Mercurial > syslog2iptables
changeset 76:c6c8a2102a3e
add more logging when blocked addresses move to higher scale values
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Wed, 15 Jul 2020 13:38:43 -0700 |
parents | ae5e6bcc5017 |
children | c6ba792f1a9a |
files | ChangeLog NEWS configure.ac configure.in depcomp html/Makefile.am missing src/Makefile.am src/syslogconfig.cpp src/syslogconfig.h syslog2iptables.spec.in xml/Makefile.am |
diffstat | 12 files changed, 145 insertions(+), 886 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Mon Dec 24 08:31:27 2018 -0800 +++ b/ChangeLog Wed Jul 15 13:38:43 2020 -0700 @@ -1,3 +1,6 @@ +1.18 2020-07-15 + add more logging when blocked addresses move to higher scale values + 1.17 2017-02-09 RHEL7 systemd and /var/run on tmpfs
--- a/NEWS Mon Dec 24 08:31:27 2018 -0800 +++ b/NEWS Wed Jul 15 13:38:43 2020 -0700 @@ -1,3 +1,4 @@ +1.18 2020-07-15 add more logging when blocked addresses move to higher scale values 1.17 2017-02-09 RHEL7 systemd and /var/run on tmpfs 1.16 2015-12-19 good authentication prevents ip blocking for awhile 1.15 2014-10-02 add script to build syslog2iptables.conf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/configure.ac Wed Jul 15 13:38:43 2020 -0700 @@ -0,0 +1,60 @@ + +AC_PREREQ(2.59) +AC_INIT(syslog2iptables,1.18,carl@five-ten-sg.com) +AC_CONFIG_SRCDIR([config.h.in]) +AC_CONFIG_HEADER([config.h]) +AC_CONFIG_MACRO_DIRS([m4]) + +AM_INIT_AUTOMAKE + +# Checks for programs. +AC_PATH_PROGS(BASH, bash) +if test "x$BASH" = x ; then + AC_MSG_ERROR([bash required for init script]) +fi +AC_PROG_CXX +AC_PROG_CC +AC_PROG_CPP +AC_PROG_AWK +AC_PROG_INSTALL +AC_PROG_LN_S +AC_PROG_LIBTOOL +AC_PROG_MAKE_SET + +# Checks for libraries. + +# Checks for header files. +AC_HEADER_SYS_WAIT +AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h regex.h sys/socket.h syslog.h unistd.h]) + +# Checks for typedefs, structures, and compiler characteristics. +AC_HEADER_STDBOOL +AC_C_CONST + +# Checks for library functions. +AC_FUNC_FORK +AC_FUNC_GETPGRP +AC_HEADER_STDC +AC_FUNC_STAT +AC_CHECK_FUNCS([daemon gethostbyname inet_ntoa memchr memmove memset regcomp strdup strtol]) + +AC_CHECK_FUNCS(regexec,,[AC_CHECK_LIB(regex,regexec, + [REGEXLIB=-lregex + AC_DEFINE(HAVE_REGEXEC,1,[Define to 1 if you have the regexec function.])], + [AC_MSG_ERROR([No regex library found])])]) +AC_SUBST(REGEXLIB) + +# check for posix threads +ACX_PTHREAD + +AC_CONFIG_FILES([Makefile + syslog2iptables.rc + syslog2iptables.spec + html/Makefile + info/Makefile + man/Makefile + src/Makefile + xml/Makefile + xml/syslog2iptables]) + +AC_OUTPUT
--- a/configure.in Mon Dec 24 08:31:27 2018 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,60 +0,0 @@ - -AC_PREREQ(2.59) -AC_INIT(syslog2iptables,1.17,carl@five-ten-sg.com) -AC_CONFIG_SRCDIR([config.h.in]) -AC_CONFIG_HEADER([config.h]) - -AM_INIT_AUTOMAKE($PACKAGE_NAME,$PACKAGE_VERSION) - -# Checks for programs. -AC_PATH_PROGS(BASH, bash) -if test "x$BASH" = x ; then - AC_MSG_ERROR([bash required for init script]) -fi -AC_PROG_CXX -AC_PROG_CC -AC_PROG_CPP -AC_PROG_AWK -AC_PROG_INSTALL -AC_PROG_LN_S -AC_PROG_LIBTOOL -AC_PROG_MAKE_SET -AC_PROG_RANLIB - -# Checks for libraries. - -# Checks for header files. -AC_HEADER_SYS_WAIT -AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h regex.h sys/socket.h syslog.h unistd.h]) - -# Checks for typedefs, structures, and compiler characteristics. -AC_HEADER_STDBOOL -AC_C_CONST - -# Checks for library functions. -AC_FUNC_FORK -AC_FUNC_GETPGRP -AC_HEADER_STDC -AC_FUNC_STAT -AC_CHECK_FUNCS([daemon gethostbyname inet_ntoa memchr memmove memset regcomp strdup strtol]) - -AC_CHECK_FUNCS(regexec,,[AC_CHECK_LIB(regex,regexec, - [REGEXLIB=-lregex - AC_DEFINE(HAVE_REGEXEC,1,[Define to 1 if you have the regexec function.])], - [AC_MSG_ERROR([No regex library found])])]) -AC_SUBST(REGEXLIB) - -# check for posix threads -ACX_PTHREAD - -AC_CONFIG_FILES([Makefile - syslog2iptables.rc - syslog2iptables.spec - html/Makefile - info/Makefile - man/Makefile - src/Makefile - xml/Makefile - xml/syslog2iptables]) - -AC_OUTPUT
