# HG changeset patch # User Matti Hamalainen # Date 1250382987 -10800 # Node ID 8cfb71b296da8f62182e66a50b10a7bdf90ae5ed # Parent d8d4d598903ef9d690ee56fc6e4af275c1e3ebce Added colour-coded grouping of IP addresses in summary table. diff -r d8d4d598903e -r 8cfb71b296da README --- a/README Sun Aug 16 02:59:22 2009 +0300 +++ b/README Sun Aug 16 03:36:27 2009 +0300 @@ -1,4 +1,4 @@ -Malicious Attack Livid Termination Filter daemon (maltfilter) v0.12.2 +Malicious Attack Livid Termination Filter daemon (maltfilter) v0.12.3 ===================================================================== Programmed by Matti 'ccr' Hämäläinen (C) Copyright 2009 Tecnic Software productions (TNSP) diff -r d8d4d598903e -r 8cfb71b296da maltfilter --- a/maltfilter Sun Aug 16 02:59:22 2009 +0300 +++ b/maltfilter Sun Aug 16 03:36:27 2009 +0300 @@ -10,7 +10,7 @@ use Date::Parse; use Net::IP; -my $progversion = "0.12.2"; +my $progversion = "0.12.3"; my $progbanner = "Malicious Attack Livid Termination Filter daemon (maltfilter) v$progversion\n". "Programmed by Matti 'ccr' Hamalainen \n". @@ -235,7 +235,7 @@ { my $fh = $_[1]; if ($_[0]) { - my $s = defined($_[3]) ? " class=\"$_[3]\"" : ""; + my $s = defined($_[3]) ? " ".$_[3]." " : ""; print $fh "".$_[2].""; } else { print $fh $_[2]; @@ -334,6 +334,31 @@ printP($m, $f, bb($m).$ntotal.eb($m)." entries total.\n"); } +sub cmp_ips($$$) +{ + my @ipa = split(/\./, $_[1]); + my @ipb = split(/\./, $_[2]); + for (my $i = 0; $i < 4; $i++) { + return -1 if ($ipa[$i] > $ipb[$i]); + return 1 if ($ipa[$i] < $ipb[$i]); + } + return 0; +} + +sub test_ips($$) +{ + my @ipa = split(/\./, $_[0]); + my @ipb = split(/\./, $_[1]); + for (my $i = 0; $i < 3; $i++) { + return $i if ($ipa[$i] != $ipb[$i]); + } + return 4; +} + +my @ipcolors = ( + "#666", + "#777", +); sub print_table2($$$$$$) { @@ -345,10 +370,19 @@ printElem($m, $f, "\n". $str."".$str ."\n", $str2." || ".$str2."\n"); + + my @previp = ("0.0.0.0", "0.0.0.0"); + my @ncolor = (0, 0); my $printEntry = sub { - my $blocked = defined($blocklist{$_[0]}) ? "blocked" : "unblocked"; - printTD($m, $f, sprintf("%-15s", get_link($m, $_[0])), $blocked); + my $blocked = "class=\"".(defined($blocklist{$_[0]}) ? "blocked" : "unblocked")."\""; + if (test_ips($previp[$_[1]], $_[0]) < 3) { + $ncolor[$_[1]]++; + } + $previp[$_[1]] = $_[0]; + my $str = "style=\"background: ".$ipcolors[$ncolor[$_[1]] % scalar @ipcolors].";\""; + + printTD($m, $f, sprintf("%-15s", get_link($m, $_[0])), $str); printElem(!$m, $f, " | "); printTD($m, $f, sprintf("%-8d ", $table->{$_[0]}{"hits"}), $blocked); printElem(!$m, $f, " | "); @@ -364,13 +398,14 @@ my @mkeys = sort { $func->($table, $a, $b) } keys %{$keys}; my $nkeys = scalar @mkeys; my $kmax = $nkeys / 2; + for (my $i = 0; $i <= $kmax; $i++) { printElem($m, $f, " "); if ($i < $kmax) { - $printEntry->($mkeys[$i]); + $printEntry->($mkeys[$i], 0); printElem($m, $f, "", " || "); } - if ($i + $kmax + 1 < $nkeys) { $printEntry->($mkeys[$i + $kmax + 1]); } + if ($i + $kmax + 1 < $nkeys) { $printEntry->($mkeys[$i + $kmax + 1], 1); } printElem($m, $f, "\n", "\n"); } @@ -378,17 +413,6 @@ printP($m, $f, bb($m).$nkeys.eb($m)." entries total, ".bb($m).$nhits.eb($m)." hits total.\n"); } -sub cmp_ips($$$) -{ - my @ipa = split(/\./, $_[1]); - my @ipb = split(/\./, $_[2]); - for (my $i = 0; $i < 4; $i++) { - return -1 if ($ipa[$i] > $ipb[$i]); - return 1 if ($ipa[$i] < $ipb[$i]); - } - return 0; -} - sub cmp_hits($$$) { return $_[0]->{$_[2]}{"hits"} <=> $_[0]->{$_[1]}{"hits"}; @@ -461,7 +485,8 @@ print_table2($m, $f, \%statlist, \%statlist, \&cmp_ips, "global"); printH($m, $f, 2, "Ignored entries"); - printP($m, $f, "List of hits that were ignored (not acted upon), because the test was disabled.\n"); + printP($m, $f, "List of hits that were ignored (not acted upon), because the test was disabled.\n". + "Notice that the entry may be blocked due to other checks, however.\n"); print_table1($m, $f, \%ignorelist, \%ignorelist, \&cmp_hits, "ignored"); printElem($m, $f, "\n\n");