "/var/log/auth.log",
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	46 "/var/log/httpd/error.log",
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	47 "/var/log/httpd/access.log"
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	48 );
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	49
7 ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	50 my @noblock_ips_def = (
ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	51 "127.0.0.1",
ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	52 );
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	53
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	54 #############################################################################
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	55 ### Script code
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	56 #############################################################################
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	57 my $reportmode = 0; # Full report mode
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	58 my @scanfiles = (); # Files to scan
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	59 my @noblock_ips = (); # IPs not to block
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	60 my %filehandles = (); # Global hash holding opened scanned log filehandles
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	61 my $pid_file = ""; # Name of Maltfilter daemon pid file
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	62 my $LOGFILE; # Maltfilter logfile handle
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	63
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	64 my %blocklist = (); # IPs currently blocked in Netfilter $blocklist{$ip} = date_blocked
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	65
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	66 # Gathered information about hosts
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	67 # $statlist{$ip}->
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	68 # "date" = latest change
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	69 # "hits" = number of hits
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	70 # "reason" = latest reason why added
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	71 # "reasons" = array of reasons (only set when $reportmode == 1)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	72 my %statlist = ();
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	73
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	74 # Gathered information about ignored hits (e.g. hits for tests that are not enabled)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	75 # Same fields as in %statlist
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	76 my %ignorelist = ();
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	77
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	78
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	79 ### Check given logfile line for matches
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	80 sub check_log_line($)
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	81 {
4 b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	82 # (1) SSHD scans
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	83 if (/^(\S+\s+\d+\s+\d\d:\d\d:\d\d)\s+\S+\s+sshd\S?: (.)/) {
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	84 my $mdate = $1;
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	85 my $merr = $2;
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	86
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	87 # (1.1) Generic login scan attempts
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	88 if ($merr =~ /^Failed password for invalid user \S+ from (\d+\.\d+\.\d+\.\d+)/) {
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	89 check_add_entry($1, $mdate, "SSH login scan", "", $settings{"CHK_SSHD"});
4 b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	90 }
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	91 # (1.2) Root SSH login password bruteforcing attempts
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	92 # NOTICE! Do not enable this setting, if you allow SSH root logins via
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	93 # password authentication! Mistyping password may get you blocked then. :)
b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	94 elsif (/^Failed password for root from (\d+\.\d+\.\d+\.\d+)/) {
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	95 check_add_entry($1, $mdate, "Root SSH password bruteforce", "", $settings{"CHK_ROOT_SSH_PWD"});
4 b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	96 }
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	97 }
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	98 # (2) Common/known exploitable CGI/PHP software scans (like phpMyAdmin)
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	99 # NOTICE! This matches ERRORLOG, thus it only works if you DO NOT have
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	100 # any or some of these installed. Preferably none, or use uncommon
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	101 # paths and prefixes.
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	102 elsif (/^\[(.+?)\]\s+\[error\]\s+\[client\s+(\d+\.\d+\.\d+\.\d+)\]\s+(.+)$/) {
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	103 my $mdate = $1;
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	104 my $mip = $2;
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	105 my $merr = $3;
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	106 if ($merr =~ /^File does not exist: (.+)$/) {
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	107 my $tmp = $1;
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	108 if ($tmp =~ /\/mss2\|\/pma\|admin\|sql\|\/roundcube\|\/webmail\|\/bin\|\/mail\|xampp\|zen\|mailto:\|appserv\|cube\|round\|_vti_bin\|wiki/i) {
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	109 check_add_entry($mip, $mdate, "CGI vuln scan", $tmp, $settings{"CHK_KNOWN_CGI"});
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	110 }
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	111 }
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	112 }
4 b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	113 # (3) Match Apache common logging format GET requests here
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	114 elsif (/(\d+\.\d+\.\d+\.\d+)\s+-\s+-\s+\[(.+?)\]\s+\"GET (\S*?) HTTP\//) {
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	115 my $mdate = $2;
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	116 my $mip = $1;
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	117 my $merr = $3;
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	118
4 b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	119 # (3.1) Simple match for generic PHP XSS vulnerability scans
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	120 # NOTICE! If your site genuinely uses (checked) PHP parameters with
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	121 # URIs, you should set CHK_GOOD_HOSTS to match your hostname(s)/IP(s)
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	122 # used in the URIs.
