Mercurial > hg > maltfilter

changeset 18:b0017a324040 maltfilter-0.9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Cleanups; Disable weeding in report mode again; Don't display redundant IPTABLES reasons in blocklist report.
author Matti Hamalainen <ccr@tnsp.org>
date Sat, 15 Aug 2009 21:06:08 +0300
parents fe220b5a975a
children 4ad7550500a7
files maltfilter
diffstat 1 files changed, 16 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/maltfilter	Sat Aug 15 20:42:16 2009 +0300
+++ b/maltfilter	Sat Aug 15 21:06:08 2009 +0300
@@ -261,8 +261,9 @@
     my @reasons = ();
     foreach my $class (sort keys %{$table->{$mip}{"reason"}}) {
       my $msgs;
+      if ($class ne "IPTABLES") {
       if ($reportmode) {
-        my @tmp = @{$table->{$mip}{"reason"}{$class}{"msg"}};
+        my @tmp = reverse(@{$table->{$mip}{"reason"}{$class}{"msg"}});
         if ($#tmp > 5) { $#tmp = 5; }
         foreach (@tmp) { $_ = htmlentities($_); }
         $msgs = join(" ".bb($m)."|".eb($m)." ", @tmp);
@@ -271,6 +272,7 @@
       }
       push(@reasons, bb($m).$class.eb($m)." #".$table->{$mip}{"reason"}{$class}{"hits"}.
         " ( ".$msgs." )");
+      }
     }
     printTD($m, $f, join(", ", @reasons));
     printElem($m, $f, "</tr>\n", "\n");
@@ -309,8 +311,10 @@
   my $kmax = $nkeys / 2;
   for (my $i = 0; $i <= $kmax; $i++) {
     printElem($m, $f, " <tr>");
-    if ($i < $kmax) { $printEntry->($mkeys[$i]); }
-    printElem($m, $f, "<th> </th>", " || ");
+    if ($i < $kmax) {
+      $printEntry->($mkeys[$i]);
+      printElem($m, $f, "<th> </th>", " || ");
+    }
     if ($i + $kmax + 1 < $nkeys) { $printEntry->($mkeys[$i + $kmax + 1]); }
     printElem($m, $f, "</tr>\n", "\n");
   }
@@ -378,13 +382,17 @@
   printP($m, $f,
   "Generated ".bb($m).$mtime.eb($m).". Data computed from ".
   ($reportmode ? "complete logfile scan" : "a period of last $period").".\n");
+  printP($m, $f, "The hit classes marked as 'IPTABLES' are a pseudo-class meaning an\n".
+  "blocked IP that was in Netfilter before Maltfilter was started.\n");
 
   printH($m, $f, 2, "Currently blocked entries");
-  printP($m, $f, "List of IPs that are currently blocked (or would be, if this is a report-only mode).");
+  printP($m, $f, "List of IPs that are currently blocked (or would be, if this is\n".
+  "a report-only mode).");
   printTable1($m, $f, \%statlist, \%blocklist, \&cmp_hits);
 
   printH($m, $f, 2, "Summary of non-ignored entries");
-  printP($m, $f, "List of 'hits' of suspicious activity noticed by Maltfilter, but not necessarily acted upon.\n");
+  printP($m, $f, "List of 'hits' of suspicious activity noticed by Maltfilter, but not\n".
+  "necessarily acted upon. Sorted by descending IP address.\n");
   printTable2($m, $f, \%statlist, \%statlist, \&cmp_ips);
 
   printH($m, $f, 2, "Ignored entries");
@@ -451,10 +459,10 @@
     if (/^\s*(\d+)\s+\d+\s+$settings{"ACTION"}\s+all\s+--\s+\*\s+\*\s+(\d+\.\d+\.\d+\.\d+)\s+0\.0\.0\.0\/0\s*$/) {
       my $mip = $2;
       if (!defined($blocklist{$mip}) && $mdate > 0) {
-        mlog(2, "* $mip appeared in iptables.");
+        mlog(2, "* $mip appeared in iptables.\n");
       }
       $blocklist{$2} = $mdate;
-      update_entry(\%statlist, $mip, $mdate, "?", "From iptables.");
+      update_entry(\%statlist, $mip, $mdate, "IPTABLES", "");
     }
   }
   close(STATUS);
@@ -481,7 +489,7 @@
 sub weed_entries()
 {
   # Don't weed in report mode.
-# return if ($reportmode);
+  return if ($reportmode);
 
   my @mips = keys %blocklist;
   foreach my $mip (@mips) {