maltfilter: maltfilter annotate

annotate maltfilter @ 45:d239356229cd maltfilter-0.12.1

v0.12.1

author	Matti Hamalainen <ccr@tnsp.org>
date	Sun, 16 Aug 2009 02:52:03 +0300
parents	471731c79bb3
children	13e6507ec1bb

rev	line source
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	1 #!/usr/bin/perl -w
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	2 #############################################################################
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	3 #
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	4 # Malicious Attack Livid Termination Filter daemon (maltfilter)
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	5 # Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org>
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	6 # (C) Copyright 2009 Tecnic Software productions (TNSP)
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	7 #
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	8 #############################################################################
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	9 use strict;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	10 use Date::Parse;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	11 use Net::IP;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	12
45 d239356229cd v0.12.1 Matti Hamalainen <ccr@tnsp.org> parents: 44 diff changeset	13 my $progversion = "0.12.1";
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	14 my $progbanner =
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	15 "Malicious Attack Livid Termination Filter daemon (maltfilter) v$progversion\n".
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	16 "Programmed by Matti 'ccr' Hamalainen <ccr\@tnsp.org>\n".
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	17 "(C) Copyright 2009 Tecnic Software productions (TNSP)\n";
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	18
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	19 #############################################################################
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	20 ### Default settings and configuration
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	21 #############################################################################
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	22 my %settings = (
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	23 "VERBOSITY" => 3,
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	24 "DRY_RUN" => 1,
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	25 "WEED_BLOCK" => 168,
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	26 "WEED_GLOBAL" => 336,
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	27 "TRESHOLD" => 3,
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	28 "ACTION" => "DROP",
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	29 "LOGFILE" => "",
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	30 "IPTABLES" => "/sbin/iptables",
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	31
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	32 "STATUS_FILE_PLAIN" => "",
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	33 "STATUS_FILE_HTML" => "",
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	34 "STATUS_FILE_CSS" => "",
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	35
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	36 "WHOIS_URL" => "http://whois.domaintools.com/",
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	37
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	38 "CHK_SSHD" => 1,
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	39 "CHK_KNOWN_CGI" => 1,
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	40 "CHK_PHP_XSS" => 1,
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	41 "CHK_PROXY_SCAN" => 1,
4 b2c7c76b3529 Added scanning feature for SSH root login attempts with failed passwords. Matti Hamalainen <ccr@tnsp.org> parents: 3 diff changeset	42 "CHK_ROOT_SSH_PWD" => 0,
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	43 "CHK_SYSACCT_SSH_PWD" => 0,
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	44 "CHK_GOOD_HOSTS" => "",
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	45
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	46 "SYSACCT_MIN_UID" => 1,
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	47 "SYSACCT_MAX_UID" => 100,
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	48
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	49 "FULL_TIME" => 1,
44 471731c79bb3 Add configuration setting for PASSWD file. Matti Hamalainen <ccr@tnsp.org> parents: 40 diff changeset	50
471731c79bb3 Add configuration setting for PASSWD file. Matti Hamalainen <ccr@tnsp.org> parents: 40 diff changeset	51 "PASSWD" => "/etc/passwd",
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	52 );
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	53
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	54 # Default logfiles to monitor (SCANFILES setting of configuration overrides these)
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	55 my @scanfiles_def = (
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	56 "/var/log/auth.log",
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	57 "/var/log/httpd/error.log",
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	58 "/var/log/httpd/access.log"
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	59 );
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	60
7 ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	61 my @noblock_ips_def = (
ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	62 "127.0.0.1",
ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	63 );
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	64
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	65 my %systemacct = ();
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	66
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	67 #############################################################################
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	68 ### Check given logfile line for matches
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	69 #############################################################################
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	70 sub check_log_line($)
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	71 {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	72 # (1) SSHD scans
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	73 if (/^(\S+\s+\d+\s+\d\d:\d\d:\d\d)\s+\S+\s+sshd\S?: (.)/) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	74 my $mdate = $1;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	75 my $merr = $2;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	76
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	77 # (1.1) Generic login scan attempts
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	78 if ($merr =~ /^Failed password for invalid user (\S+) from (\d+\.\d+\.\d+\.\d+)/) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	79 check_add_hit($2, $mdate, "SSH login scan", "", $settings{"CHK_SSHD"});
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	80 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	81 # (1.2) Root account SSH login password bruteforcing attempts.
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	82 elsif (/^Failed password for root from (\d+\.\d+\.\d+\.\d+)/) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	83 check_add_hit($1, $mdate, "Root SSH password bruteforce", "", $settings{"CHK_ROOT_SSH_PWD"});
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	84 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	85 # (1.3) System account SSH login password bruteforcing attempts.