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	123 if ($merr =~ /\.php\?\S*?=http:\/\/([^\/]+)/) {
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	124 if (!check_hosts($settings{"CHK_GOOD_HOSTS"}, $1)) {
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	125 check_add_entry($mip, $mdate, "PHP XSS", $merr, $settings{"CHK_PHP_XSS"});
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	126 }
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	127 }
4 b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	128 # (3.2) Try to match proxy scanning attempts
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	129 elsif ($merr =~ /^http:\/\/([^\/]+)/) {
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	130 if (!check_hosts($settings{"CHK_GOOD_HOSTS"}, $1)) {
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	131 check_add_entry($mip, $mdate, "Proxy scan", $merr, $settings{"CHK_PROXY_SCAN"});
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	132 }
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	133 }
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	134 }
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	135 }
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	136
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	137
3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	138 #############################################################################
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	139 ### Status output functionality
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	140 #############################################################################
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	141 sub cmp_ips($$)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	142 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	143 my @ipa = split(/\./, $_[0]);
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	144 my @ipb = split(/\./, $_[1]);
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	145 for (my $i = 0; $i < 4; $i++) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	146 return -1 if ($ipa[$i] > $ipb[$i]);
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	147 return 1 if ($ipa[$i] < $ipb[$i]);
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	148 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	149 return 0;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	150 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	151
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	152 sub cmp_ip_hits($$$$)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	153 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	154 return -1 if ($_[2] > $_[3]);
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	155 return 1 if ($_[2] < $_[3]);
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	156 return cmp_ips($_[0], $_[1]);
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	157 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	158
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	159 sub printH($$$$)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	160 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	161 my $fh = $_[1];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	162 if ($_[0]) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	163 print $fh "<h".$_[2].">".$_[3]."</h".$_[2].">\n";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	164 } else {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	165 my $c = ($_[2] <= 1) ? "=" : "-";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	166 print $fh $_[3]."\n". $c x length($_[3]) ."\n";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	167 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	168 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	169
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	170 sub printTD($$$)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	171 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	172 my $fh = $_[1];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	173 if ($_[0]) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	174 print $fh "<td>".$_[2]."</td>";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	175 } else {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	176 print $fh $_[2];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	177 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	178 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	179
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	180 sub printP($$$)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	181 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	182 my $fh = $_[1];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	183 if ($_[0]) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	184 print $fh "<p>\n".$_[2]."</p>\n";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	185 } else {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	186 print $fh $_[2]."\n";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	187 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	188 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	189
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	190 sub printElem
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	191 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	192 my $fh = $_[1];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	193 if ($_[0]) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	194 print $fh $_[2];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	195 } elsif (defined($_[3])) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	196 print $fh $_[3];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	197 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	198 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	199
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	200 sub bb($)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	201 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	202 return $_[0] ? "<b>" : "";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	203 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	204
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	205
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	206 sub eb($)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	207 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	208 return $_[0] ? "</b>" : "";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	209 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	210
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	211 sub pe($$)
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	212 {
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	213 return $_[0] ? "<$_[1]>" : "";
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	214 }
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	215
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	216 sub getIP($$)
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	217 {
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	218 return $_[0] ? "<a href=\"http://whois.domaintools.com/$_[1]\">$_[1]</a>" : $_[1];
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	219 }
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	220
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	221 sub generate_status($$)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	222 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	223 my $filename = shift;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	224 my $m = shift;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	225
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	226 return unless ($filename ne "");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	227
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	228 open(STATUS, ">", $filename) or die("Could not open '".$filename."'!\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	229 my $f = \*STATUS;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	230 my $mtime = scalar localtime();
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	231
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	232 printElem($m, $f, "
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	233 <html>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	234 <head>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	235 <title>Maltfilter status report</title>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	236 ");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	237
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	238 printElem($m, $f, "<link href=\"".$settings{"STATUS_FILE_CSS"}."\" rel=\"stylesheet\" type=\"text/css\" />")
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	239 if ($settings{"STATUS_FILE_CSS"});
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	240
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	241 printElem($m, $f, "
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	242 </head>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	243 <body>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	244 ");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	245
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	246
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	247 printH($m, $f, 1, "Maltfilter v$progversion status report");
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	248 my $val = $settings{"WEEDPERIOD"};
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	249 my $period;
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	250
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	251 if ($val > 30 * 24) {
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	252 $period = sprintf("%1.1f months", $val / (30.0 * 24.0));
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	253 } elsif ($val > 24 * 7) {
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	254 $period = sprintf("%1.1f weeks", $val / 24);
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	255 } elsif ($val > 24) {
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	256 $period = sprintf("%d days", $val / 24);
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	257 } else {
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	258 $period = sprintf("%d hours", $val);
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	259 }
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	260
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	261 printP($m, $f,
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	262 "Generated ".bb($m).$mtime.eb($m).". Data computed from ".