--- a/depcomp Mon Dec 24 08:31:27 2018 -0800 +++ b/depcomp Wed Jul 15 13:38:43 2020 -0700 @@ -1,441 +1,1 @@ -#! /bin/sh - -# depcomp - compile a program generating dependencies as side-effects -# Copyright 1999, 2000 Free Software Foundation, Inc. - -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2, or (at your option) -# any later version. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA -# 02111-1307, USA. - -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - -# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>. - -if test -z "$depmode" || test -z "$source" || test -z "$object"; then - echo "depcomp: Variables source, object and depmode must be set" 1>&2 - exit 1 -fi -# `libtool' can also be set to `yes' or `no'. - -depfile=${depfile-`echo "$object" | sed 's,\([^/]*\)$,.deps/\1,;s/\.\([^.]*\)$/.P\1/'`} -tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} - -rm -f "$tmpdepfile" - -# Some modes work just like other modes, but use different flags. We -# parameterize here, but still list the modes in the big case below, -# to make depend.m4 easier to write. Note that we *cannot* use a case -# here, because this file can only contain one case statement. -if test "$depmode" = hp; then - # HP compiler uses -M and no extra arg. - gccflag=-M - depmode=gcc -fi - -if test "$depmode" = dashXmstdout; then - # This is just like dashmstdout with a different argument. - dashmflag=-xM - depmode=dashmstdout -fi - -case "$depmode" in -gcc3) -## gcc 3 implements dependency tracking that does exactly what -## we want. Yay! Note: for some reason libtool 1.4 doesn't like -## it if -MD -MP comes after the -MF stuff. Hmm. - "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" - stat=$? - if test $stat -eq 0; then : - else - rm -f "$tmpdepfile" - exit $stat - fi - mv "$tmpdepfile" "$depfile" - ;; - -gcc) -## There are various ways to get dependency output from gcc. Here's -## why we pick this rather obscure method: -## - Don't want to use -MD because we'd like the dependencies to end -## up in a subdir. Having to rename by hand is ugly. -## (We might end up doing this anyway to support other compilers.) -## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like -## -MM, not -M (despite what the docs say). -## - Using -M directly means running the compiler twice (even worse -## than renaming). - if test -z "$gccflag"; then - gccflag=-MD, - fi - "$@" -Wp,"$gccflag$tmpdepfile" - stat=$? - if test $stat -eq 0; then : - else - rm -f "$tmpdepfile" - exit $stat - fi - rm -f "$depfile" - echo "$object : \\" > "$depfile" - alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz -## The second -e expression handles DOS-style file names with drive letters. - sed -e 's/^[^:]*: / /' \ - -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" -## This next piece of magic avoids the `deleted header file' problem. -## The problem is that when a header file which appears in a .P file -## is deleted, the dependency causes make to die (because there is -## typically no way to rebuild the header). We avoid this by adding -## dummy dependencies for each