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	86 if ($merr =~ /^Failed password for (\S+) from (\d+\.\d+\.\d+\.\d+)/) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	87 my $mip = $2; my $macct = $1;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	88 if (defined($systemacct{$macct})) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	89 check_add_hit($mip, $mdate, "SSH system account bruteforce", $macct, $settings{"CHK_SYSACCT_SSH_PWD"});
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	90 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	91 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	92 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	93 # (2) Common/known vulnerable CGI/PHP software scans (like phpMyAdmin)
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	94 elsif (/^\[(.+?)\]\s+\[error\]\s+\[client\s+(\d+\.\d+\.\d+\.\d+)\]\s+(.+)$/) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	95 my $mdate = $1;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	96 my $mip = $2;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	97 my $merr = $3;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	98 if ($merr =~ /^File does not exist: (.+)$/) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	99 my $tmp = $1;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	100 if ($tmp =~ /\/mss2\|\/pma\|admin\|sql\|\/roundcube\|\/webmail\|\/bin\|\/mail\|xampp\|zen\|mailto:\|appserv\|cube\|round\|_vti_bin\|wiki/i) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	101 check_add_hit($mip, $mdate, "CGI vuln scan", $tmp, $settings{"CHK_KNOWN_CGI"});
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	102 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	103 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	104 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	105 # (3) Apache common logging format checks
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	106 elsif (/(\d+\.\d+\.\d+\.\d+)\s+-\s+-\s+\[(.+?)\]\s+\"GET (\S*?) HTTP\//) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	107 my $mdate = $2;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	108 my $mip = $1;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	109 my $merr = $3;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	110
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	111 # (3.1) Simple match for generic PHP XSS vulnerability scans
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	112 if ($merr =~ /\.php\?\S*?=http:\/\/([^\/]+)/) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	113 if (!check_hosts($settings{"CHK_GOOD_HOSTS"}, $1)) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	114 check_add_hit($mip, $mdate, "PHP XSS", $merr, $settings{"CHK_PHP_XSS"});
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	115 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	116 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	117 # (3.2) Try to match proxy scanning attempts
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	118 elsif ($merr =~ /^http:\/\/([^\/]+)/) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	119 if (!check_hosts($settings{"CHK_GOOD_HOSTS"}, $1)) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	120 check_add_hit($mip, $mdate, "Proxy scan", $merr, $settings{"CHK_PROXY_SCAN"});
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	121 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	122 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	123 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	124 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	125
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	126
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	127 #############################################################################
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	128 ### Global variables
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	129 #############################################################################
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	130 my $reportmode = 0; # Full report mode
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	131 my @scanfiles = (); # Files to scan
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	132 my @noblock_ips = (); # IPs not to block
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	133 my %filehandles = (); # Global hash holding opened scanned log filehandles
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	134 my $pid_file = ""; # Name of Maltfilter daemon pid file
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	135 my @configfiles = (); # Array of configuration file names
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	136 my $LOGFILE; # Maltfilter logfile handle
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	137
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	138 # IPs currently blocked in Netfilter $blocklist{$ip} = date
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	139 my %blocklist = ();
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	140
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	141 # Gathered information about hosts
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	142 # $statlist{$ip}->
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	143 # "date1" = timestamp of first hit
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	144 # "date2" = timestamp of latest hit
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	145 # "hits" = number of hits to this IP
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	146 # $statlist{$ip}{"reason"}{$class}->
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	147 # "msg" = reason message (array if $reportmode)
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	148 # "hits" = hits to this class
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	149 # "date1" = timestamp of first hit
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	150 # "date2" = timestamp of latest hit
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	151 my %statlist = ();
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	152
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	153 # Gathered information about ignored hits (e.g. hits for tests that are not enabled)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	154 # Same fields as in %statlist
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	155 my %ignorelist = ();
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	156
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	157
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	158 #############################################################################
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	159 ### Status output functionality
2 3da95f3082d9 Misc. variable name cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 0 diff changeset	160 #############################################################################
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	161 sub urlencode($)
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	162 {
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	163 my $value = $_[0];
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	164 $value =~ s/([^a-zA-Z_0-9 ])/"%" . uc(sprintf "%lx" , unpack("C", $1))/eg;
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	165 $value =~ tr/ /+/;
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	166 return $value;
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	167 }
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	168
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	169 my %entities = (
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	170 "<" => "lt",
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	171 ">" => "gt",
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	172 "&" => "amp",
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	173 );
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	174
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	175 sub htmlentities($)
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	176 {
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	177 my $value = $_[0];
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	178 # $value =~ s/([keys %entities])/"&".$entities{$1}.";"/eg;
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	179 foreach my $val (keys %entities) {
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	180 $value =~ s/$val/\&$entities{$val}\;/g;
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	181 }
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	182 return $value;
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	183 }
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	184
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	185 sub get_time_str($)
34 e4ffe2ce29a3 Generalize timestamp conversion to strings; Re-enable setting of timestamps in Matti Hamalainen <ccr@tnsp.org> parents: 32 diff changeset	186 {
e4ffe2ce29a3 Generalize timestamp conversion to strings; Re-enable setting of timestamps in Matti Hamalainen <ccr@tnsp.org> parents: 32 diff changeset	187 if ($_[0] >= 0) {
e4ffe2ce29a3 Generalize timestamp conversion to strings; Re-enable setting of timestamps in Matti Hamalainen <ccr@tnsp.org> parents: 32 diff changeset	188 return scalar localtime($_[0]);
e4ffe2ce29a3 Generalize timestamp conversion to strings; Re-enable setting of timestamps in Matti Hamalainen <ccr@tnsp.org> parents: 32 diff changeset	189 } else {
e4ffe2ce29a3 Generalize timestamp conversion to strings; Re-enable setting of timestamps in Matti Hamalainen <ccr@tnsp.org> parents: 32 diff changeset	190 return "?";
e4ffe2ce29a3 Generalize timestamp conversion to strings; Re-enable setting of timestamps in Matti Hamalainen <ccr@tnsp.org> parents: 32 diff changeset	191 }
e4ffe2ce29a3 Generalize timestamp conversion to strings; Re-enable setting of timestamps in Matti Hamalainen <ccr@tnsp.org> parents: 32 diff changeset	192 }
e4ffe2ce29a3 Generalize timestamp conversion to strings; Re-enable setting of timestamps in Matti Hamalainen <ccr@tnsp.org> parents: 32 diff changeset	193
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	194 my @paskat = (30246060, 7246060, 246060, 60*60, 60);
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	195 my @opaskat = ("months", "weeks", "days", "hours", "minutes");
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	196 my @upaskat = ("month", "week", "day", "hour", "minute");