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	263 ($reportmode ? "complete logfile scan" : "a period of last $period").".\n");
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	264
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	265 printH($m, $f, 2, $reportmode ? "Detailed report" : "Blocked entries");
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	266 printElem($m, $f, "<table>\n<tr>". "<th>Hits</th><th>IP-address</th><th>Date of last hit</th><th>Reason(s)</th>"."</tr>\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	267 my $nexcluded = 0;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	268 my $ntotal = 0;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	269 foreach my $mip (sort { $hitcount{$b} <=> $hitcount{$a} } keys %iplist) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	270 $nexcluded++ if check_hosts_array(\@noblock_ips, $mip);
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	271
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	272 printElem($m, $f, " <tr>");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	273 printTD($m, $f, sprintf("%-10d", $hitcount{$mip}));
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	274 printTD($m, $f, sprintf("%-15s", getIP($m, $mip)));
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	275 printElem(!$m, $f, " : ");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	276 printTD($m, $f, scalar localtime($iplist{$mip}));
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	277 my @s = ();
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	278 foreach my $cond (sort keys %{$reason{$mip}}) {
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	279 my $str;
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	280 if ($reportmode) {
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	281 my @tmp = reverse(@{$reason{$mip}{$cond}});
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	282 $#tmp = 5 if ($#tmp > 5);
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	283 $str = join(" \| ", @tmp);
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	284 } else {
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	285 $str = $reason{$mip}{$cond};
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	286 }
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	287 push(@s, bb($m).$cond.eb($m)." [".$reason_n{$mip}{$cond}." hits] (".$str.")");
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	288 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	289 printTD($m, $f, join(", ".($m ? "<br />" : ""), @s));
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	290 printElem($m, $f, "</tr>\n", "\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	291 $ntotal++;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	292 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	293 printElem($m, $f, "</table>\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	294 printP($m, $f, bb($m).$ntotal.eb($m)." entries listed, ".
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	295 bb($m).($ntotal - $nexcluded).eb($m)." blocked, ".bb($m).$nexcluded.eb($m).
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	296 " excluded (defined in NOBLOCK_IPS).\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	297
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	298
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	299 printH($m, $f, 2, "Overview of hits in general");
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	300 printP($m, $f, "List of 'hits' of suspicious activity noticed by Maltfilter, but not necessarily acted upon.\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	301
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	302 my $tmp = "<th>IP-address</th><th># of hits</th><th>Reasons</th>";
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	303 printElem($m, $f, "<table>\n<tr>". $tmp."<th> </th>".$tmp ."</tr>\n");
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	304 my $hits = 0;
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	305 my @keys = sort { cmp_ips($a, $b) } keys %hitcount;
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	306 my $nkeys = scalar @keys;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	307
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	308 my $printEntry = sub {
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	309 printTD($m, $f, sprintf("%-15s", getIP($m, $_[0])));
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	310 printElem(!$m, $f, " : ");
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	311 printTD($m, $f, sprintf("%-8d ", $hitcount{$_[0]}));
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	312 printElem(!$m, $f, " : ");
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	313 my $tmp = join(", ", sort keys %{$reason{$_[0]}});
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	314 printTD($m, $f, sprintf("%-30s", $tmp));
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	315 $hits += $hitcount{$_[0]};
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	316 };
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	317
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	318 my $kmax = $nkeys / 2;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	319 for (my $i = 0; $i <= $kmax; $i++) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	320 printElem($m, $f, " <tr>");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	321 if ($i < $kmax) {
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	322 &$printEntry($keys[$i]);
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	323 }
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	324 printElem($m, $f, "<th> </th>", " \|\| ");
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	325 if ($i + $kmax + 1 < $nkeys) {
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	326 &$printEntry($keys[$i + $kmax + 1]);
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	327 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	328 printElem($m, $f, "</tr>\n", "\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	329 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	330
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	331 printElem($m, $f, "</table>\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	332
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	333 printP($m, $f, bb($m).(scalar keys %hitcount).eb($m)." IPs total, ".bb($m).$hits.eb($m)." hits total.\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	334
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	335
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	336 printH($m, $f, 2, "Ignored hit types");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	337 printP($m, $f, "List of hits that were ignored (not acted upon), because the test was disabled.\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	338
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	339 printElem($m, $f, "<table>\n<tr><th>IP-address</th><th>Type (hits, last time of note)</th></tr>\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	340 foreach my $mip (sort { cmp_ips($a, $b) } keys %ignored) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	341 printElem($m, $f, "<tr>");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	342 printTD($m, $f, sprintf("%-15s", $mip));
