Mercurial > hg > maltfilter
comparison maltfilter @ 52:8cfb71b296da
Added colour-coded grouping of IP addresses in summary table.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Sun, 16 Aug 2009 03:36:27 +0300 |
| parents | 13e6507ec1bb |
| children | dc072a56f343 |
comparison
equal
deleted
inserted
replaced
| 51:d8d4d598903e | 52:8cfb71b296da |
|---|---|
| 8 ############################################################################# | 8 ############################################################################# |
| 9 use strict; | 9 use strict; |
| 10 use Date::Parse; | 10 use Date::Parse; |
| 11 use Net::IP; | 11 use Net::IP; |
| 12 | 12 |
| 13 my $progversion = "0.12.2"; | 13 my $progversion = "0.12.3"; |
| 14 my $progbanner = | 14 my $progbanner = |
| 15 "Malicious Attack Livid Termination Filter daemon (maltfilter) v$progversion\n". | 15 "Malicious Attack Livid Termination Filter daemon (maltfilter) v$progversion\n". |
| 16 "Programmed by Matti 'ccr' Hamalainen <ccr\@tnsp.org>\n". | 16 "Programmed by Matti 'ccr' Hamalainen <ccr\@tnsp.org>\n". |
| 17 "(C) Copyright 2009 Tecnic Software productions (TNSP)\n"; | 17 "(C) Copyright 2009 Tecnic Software productions (TNSP)\n"; |
| 18 | 18 |
| 233 | 233 |
| 234 sub printTD | 234 sub printTD |
| 235 { | 235 { |
| 236 my $fh = $_[1]; | 236 my $fh = $_[1]; |
| 237 if ($_[0]) { | 237 if ($_[0]) { |
| 238 my $s = defined($_[3]) ? " class=\"$_[3]\"" : ""; | 238 my $s = defined($_[3]) ? " ".$_[3]." " : ""; |
| 239 print $fh "<td".$s.">".$_[2]."</td>"; | 239 print $fh "<td".$s.">".$_[2]."</td>"; |
| 240 } else { | 240 } else { |
| 241 print $fh $_[2]; | 241 print $fh $_[2]; |
| 242 } | 242 } |
| 243 } | 243 } |
| 332 } | 332 } |
| 333 printElem($m, $f, "</table>\n"); | 333 printElem($m, $f, "</table>\n"); |
| 334 printP($m, $f, bb($m).$ntotal.eb($m)." entries total.\n"); | 334 printP($m, $f, bb($m).$ntotal.eb($m)." entries total.\n"); |
| 335 } | 335 } |
| 336 | 336 |
| 337 sub cmp_ips($$$) | |
| 338 { | |
| 339 my @ipa = split(/\./, $_[1]); | |
| 340 my @ipb = split(/\./, $_[2]); | |
| 341 for (my $i = 0; $i < 4; $i++) { | |
| 342 return -1 if ($ipa[$i] > $ipb[$i]); | |
| 343 return 1 if ($ipa[$i] < $ipb[$i]); | |
| 344 } | |
| 345 return 0; | |
| 346 } | |
| 347 | |
| 348 sub test_ips($$) | |
| 349 { | |
| 350 my @ipa = split(/\./, $_[0]); | |
| 351 my @ipb = split(/\./, $_[1]); | |
| 352 for (my $i = 0; $i < 3; $i++) { | |
| 353 return $i if ($ipa[$i] != $ipb[$i]); | |
| 354 } | |
| 355 return 4; | |
| 356 } | |
| 357 | |
| 358 my @ipcolors = ( | |
| 359 "#666", | |
| 360 "#777", | |
| 361 ); | |
| 337 | 362 |
| 338 sub print_table2($$$$$$) | 363 sub print_table2($$$$$$) |
| 339 { | 364 { |
| 340 my ($m, $f, $table, $keys, $func, $class) = @_; | 365 my ($m, $f, $table, $keys, $func, $class) = @_; |
| 341 my $nhits = 0; | 366 my $nhits = 0; |
| 343 my $str2 = "IP-address | Hits | First hit | Latest hit | Class "; | 368 my $str2 = "IP-address | Hits | First hit | Latest hit | Class "; |
| 344 | 369 |
| 345 printElem($m, $f, | 370 printElem($m, $f, |
| 346 "<table class=\"".$class."\">\n<tr>". $str."<th> </th>".$str ."</tr>\n", | 371 "<table class=\"".$class."\">\n<tr>". $str."<th> </th>".$str ."</tr>\n", |
| 347 $str2." || ".$str2."\n"); | 372 $str2." || ".$str2."\n"); |
| 373 | |
| 374 my @previp = ("0.0.0.0", "0.0.0.0"); | |
| 375 my @ncolor = (0, 0); | |
| 348 | 376 |
| 349 my $printEntry = sub { | 377 my $printEntry = sub { |
| 350 my $blocked = defined($blocklist{$_[0]}) ? "blocked" : "unblocked"; | 378 my $blocked = "class=\"".(defined($blocklist{$_[0]}) ? "blocked" : "unblocked")."\""; |
| 351 printTD($m, $f, sprintf("%-15s", get_link($m, $_[0])), $blocked); | 379 if (test_ips($previp[$_[1]], $_[0]) < 3) { |
| 380 $ncolor[$_[1]]++; | |
