perl-install/standalone/drakids


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

#!/usr/bin/perl

use strict;
use lib qw(/usr/lib/libDrakX);
use common;

use Socket;
use mygtk2 qw(gtknew);
use POSIX qw(strftime);
use network::activefw;

use Gtk2::SimpleList;

use ugtk2 qw(:create :helpers :wrappers);

my $blacklist = Gtk2::SimpleList->new(addr => 'hidden',
                                      N("Date") => 'text',
                                      N("Attacker") => 'text',
                                      N("Attack type") => 'text',
                                      N("Service") => 'text',
                                      N("Network interface") => 'text',
                                      N("Protocol") => 'text',
                                  );
$blacklist->get_selection->set_mode ('multiple');

my $activefw = activefw->new(sub {
    my ($con, $msg) = @_;
    handle_blacklist($msg->get_args_list) if
      $msg->get_interface eq "com.mandrakesoft.activefirewall" &&
      $msg->get_path eq "/com/mandrakesoft/activefirewall" &&
      $msg->get_member eq "Blacklist";

    clear_blacklist() if
      $msg->get_interface eq "com.mandrakesoft.activefirewall" &&
      $msg->get_path eq "/com/mandrakesoft/activefirewall" &&
      $msg->get_member eq "Clear";

    handle_init() if
      $msg->get_interface eq "com.mandrakesoft.activefirewall" &&
      $msg->get_path eq "/com/mandrakesoft/activefirewall" &&
      $msg->get_member eq "Init";
});
init_blacklist();

my $w = ugtk2->new(N("Active Firewall : Blacklist"));
gtkpack($w->{window},
        gtknew('VBox', spacing => 5, children => [
            1, gtknew('ScrolledWindow', width => 600, height => 400, child => $blacklist),
            0, gtknew('HBox', children_loose => [
                   gtknew('HButtonBox', layout => 'start', children_loose => [
                       gtknew('Button', text => N("Remove from blacklist"), clicked => \&unblacklist)
                   ]),
                   gtknew('HButtonBox', layout => 'end', children_loose => [
                       gtknew('Button', text => N("Quit"), clicked => sub { Gtk2->main_quit })
                   ])
            ]),
        ]));
$w->show;
Gtk2->main;

ugtk2::exit(0);

sub handle_init {
    $activefw->find_daemon;
    init_blacklist();
}

sub init_blacklist {
    my @packets = $activefw->get_blacklist;
    while (my @blacklist = splice(@packets, 0, 8)) {
        handle_blacklist(@blacklist);
    }
}

sub clear_blacklist {
    @{$blacklist->{data}} = ();
}

sub handle_blacklist {
    my ($timestamp, $indev, $prefix, $sensor, $protocol, $addr, $port, $icmp_type) = @_;
    push @{$blacklist->{data}}, [
        $addr,
        activefw::format_date($timestamp),
        activefw::resolve_address(activefw::get_ip_address($addr)),
        $prefix eq 'SCAN' ? N("Port scanning") :
        $prefix eq 'SERV' ? N("Service attack") :
        $prefix eq 'PASS' ? N("Password cracking") :
        '',
        activefw::get_service($port) || '',
        $indev,
        $protocol || '',
    ];
}

sub unblacklist {
    my @addr = uniq(map { $blacklist->{data}->[$_]->[0] } $blacklist->get_selected_indices);
    $activefw->unblacklist($_) foreach @addr;
}