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	343 printElem($m, $f, "<td>", " : ");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	344 foreach my $mcond (sort keys %{$ignored{$mip}}) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	345 my $s = $mcond." (".$hitcount{$mip}." hits, last ".scalar localtime($ignored_d{$mip}{$mcond}).")";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	346 unless ($ignored{$mip}{$mcond} eq "") { $s .= " for '".$ignored{$mip}{$mcond}."'"; }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	347 print $f $s;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	348 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	349 printElem($m, $f, "</td></tr>", "\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	350 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	351 printElem($m, $f, "</table>\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	352
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	353 printElem($m, $f, "</body>\n</html>\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	354 close(STATUS);
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	355 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	356
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	357
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	358 #############################################################################
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	359 ### Entry management / handling functions
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	360 #############################################################################
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	361 ### Host and IP matching functions
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	362 sub check_hosts_array($$)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	363 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	364 my $chk_host = $_[1];
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	365 my $chk_ip = new Net::IP($chk_host);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	366 foreach my $host (@{$_[0]}) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	367 if ($chk_host eq $host) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	368 return 1;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	369 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	370 my $ip = new Net::IP($host);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	371 if (defined($chk_ip) && defined($ip)) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	372 if ($chk_ip->binip() eq $ip->binip()) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	373 return 1;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	374 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	375 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	376 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	377 return 0;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	378 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	379
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	380 sub check_hosts($$)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	381 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	382 my @tmp = split(/\s\\|\s/, $_[0]);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	383 return check_hosts_array(\@tmp, $_[1]);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	384 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	385
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	386 ### Execute iptables
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	387 sub exec_iptables(@)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	388 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	389 my @args = ($settings{"IPTABLES"}, @_);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	390 if ($settings{"DRY_RUN"}) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	391 mlog(3, ":: ".join(" ", @args)."\n");
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	392 } else {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	393 system(@args) == 0 or print join(" ", @args)." failed: $?\n";
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	394 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	395 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	396
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	397 ### Get current Netfilter INPUT table entries we manage
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	398 sub update_iplist($)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	399 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	400 my $mdate = $_[0];
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	401 open(STATUS, $settings{"IPTABLES"}." -v -n -L INPUT \|") or
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	402 die("Could not execute ".$settings{"IPTABLES"}."\n");
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	403 while (<STATUS>) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	404 chomp;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	405 if (/^\s(\d+)\s+\d+\s+$settings{"ACTION"}\s+all\s+--\s+\\s+\\s+(\d+\.\d+\.\d+\.\d+)\s+0\.0\.0\.0\/0\s$/) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	406 my $mcount = $1;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	407 my $mip = $2;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	408 if (!defined($blocklist{$mip}) && $mdate >= 0) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	409 mlog(2, "* $mip appeared in iptables, adding.\n");
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	410 $hitcount{$mip} = $settings{"THRESHOLD"};
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	411 check_add_entry($mip, $mdate, "?", "added from iptables", 1);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	412 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	413 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	414 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	415 close(STATUS);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	416 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	417
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	418 ### Weed out old entries
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	419 sub check_time($)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	420 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	421 return ($_[0] >= time() - ($settings{"WEEDPERIOD"} * 60 * 60));
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	422 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	423
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	424 sub weed_do($)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	425 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	426 if (defined($blocklist{$_[0]})) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	427 mlog(2, "* Weeding $_[0] ($iplist{$_[0]})\n");
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	428 exec_iptables("-D", "INPUT", "-s", $_[0], "-d", "0.0.0.0/0", "-j", $settings{"ACTION"});
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	429 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	430 undef($reason{$_[0]});
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	431 undef($reason_n{$_[0]});
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	432 undef($ignored{$_[0]});
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	433 undef($ignored_d{$_[0]});
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	434 undef($iplist{$_[0]});
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	435 undef($blocklist{$_[0]});
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	436 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	437
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	438 sub weed_entries()
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	439 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	440 # Don't weed in report mode.
