Mercurial > hg > maltfilter
comparison maltfilter @ 79:9095db0fad8f
v0.18.0: Bunch of bugfixes; logfile trailing/scanning speed improved; memory
usage improvements.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Sat, 29 Aug 2009 05:24:31 +0300 |
parents | 4769aad8bd14 |
children | 4e3f87470426 |
comparison
equal
deleted
inserted
replaced
78:dfd1a49d1042 | 79:9095db0fad8f |
---|---|
9 use strict; | 9 use strict; |
10 use Date::Parse; | 10 use Date::Parse; |
11 use Net::IP; | 11 use Net::IP; |
12 use Net::DNS; | 12 use Net::DNS; |
13 use LWP::UserAgent; | 13 use LWP::UserAgent; |
14 | 14 use IO::Seekable; |
15 my $progversion = "0.17.2"; | 15 |
16 my $progversion = "0.18.0"; | |
16 my $progbanner = | 17 my $progbanner = |
17 "Malicious Attack Livid Termination Filter daemon (maltfilter) v$progversion\n". | 18 "Malicious Attack Livid Termination Filter daemon (maltfilter) v$progversion\n". |
18 "Programmed by Matti 'ccr' Hamalainen <ccr\@tnsp.org>\n". | 19 "Programmed by Matti 'ccr' Hamalainen <ccr\@tnsp.org>\n". |
19 "(C) Copyright 2009 Tecnic Software productions (TNSP)\n"; | 20 "(C) Copyright 2009 Tecnic Software productions (TNSP)\n"; |
20 | 21 |
778 | 779 |
779 ### Get current Netfilter INPUT table entries that match | 780 ### Get current Netfilter INPUT table entries that match |
780 ### entry types we manage, e.g. filterlist | 781 ### entry types we manage, e.g. filterlist |
781 sub update_filterlist($) | 782 sub update_filterlist($) |
782 { | 783 { |
784 my $first = $_[0]; | |
783 return unless ($settings{"FILTER"} > 0); | 785 return unless ($settings{"FILTER"} > 0); |
784 my $first = $_[0]; | |
785 mlog(0, "Updating initial filterlist from netfilter.\n") unless ($first > 0); | |
786 | 786 |
787 $ENV{"PATH"} = ""; | 787 $ENV{"PATH"} = ""; |
788 open(STATUS, $settings{"IPTABLES"}." -v -n -L INPUT |") or | 788 open(STATUS, $settings{"IPTABLES"}." -v -n -L INPUT |") or |
789 mdie("Could not execute ".$settings{"IPTABLES"}."\n"); | 789 mdie("Could not execute ".$settings{"IPTABLES"}."\n"); |
790 my %newlist = (); | 790 my %newlist = (); |
791 undef(%newlist); | 791 undef(%newlist); |
792 while (<STATUS>) { | 792 while (<STATUS>) { |
793 chomp; | 793 chomp; |
794 if (/^\s*(\d+)\s+\d+\s+$settings{"FILTER_TARGET"}\s+all\s+--\s+\*\s+\*\s+(\d+\.\d+\.\d+\.\d+)\s+0\.0\.0\.0\/0\s*$/) { | 794 if (/^\s*(\d+)\s+\d+\s+$settings{"FILTER_TARGET"}\s+all\s+--\s+\*\s+\*\s+(\d+\.\d+\.\d+\.\d+)\s+0\.0\.0\.0\/0\s*$/) { |
795 my $mip = $2; | 795 my $mip = $2; |
796 my $mdate = time(); | |
797 if (!defined($filterlist{$mip})) { | 796 if (!defined($filterlist{$mip})) { |
798 mlog(2, "* $mip appeared in iptables.\n") unless ($first < 0); | 797 mlog(2, "* $mip appeared in iptables.\n") unless ($first < 0); |
799 $filterlist{$2} = $mdate; | 798 $filterlist{$2} = time(); |
800 } | 799 } |
801 $newlist{$2} = $mdate; | 800 $newlist{$2} = 1; |
802 update_entry(\%statlist, $mip, -1, "IPTABLES", "", 0); | 801 update_entry(\%statlist, $mip, -1, "IPTABLES", "", 0); |
803 } | 802 } |
804 } | 803 } |
805 close(STATUS); | 804 close(STATUS); |
806 | 805 |
846 return unless ($settings{"FILTER"} > 0 && $reportmode == 0); | 845 return unless ($settings{"FILTER"} > 0 && $reportmode == 0); |
847 | 846 |
848 # Weed blocked entries. | 847 # Weed blocked entries. |
849 my @mips = keys %filterlist; | 848 my @mips = keys %filterlist; |
850 foreach my $mip (@mips) { | 849 foreach my $mip (@mips) { |
851 if (defined($filterlist{$mip})) { | 850 if (defined($statlist{$mip})) { |
852 if ($filterlist{$mip} >= 0) { | 851 if ($statlist{$mip}{"date2"} >= 0) { |
853 weed_do($mip) unless check_time1($filterlist{$mip}); | 852 weed_do($mip) unless check_time1($statlist{$mip}{"date2"}); |
854 } else { | 853 } else { |
855 weed_do($mip); | 854 weed_do($mip); |
856 } | 855 } |
856 } elsif (defined($filterlist{$mip})) { | |
857 weed_do($mip); | |
857 } | 858 } |
858 } | 859 } |
859 | 860 |
860 # Clean up old entries from other lists | 861 # Clean up old entries from other lists |
861 foreach my $mip (keys %statlist) { | 862 foreach my $mip (keys %statlist) { |
1091 my $counter = -1; | 1092 my $counter = -1; |
1092 while (1) { | 1093 while (1) { |
1093 my %filepos = (); | 1094 my %filepos = (); |
1094 foreach my $filename (keys %filehandles) { | 1095 foreach my $filename (keys %filehandles) { |
1095 for ($filepos{$filename} = tell($filehandles{$filename}); | 1096 for ($filepos{$filename} = tell($filehandles{$filename}); |
1096 $_ = <$filehandles{$filename}>; | 1097 $_ = readline($filehandles{$filename}); |
1097 $filepos{$filename} = tell($filehandles{$filename})) { | 1098 $filepos{$filename} = tell($filehandles{$filename})) { |
1098 chomp; | 1099 chomp($_); |
1099 check_log_line($_); | 1100 check_log_line($_); |
1100 } | 1101 } |
1102 } | |
1103 sleep(1); | |
1104 foreach my $filename (keys %filehandles) { | |
1105 seek($filehandles{$filename}, $filepos{$filename}, 0); | |
1101 } | 1106 } |
1102 if ($counter < 0 || $counter++ >= 30) { | 1107 if ($counter < 0 || $counter++ >= 30) { |
1103 # Every once in a while, execute maintenance functions | 1108 # Every once in a while, execute maintenance functions |
1104 $counter = 0; | 1109 $counter = 0; |
1105 malt_maintenance(); | 1110 malt_maintenance(); |
1106 } | |
1107 sleep(1); | |
1108 foreach my $filename (keys %filehandles) { | |
1109 seek($filehandles{$filename}, $filepos{$filename}, 0); | |
1110 } | 1111 } |
1111 } | 1112 } |
1112 } | 1113 } |
1113 | 1114 |
1114 ### Read one configuration file | 1115 ### Read one configuration file |