From db90d54abfd141e1047a853b1c074bd57e907f9a Mon Sep 17 00:00:00 2001 From: Olivier Blin Date: Mon, 14 Feb 2005 16:43:41 +0000 Subject: active firewall support --- perl-install/standalone/net_applet | 170 ++++++++++++++++++++++++++++++++++++- 1 file changed, 167 insertions(+), 3 deletions(-) (limited to 'perl-install/standalone/net_applet') diff --git a/perl-install/standalone/net_applet b/perl-install/standalone/net_applet index 9836a821c..0dca7d17f 100644 --- a/perl-install/standalone/net_applet +++ b/perl-install/standalone/net_applet @@ -9,6 +9,13 @@ use Digest::MD5; use network::netconnect; use network::tools; +use Net::DBus; +use Net::DBus::Binding::Watch; +use Gtk2::Helper; +use Socket; +use mygtk2 qw(gtknew); +use POSIX qw(strftime); + use Gtk2::TrayIcon; use ugtk2 qw(:create :helpers :wrappers); @@ -74,6 +81,8 @@ if ($opt eq '--force' || $opt eq '-f') { setAutoStart('TRUE') } shouldStart() or die "$onstartupfile should be set to TRUE or use net_applet --force"; +my ($dbus_con, $dbus_daemon, $interactive_ids) = initDBus(); + checkNetwork(); cronNetwork(); @@ -143,7 +152,6 @@ sub go2State { } sub setState { my ($state_type, $interface) = @_; - my $checkmi; my $arr = $appletstate{$state_type}{menu}; my $tmp = gtkcreate_pixbuf($appletstate{$state_type}{colour}[0]); $img->set_from_pixbuf($tmp); @@ -155,8 +163,10 @@ sub setState { $menu->append(gtksignal_connect(gtkshow(Gtk2::MenuItem->new_with_label($name)), activate => sub { $launch->($interface) })); } $menu->append(gtkshow(Gtk2::SeparatorMenuItem->new)); - $menu->append(gtksignal_connect(gtkset_active($checkmi = Gtk2::CheckMenuItem->new_with_label(N("Always launch on startup")), shouldStart()), toggled => sub { setAutoStart(uc(bool2text($checkmi->get_active))) })); - $checkmi->show; + $menu->append(gtkshow(gtksignal_connect(gtkset_active(Gtk2::CheckMenuItem->new_with_label(N("Interactive intrusion detection")), $interactive_ids), + toggled => sub { setInteractiveIDS(to_bool($_[0]->get_active)) }))); + $menu->append(gtkshow(gtksignal_connect(gtkset_active(Gtk2::CheckMenuItem->new_with_label(N("Always launch on startup")), shouldStart()), + toggled => sub { setAutoStart(uc(bool2text($_[0]->get_active))) }))); $menu->append(gtksignal_connect(gtkshow(Gtk2::MenuItem->new_with_label(N("Quit"))), activate => sub { mainQuit() })); $menu; } @@ -171,3 +181,157 @@ sub setAutoStart { ); } +sub setDBusWatch { + my ($con) = @_; + $con->set_watch_callbacks(sub { + my ($con, $watch) = @_; + my $flags = $watch->get_flags; + #print "watch callback (enable)\n"; + if ($flags & &Net::DBus::Binding::Watch::READABLE) { + Gtk2::Helper->add_watch($watch->get_fileno, 'in', sub { + #print "READABLE event\n"; + $watch->handle(&Net::DBus::Binding::Watch::READABLE); + $con->dispatch; + 1; + }); + } + # do nothing for WRITABLE watch, we dispatch when needed + }, sub { + my ($con, $watch) = @_; + #print "watch callback (disable)\n"; + }, sub { + my ($con, $watch) = @_; + #print "watch callback (toggle)\n"; + }); +} + +sub initDBus { + my $bus = Net::DBus->system; + my $con = $bus->{connection}; + + $con->add_filter(sub { + my ($con, $msg) = @_; + if ($msg->get_interface eq "com.mandrakesoft.activefirewall" && + $msg->get_path eq "/com/mandrakesoft/activefirewall") { + $msg->get_member eq "Attack" and handleAttack($msg->get_args_list); + } + }); + $con->add_match("type='signal',interface='com.mandrakesoft.activefirewall'"); + + setDBusWatch($con); + $con->dispatch; + + my $service = $bus->get_service("com.mandrakesoft.activefirewall.daemon"); + my $daemon = $service->get_object("/com/mandrakesoft/activefirewall", "com.mandrakesoft.activefirewall.daemon"); + + my $mode; + eval { + $mode = $daemon->GetMode; + }; + if ($@) { + print "exception: $@\n"; + $con->dispatch; + return; + } + return $con, $daemon, $mode; +} + +sub handleAttack { + my ($seq, $timestamp, $indev, $prefix, $sensor, $protocol, $addr, $port, $icmp_type) = @_; + + use Data::Dumper; + print Dumper(\@_); + + my $ip_addr = join(".", unpack('C4', $addr)); + #- try to resolve address, timeout after 2 seconds + my $hostname; + eval { + local $SIG{ALRM} = sub { die "ALARM" }; + alarm 2; + $hostname = gethostbyaddr(inet_aton($ip_addr), AF_INET); + alarm 0; + }; + $hostname ||= $ip_addr; + + my $service = getservbyport($port, undef) || $port; + + my $msg = $prefix eq "SCAN" ? N("A port scanning attack has been attempted by %s.", $hostname) + : $prefix eq "SERV" ? N("The %s service has been attacked by %s.", $service , $hostname) + : $prefix eq "PASS" ? N("A password cracking attack has been attempted by %s.", $hostname) + : undef; + unless ($msg) { + print "unhandled attack type, skipping\n"; + return; + } + + $ugtk2::wm_icon = "/usr/lib/libDrakX/icons/drakfirewall.png"; + my $w = ugtk2->new(N("Active Firewall : intrusion detected")); + local $::no_separator = 1; + + gtkadd($w->{window}, + gtknew('VBox', spacing => 5, children_loose => [ + gtknew('HBox', children => [ + 0, Gtk2::Image->new_from_stock('gtk-dialog-warning', 'dialog'), + 0, gtknew('Label', text => " "), + 1, gtknew('VBox', children => [ + 0, $msg, + 0, N("Do you want to blacklist the attacker ?") + ]) + ]), + gtknew('HBox', children_loose => [ + gtknew('HButtonBox', layout => 'start', children_loose => [ + gtknew('Button', text => N("No"), + clicked => sub { dbus_blacklist($seq, 0); Gtk2->main_quit }) + ]), + gtknew('HButtonBox', layout => 'end', children_loose => [ + my $ok = gtknew('Button', text => N("Yes"), + clicked => sub { dbus_blacklist($seq, 1); Gtk2->main_quit }) + ]) + ]), + gtkadd(Gtk2::Expander->new(N("Attack details")), + gtknew('HBox', children => [ + 0, gtknew('Label', text => " "), + 1, gtknew('VBox', children_loose => [ + N("Attack time: %s", strftime("%c", localtime($timestamp))), + N("Network interface: %s", $indev), + N("Attack type: %s", $prefix), + if_($protocol, N("Protocol: %s", $protocol)), + N("Attacker IP address: %s", $ip_addr), + if_($hostname ne $ip_addr, N("Attacker hostname: %s", $hostname)), + if_($service, N("Service attacked: %s", $service)), + if_($port, N("Port attacked: %s", $port)), + if_($icmp_type, N("Type of ICMP attack: %s", $icmp_type)) + ]) + ])), + ])); + $ok->grab_focus; + $w->main; + + #- blacklist or allow attacker +} + +sub dbus_blacklist { + my ($seq, $blacklist) = @_; + eval { + $dbus_daemon->Blacklist(Net::DBus::Binding::Value->new(&Net::DBus::Binding::Message::TYPE_UINT32, $seq), + Net::DBus::Binding::Value->new(&Net::DBus::Binding::Message::TYPE_UINT32, $blacklist)); + }; + if ($@) { + print "exception: $@\n"; + $dbus_con->dispatch; + return; + } +} + +sub setInteractiveIDS { + my ($mode) = @_; + print "setting new IDS mode: $mode\n"; + eval { + $dbus_daemon->SetMode(Net::DBus::Binding::Value->new(&Net::DBus::Binding::Message::TYPE_UINT32, $mode)); + }; + if ($@) { + print "exception: $@\n"; + $dbus_con->dispatch; + return; + } +} -- cgit v1.2.1