header file. Too bad gcc doesn't do -## this for us directly. - tr ' ' ' -' < "$tmpdepfile" | -## Some versions of gcc put a space before the `:'. On the theory -## that the space means something, we add a space to the output as -## well. -## Some versions of the HPUX 10.20 sed can't process this invocation -## correctly. Breaking it into two sed invocations is a workaround. - sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" - rm -f "$tmpdepfile" - ;; - -hp) - # This case exists only to let depend.m4 do its work. It works by - # looking at the text of this script. This case will never be run, - # since it is checked for above. - exit 1 - ;; - -sgi) - if test "$libtool" = yes; then - "$@" "-Wp,-MDupdate,$tmpdepfile" - else - "$@" -MDupdate "$tmpdepfile" - fi - stat=$? - if test $stat -eq 0; then : - else - rm -f "$tmpdepfile" - exit $stat - fi - rm -f "$depfile" - - if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files - echo "$object : \\" > "$depfile" - - # Clip off the initial element (the dependent). Don't try to be - # clever and replace this with sed code, as IRIX sed won't handle - # lines with more than a fixed number of characters (4096 in - # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; - # the IRIX cc adds comments like `#:fec' to the end of the - # dependency line. - tr ' ' ' -' < "$tmpdepfile" \ - | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \ - tr ' -' ' ' >> $depfile - echo >> $depfile - - # The second pass generates a dummy entry for each header file. - tr ' ' ' -' < "$tmpdepfile" \ - | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ - >> $depfile - else - # The sourcefile does not contain any dependencies, so just - # store a dummy comment line, to avoid errors with the Makefile - # "include basename.Plo" scheme. - echo "#dummy" > "$depfile" - fi - rm -f "$tmpdepfile" - ;; - -aix) - # The C for AIX Compiler uses -M and outputs the dependencies - # in a .u file. This file always lives in the current directory. - # Also, the AIX compiler puts `$object:' at the start of each line; - # $object doesn't have directory information. - stripped=`echo "$object" | sed -e 's,^.*/,,' -e 's/\(.*\)\..*$/\1/'` - tmpdepfile="$stripped.u" - outname="$stripped.o" - if test "$libtool" = yes; then - "$@" -Wc,-M - else - "$@" -M - fi - - stat=$? - if test $stat -eq 0; then : - else - rm -f "$tmpdepfile" - exit $stat - fi - - if test -f "$tmpdepfile"; then - # Each line is of the form `foo.o: dependent.h'. - # Do two passes, one to just change these to - # `$object: dependent.h' and one to simply `dependent.h:'. - sed -e "s,^$outname:,$object :," < "$tmpdepfile" > "$depfile" - sed -e "s,^$outname: \(.*\)$,\1:," < "$tmpdepfile" >> "$depfile" - else - # The sourcefile does not contain any dependencies, so just - # store a dummy comment line, to avoid errors with the Makefile - # "include basename.Plo" scheme. - echo "#dummy" > "$depfile" - fi - rm -f "$tmpdepfile" - ;; - -icc) - # Must come before tru64. - - # Intel's C compiler understands `-MD -MF file'. However - # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c - # will fill foo.d with something like - # foo.o: sub/foo.c - # foo.o: sub/foo.h - # which is wrong. We want: - # sub/foo.o: sub/foo.c - # sub/foo.o: sub/foo.h - # sub/foo.c: - # sub/foo.h: - - "$@" -MD -MF "$tmpdepfile" - stat=$? - if test $stat -eq 0; then : - else - rm -f "$tmpdepfile" - exit $stat - fi - rm -f "$depfile" - # Each line is of the form `foo.o: dependent.h'. - # Do two passes, one to just change these to - # `$object: dependent.h' and one to simply `dependent.h:'. - sed -e "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" - sed -e "s,^[^:]*: \(.