diff options
Diffstat (limited to 'lib/network/ifw.pm')
-rw-r--r-- | lib/network/ifw.pm | 160 |
1 files changed, 160 insertions, 0 deletions
diff --git a/lib/network/ifw.pm b/lib/network/ifw.pm new file mode 100644 index 0000000..2509b93 --- /dev/null +++ b/lib/network/ifw.pm @@ -0,0 +1,160 @@ +package network::ifw; + +use Socket; +use common; + +our @ISA = qw(dbus_object); + +sub init { + my ($bus, $filter) = @_; + my $con = $bus->{connection}; + $con->add_filter($filter); + $con->add_match("type='signal',interface='org.mageia.monitoring.ifw'"); +} + +sub new { + my ($type, $bus) = @_; + require dbus_object; + my $o = dbus_object::new($type, + $bus, + "org.mageia.monitoring", + "/org/mageia/monitoring/ifw", + "org.mageia.monitoring.ifw"); + $o; +} + +sub set_blacklist_verdict { + my ($o, $seq, $blacklist) = @_; + $o->call_method('SetBlacklistVerdict', Net::DBus::dbus_uint32($seq), Net::DBus::dbus_uint32($blacklist)); +} + +sub unblacklist { + my ($o, $addr) = @_; + $o->call_method('UnBlacklist', Net::DBus::dbus_uint32($addr)); +} + +sub whitelist { + my ($o, $addr) = @_; + $o->call_method('Whitelist', Net::DBus::dbus_uint32($addr)); +} + +sub unwhitelist { + my ($o, $addr) = @_; + $o->call_method('UnWhitelist', Net::DBus::dbus_uint32($addr)); +} + +sub get_interactive { + my ($o) = @_; + $o->call_method('GetMode'); +} + +sub set_interactive { + my ($o, $mode) = @_; + $o->call_method('SetMode', Net::DBus::dbus_uint32($mode)); +} + +sub get_reports { + my ($o, $o_include_processed) = @_; + $o->call_method('GetReports', Net::DBus::dbus_uint32(to_bool($o_include_processed))); +} + +sub get_blacklist { + my ($o) = @_; + $o->call_method('GetBlacklist'); +} + +sub get_whitelist { + my ($o) = @_; + $o->call_method('GetWhitelist'); +} + +sub clear_processed_reports { + my ($o) = @_; + $o->call_method('ClearProcessedReports'); +} + +sub send_alert_ack { + my ($o) = @_; + $o->call_method('SendAlertAck'); +} + +sub send_manage_request { + my ($o) = @_; + $o->call_method('SendManageRequest'); +} + +sub format_date { + my ($timestamp) = @_; + require c; + # "%c" has strange effects on utf-8 locales + #c::strftime("%c", localtime($timestamp)); + c::strftime("%Y-%m-%d %H:%M:%S", localtime($timestamp)); +} + +sub get_service { + my ($port) = @_; + getservbyport($port, undef) || $port; +} + +sub get_protocol { + my ($protocol) = @_; + getprotobynumber($protocol) || $protocol; +} + +sub get_ip_address { + my ($addr) = @_; + inet_ntoa(pack('L', $addr)); +} + +sub resolve_address { + my ($ip_addr) = @_; + #- try to resolve address, timeout after 2 seconds + my $hostname; + eval { + local $SIG{ALRM} = sub { die "ALARM" }; + alarm 2; + $hostname = gethostbyaddr(inet_aton($ip_addr), AF_INET); + alarm 0; + }; + $hostname || $ip_addr; +} + +sub attack_to_hash { + my ($args) = @_; + my $attack = { mapn { $_[0] => $_[1] } [ 'timestamp', 'indev', 'prefix', 'sensor', 'protocol', 'addr', 'port', 'icmp_type', 'seq', 'processed' ], $args }; + $attack->{port} = unpack('S', pack('n', $attack->{port})); + $attack->{date} = format_date($attack->{timestamp}); + $attack->{ip_addr} = get_ip_address($attack->{addr}); + $attack->{hostname} = resolve_address($attack->{ip_addr}); + $attack->{protocol} = get_protocol($attack->{protocol}); + $attack->{service} = get_service($attack->{port}); + $attack->{type} = + $attack->{prefix} eq 'SCAN' ? N("Port scanning") + : $attack->{prefix} eq 'SERV' ? N("Service attack") + : $attack->{prefix} eq 'PASS' ? N("Password cracking") + : $attack->{prefix} eq 'NEW' ? N("New connection") + : N(qq("%s" attack), $attack->{prefix}); + $attack->{msg} = + $attack->{prefix} eq "SCAN" ? N("A port scanning attack has been attempted by %s.", $attack->{hostname}) + : $attack->{prefix} eq "SERV" ? N("The %s service has been attacked by %s.", $attack->{service}, $attack->{hostname}) + : $attack->{prefix} eq "PASS" ? N("A password cracking attack has been attempted by %s.", $attack->{hostname}) + : $attack->{prefix} eq "NEW" ? N("%s is connecting on the %s service.", $attack->{hostname}, $attack->{service}) + : N(qq(A "%s" attack has been attempted by %s), $attack->{prefix}, $attack->{hostname}); + $attack; +} + +sub parse_listen_message { + my ($args) = @_; + my $listen = { mapn { $_[0] => $_[1] } [ 'program', 'port' ], $args }; + $listen->{port} = unpack('S', pack('n', $listen->{port})); + $listen->{service} = get_service($listen->{port}); + $listen->{message} = N("The \"%s\" application is trying to make a service (%s) available to the network.", + $listen->{program}, + $listen->{service} ne $listen->{port} ? $listen->{service} : + #-PO: this should be kept lowercase since the expression is meant to be used between brackets + N("port %d", $listen->{port}), + ); + $listen; +} + +1; |