summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOlivier Blin <oblin@mandriva.org>2005-02-14 16:43:41 +0000
committerOlivier Blin <oblin@mandriva.org>2005-02-14 16:43:41 +0000
commitdb90d54abfd141e1047a853b1c074bd57e907f9a (patch)
treec050a03e887f02db336b3358daf3ff5e8ffa208a
parentb361b41ab92f0a8addec5a6c19000dc32a225d11 (diff)
downloaddrakx-db90d54abfd141e1047a853b1c074bd57e907f9a.tar
drakx-db90d54abfd141e1047a853b1c074bd57e907f9a.tar.gz
drakx-db90d54abfd141e1047a853b1c074bd57e907f9a.tar.bz2
drakx-db90d54abfd141e1047a853b1c074bd57e907f9a.tar.xz
drakx-db90d54abfd141e1047a853b1c074bd57e907f9a.zip
active firewall support
-rw-r--r--perl-install/standalone/net_applet170
1 files changed, 167 insertions, 3 deletions
diff --git a/perl-install/standalone/net_applet b/perl-install/standalone/net_applet
index 9836a821c..0dca7d17f 100644
--- a/perl-install/standalone/net_applet
+++ b/perl-install/standalone/net_applet
@@ -9,6 +9,13 @@ use Digest::MD5;
use network::netconnect;
use network::tools;
+use Net::DBus;
+use Net::DBus::Binding::Watch;
+use Gtk2::Helper;
+use Socket;
+use mygtk2 qw(gtknew);
+use POSIX qw(strftime);
+
use Gtk2::TrayIcon;
use ugtk2 qw(:create :helpers :wrappers);
@@ -74,6 +81,8 @@ if ($opt eq '--force' || $opt eq '-f') { setAutoStart('TRUE') }
shouldStart() or die "$onstartupfile should be set to TRUE or use net_applet --force";
+my ($dbus_con, $dbus_daemon, $interactive_ids) = initDBus();
+
checkNetwork();
cronNetwork();
@@ -143,7 +152,6 @@ sub go2State {
}
sub setState {
my ($state_type, $interface) = @_;
- my $checkmi;
my $arr = $appletstate{$state_type}{menu};
my $tmp = gtkcreate_pixbuf($appletstate{$state_type}{colour}[0]);
$img->set_from_pixbuf($tmp);
@@ -155,8 +163,10 @@ sub setState {
$menu->append(gtksignal_connect(gtkshow(Gtk2::MenuItem->new_with_label($name)), activate => sub { $launch->($interface) }));
}
$menu->append(gtkshow(Gtk2::SeparatorMenuItem->new));
- $menu->append(gtksignal_connect(gtkset_active($checkmi = Gtk2::CheckMenuItem->new_with_label(N("Always launch on startup")), shouldStart()), toggled => sub { setAutoStart(uc(bool2text($checkmi->get_active))) }));
- $checkmi->show;
+ $menu->append(gtkshow(gtksignal_connect(gtkset_active(Gtk2::CheckMenuItem->new_with_label(N("Interactive intrusion detection")), $interactive_ids),
+ toggled => sub { setInteractiveIDS(to_bool($_[0]->get_active)) })));
+ $menu->append(gtkshow(gtksignal_connect(gtkset_active(Gtk2::CheckMenuItem->new_with_label(N("Always launch on startup")), shouldStart()),
+ toggled => sub { setAutoStart(uc(bool2text($_[0]->get_active))) })));
$menu->append(gtksignal_connect(gtkshow(Gtk2::MenuItem->new_with_label(N("Quit"))), activate => sub { mainQuit() }));
$menu;
}
@@ -171,3 +181,157 @@ sub setAutoStart {
);
}
+sub setDBusWatch {
+ my ($con) = @_;
+ $con->set_watch_callbacks(sub {
+ my ($con, $watch) = @_;
+ my $flags = $watch->get_flags;
+ #print "watch callback (enable)\n";
+ if ($flags & &Net::DBus::Binding::Watch::READABLE) {
+ Gtk2::Helper->add_watch($watch->get_fileno, 'in', sub {
+ #print "READABLE event\n";
+ $watch->handle(&Net::DBus::Binding::Watch::READABLE);
+ $con->dispatch;
+ 1;
+ });
+ }
+ # do nothing for WRITABLE watch, we dispatch when needed
+ }, sub {
+ my ($con, $watch) = @_;
+ #print "watch callback (disable)\n";
+ }, sub {
+ my ($con, $watch) = @_;
+ #print "watch callback (toggle)\n";
+ });
+}
+
+sub initDBus {
+ my $bus = Net::DBus->system;
+ my $con = $bus->{connection};
+
+ $con->add_filter(sub {
+ my ($con, $msg) = @_;
+ if ($msg->get_interface eq "com.mandrakesoft.activefirewall" &&
+ $msg->get_path eq "/com/mandrakesoft/activefirewall") {