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	197
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	198 sub get_ago_str($)
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	199 {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	200 return get_time_str($_[0]) if ($settings{"FULL_TIME"});
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	201 if ($_[0] >= 0) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	202 my $str = "";
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	203 my $cur = time() - $_[0];
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	204 my ($r, $k, $p, $n);
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	205 $n = 0;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	206 foreach my $div (@paskat) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	207 $r = int($cur / $div);
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	208 $k = ($cur % $div);
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	209 if ($r > 0) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	210 $p = ($r > 1) ? $opaskat[$n] : $upaskat[$n];
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	211 $str .= ", " if ($str ne "");
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	212 $str .= sprintf("%d %s", $r, $p);
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	213 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	214 $cur = $k;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	215 $n++;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	216 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	217 return $str." ago";
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	218 } else {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	219 return "?";
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	220 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	221 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	222
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	223 sub printH($$$$)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	224 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	225 my $fh = $_[1];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	226 if ($_[0]) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	227 print $fh "<h".$_[2].">".$_[3]."</h".$_[2].">\n";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	228 } else {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	229 my $c = ($_[2] <= 1) ? "=" : "-";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	230 print $fh $_[3]."\n". $c x length($_[3]) ."\n";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	231 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	232 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	233
32 e7e484c89dbc Added highlighting of blocked entries in summary tables. Matti Hamalainen <ccr@tnsp.org> parents: 30 diff changeset	234 sub printTD
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	235 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	236 my $fh = $_[1];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	237 if ($_[0]) {
32 e7e484c89dbc Added highlighting of blocked entries in summary tables. Matti Hamalainen <ccr@tnsp.org> parents: 30 diff changeset	238 my $s = defined($_[3]) ? " class=\"$_[3]\"" : "";
e7e484c89dbc Added highlighting of blocked entries in summary tables. Matti Hamalainen <ccr@tnsp.org> parents: 30 diff changeset	239 print $fh "<td".$s.">".$_[2]."</td>";
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	240 } else {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	241 print $fh $_[2];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	242 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	243 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	244
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	245 sub printP($$$)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	246 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	247 my $fh = $_[1];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	248 if ($_[0]) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	249 print $fh "<p>\n".$_[2]."</p>\n";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	250 } else {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	251 print $fh $_[2]."\n";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	252 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	253 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	254
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	255 sub printElem
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	256 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	257 my $fh = $_[1];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	258 if ($_[0]) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	259 print $fh $_[2];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	260 } elsif (defined($_[3])) {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	261 print $fh $_[3];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	262 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	263 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	264
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	265 sub bb($)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	266 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	267 return $_[0] ? "<b>" : "";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	268 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	269
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	270 sub eb($)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	271 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	272 return $_[0] ? "</b>" : "";
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	273 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	274
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	275 sub pe($$)
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	276 {
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	277 return $_[0] ? "<$_[1]>" : "";
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	278 }
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	279
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	280 sub get_link($$)
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	281 {
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	282 if ($settings{"WHOIS_URL"} ne "") {
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	283 return $_[0] ? "<a href=\"".$settings{"WHOIS_URL"}.$_[1].
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	284 "\">".htmlentities($_[1])."</a>" : $_[1];
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	285 } else {
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	286 return $_[0];
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	287 }
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	288 }
fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	289
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	290 sub print_table1($$$$$$)
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	291 {
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	292 my ($m, $f, $table, $keys, $func, $class) = @_;
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	293 my $ntotal = 0;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	294
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	295 printElem($m, $f,
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	296 "<table class=\"".$class."\">\n".
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	297 "<tr><th>Hits</th><th>IP-address</th><th>First hit</th><th>Latest hit</th><th>Reason(s)</th></tr>\n",
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	298
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	299 "Hits \| IP-address \| First hit \| Latest hit \| Reason(s)\n"
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	300 );
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	301
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	302 foreach my $mip (sort { $func->($table, $a, $b) } keys %{$keys}) {
32 e7e484c89dbc Added highlighting of blocked entries in summary tables. Matti Hamalainen <ccr@tnsp.org> parents: 30 diff changeset	303 my $blocked = defined($blocklist{$mip}) ? "blocked" : "unblocked";
e7e484c89dbc Added highlighting of blocked entries in summary tables. Matti Hamalainen <ccr@tnsp.org> parents: 30 diff changeset	304 printElem($m, $f, " <tr class=\"$blocked\">");
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	305 printTD($m, $f, sprintf(bb($m)."%-10d".eb($m), $table->{$mip}{"hits"}));
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	306 printElem(!$m, $f, " \| ");
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	307 printTD($m, $f, sprintf("%-15s", get_link($m, $mip)));
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	308 printElem(!$m, $f, " \| ");
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	309 printTD($m, $f, get_ago_str($table->{$mip}{"date1"}));
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	310 printElem(!$m, $f, " \| ");
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	311 printTD($m, $f, get_ago_str($table->{$mip}{"date2"}));
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	312 printElem(!$m, $f, " \| ");
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	313 my @reasons = ();
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	314 foreach my $class (sort keys %{$table->{$mip}{"reason"}}) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	315 my $msgs;
18 b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	316 if ($class ne "IPTABLES") {
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	317 if ($reportmode) {
18 b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	318 my @tmp = reverse(@{$table->{$mip}{"reason"}{$class}{"msg"}});
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	319 if ($#tmp > 5) { $#tmp = 5; }
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	320 foreach (@tmp) { $_ = htmlentities($_); }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	321 $msgs = join(" ".bb($m)."\|".eb($m)." ", @tmp);
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	322 } else {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	323 $msgs = $table->{$mip}{"reason"}{$class}{"msg"};
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	324 }
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	325 push(@reasons, bb($m).$class.eb($m)." #".$table->{$mip}{"reason"}{$class}{"hits"}.
fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	326 " ( ".$msgs." )");
18 b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	327 }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	328 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	329 printTD($m, $f, join(", ", @reasons));
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	330 printElem($m, $f, "</tr>\n", "\n");
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	331 $ntotal++;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	332 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	333 printElem($m, $f, "</table>\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	334 printP($m, $f, bb($m).$ntotal.eb($m)." entries total.\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	335 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	336
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	337
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	338 sub print_table2($$$$$$)
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	339 {
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	340 my ($m, $f, $table, $keys, $func, $class) = @_;
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	341 my $nhits = 0;
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	342 my $str = "<th>IP-address</th><th>Hits</th><th>First hit</th><th>Latest hit</th><th>Class</th>";
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	343 my $str2 = "IP-address \| Hits \| First hit \| Latest hit \| Class ";
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	344
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	345 printElem($m, $f,
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	346 "<table class=\"".$class."\">\n<tr>". $str."<th> </th>".$str ."</tr>\n",
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	347 $str2." \|\| ".$str2."\n");
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	348
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	349 my $printEntry = sub {
32 e7e484c89dbc Added highlighting of blocked entries in summary tables. Matti Hamalainen <ccr@tnsp.org> parents: 30 diff changeset	350 my $blocked = defined($blocklist{$_[0]}) ? "blocked" : "unblocked";
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	351 printTD($m, $f, sprintf("%-15s", get_link($m, $_[0])), $blocked);
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	352 printElem(!$m, $f, " \| ");
32 e7e484c89dbc Added highlighting of blocked entries in summary tables. Matti Hamalainen <ccr@tnsp.org> parents: 30 diff changeset	353 printTD($m, $f, sprintf("%-8d ", $table->{$_[0]}{"hits"}), $blocked);
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	354 printElem(!$m, $f, " \| ");
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	355 printTD($m, $f, get_ago_str($table->{$_[0]}{"date1"}), $blocked);
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	356 printElem(!$m, $f, " \| ");
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	357 printTD($m, $f, get_ago_str($table->{$_[0]}{"date2"}), $blocked);
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	358 printElem(!$m, $f, " \| ");
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	359 my $tmp = join(", ", sort keys %{$table->{$_[0]}{"reason"}});
32 e7e484c89dbc Added highlighting of blocked entries in summary tables. Matti Hamalainen <ccr@tnsp.org> parents: 30 diff changeset	360 printTD($m, $f, sprintf("%-30s", $tmp), $blocked);
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	361 $nhits += $table->{$_[0]}{"hits"};
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	362 };
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	363
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	364 my @mkeys = sort { $func->($table, $a, $b) } keys %{$keys};
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	365 my $nkeys = scalar @mkeys;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	366 my $kmax = $nkeys / 2;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	367 for (my $i = 0; $i <= $kmax; $i++) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	368 printElem($m, $f, " <tr>");
18 b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	369 if ($i < $kmax) {
b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	370 $printEntry->($mkeys[$i]);
b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	371 printElem($m, $f, "<th> </th>", " \|\| ");
b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	372 }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	373 if ($i + $kmax + 1 < $nkeys) { $printEntry->($mkeys[$i + $kmax + 1]); }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	374 printElem($m, $f, "</tr>\n", "\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	375 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	376
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	377 printElem($m, $f, "</table>\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	378 printP($m, $f, bb($m).$nkeys.eb($m)." entries total, ".bb($m).$nhits.eb($m)." hits total.\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	379 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	380
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	381 sub cmp_ips($$$)
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	382 {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	383 my @ipa = split(/\./, $_[1]);
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	384 my @ipb = split(/\./, $_[2]);
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	385 for (my $i = 0; $i < 4; $i++) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	386 return -1 if ($ipa[$i] > $ipb[$i]);
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	387 return 1 if ($ipa[$i] < $ipb[$i]);
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	388 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	389 return 0;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	390 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	391
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	392 sub cmp_hits($$$)
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	393 {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	394 return $_[0]->{$_[2]}{"hits"} <=> $_[0]->{$_[1]}{"hits"};
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	395 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	396
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	397 sub get_period($)
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	398 {
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	399 my ($str, $r, $k);
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	400 if ($_[0] > 30 * 24) {
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	401 $r = $_[0] / (30 * 24);
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	402 $k = $_[0] % (30 * 24);
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	403 $str = sprintf("%d months", $r);
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	404 $str .= sprintf(", %d days", $k) if ($k > 0);
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	405 } elsif ($_[0] > 24 * 7) {
29 6d3e33e9ee9b Oops, fix printing of weeks. Matti Hamalainen <ccr@tnsp.org> parents: 27 diff changeset	406 $str = sprintf("%1.1f weeks", $_[0] / (24.0 * 7.0));
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	407 } elsif ($_[0] > 24) {
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	408 $r = $_[0] / 24;
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	409 $k = $_[0] % 24;
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	410 $str = sprintf("%d days", $r);
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	411 $str .= sprintf(", %d hours", $k) if ($k > 0);
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	412 } else {
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	413 $str = sprintf("%d hours", $_[0]);
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	414 }
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	415 return $str;
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	416 }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	417
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	418 sub generate_status($$)
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	419 {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	420 my $filename = shift;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	421 my $m = shift;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	422
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	423 return unless ($filename ne "");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	424
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	425 open(STATUS, ">", $filename) or mdie("Could not open '".$filename."'!\n");
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	426 my $f = \*STATUS;
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	427
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	428 printElem($m, $f, "
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	429 <html>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	430 <head>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	431 <title>Maltfilter status report</title>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	432 ");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	433
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	434 printElem($m, $f, "<link href=\"".$settings{"STATUS_FILE_CSS"}."\" rel=\"stylesheet\" type=\"text/css\" />")
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	435 if ($settings{"STATUS_FILE_CSS"});
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	436
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	437 printElem($m, $f, "
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	438 </head>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	439 <body>
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	440 ");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	441
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	442 printH($m, $f, 1, "Maltfilter v$progversion status report");
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	443 my $period = get_period($settings{"WEED_GLOBAL"});
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	444
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	445 printP($m, $f,
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	446 "Generated ".bb($m).get_time_str(time()).eb($m).". Data computed from ".
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	447 ($reportmode ? "complete logfile scan" : "a period of last $period").".\n");
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	448
18 b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	449 printP($m, $f, "The hit classes marked as 'IPTABLES' are a pseudo-class meaning an\n".
b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	450 "blocked IP that was in Netfilter before Maltfilter was started.\n");
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	451
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	452 printH($m, $f, 2, "Currently blocked entries");
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	453 $period = get_period($settings{"WEED_BLOCK"});
18 b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	454 printP($m, $f, "List of IPs that are currently blocked (or would be, if this is\n".