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	441 # return if ($reportmode);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	442
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	443 foreach my $mip (keys %iplist) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	444 if (defined($iplist{$mip})) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	445 if ($iplist{$mip} >= 0) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	446 if (!check_time($iplist{$mip})) { weed_do($mip); }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	447 } else {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	448 weed_do($mip);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	449 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	450 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	451 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	452 mlog(-1, "hmm\n");
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	453 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	454
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	455 ### Check if given "try count" exceeds treshold and if entry
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	456 ### is NOT in Netfilter already, then add it if so.
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	457 sub check_add_entry($$$$$)
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	458 {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	459 my $mip = $_[0];
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	460 my $mdate = str2time($_[1]);
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	461 my $mclass = $_[2];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	462 my $mreason = $_[3];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	463 my $mcond = $_[4];
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	464
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	465 my $cnt = $hitcount{$mip}++;
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	466 $reason_n{$mip}{$mclass}++;
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	467 if ($reportmode) {
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	468 push(@{$reason{$mip}{$mclass}}, $mreason);
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	469 } else {
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	470 $reason{$mip}{$mclass} = $mreason;
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	471 }
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	472 if ($reportmode \|\| ($cnt >= $settings{"TRESHOLD"} && check_time($mdate))) {
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	473 my $pat;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	474 if (!$mcond) {
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	475 $ignored{$mip}{$mclass} = $mreason;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	476 $ignored_d{$mip}{$mclass} = $mdate;
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	477 return;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	478 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	479 if (!defined($iplist{$mip})) {
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	480 if (!check_hosts_array(\@noblock_ips, $mip)) {
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	481 # Add entry that has >= treshold hits and is not added yet
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	482 mlog(1, "* Adding $mip ($mdate): $mreason\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	483 exec_iptables("-I", "INPUT", "1", "-s", $mip, "-j", $settings{"ACTION"});
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	484 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	485 $iplist{$mip} = $mdate;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	486 } else {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	487 # Over treshold, but is added, check if we can update the timedate
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	488 if ($mdate > $iplist{$mip}) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	489 $iplist{$mip} = $mdate;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	490 }
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	491 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	492 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	493 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	494
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	495
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	496 #############################################################################
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	497 ### Main helper functions
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	498 #############################################################################
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	499 ### Print log entry
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	500 sub mlog
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	501 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	502 my $level = shift;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	503 my $msg = shift;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	504 if (defined($LOGFILE)) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	505 print $LOGFILE "[".scalar localtime()."] ".$msg if ($settings{"VERBOSITY"} > $level);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	506 } elsif ($settings{"DRY_RUN"}) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	507 print STDERR $msg if ($settings{"VERBOSITY"} > $level);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	508 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	509 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	510
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	511 ### Initialize
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	512 sub malt_init {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	513 mlog(0, "Updating initial blocklist from netfilter.\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	514 update_iplist(-1);
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	515
3 368182409eac More variable cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 2 diff changeset	516 foreach my $filename (@scanfiles) {
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	517 local *INFILE;
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	518 mlog(0, "Parsing ".$filename." ...\n");
3 368182409eac More variable cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 2 diff changeset	519 open(INFILE, "<", $filename) or die("Could not open '".$filename."'!\n");
368182409eac More variable cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 2 diff changeset	520 $filehandles{$filename} = *INFILE;
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	521 while (<INFILE>) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	522 chomp;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	523 check_log_line($_);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	524 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	525 }
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	526
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	527 mlog(0, "Weeding old entries.\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	528 weed_entries();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	529 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	530
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	531 ### Quick cleanup (not complete shutdown)
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	532 sub malt_cleanup {
3 368182409eac More variable cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 2 diff changeset	533 foreach my $filename (keys %filehandles) {
368182409eac More variable cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 2 diff changeset	534 close($filehandles{$filename});
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	535 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	536 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	537
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	538 sub malt_finish {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	539 # Unlink pid-file
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	540 if ($pid_file ne "" && -e $pid_file) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	541 unlink $pid_file;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	542 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	543 # Close logfile
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	544 close($LOGFILE) if (defined($LOGFILE));
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	545 undef($LOGFILE);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	546 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	547
