Mercurial > syslog2iptables
comparison src/syslogconfig.cpp @ 27:28fec0c67646
make add/remove commands configureable
| author | carl |
|---|---|
| date | Sun, 12 Feb 2006 10:54:03 -0800 |
| parents | ec051169fdfd |
| children | 6465d8640489 |
comparison
equal
deleted
inserted
replaced
| 26:00bd0b0ef015 | 27:28fec0c67646 |
|---|---|
| 25 #include <arpa/inet.h> | 25 #include <arpa/inet.h> |
| 26 #include <netdb.h> | 26 #include <netdb.h> |
| 27 #include <limits.h> | 27 #include <limits.h> |
| 28 | 28 |
| 29 static char* syslogconfig_version = "$Id$"; | 29 static char* syslogconfig_version = "$Id$"; |
| 30 static char* iptables = "/sbin/iptables"; | 30 |
| 31 | 31 char *token_add; |
| 32 char *token_bucket; | 32 char *token_bucket; |
| 33 char *token_file; | 33 char *token_file; |
| 34 char *token_ignore; | 34 char *token_ignore; |
| 35 char *token_include; | 35 char *token_include; |
| 36 char *token_index; | 36 char *token_index; |
| 37 char *token_lbrace; | 37 char *token_lbrace; |
| 38 char *token_pattern; | 38 char *token_pattern; |
| 39 char *token_rbrace; | 39 char *token_rbrace; |
| 40 char *token_remove; | |
| 40 char *token_semi; | 41 char *token_semi; |
| 41 char *token_slash; | 42 char *token_slash; |
| 42 char *token_threshold; | 43 char *token_threshold; |
| 43 | 44 |
| 44 struct ltint | 45 struct ltint |
| 139 if (added) { | 140 if (added) { |
| 140 bucket &b = violations[ip]; | 141 bucket &b = violations[ip]; |
| 141 if (con.looking(ip) && (b.count > t)) { | 142 if (con.looking(ip) && (b.count > t)) { |
| 142 in_addr ad; | 143 in_addr ad; |
| 143 ad.s_addr = htonl(ip); | 144 ad.s_addr = htonl(ip); |
| 144 snprintf(buf, maxlen, "count=%d %s -A INPUT --src %s --jump DROP", b.count, iptables, inet_ntoa(ad)); | 145 snprintf(buf, maxlen, con.add_command, inet_ntoa(ad)); |
| 145 system(buf); | 146 system(buf); |
| 146 } | 147 } |
| 147 } | 148 } |
| 148 else { | 149 else { |
| 149 in_addr ad; | 150 in_addr ad; |
| 150 ad.s_addr = htonl(ip); | 151 ad.s_addr = htonl(ip); |
| 151 snprintf(buf, maxlen, "%s -D INPUT --src %s --jump DROP", iptables, inet_ntoa(ad)); | 152 snprintf(buf, maxlen, con.remove_command, inet_ntoa(ad)); |
| 152 system(buf); | 153 system(buf); |
| 153 } | 154 } |
| 154 } | 155 } |
| 155 | 156 |
| 156 | 157 |
| 234 // | 235 // |
| 235 CONFIG::CONFIG() { | 236 CONFIG::CONFIG() { |
| 236 reference_count = 0; | 237 reference_count = 0; |
| 237 generation = 0; | 238 generation = 0; |
| 238 load_time = 0; | 239 load_time = 0; |
| 240 threshold = 500; | |
| 241 add_command = "/sbin/iptables -I INPUT --src %s --jump DROP"; | |
| 242 remove_command = "/sbin/iptables -D INPUT --src %s --jump DROP"; | |
| 239 } | 243 } |
| 240 | 244 |
| 241 | 245 |
| 242 CONFIG::~CONFIG() { | 246 CONFIG::~CONFIG() { |
| 243 for (syslogconfig_list::iterator i=syslogconfigs.begin(); i!=syslogconfigs.end(); i++) { | 247 for (syslogconfig_list::iterator i=syslogconfigs.begin(); i!=syslogconfigs.end(); i++) { |
| 258 } | 262 } |
| 259 | 263 |
| 260 | 264 |
| 261 void CONFIG::dump() { | 265 void CONFIG::dump() { |
| 262 printf(" threshold %d; \n\n", threshold); | 266 printf(" threshold %d; \n\n", threshold); |
| 267 | |
| 268 printf(" add_command \"%s\"; \n", add_command); | |
| 269 printf(" remove_command \"%s\"; \n\n", remove_command); | |
| 263 | 270 |
| 264 printf(" ignore { \n"); | 271 printf(" ignore { \n"); |
| 265 for (ippair_list::iterator i=ignore.begin(); i!=ignore.end(); i++) { | 272 for (ippair_list::iterator i=ignore.begin(); i!=ignore.end(); i++) { |
| 266 IPPAIR &p = *i; | 273 IPPAIR &p = *i; |
| 267 in_addr ip; | 274 in_addr ip; |
| 612 if (!tsa(tok, token_semi)) return false; | 619 if (!tsa(tok, token_semi)) return false; |
| 613 } | 620 } |
| 614 else if (have == token_ignore) { | 621 else if (have == token_ignore) { |
| 615 if (!parse_ignore(tok, dc)) return false; | 622 if (!parse_ignore(tok, dc)) return false; |
| 616 } | 623 } |
| 624 else if (have == token_add) { | |
| 625 have = tok.next(); | |
| 626 dc.set_add(have); | |
| 627 if (!tsa(tok, token_semi)) return false; | |
| 628 } | |
| 629 else if (have == token_remove) { | |
| 630 have = tok.next(); | |
| 631 dc.set_remove(have); | |
| 632 if (!tsa(tok, token_semi)) return false; | |
| 633 } | |
| 617 else if (have == token_file) { | 634 else if (have == token_file) { |
| 618 if (!parse_syslogconfig(tok, dc)) return false; | 635 if (!parse_syslogconfig(tok, dc)) return false; |
| 619 count++; | 636 count++; |
| 620 } | 637 } |
| 621 else { | 638 else { |
| 630 | 647 |
| 631 //////////////////////////////////////////////// | 648 //////////////////////////////////////////////// |
| 632 // init the tokens | 649 // init the tokens |
| 633 // | 650 // |
| 634 void token_init() { | 651 void token_init() { |
| 652 token_add = register_string("add_command"); | |
| 635 token_bucket = register_string("bucket"); | 653 token_bucket = register_string("bucket"); |
| 636 token_file = register_string("file"); | 654 token_file = register_string("file"); |
| 637 token_ignore = register_string("ignore"); | 655 token_ignore = register_string("ignore"); |
| 638 token_include = register_string("include"); | 656 token_include = register_string("include"); |
| 639 token_index = register_string("index"); | 657 token_index = register_string("index"); |
| 640 token_lbrace = register_string("{"); | 658 token_lbrace = register_string("{"); |
| 641 token_pattern = register_string("pattern"); | 659 token_pattern = register_string("pattern"); |
| 642 token_rbrace = register_string("}"); | 660 token_rbrace = register_string("}"); |
| 661 token_remove = register_string("remove_command"); | |
| 643 token_semi = register_string(";"); | 662 token_semi = register_string(";"); |
| 644 token_slash = register_string("/"); | 663 token_slash = register_string("/"); |
| 645 token_threshold = register_string("threshold"); | 664 token_threshold = register_string("threshold"); |
| 646 } | 665 } |