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	455 "a report-only mode). Data from period of $period.\n");
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	456 print_table1($m, $f, \%statlist, \%blocklist, \&cmp_hits, "blocked");
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	457
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	458 printH($m, $f, 2, "Summary of non-ignored entries");
18 b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	459 printP($m, $f, "List of 'hits' of suspicious activity noticed by Maltfilter, but not\n".
b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	460 "necessarily acted upon. Sorted by descending IP address.\n");
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	461 print_table2($m, $f, \%statlist, \%statlist, \&cmp_ips, "global");
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	462
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	463 printH($m, $f, 2, "Ignored entries");
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	464 printP($m, $f, "List of hits that were ignored (not acted upon), because the test was disabled.\n");
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	465 print_table1($m, $f, \%ignorelist, \%ignorelist, \&cmp_hits, "ignored");
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	466
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	467 printElem($m, $f, "</body>\n</html>\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	468 close(STATUS);
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	469 }
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	470
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	471
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	472 #############################################################################
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	473 ### Entry management / handling functions
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	474 #############################################################################
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	475 ### Check if given IP or host exists in array
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	476 sub check_hosts_array($$)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	477 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	478 my $chk_host = $_[1];
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	479 my $chk_ip = new Net::IP($chk_host);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	480 foreach my $host (@{$_[0]}) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	481 if ($chk_host eq $host) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	482 return 1;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	483 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	484 my $ip = new Net::IP($host);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	485 if (defined($chk_ip) && defined($ip)) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	486 if ($chk_ip->binip() eq $ip->binip()) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	487 return 1;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	488 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	489 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	490 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	491 return 0;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	492 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	493
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	494 ### Check IP/host against \| separated list of IPs/hosts
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	495 sub check_hosts($$)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	496 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	497 my @tmp = split(/\s\\|\s/, $_[0]);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	498 return check_hosts_array(\@tmp, $_[1]);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	499 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	500
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	501 ### Execute iptables
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	502 sub exec_iptables(@)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	503 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	504 my @args = ($settings{"IPTABLES"}, @_);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	505 if ($settings{"DRY_RUN"}) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	506 mlog(3, ":: ".join(" ", @args)."\n");
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	507 } else {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	508 system(@args) == 0 or print join(" ", @args)." failed: $?\n";
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	509 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	510 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	511
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	512 ### Get current Netfilter INPUT table entries that match
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	513 ### entry types we manage, e.g. blocklist
20 429b42047d04 Fix blocklist entry updating. Matti Hamalainen <ccr@tnsp.org> parents: 18 diff changeset	514 sub update_blocklist()
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	515 {
17 fe220b5a975a Cleanups, add configuration for WHOIS linking. Matti Hamalainen <ccr@tnsp.org> parents: 16 diff changeset	516 $ENV{"PATH"} = "";
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	517 open(STATUS, $settings{"IPTABLES"}." -v -n -L INPUT \|") or
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	518 mdie("Could not execute ".$settings{"IPTABLES"}."\n");
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	519 my %newlist = ();
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	520 undef(%newlist);
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	521 while (<STATUS>) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	522 chomp;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	523 if (/^\s(\d+)\s+\d+\s+$settings{"ACTION"}\s+all\s+--\s+\\s+\\s+(\d+\.\d+\.\d+\.\d+)\s+0\.0\.0\.0\/0\s$/) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	524 my $mip = $2;
20 429b42047d04 Fix blocklist entry updating. Matti Hamalainen <ccr@tnsp.org> parents: 18 diff changeset	525 my $mdate = time();
429b42047d04 Fix blocklist entry updating. Matti Hamalainen <ccr@tnsp.org> parents: 18 diff changeset	526 if (!defined($blocklist{$mip})) {
18 b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	527 mlog(2, "* $mip appeared in iptables.\n");
20 429b42047d04 Fix blocklist entry updating. Matti Hamalainen <ccr@tnsp.org> parents: 18 diff changeset	528 $blocklist{$2} = $mdate;
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	529 }
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	530 $newlist{$2} = $mdate;
24 f22cfa761753 Update_blocklist() was setting timestamp of latest hit, this is incorrect as Matti Hamalainen <ccr@tnsp.org> parents: 23 diff changeset	531 update_entry(\%statlist, $mip, -1, "IPTABLES", "");
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	532 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	533 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	534 close(STATUS);
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	535
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	536 foreach my $mip (keys %blocklist) {
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	537 if (!defined($newlist{$mip})) {
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	538 mlog(2, "* $mip removed from iptables.\n");
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	539 delete($blocklist{$mip});
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	540 }
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	541 }
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	542 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	543
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	544 ### Check if given timestamp is _newer_ than weedperiod threshold.
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	545 ### Returns false if timestamp is over weed period, e.g. needs weeding.
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	546 sub check_time1($)
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	547 {
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	548 return ($_[0] >= time() - ($settings{"WEED_BLOCK"} * 60 * 60));
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	549 }
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	550
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	551 sub check_time2($)
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	552 {
61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	553 return ($_[0] >= time() - ($settings{"WEED_GLOBAL"} * 60 * 60));
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	554 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	555
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	556 ### Weed out old entries
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	557 sub weed_do($)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	558 {
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	559 my $mtime = $blocklist{$_[0]};
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	560 mlog(2, "* Weeding $_[0] (".get_time_str($mtime)."\n");
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	561 exec_iptables("-D", "INPUT", "-s", $_[0], "-d", "0.0.0.0/0", "-j", $settings{"ACTION"});
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	562 delete($blocklist{$_[0]});
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	563 delete($statlist{$_[0]});
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	564 delete($ignorelist{$_[0]});
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	565 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	566
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	567 sub weed_entries()
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	568 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	569 # Don't weed in report mode.
18 b0017a324040 Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report. Matti Hamalainen <ccr@tnsp.org> parents: 17 diff changeset	570 return if ($reportmode);
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	571
25 34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	572 # Weed blocked entries.