+ $msg->get_member eq "Attack" and handleAttack($msg->get_args_list);
+ }
+ });
+ $con->add_match("type='signal',interface='com.mandrakesoft.activefirewall'");
+
+ setDBusWatch($con);
+ $con->dispatch;
+
+ my $service = $bus->get_service("com.mandrakesoft.activefirewall.daemon");
+ my $daemon = $service->get_object("/com/mandrakesoft/activefirewall", "com.mandrakesoft.activefirewall.daemon");
+
+ my $mode;
+ eval {
+ $mode = $daemon->GetMode;
+ };
+ if ($@) {
+ print "exception: $@\n";
+ $con->dispatch;
+ return;
+ }
+ return $con, $daemon, $mode;
+}
+
+sub handleAttack {
+ my ($seq, $timestamp, $indev, $prefix, $sensor, $protocol, $addr, $port, $icmp_type) = @_;
+
+ use Data::Dumper;
+ print Dumper(\@_);
+
+ my $ip_addr = join(".", unpack('C4', $addr));
+ #- try to resolve address, timeout after 2 seconds
+ my $hostname;
+ eval {
+ local $SIG{ALRM} = sub { die "ALARM" };
+ alarm 2;
+ $hostname = gethostbyaddr(inet_aton($ip_addr), AF_INET);
+ alarm 0;
+ };
+ $hostname ||= $ip_addr;
+
+ my $service = getservbyport($port, undef) || $port;
+
+ my $msg = $prefix eq "SCAN" ? N("A port scanning attack has been attempted by %s.", $hostname)
+ : $prefix eq "SERV" ? N("The %s service has been attacked by %s.", $service , $hostname)
+ : $prefix eq "PASS" ? N("A password cracking attack has been attempted by %s.", $hostname)
+ : undef;
+ unless ($msg) {
+ print "unhandled attack type, skipping\n";
+ return;
+ }
+
+ $ugtk2::wm_icon = "/usr/lib/libDrakX/icons/drakfirewall.png";
+ my $w = ugtk2->new(N("Active Firewall : intrusion detected"));
+ local $::no_separator = 1;
+
+ gtkadd($w->{window},
+ gtknew('VBox', spacing => 5, children_loose => [
+ gtknew('HBox', children => [
+ 0, Gtk2::Image->new_from_stock('gtk-dialog-warning', 'dialog'),
+ 0, gtknew('Label', text => " "),
+ 1, gtknew('VBox', children => [
+ 0, $msg,
+ 0, N("Do you want to blacklist the attacker ?")
+ ])
+ ]),
+ gtknew('HBox', children_loose => [
+ gtknew('HButtonBox', layout => 'start', children_loose => [
+ gtknew('Button', text => N("No"),
+ clicked => sub { dbus_blacklist($seq, 0); Gtk2->main_quit })
+ ]),
+ gtknew('HButtonBox', layout => 'end', children_loose => [
+ my $ok = gtknew('Button', text => N("Yes"),
+ clicked => sub { dbus_blacklist($seq, 1); Gtk2->main_quit })
+ ])
+ ]),
+ gtkadd(Gtk2::Expander->new(N("Attack details")),
+ gtknew('HBox', children => [
+ 0, gtknew('Label', text => " "),
+ 1, gtknew('VBox', children_loose => [
+ N("Attack time: %s", strftime("%c", localtime($timestamp))),
+ N("Network interface: %s", $indev),
+ N("Attack type: %s", $prefix),
+ if_($protocol, N("Protocol: %s", $protocol)),
+ N("Attacker IP address: %s", $ip_addr),
+ if_($hostname ne $ip_addr, N("Attacker hostname: %s", $hostname)),
+ if_($service, N("Service attacked: %s", $service)),
+ if_($port, N("Port attacked: %s", $port)),
+ if_($icmp_type, N("Type of ICMP attack: %s", $icmp_type))
+ ])
+ ])),
+ ]));
+ $ok->grab_focus;
+ $w->main;
+
+ #- blacklist or allow attacker
+}
+
+sub dbus_blacklist {
+ my ($seq, $blacklist) = @_;
+ eval {
+ $dbus_daemon->Blacklist(Net::DBus::Binding::Value->new(&Net::DBus::Binding::Message::TYPE_UINT32, $seq),
+ Net::DBus::Binding::Value->new(&Net::DBus::Binding::Message::TYPE_UINT32, $blacklist));
+ };
+ if ($@) {
+ print "exception: $@\n";
+ $dbus_con->dispatch;
+ return;
+ }
+}
+
+sub setInteractiveIDS {
+ my ($mode) = @_;
+ print "setting new IDS mode: $mode\n";
+ eval {
+ $dbus_daemon->SetMode(Net::DBus::Binding::Value->new(&Net::DBus::Binding::Message::TYPE_UINT32, $mode));
+ };
+ if ($@) {
+ print "exception: $@\n";
+ $dbus_con->dispatch;
+ return;
+ }
+}