summaryrefslogtreecommitdiffstats
path: root/lib/network/ifw.pm
diff options
context:
space:
mode:
authorPascal Rigaux <pixel@mandriva.com>2007-04-25 12:26:16 +0000
committerPascal Rigaux <pixel@mandriva.com>2007-04-25 12:26:16 +0000
commitc6ba983db7d5a82ee63599e775be0f8211447c72 (patch)
tree574602cdd540158aa8759fe794f4e02443ece030 /lib/network/ifw.pm
parentd1f10dedeb008689c1a6c60daf939b57c149a7af (diff)
downloaddrakx-net-c6ba983db7d5a82ee63599e775be0f8211447c72.tar
drakx-net-c6ba983db7d5a82ee63599e775be0f8211447c72.tar.gz
drakx-net-c6ba983db7d5a82ee63599e775be0f8211447c72.tar.bz2
drakx-net-c6ba983db7d5a82ee63599e775be0f8211447c72.tar.xz
drakx-net-c6ba983db7d5a82ee63599e775be0f8211447c72.zip
re-sync after the big svn loss
Diffstat (limited to 'lib/network/ifw.pm')
-rw-r--r--lib/network/ifw.pm141
1 files changed, 141 insertions, 0 deletions
diff --git a/lib/network/ifw.pm b/lib/network/ifw.pm
new file mode 100644
index 0000000..40ff0ac
--- /dev/null
+++ b/lib/network/ifw.pm
@@ -0,0 +1,141 @@
+package network::ifw;
+
+use Socket;
+use common;
+
+our @ISA = qw(dbus_object);
+
+sub new {
+ my ($type, $bus, $filter) = @_;
+
+ my $con = $bus->{connection};
+ $con->add_filter($filter);
+ $con->add_match("type='signal',interface='com.mandriva.monitoring.ifw'");
+
+ require dbus_object;
+ my $o = dbus_object::new($type,
+ $bus,
+ "com.mandriva.monitoring",
+ "/com/mandriva/monitoring/ifw",
+ "com.mandriva.monitoring.ifw");
+ dbus_object::set_gtk2_watch($o);
+ $o;
+}
+
+sub set_blacklist_verdict {
+ my ($o, $seq, $blacklist) = @_;
+ $o->call_method('SetBlacklistVerdict', Net::DBus::dbus_uint32($seq), Net::DBus::dbus_uint32($blacklist));
+}
+
+sub unblacklist {
+ my ($o, $addr) = @_;
+ $o->call_method('UnBlacklist', Net::DBus::dbus_uint32($addr));
+}
+
+sub whitelist {
+ my ($o, $addr) = @_;
+ $o->call_method('Whitelist', Net::DBus::dbus_uint32($addr));
+}
+
+sub unwhitelist {
+ my ($o, $addr) = @_;
+ $o->call_method('UnWhitelist', Net::DBus::dbus_uint32($addr));
+}
+
+sub get_interactive {
+ my ($o) = @_;
+ $o->call_method('GetMode');
+}
+
+sub set_interactive {
+ my ($o, $mode) = @_;
+ $o->call_method('SetMode', Net::DBus::dbus_uint32($mode));
+}
+
+sub get_reports {
+ my ($o, $o_include_processed) = @_;
+ $o->call_method('GetReports', Net::DBus::dbus_uint32(to_bool($o_include_processed)));
+}
+
+sub get_blacklist {
+ my ($o) = @_;
+ $o->call_method('GetBlacklist');
+}
+
+sub get_whitelist {
+ my ($o) = @_;
+ $o->call_method('GetWhitelist');
+}
+
+sub clear_processed_reports {
+ my ($o) = @_;
+ $o->call_method('ClearProcessedReports');
+}
+
+sub send_alert_ack {
+ my ($o) = @_;
+ $o->call_method('SendAlertAck');
+}
+
+sub send_manage_request {
+ my ($o) = @_;
+ $o->call_method('SendManageRequest');
+}
+
+sub format_date {
+ my ($timestamp) = @_;
+ require c;
+ c::strftime("%c", localtime($timestamp));
+}
+
+sub get_service {
+ my ($port) = @_;
+ getservbyport($port, undef) || $port;
+}
+
+sub get_protocol {
+ my ($protocol) = @_;
+ getprotobynumber($protocol) || $protocol;
+}
+
+sub get_ip_address {
+ my ($addr) = @_;
+ inet_ntoa(pack('L', $addr));
+}
+
+sub resolve_address {
+ my ($ip_addr) = @_;
+ #- try to resolve address, timeout after 2 seconds
+ my $hostname;
+ eval {
+ local $SIG{ALRM} = sub { die "ALARM" };
+ alarm 2;
+ $hostname = gethostbyaddr(inet_aton($ip_addr), AF_INET);
+ alarm 0;
+ };
+ $hostname || $ip_addr;
+}
+
+sub attack_to_hash {
+ my ($args) = @_;
+ my $attack = { mapn { $_[0] => $_[1] } [ 'timestamp', 'indev', 'prefix', 'sensor', 'protocol', 'addr', 'port', 'icmp_type', 'seq', 'processed' ], $args };
+ $attack->{port} = unpack('S', pack('n', $attack->{port}));
+ $attack->{date} = format_date($attack->{timestamp});
+ $attack->{ip_addr} = get_ip_address($attack->{addr});
+ $attack->{hostname} = resolve_address($attack->{ip_addr});
+ $attack->{protocol} = get_protocol($attack->{protocol});
+ $attack->{service} = get_service($attack->{port});
+ $attack->{type} =
+ $attack->{prefix} eq 'SCAN' ? N("Port scanning")
+ : $attack->{prefix} eq 'SERV' ? N("Service attack")
+ : $attack->{prefix} eq 'PASS' ? N("Password cracking")
+ : N(qq("%s" attack), $attack->{prefix});
+ $attack->{msg} =
+ $attack->{prefix} eq "SCAN" ? N("A port scanning attack has been attempted by %s.", $attack->{hostname})
+ : $attack->{prefix} eq "SERV" ? N("The %s service has been attacked by %s.", $attack->{service}, $attack->{hostname})
+ : $attack->{prefix} eq "PASS" ? N("A password cracking attack has been attempted by %s.", $attack->{hostname})
+ : N(qq(A "%s" attack has been attempted by %s), $attack->{prefix}, $attack->{hostname});
+ $attack;
+}
+
+1;