Mercurial > hg > maltfilter
comparison maltfilter @ 79:9095db0fad8f
v0.18.0: Bunch of bugfixes; logfile trailing/scanning speed improved; memory
usage improvements.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Sat, 29 Aug 2009 05:24:31 +0300 |
| parents | 4769aad8bd14 |
| children | 4e3f87470426 |
comparison
equal
deleted
inserted
replaced
| 78:dfd1a49d1042 | 79:9095db0fad8f |
|---|---|
| 9 use strict; | 9 use strict; |
| 10 use Date::Parse; | 10 use Date::Parse; |
| 11 use Net::IP; | 11 use Net::IP; |
| 12 use Net::DNS; | 12 use Net::DNS; |
| 13 use LWP::UserAgent; | 13 use LWP::UserAgent; |
| 14 | 14 use IO::Seekable; |
| 15 my $progversion = "0.17.2"; | 15 |
| 16 my $progversion = "0.18.0"; | |
| 16 my $progbanner = | 17 my $progbanner = |
| 17 "Malicious Attack Livid Termination Filter daemon (maltfilter) v$progversion\n". | 18 "Malicious Attack Livid Termination Filter daemon (maltfilter) v$progversion\n". |
| 18 "Programmed by Matti 'ccr' Hamalainen <ccr\@tnsp.org>\n". | 19 "Programmed by Matti 'ccr' Hamalainen <ccr\@tnsp.org>\n". |
| 19 "(C) Copyright 2009 Tecnic Software productions (TNSP)\n"; | 20 "(C) Copyright 2009 Tecnic Software productions (TNSP)\n"; |
| 20 | 21 |
| 778 | 779 |
| 779 ### Get current Netfilter INPUT table entries that match | 780 ### Get current Netfilter INPUT table entries that match |
| 780 ### entry types we manage, e.g. filterlist | 781 ### entry types we manage, e.g. filterlist |
| 781 sub update_filterlist($) | 782 sub update_filterlist($) |
| 782 { | 783 { |
| 784 my $first = $_[0]; | |
| 783 return unless ($settings{"FILTER"} > 0); | 785 return unless ($settings{"FILTER"} > 0); |
| 784 my $first = $_[0]; | |
| 785 mlog(0, "Updating initial filterlist from netfilter.\n") unless ($first > 0); | |
| 786 | 786 |
| 787 $ENV{"PATH"} = ""; | 787 $ENV{"PATH"} = ""; |
| 788 open(STATUS, $settings{"IPTABLES"}." -v -n -L INPUT |") or | 788 open(STATUS, $settings{"IPTABLES"}." -v -n -L INPUT |") or |
| 789 mdie("Could not execute ".$settings{"IPTABLES"}."\n"); | 789 mdie("Could not execute ".$settings{"IPTABLES"}."\n"); |
| 790 my %newlist = (); | 790 my %newlist = (); |
| 791 undef(%newlist); | 791 undef(%newlist); |
| 792 while (<STATUS>) { | 792 while (<STATUS>) { |
| 793 chomp; | 793 chomp; |
| 794 if (/^\s*(\d+)\s+\d+\s+$settings{"FILTER_TARGET"}\s+all\s+--\s+\*\s+\*\s+(\d+\.\d+\.\d+\.\d+)\s+0\.0\.0\.0\/0\s*$/) { | 794 if (/^\s*(\d+)\s+\d+\s+$settings{"FILTER_TARGET"}\s+all\s+--\s+\*\s+\*\s+(\d+\.\d+\.\d+\.\d+)\s+0\.0\.0\.0\/0\s*$/) { |
| 795 my $mip = $2; | 795 my $mip = $2; |
| 796 my $mdate = time(); | |
| 797 if (!defined($filterlist{$mip})) { | 796 if (!defined($filterlist{$mip})) { |
| 798 mlog(2, "* $mip appeared in iptables.\n") unless ($first < 0); | 797 mlog(2, "* $mip appeared in iptables.\n") unless ($first < 0); |
| 799 $filterlist{$2} = $mdate; | 798 $filterlist{$2} = time(); |