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	573 my @mips = keys %blocklist;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	574 foreach my $mip (@mips) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	575 if (defined($blocklist{$mip})) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	576 if ($blocklist{$mip} >= 0) {
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	577 weed_do($mip) unless check_time1($blocklist{$mip});
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	578 } else {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	579 weed_do($mip);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	580 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	581 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	582 }
25 34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	583
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	584 # Clean up old entries from other lists
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	585 foreach my $mip (keys %statlist) {
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	586 if (defined($statlist{$mip})) {
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	587 my $mtime = $statlist{$mip}{"date2"};
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	588 if (!check_time2($mtime) && !defined($blocklist{$mip})) {
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	589 mlog(3, "* Deleting stale $mip (".get_time_str($mtime).")\n");
25 34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	590 delete($statlist{$mip});
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	591 }
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	592 }
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	593 }
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	594
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	595 foreach my $mip (keys %ignorelist) {
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	596 if (defined($ignorelist{$mip})) {
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	597 my $mtime = $ignorelist{$mip}{"date2"};
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	598 if (!check_time2($mtime)) {
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	599 mlog(3, "* Deleting stale ignored $mip (".get_time_str($mtime).")\n");
25 34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	600 delete($ignorelist{$mip});
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	601 }
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	602 }
34dcb7462043 Sanitize weeding of entries, separating blocklist weeding from global lists. Matti Hamalainen <ccr@tnsp.org> parents: 24 diff changeset	603 }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	604 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	605
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	606 ### Update one entry of
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	607 sub update_entry($$$$$)
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	608 {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	609 my ($struct, $mip, $mdate, $mclass, $mreason) = @_;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	610
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	611 my $cnt = $struct->{$mip}{"hits"}++;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	612 $struct->{$mip}{"reason"}{$mclass}{"hits"}++;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	613
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	614 if ($reportmode) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	615 push(@{$struct->{$mip}{"reason"}{$mclass}{"msg"}}, $mreason);
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	616 } else {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	617 $struct->{$mip}{"reason"}{$mclass}{"msg"} = $mreason;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	618 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	619
36 53b435244761 More fixes in timestamp handling. Matti Hamalainen <ccr@tnsp.org> parents: 34 diff changeset	620 if (!defined($struct->{$mip}{"date1"}) \|\| ($mdate > 0 && $struct->{$mip}{"date1"} < 0)) {
34 e4ffe2ce29a3 Generalize timestamp conversion to strings; Re-enable setting of timestamps in Matti Hamalainen <ccr@tnsp.org> parents: 32 diff changeset	621 $struct->{$mip}{"date1"} = $mdate;
e4ffe2ce29a3 Generalize timestamp conversion to strings; Re-enable setting of timestamps in Matti Hamalainen <ccr@tnsp.org> parents: 32 diff changeset	622 }
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	623 if (!defined($struct->{$mip}{"date2"}) \|\| $mdate > $struct->{$mip}{"date2"}) {
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	624 $struct->{$mip}{"date2"} = $mdate;
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	625 }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	626
36 53b435244761 More fixes in timestamp handling. Matti Hamalainen <ccr@tnsp.org> parents: 34 diff changeset	627 if (!defined($struct->{$mip}{"reason"}{$mclass}{"date2"}) \|\| ($mdate > 0 && $struct->{$mip}{"reason"}{$mclass}{"date2"} < 0)) {
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	628 $struct->{$mip}{"reason"}{$mclass}{"date2"} = $mdate;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	629 }
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	630 if (!defined($struct->{$mip}{"reason"}{$mclass}{"date2"}) \|\| $mdate > $struct->{$mip}{"reason"}{$mclass}{"date2"}) {
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	631 $struct->{$mip}{"reason"}{$mclass}{"date2"} = $mdate;
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	632 }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	633
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	634 return $cnt;
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	635 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	636
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	637 ### Check if given "try count" exceeds treshold and if entry
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	638 ### is NOT in Netfilter already, then add it if so.
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	639 sub check_add_hit($$$$$)
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	640 {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	641 my $mip = $_[0];
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	642 my $mdate = str2time($_[1]);
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	643 my $mclass = $_[2];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	644 my $mreason = $_[3];
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	645 my $mcond = $_[4];
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	646 my $cnt;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	647
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	648 if (check_hosts_array(\@noblock_ips, $mip)) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	649 mlog(3, "Hit to NOBLOCK_IPS($mip): [$mclass] $mreason\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	650 return;
13 fc053b001027 Improved reporting and documentation. Matti Hamalainen <ccr@tnsp.org> parents: 11 diff changeset	651 }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	652
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	653 # If condition is true, we add to regular statlist
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	654 if ($mcond) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	655 $cnt = update_entry(\%statlist, $mip, $mdate, $mclass, $mreason);
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	656 } else {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	657 # This is an ignored hit (for disabled test), add to ignorelist
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	658 update_entry(\%ignorelist, $mip, $mdate, $mclass, $mreason);
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	659 return;
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	660 }
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	661
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	662 # Check if we have exceeded treshold etc.
26 61b6d742c49c Separate WEEDPERIOD into WEED_BLOCK and WEED_GLOBAL settings. Matti Hamalainen <ccr@tnsp.org> parents: 25 diff changeset	663 if ($cnt >= $settings{"TRESHOLD"} && check_time1($mdate)) {
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	664 # Add to blocklist, unless already there.
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	665 if (!defined($blocklist{$mip})) {
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	666 mlog(1, "* Adding $mip ($mdate): [$mclass] $mreason\n");
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	667 exec_iptables("-I", "INPUT", "1", "-s", $mip, "-j", $settings{"ACTION"});
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	668 }
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	669 # Update date of last hit
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	670 $blocklist{$mip} = $mdate;
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	671 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	672 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	673
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	674
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	675 #############################################################################
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	676 ### Main helper functions
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	677 #############################################################################
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	678 ### Print log entry
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	679 sub mlog($$)
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	680 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	681 my $level = shift;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	682 my $msg = shift;
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	683 if ($LOGFILE) {
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	684 print $LOGFILE "[".get_time_str(time())."] ".$msg if ($settings{"VERBOSITY"} > $level);
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	685 } elsif ($settings{"DRY_RUN"}) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	686 print STDERR $msg if ($settings{"VERBOSITY"} > $level);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	687 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	688 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	689
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	690 ### Like Perl's die(), but also print a logfile entry.
