diff options
author | Pascal Rigaux <pixel@mandriva.com> | 2007-04-25 12:26:16 +0000 |
---|---|---|
committer | Pascal Rigaux <pixel@mandriva.com> | 2007-04-25 12:26:16 +0000 |
commit | c6ba983db7d5a82ee63599e775be0f8211447c72 (patch) | |
tree | 574602cdd540158aa8759fe794f4e02443ece030 /lib/network/ifw.pm | |
parent | d1f10dedeb008689c1a6c60daf939b57c149a7af (diff) | |
download | drakx-net-c6ba983db7d5a82ee63599e775be0f8211447c72.tar drakx-net-c6ba983db7d5a82ee63599e775be0f8211447c72.tar.gz drakx-net-c6ba983db7d5a82ee63599e775be0f8211447c72.tar.bz2 drakx-net-c6ba983db7d5a82ee63599e775be0f8211447c72.tar.xz drakx-net-c6ba983db7d5a82ee63599e775be0f8211447c72.zip |
re-sync after the big svn loss
Diffstat (limited to 'lib/network/ifw.pm')
-rw-r--r-- | lib/network/ifw.pm | 141 |
1 files changed, 141 insertions, 0 deletions
diff --git a/lib/network/ifw.pm b/lib/network/ifw.pm new file mode 100644 index 0000000..40ff0ac --- /dev/null +++ b/lib/network/ifw.pm @@ -0,0 +1,141 @@ +package network::ifw; + +use Socket; +use common; + +our @ISA = qw(dbus_object); + +sub new { + my ($type, $bus, $filter) = @_; + + my $con = $bus->{connection}; + $con->add_filter($filter); + $con->add_match("type='signal',interface='com.mandriva.monitoring.ifw'"); + + require dbus_object; + my $o = dbus_object::new($type, + $bus, + "com.mandriva.monitoring", + "/com/mandriva/monitoring/ifw", + "com.mandriva.monitoring.ifw"); + dbus_object::set_gtk2_watch($o); + $o; +} + +sub set_blacklist_verdict { + my ($o, $seq, $blacklist) = @_; + $o->call_method('SetBlacklistVerdict', Net::DBus::dbus_uint32($seq), Net::DBus::dbus_uint32($blacklist)); +} + +sub unblacklist { + my ($o, $addr) = @_; + $o->call_method('UnBlacklist', Net::DBus::dbus_uint32($addr)); +} + +sub whitelist { + my ($o, $addr) = @_; + $o->call_method('Whitelist', Net::DBus::dbus_uint32($addr)); +} + +sub unwhitelist { + my ($o, $addr) = @_; + $o->call_method('UnWhitelist', Net::DBus::dbus_uint32($addr)); +} + +sub get_interactive { + my ($o) = @_; + $o->call_method('GetMode'); +} + +sub set_interactive { + my ($o, $mode) = @_; + $o->call_method('SetMode', Net::DBus::dbus_uint32($mode)); +} + +sub get_reports { + my ($o, $o_include_processed) = @_; + $o->call_method('GetReports', Net::DBus::dbus_uint32(to_bool($o_include_processed))); +} + +sub get_blacklist { + my ($o) = @_; + $o->call_method('GetBlacklist'); +} + +sub get_whitelist { + my ($o) = @_; + $o->call_method('GetWhitelist'); +} + +sub clear_processed_reports { + my ($o) = @_; + $o->call_method('ClearProcessedReports'); +} + +sub send_alert_ack { + my ($o) = @_; + $o->call_method('SendAlertAck'); +} + +sub send_manage_request { + my ($o) = @_; + $o->call_method('SendManageRequest'); +} + +sub format_date { + my ($timestamp) = @_; + require c; + c::strftime("%c", localtime($timestamp)); +} + +sub get_service { + my ($port) = @_; + getservbyport($port, undef) || $port; +} + +sub get_protocol { + my ($protocol) = @_; + getprotobynumber($protocol) || $protocol; +} + +sub get_ip_address { + my ($addr) = @_; + inet_ntoa(pack('L', $addr)); +} + +sub resolve_address { + my ($ip_addr) = @_; + #- try to resolve address, timeout after 2 seconds + my $hostname; + eval { + local $SIG{ALRM} = sub { die "ALARM" }; + alarm 2; + $hostname = gethostbyaddr(inet_aton($ip_addr), AF_INET); + alarm 0; + }; + $hostname || $ip_addr; +} + +sub attack_to_hash { + my ($args) = @_; + my $attack = { mapn { $_[0] => $_[1] } [ 'timestamp', 'indev', 'prefix', 'sensor', 'protocol', 'addr', 'port', 'icmp_type', 'seq', 'processed' ], $args }; + $attack->{port} = unpack('S', pack('n', $attack->{port})); + $attack->{date} = format_date($attack->{timestamp}); + $attack->{ip_addr} = get_ip_address($attack->{addr}); + $attack->{hostname} = resolve_address($attack->{ip_addr}); + $attack->{protocol} = get_protocol($attack->{protocol}); + $attack->{service} = get_service($attack->{port}); + $attack->{type} = + $attack->{prefix} eq 'SCAN' ? N("Port scanning") + : $attack->{prefix} eq 'SERV' ? N("Service attack") + : $attack->{prefix} eq 'PASS' ? N("Password cracking") + : N(qq("%s" attack), $attack->{prefix}); + $attack->{msg} = + $attack->{prefix} eq "SCAN" ? N("A port scanning attack has been attempted by %s.", $attack->{hostname}) + : $attack->{prefix} eq "SERV" ? N("The %s service has been attacked by %s.", $attack->{service}, $attack->{hostname}) + : $attack->{prefix} eq "PASS" ? N("A password cracking attack has been attempted by %s.", $attack->{hostname}) + : N(qq(A "%s" attack has been attempted by %s), $attack->{prefix}, $attack->{hostname}); + $attack; +} + +1; |