| 800 } | 799 } |
| 801 $newlist{$2} = $mdate; | 800 $newlist{$2} = 1; |
| 802 update_entry(\%statlist, $mip, -1, "IPTABLES", "", 0); | 801 update_entry(\%statlist, $mip, -1, "IPTABLES", "", 0); |
| 803 } | 802 } |
| 804 } | 803 } |
| 805 close(STATUS); | 804 close(STATUS); |
| 806 | 805 |
| 846 return unless ($settings{"FILTER"} > 0 && $reportmode == 0); | 845 return unless ($settings{"FILTER"} > 0 && $reportmode == 0); |
| 847 | 846 |
| 848 # Weed blocked entries. | 847 # Weed blocked entries. |
| 849 my @mips = keys %filterlist; | 848 my @mips = keys %filterlist; |
| 850 foreach my $mip (@mips) { | 849 foreach my $mip (@mips) { |
| 851 if (defined($filterlist{$mip})) { | 850 if (defined($statlist{$mip})) { |
| 852 if ($filterlist{$mip} >= 0) { | 851 if ($statlist{$mip}{"date2"} >= 0) { |
| 853 weed_do($mip) unless check_time1($filterlist{$mip}); | 852 weed_do($mip) unless check_time1($statlist{$mip}{"date2"}); |
| 854 } else { | 853 } else { |
| 855 weed_do($mip); | 854 weed_do($mip); |
| 856 } | 855 } |
| 856 } elsif (defined($filterlist{$mip})) { | |
| 857 weed_do($mip); | |
| 857 } | 858 } |
| 858 } | 859 } |
| 859 | 860 |
| 860 # Clean up old entries from other lists | 861 # Clean up old entries from other lists |
| 861 foreach my $mip (keys %statlist) { | 862 foreach my $mip (keys %statlist) { |
| 1091 my $counter = -1; | 1092 my $counter = -1; |
| 1092 while (1) { | 1093 while (1) { |
| 1093 my %filepos = (); | 1094 my %filepos = (); |
| 1094 foreach my $filename (keys %filehandles) { | 1095 foreach my $filename (keys %filehandles) { |
| 1095 for ($filepos{$filename} = tell($filehandles{$filename}); | 1096 for ($filepos{$filename} = tell($filehandles{$filename}); |
| 1096 $_ = <$filehandles{$filename}>; | 1097 $_ = readline($filehandles{$filename}); |
| 1097 $filepos{$filename} = tell($filehandles{$filename})) { | 1098 $filepos{$filename} = tell($filehandles{$filename})) { |
| 1098 chomp; | 1099 chomp($_); |
| 1099 check_log_line($_); | 1100 check_log_line($_); |
| 1100 } | 1101 } |
| 1102 } | |
| 1103 sleep(1); | |
| 1104 foreach my $filename (keys %filehandles) { | |
| 1105 seek($filehandles{$filename}, $filepos{$filename}, 0); | |
| 1101 } | 1106 } |
| 1102 if ($counter < 0 || $counter++ >= 30) { | 1107 if ($counter < 0 || $counter++ >= 30) { |
| 1103 # Every once in a while, execute maintenance functions | 1108 # Every once in a while, execute maintenance functions |
| 1104 $counter = 0; | 1109 $counter = 0; |
| 1105 malt_maintenance(); | 1110 malt_maintenance(); |
| 1106 } | |
| 1107 sleep(1); | |
| 1108 foreach my $filename (keys %filehandles) { | |
| 1109 seek($filehandles{$filename}, $filepos{$filename}, 0); | |
| 1110 } | 1111 } |
| 1111 } | 1112 } |
| 1112 } | 1113 } |
| 1113 | 1114 |
| 1114 ### Read one configuration file | 1115 ### Read one configuration file |