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	691 sub mdie($)
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	692 {
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	693 mlog(-1, $_[0]);
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	694 die($_[0]);
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	695 }
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	696
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	697 ### Initialize
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	698 sub malt_init
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	699 {
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	700 mlog(0, "Updating initial blocklist from netfilter.\n");
20 429b42047d04 Fix blocklist entry updating. Matti Hamalainen <ccr@tnsp.org> parents: 18 diff changeset	701 update_blocklist();
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	702
3 368182409eac More variable cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 2 diff changeset	703 foreach my $filename (@scanfiles) {
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	704 local *INFILE;
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	705 mlog(0, "Parsing ".$filename." ...\n");
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	706 open(INFILE, "<", $filename) or mdie("Could not open '".$filename."'!\n");
3 368182409eac More variable cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 2 diff changeset	707 $filehandles{$filename} = *INFILE;
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	708 while (<INFILE>) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	709 chomp;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	710 check_log_line($_);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	711 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	712 }
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	713
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	714 mlog(0, "Weeding old entries.\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	715 weed_entries();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	716 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	717
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	718 ### Quick cleanup (not complete shutdown)
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	719 sub malt_cleanup
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	720 {
3 368182409eac More variable cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 2 diff changeset	721 foreach my $filename (keys %filehandles) {
368182409eac More variable cleanups. Matti Hamalainen <ccr@tnsp.org> parents: 2 diff changeset	722 close($filehandles{$filename});
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	723 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	724 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	725
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	726 sub malt_finish
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	727 {
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	728 # Unlink pid-file
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	729 if ($pid_file ne "" && -e $pid_file) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	730 unlink $pid_file;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	731 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	732 # Close logfile
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	733 close($LOGFILE) if (defined($LOGFILE));
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	734 undef($LOGFILE);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	735 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	736
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	737 ### Signal handlers
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	738 sub malt_int
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	739 {
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	740 mlog(-1, "\nCaught Interrupt (^C), aborting.\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	741 malt_cleanup();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	742 malt_finish();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	743 exit(1);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	744 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	745
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	746 sub malt_term
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	747 {
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	748 mlog(-1, "Received TERM, quitting.\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	749 malt_cleanup();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	750 malt_finish();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	751 exit(1);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	752 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	753
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	754 sub malt_hup
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	755 {
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	756 mlog(-1, "Received HUP, reinitializing.\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	757 malt_cleanup();
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	758 malt_configure();
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	759 malt_init();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	760 mlog(-1, "Reinitialization finished, resuming scanning.\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	761 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	762
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	763 ### Main scanning function
23 cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	764 sub malt_scan
cb0a4b747cf0 Handle importing of current netfilter entries differently. Matti Hamalainen <ccr@tnsp.org> parents: 21 diff changeset	765 {
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	766 mlog(1, "Entering main scanning loop.\n");
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	767 my $counter = -1;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	768 while (1) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	769 my %filepos = ();
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	770 foreach my $filename (keys %filehandles) {
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	771 for ($filepos{$filename} = tell($filehandles{$filename});
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	772 $_ = <$filehandles{$filename}>;
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	773 $filepos{$filename} = tell($filehandles{$filename})) {
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	774 chomp;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	775 check_log_line($_);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	776 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	777 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	778 if ($counter < 0 \|\| $counter++ >= 30) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	779 # Every once in a while, update known IP list from iptables
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	780 # (in case entries have appeared there from "outside")
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	781 # and perform weeding of old entries.
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	782 $counter = 0;
20 429b42047d04 Fix blocklist entry updating. Matti Hamalainen <ccr@tnsp.org> parents: 18 diff changeset	783 update_blocklist();
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	784 weed_entries();
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	785 generate_status($settings{"STATUS_FILE_PLAIN"}, 0);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	786 generate_status($settings{"STATUS_FILE_HTML"}, 1);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	787 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	788 sleep(5);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	789 foreach my $filename (keys %filehandles) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	790 seek($filehandles{$filename}, $filepos{$filename}, 0);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	791 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	792 }
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	793 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	794
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	795 ### Read one configuration file
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	796 sub malt_read_config($)
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	797 {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	798 my $filename = $_[0];
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	799 my $errors = 0;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	800 my $line = 0;
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	801
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	802 open(CONFFILE, "<", $filename) or mdie("Could not open configuration '".$filename."'!\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	803 while (<CONFFILE>) {
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	804 $line++;
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	805 chomp;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	806 if (/(^\s#\|^\s$)/) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	807 # Ignore comments and empty lines
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	808 } elsif (/^\s\"?([a-zA-Z0-9_]+)\"?\s=>?\s(\d+),?\s$/) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	809 my $key = uc($1);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	810 my $value = $2;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	811 if (defined($settings{$key})) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	812 $settings{$key} = $value;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	813 } else {
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	814 mlog(-1, "[$filename:$line] Unknown setting '$key' = $value\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	815 $errors = 1;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	816 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	817 } elsif (/^\s\"?([a-zA-Z0-9_]+)\"?\s=>?\s\"(.?)\",?\s*$/) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	818 my $key = uc($1);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	819 my $value = $2;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	820 if ($key eq "SCANFILE") {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	821 push(@scanfiles_def, $value);
8 29ddb6b9b521 Moar changes! Matti Hamalainen <ccr@tnsp.org> parents: 7 diff changeset	822 } elsif ($key eq "NOBLOCK_IPS") {
7 ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	823 push(@noblock_ips_def, $value);
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	824 } elsif (defined($settings{$key})) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	825 $settings{$key} = $value;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	826 } else {
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	827 mlog(-1, "[$filename:$line] Unknown setting '$key' = '$value'\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	828 $errors = 1;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	829 }
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	830 # Force dry run mode if we are reporting only
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	831 if ($reportmode) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	832 $settings{"DRY_RUN"} = 1;
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	833 }
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	834 } else {
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	835 mlog(-1, "[$filename:$line] Syntax error: $_\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	836 $errors = 1;
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	837 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	838 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	839 close(CONFFILE);
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	840 return $errors;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	841 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	842
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	843 ### Read all configuration files
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	844 sub malt_configure
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	845 {
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	846 # Let user define his/her own logfiles to scan
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	847 @scanfiles_def = ();
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	848 undef(@scanfiles_def);
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	849 foreach my $filename (@configfiles) {
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	850 mdie("Errors in configuration file '$filename', bailing out.\n")
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	851 unless (malt_read_config($filename) == 0);
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	852 }
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	853
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	854 mdie("SYSACCT_MIN_UID must be >= 1.\n") unless ($settings{"SYSACCT_MIN_UID"} >= 1);
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	855 mdie("SYSACCT_MAX_UID must be >= SYSACCT_MIN_UID.\n") unless ($settings{"SYSACCT_MAX_UID"} >= $settings{"SYSACCT_MIN_UID"});
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	856
44 471731c79bb3 Add configuration setting for PASSWD file. Matti Hamalainen <ccr@tnsp.org> parents: 40 diff changeset	857 open(PASSWD, "<", $settings{"PASSWD"}) or mdie("Could not open '".$settings{"PASSWD"}."' for reading!\n");
40 24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	858 while (<PASSWD>) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	859 my @fields = split(/\s:\s/);
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	860 if ($fields[2] >= $settings{"SYSACCT_MIN_UID"} && $fields[2] <= $settings{"SYSACCT_MAX_UID"}) {
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	861 $systemacct{$fields[0]} = $fields[2];
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	862 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	863 }
24babaa1e331 Many cleanups and fixes; Example configuration updated. Matti Hamalainen <ccr@tnsp.org> parents: 39 diff changeset	864 close(PASSWD);
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	865 }
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	866
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	867 #############################################################################
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	868 ###
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	869 ### Main program
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	870 ###
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	871 #############################################################################
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	872 # Setup signal handlers
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	873 $SIG{'INT'} = 'malt_int';
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	874 $SIG{'TERM'} = 'malt_term';
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	875 $SIG{'HUP'} = 'malt_hup';
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	876
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	877 # Print banner and help if no arguments
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	878 my $argc = $#ARGV + 1;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	879 if ($argc < 1) {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	880 print $progbanner.
