1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
#!/usr/bin/perl
use strict;
use lib qw(/usr/lib/libDrakX);
use common;
use Socket;
use mygtk2 qw(gtknew);
use POSIX qw(strftime);
use network::activefw;
use Gtk2::SimpleList;
use ugtk2 qw(:create :helpers :wrappers);
my $blacklist = Gtk2::SimpleList->new(addr => 'hidden',
N("Date") => 'text',
N("Attacker") => 'text',
N("Attack type") => 'text',
N("Service") => 'text',
N("Network interface") => 'text',
N("Protocol") => 'text',
);
$blacklist->get_selection->set_mode('multiple');
my $activefw = activefw->new(sub {
my ($con, $msg) = @_;
handle_blacklist($msg->get_args_list) if
$msg->get_interface eq "com.mandrakesoft.activefirewall" &&
$msg->get_path eq "/com/mandrakesoft/activefirewall" &&
$msg->get_member eq "Blacklist";
clear_blacklist() if
$msg->get_interface eq "com.mandrakesoft.activefirewall" &&
$msg->get_path eq "/com/mandrakesoft/activefirewall" &&
$msg->get_member eq "Clear";
handle_init() if
$msg->get_interface eq "com.mandrakesoft.activefirewall" &&
$msg->get_path eq "/com/mandrakesoft/activefirewall" &&
$msg->get_member eq "Init";
});
init_blacklist();
my $w = ugtk2->new(N("Active Firewall : Blacklist"));
gtkpack($w->{window},
gtknew('VBox', spacing => 5, children => [
1, gtknew('ScrolledWindow', width => 600, height => 400, child => $blacklist),
0, gtknew('HBox', children_loose => [
gtknew('HButtonBox', layout => 'start', children_loose => [
gtknew('Button', text => N("Remove from blacklist"), clicked => \&unblacklist)
]),
gtknew('HButtonBox', layout => 'end', children_loose => [
gtknew('Button', text => N("Quit"), clicked => sub { Gtk2->main_quit })
])
]),
]));
$w->show;
Gtk2->main;
ugtk2::exit(0);
sub handle_init {
$activefw->find_daemon;
init_blacklist();
}
sub init_blacklist {
my @packets = $activefw->get_blacklist;
while (my @blacklist = splice(@packets, 0, 8)) {
handle_blacklist(@blacklist);
}
}
sub clear_blacklist {
@{$blacklist->{data}} = ();
}
sub handle_blacklist {
my ($timestamp, $indev, $prefix, $sensor, $protocol, $addr, $port, $icmp_type) = @_;
push @{$blacklist->{data}}, [
$addr,
activefw::format_date($timestamp),
activefw::resolve_address(activefw::get_ip_address($addr)),
$prefix eq 'SCAN' ? N("Port scanning") :
$prefix eq 'SERV' ? N("Service attack") :
$prefix eq 'PASS' ? N("Password cracking") :
'',
activefw::get_service($port) || '',
$indev,
$protocol || '',
];
}
sub unblacklist {
my @addr = uniq(map { $blacklist->{data}[$_][0] } $blacklist->get_selected_indices);
$activefw->unblacklist($_) foreach @addr;
#- delete from the list even if the above calls were unsuccessful
@{$blacklist->{data}} = grep { !member($_->[0], @addr) } @{$blacklist->{data}};
}
|