| 381 } | |
| 382 $previp[$_[1]] = $_[0]; | |
| 383 my $str = "style=\"background: ".$ipcolors[$ncolor[$_[1]] % scalar @ipcolors].";\""; | |
| 384 | |
| 385 printTD($m, $f, sprintf("%-15s", get_link($m, $_[0])), $str); | |
| 352 printElem(!$m, $f, " | "); | 386 printElem(!$m, $f, " | "); |
| 353 printTD($m, $f, sprintf("%-8d ", $table->{$_[0]}{"hits"}), $blocked); | 387 printTD($m, $f, sprintf("%-8d ", $table->{$_[0]}{"hits"}), $blocked); |
| 354 printElem(!$m, $f, " | "); | 388 printElem(!$m, $f, " | "); |
| 355 printTD($m, $f, get_ago_str($table->{$_[0]}{"date1"}), $blocked); | 389 printTD($m, $f, get_ago_str($table->{$_[0]}{"date1"}), $blocked); |
| 356 printElem(!$m, $f, " | "); | 390 printElem(!$m, $f, " | "); |
| 362 }; | 396 }; |
| 363 | 397 |
| 364 my @mkeys = sort { $func->($table, $a, $b) } keys %{$keys}; | 398 my @mkeys = sort { $func->($table, $a, $b) } keys %{$keys}; |
| 365 my $nkeys = scalar @mkeys; | 399 my $nkeys = scalar @mkeys; |
| 366 my $kmax = $nkeys / 2; | 400 my $kmax = $nkeys / 2; |
| 401 | |
| 367 for (my $i = 0; $i <= $kmax; $i++) { | 402 for (my $i = 0; $i <= $kmax; $i++) { |
| 368 printElem($m, $f, " <tr>"); | 403 printElem($m, $f, " <tr>"); |
| 369 if ($i < $kmax) { | 404 if ($i < $kmax) { |
| 370 $printEntry->($mkeys[$i]); | 405 $printEntry->($mkeys[$i], 0); |
| 371 printElem($m, $f, "<th> </th>", " || "); | 406 printElem($m, $f, "<th> </th>", " || "); |
| 372 } | 407 } |
| 373 if ($i + $kmax + 1 < $nkeys) { $printEntry->($mkeys[$i + $kmax + 1]); } | 408 if ($i + $kmax + 1 < $nkeys) { $printEntry->($mkeys[$i + $kmax + 1], 1); } |
| 374 printElem($m, $f, "</tr>\n", "\n"); | 409 printElem($m, $f, "</tr>\n", "\n"); |
| 375 } | 410 } |
| 376 | 411 |
| 377 printElem($m, $f, "</table>\n"); | 412 printElem($m, $f, "</table>\n"); |
| 378 printP($m, $f, bb($m).$nkeys.eb($m)." entries total, ".bb($m).$nhits.eb($m)." hits total.\n"); | 413 printP($m, $f, bb($m).$nkeys.eb($m)." entries total, ".bb($m).$nhits.eb($m)." hits total.\n"); |
| 379 } | |
| 380 | |
| 381 sub cmp_ips($$$) | |
| 382 { | |
| 383 my @ipa = split(/\./, $_[1]); | |
| 384 my @ipb = split(/\./, $_[2]); | |
| 385 for (my $i = 0; $i < 4; $i++) { | |
| 386 return -1 if ($ipa[$i] > $ipb[$i]); | |
| 387 return 1 if ($ipa[$i] < $ipb[$i]); | |
| 388 } | |
| 389 return 0; | |
| 390 } | 414 } |
| 391 | 415 |
| 392 sub cmp_hits($$$) | 416 sub cmp_hits($$$) |
| 393 { | 417 { |
| 394 return $_[0]->{$_[2]}{"hits"} <=> $_[0]->{$_[1]}{"hits"}; | 418 return $_[0]->{$_[2]}{"hits"} <=> $_[0]->{$_[1]}{"hits"}; |
| 459 printP($m, $f, "List of 'hits' of suspicious activity noticed by Maltfilter, but not\n". | 483 printP($m, $f, "List of 'hits' of suspicious activity noticed by Maltfilter, but not\n". |
| 460 "necessarily acted upon. Sorted by descending IP address.\n"); | 484 "necessarily acted upon. Sorted by descending IP address.\n"); |
| 461 print_table2($m, $f, \%statlist, \%statlist, \&cmp_ips, "global"); | 485 print_table2($m, $f, \%statlist, \%statlist, \&cmp_ips, "global"); |
| 462 | 486 |
| 463 printH($m, $f, 2, "Ignored entries"); | 487 printH($m, $f, 2, "Ignored entries"); |
| 464 printP($m, $f, "List of hits that were ignored (not acted upon), because the test was disabled.\n"); | 488 printP($m, $f, "List of hits that were ignored (not acted upon), because the test was disabled.\n". |
| 489 "Notice that the entry may be blocked due to other checks, however.\n"); | |
| 465 print_table1($m, $f, \%ignorelist, \%ignorelist, \&cmp_hits, "ignored"); | 490 print_table1($m, $f, \%ignorelist, \%ignorelist, \&cmp_hits, "ignored"); |
| 466 | 491 |
| 467 printElem($m, $f, "</body>\n</html>\n"); | 492 printElem($m, $f, "</body>\n</html>\n"); |
| 468 close(STATUS); | 493 close(STATUS); |
| 469 } | 494 } |