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	881 "\n".
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	882 "Usage: maltfilter <pid filename> [config filename] [config filename...]\n".
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	883 " maltfilter -f [config filename] [config filename...]\n".
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	884 "-f turns on the full report mode.\n";
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	885 exit;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	886 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	887
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	888 # Test pid file existence unless report mode
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	889 $pid_file = shift;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	890 if ($pid_file eq "-f") {
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	891 $reportmode = 1;
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	892 } else {
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	893 mdie("'$pid_file' already exists, not starting.\n".
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	894 "If the daemon is NOT running, remove the pid-file and re-start.\n")
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	895 if (-e $pid_file);
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	896 }
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	897
b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	898 # Read configuration files
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	899 while (defined(my $filename = shift)) {
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	900 push(@configfiles, $filename);
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	901 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	902
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	903 malt_configure();
d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	904
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	905
7 ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	906 # Clean up certain arrays duplicate entries
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	907 my %saw = ();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	908 @scanfiles = grep(!$saw{$_}++, @scanfiles_def);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	909
16 87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	910 %saw = ();
87c0cdc048f5 Many changes and cleanups. Works again. Matti Hamalainen <ccr@tnsp.org> parents: 15 diff changeset	911 @noblock_ips = grep(!$saw{$_}++, @noblock_ips_def);
7 ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	912 undef(%saw);
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	913
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	914 # Open logfile
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	915 if ($settings{"DRY_RUN"}) {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	916 print $progbanner.
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	917 "*********************************************\n".
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	918 "* NOTICE! DRY-RUN MODE ENABLED! No changes *\n".
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	919 "* will actually get committed to netfilter! *\n".
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	920 "*********************************************\n";
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	921 } elsif ($settings{"LOGFILE"} ne "") {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	922 open($LOGFILE, ">>", $settings{"LOGFILE"}) or die("Could not open logfile '".$settings{"LOGFILE"}."' for writing!\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	923 mlog(-1, "Log started\n");
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	924 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	925
7 ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	926 # Test existence of iptables
ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	927 if (! -e $settings{"IPTABLES"} \|\| ! -x $settings{"IPTABLES"}) {
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	928 mdie("iptables binary does not exist or is not executable: ".$settings{"IPTABLES"}."\n");
7 ee5f7b8dcdea Features, yay. Matti Hamalainen <ccr@tnsp.org> parents: 4 diff changeset	929 }
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	930
8 29ddb6b9b521 Moar changes! Matti Hamalainen <ccr@tnsp.org> parents: 7 diff changeset	931 mlog(-1, "Not blocking following IPs: ".join(", ", @noblock_ips)."\n");
29ddb6b9b521 Moar changes! Matti Hamalainen <ccr@tnsp.org> parents: 7 diff changeset	932
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	933 # Initialize
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	934 malt_init();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	935
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	936 # Fork to background, unless dry-running
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	937 if ($settings{"DRY_RUN"}) {
15 b05d0f0ff106 Cleanups in progress, does not work. Matti Hamalainen <ccr@tnsp.org> parents: 13 diff changeset	938 if ($reportmode) {
11 26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	939 mlog(-1, "Outputting report files.\n");
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	940 generate_status($settings{"STATUS_FILE_PLAIN"}, 0);
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	941 generate_status($settings{"STATUS_FILE_HTML"}, 1);
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	942 malt_cleanup();
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	943 } else {
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	944 malt_scan();
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	945 malt_cleanup();
26c2cc5077aa Added reporting functionality. Matti Hamalainen <ccr@tnsp.org> parents: 8 diff changeset	946 }
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	947 } else {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	948 if (my $pid = fork) {
39 d96229159abc v0.11.0: More fixes; Configuration files are now re-read when HUP signal is Matti Hamalainen <ccr@tnsp.org> parents: 37 diff changeset	949 open(PIDFILE, ">", $pid_file) or mdie("Could not open pid file '".$pid_file."' for writing!\n");
0 fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	950 print PIDFILE "$pid\n";
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	951 close(PIDFILE);
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	952 } else {
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	953 malt_scan();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	954 malt_cleanup();
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	955 }
fec14263801d Initial import of maltfilter development version. Matti Hamalainen <ccr@tnsp.org> parents: diff changeset	956 }

Mercurial > hg > maltfilter

annotate maltfilter @ 45:d239356229cd maltfilter-0.12.1