# HG changeset patch # User Matti Hamalainen # Date 1251641649 -10800 # Node ID 4362bf9e52e475f8a83133af867ca6f48c175f76 # Parent edba50b2819008ad7dbc502557c20bef25b1879c Add sanity checking of DroneBL configuration values; Misc. cleanups. diff -r edba50b28190 -r 4362bf9e52e4 maltfilter --- a/maltfilter Sun Aug 30 05:24:26 2009 +0300 +++ b/maltfilter Sun Aug 30 17:14:09 2009 +0300 @@ -13,7 +13,7 @@ use LWP::UserAgent; use IO::Seekable; -my $progversion = "0.19.0"; +my $progversion = "0.19.1"; my $progbanner = "Malicious Attack Livid Termination Filter daemon (maltfilter) v$progversion\n". "Programmed by Matti 'ccr' Hamalainen \n". @@ -530,9 +530,13 @@ sub dronebl_process { - return if ($dronebl_suspend-- > 0); return unless ($settings{"DRONEBL"} > 0); + if ($dronebl_suspend > 0) { + $dronebl_suspend--; + return; + } + # Create submission data my $xml = "\n\n"; my $entries = 0; @@ -577,8 +581,8 @@ } if ($type eq "success") { - mlog(1, "[DroneBL] Succesfully submitted $entries entries.\n$msg\n"); $dronebl_errors = 0; + mlog(1, "[DroneBL] Succesfully submitted $entries entries.\n"); while (my ($ip, $entry) = each(%dronebl)) { $entry->{"sent"} = 1; $statlist{$ip}{"dronebl"} = 2 if defined($statlist{$ip}); @@ -603,8 +607,11 @@ $dronebl_errors++; } + # Check error counts if ($dronebl_errors >= $settings{"DRONEBL_MAX_ERRORS"}) { - mlog(-1, "Temporarily disabling DroneBL submissions due to too many errors for next ".$settings{"DRONEBL_SUSPEND"}. " rounds.\n"); + # Only log suspension message if don't have recent previous errors + mlog(-1, "Temporarily disabling DroneBL submissions due to too many errors for next ".$settings{"DRONEBL_SUSPEND"}. " rounds.\n") + if ($dronebl_errors == $settings{"DRONEBL_MAX_ERRORS"}); $dronebl_suspend = $settings{"DRONEBL_SUSPEND"}; } @@ -625,7 +632,7 @@ return if check_hosts_array(\@noaction_ips, $mip); if (!defined($dronebl{$mip})) { - mlog(3, "[DroneBL] Queueing $mip \@ $mdate ($mtype)\n"); + mlog(2, "[DroneBL] Queueing $mip \@ $mdate (type $mtype)\n"); $dronebl{$mip}{"type"} = $mtype; $dronebl{$mip}{"date"} = $mdate; $dronebl{$mip}{"sent"} = 0; @@ -1245,7 +1252,19 @@ # Sanitize DroneBL configuration if ($settings{"DRONEBL"} > 0) { - mdie("DroneBL RPC key not set.\n") unless ($settings{"DRONEBL_RPC_KEY"} ne ""); + mdie("DroneBL enabled, but DRONEBL_RPC_KEY not set.\n") unless ($settings{"DRONEBL_RPC_KEY"} ne ""); + + $val = $settings{"DRONEBL_MAX_AGE"}; + mdie("Invalid DRONEBL_MAX_AGE value $val, must be > 10.\n") unless ($val > 10); + + $val = $settings{"DRONEBL_THRESHOLD"}; + mdie("Invalid DRONEBL_THRESHOLD value $val, must be >= 0.\n") unless ($val >= 0); + + $val = $settings{"DRONEBL_MAX_ERRORS"}; + mdie("Invalid DRONEBL_MAX_ERRORS value $val, must be >= 0.\n") unless ($val >= 0); + + $val = $settings{"DRONEBL_SUSPEND"}; + mdie("Invalid DRONEBL_SUSPEND value $val, must be >= 1.\n") unless ($val >= 1); } # Check system account / passwd settings