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	548 sub malt_int {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	549 mlog(-1, "\nCaught Interrupt (^C), aborting.\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	550 malt_cleanup();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	551 malt_finish();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	552 exit(1);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	553 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	554
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	555 sub malt_term {
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	556 mlog(-1, "Received TERM, quitting.\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	557 malt_cleanup();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	558 malt_finish();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	559 exit(1);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	560 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	561
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	562 sub malt_hup {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	563 mlog(-1, "Received HUP, reinitializing.\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	564 malt_cleanup();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	565 malt_init();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	566 mlog(-1, "Reinitialization finished, resuming scanning.\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	567 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	568
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	569 ### Main scanning function
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	570 sub malt_scan {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	571 mlog(1, "Entering main scanning loop.\n");
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	572 my $counter = -1;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	573 while (1) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	574 my %filepos = ();
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	575 foreach my $filename (keys %filehandles) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	576 for ($filepos{$filename} = tell($filehandles{$filename}); $_ = <$filehandles{$filename}>; $filepos{$filename} = tell($filehandles{$filename})) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	577 chomp;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	578 check_log_line($_);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	579 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	580 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	581 if ($counter < 0 \|\| $counter++ >= 30) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	582 # Every once in a while, update known IP list from iptables
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	583 # (in case entries have appeared there from "outside")
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	584 # and perform weeding of old entries.
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	585 $counter = 0;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	586 update_iplist(time());
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	587 weed_entries();
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	588 generate_status($settings{"STATUS_FILE_PLAIN"}, 0);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	589 generate_status($settings{"STATUS_FILE_HTML"}, 1);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	590 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	591 sleep(5);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	592 foreach my $filename (keys %filehandles) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	593 seek($filehandles{$filename}, $filepos{$filename}, 0);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	594 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	595 }
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	596 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	597
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	598 sub malt_read_config($)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	599 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	600 my $filename = $_[0];
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	601 my $errors = 0;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	602 my $line = 0;
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	603
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	604 open(CONFFILE, "<", $filename) or die("Could not open configuration '".$filename."'!\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	605 while (<CONFFILE>) {
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	606 $line++;
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	607 chomp;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	608 if (/(^\s#\|^\s$)/) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	609 # Ignore comments and empty lines
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	610 } elsif (/^\s\"?([a-zA-Z0-9_]+)\"?\s=>?\s(\d+),?\s$/) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	611 my $key = uc($1);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	612 my $value = $2;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	613 if (defined($settings{$key})) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	614 $settings{$key} = $value;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	615 } else {
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	616 print STDERR "[$filename:$line] Unknown setting '$key' = $value\n";
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	617 $errors = 1;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	618 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	619 } elsif (/^\s\"?([a-zA-Z0-9_]+)\"?\s=>?\s\"(.?)\",?\s*$/) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	620 my $key = uc($1);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	621 my $value = $2;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	622 if ($key eq "SCANFILE") {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	623 push(@scanfiles_def, $value);
8 29ddb6b9b521 Moar changes! Matti Hamalainen <ccr@tnsp.org> parents: 7 diff changeset	624 } elsif ($key eq "NOBLOCK_IPS") {
7 ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	625 push(@noblock_ips_def, $value);
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	626 } elsif (defined($settings{$key})) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	627 $settings{$key} = $value;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	628 } else {
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	629 print STDERR "[$filename:$line] Unknown setting '$key' = '$value'\n";
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	630 $errors = 1;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	631 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	632 } else {
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	633 print STDERR "[$filename:$line] Syntax error: $_\n";
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	634 $errors = 1;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	635 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	636 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	637 close(CONFFILE);
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	638 return $errors;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	639 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	640
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	641
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	642 #############################################################################
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	643 ###
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	644 ### Main program
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	645 ###
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	646 #############################################################################
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	647 # Setup signal handlers
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	648 $SIG{'INT'} = 'malt_int';
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	649 $SIG{'TERM'} = 'malt_term';
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	650 $SIG{'HUP'} = 'malt_hup';
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	651
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	652 # Print banner and help if no arguments
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	653 my $argc = $#ARGV + 1;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	654 if ($argc < 1) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	655 print $progbanner.
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	656 "\n".
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	657 "Usage: maltfilter <pid filename> [config filename] [config filename...]\n".
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	658 " maltfilter -f [config filename] [config filename...]\n".
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	659 "-f turns on the full report mode.\n";
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	660 exit;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	661 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	662
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	663 # Test pid file existence unless report mode
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	664 $pid_file = shift;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	665 if ($pid_file eq "-f") {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	666 $reportmode = 1;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	667 } else {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	668 die("'$pid_file' already exists, not starting.\n".
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	669 "If the daemon is NOT running, remove the pid-file and re-start.\n")
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	670 if (-e $pid_file);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	671 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	672
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	673 # Read configuration files
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	674 if (defined(my $filename = shift)) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	675 # Let user define his/her own logfiles to scan
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	676 undef(@scanfiles_def);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	677 die("Errors in configuration file '$filename', bailing out.\n")
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	678 unless (malt_read_config($filename) == 0);
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	679 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	680
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	681 # Force dry run mode if we are reporting only
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	682 if ($reportmode) {
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	683 $settings{"DRY_RUN"} = 1;
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	684 $settings{"VERBOSITY"} = 1;
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	685 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	686
7 ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	687 # Clean up certain arrays duplicate entries
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	688 my %saw = ();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	689 @scanfiles = grep(!$saw{$_}++, @scanfiles_def);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	690
7 ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	691 undef(%saw);
ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	692 @noblock_ips = grep(!$saw{$_}++, @noblock_ips_def);
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	693
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	694 # Open logfile
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	695 if ($settings{"DRY_RUN"}) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	696 print $progbanner.
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	697 "*********************************************\n".
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	698 "* NOTICE! DRY-RUN MODE ENABLED! No changes *\n".
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	699 "* will actually get committed to netfilter! *\n".
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	700 "*********************************************\n";
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	701 } elsif ($settings{"LOGFILE"} ne "") {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	702 open($LOGFILE, ">>", $settings{"LOGFILE"}) or die("Could not open logfile '".$settings{"LOGFILE"}."' for writing!\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	703 mlog(-1, "Log started\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	704 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	705
7 ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	706 # Test existence of iptables
ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	707 if (! -e $settings{"IPTABLES"} \|\| ! -x $settings{"IPTABLES"}) {
ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	708 my $msg = "iptables binary does not exist or is not executable: ".$settings{"IPTABLES"}."\n";
ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	709 mlog(-1, $msg);
ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	710 die($msg);
ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	711 }
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	712
8 29ddb6b9b521 Moar changes! Matti Hamalainen <ccr@tnsp.org> parents: 7 diff changeset	713 mlog(-1, "Not blocking following IPs: ".join(", ", @noblock_ips)."\n");
29ddb6b9b521 Moar changes! Matti Hamalainen <ccr@tnsp.org> parents: 7 diff changeset	714
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	715 # Initialize
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	716 malt_init();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	717
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	718 # Fork to background, unless dry-running
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	719 if ($settings{"DRY_RUN"}) {
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	720 if ($reportmode) {
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	721 mlog(-1, "Outputting report files.\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	722 generate_status($settings{"STATUS_FILE_PLAIN"}, 0);
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	723 generate_status($settings{"STATUS_FILE_HTML"}, 1);
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	724 malt_cleanup();
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	725 } else {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	726 malt_scan();
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	727 malt_cleanup();
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	728 }
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	729 } else {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	730 if (my $pid = fork) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	731 open(PIDFILE, ">", $pid_file) or die("Could not open pid file '".$pid_file."' for writing!\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	732 print PIDFILE "$pid\n";
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	733 close(PIDFILE);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	734 } else {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	735 malt_scan();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	736 malt_cleanup();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	737 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	738 }

Mercurial > hg > maltfilter

annotate maltfilter @ 15:b05d0f0ff106