*\)$,\1:," < "$tmpdepfile" >> "$depfile" - rm -f "$tmpdepfile" - ;; - -tru64) - # The Tru64 AIX compiler uses -MD to generate dependencies as a side - # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'. - # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put - # dependencies in `foo.d' instead, so we check for that too. - # Subdirectories are respected. - - tmpdepfile1="$object.d" - tmpdepfile2=`echo "$object" | sed -e 's/.o$/.d/'` - if test "$libtool" = yes; then - "$@" -Wc,-MD - else - "$@" -MD - fi - - stat=$? - if test $stat -eq 0; then : - else - rm -f "$tmpdepfile1" "$tmpdepfile2" - exit $stat - fi - - if test -f "$tmpdepfile1"; then - tmpdepfile="$tmpdepfile1" - else - tmpdepfile="$tmpdepfile2" - fi - if test -f "$tmpdepfile"; then - sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" - # That's a space and a tab in the []. - sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" - else - echo "#dummy" > "$depfile" - fi - rm -f "$tmpdepfile" - ;; - -#nosideeffect) - # This comment above is used by automake to tell side-effect - # dependency tracking mechanisms from slower ones. - -dashmstdout) - # Important note: in order to support this mode, a compiler *must* - # always write the proprocessed file to stdout, regardless of -o, - # because we must use -o when running libtool. - test -z "$dashmflag" && dashmflag=-M - ( IFS=" " - case " $* " in - *" --mode=compile "*) # this is libtool, let us make it quiet - for arg - do # cycle over the arguments - case "$arg" in - "--mode=compile") - # insert --quiet before "--mode=compile" - set fnord "$@" --quiet - shift # fnord - ;; - esac - set fnord "$@" "$arg" - shift # fnord - shift # "$arg" - done - ;; - esac - "$@" $dashmflag | sed 's:^[^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile" - ) & - proc=$! - "$@" - stat=$? - wait "$proc" - if test "$stat" != 0; then exit $stat; fi - rm -f "$depfile" - cat < "$tmpdepfile" > "$depfile" - tr ' ' ' -' < "$tmpdepfile" | \ -## Some versions of the HPUX 10.20 sed can't process this invocation -## correctly. Breaking it into two sed invocations is a workaround. - sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" - rm -f "$tmpdepfile" - ;; - -dashXmstdout) - # This case only exists to satisfy depend.m4. It is never actually - # run, as this mode is specially recognized in the preamble. - exit 1 - ;; - -makedepend) - # X makedepend - ( - shift - cleared=no - for arg in "$@"; do - case $cleared in no) - set ""; shift - cleared=yes - esac - case "$arg" in - -D*|-I*) - set fnord "$@" "$arg"; shift;; - -*) - ;; - *) - set fnord "$@" "$arg"; shift;; - esac - done - obj_suffix="`echo $object | sed 's/^.*\././'`" - touch "$tmpdepfile" - ${MAKEDEPEND-makedepend} 2>/dev/null -o"$obj_suffix" -f"$tmpdepfile" "$@" - ) & - proc=$! - "$@" - stat=$? - wait "$proc" - if test "$stat" != 0; then exit $stat; fi - rm -f "$depfile" - cat < "$tmpdepfile" > "$depfile" - tail +3 "$tmpdepfile" | tr ' ' ' -' | \ -## Some versions of the HPUX 10.20 sed can't process this invocation -## correctly. Breaking it into two sed invocations is a workaround. - sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" - rm -f "$tmpdepfile" "$tmpdepfile".bak - ;; - -cpp) - # Important note: in order to support this mode, a compiler *must* - # always write the proprocessed file to stdout, regardless of -o, - # because we must use -o when running libtool. - ( IFS=" " - case " $* " in - *" --mode=compile "*) - for arg - do # cycle over the arguments - case $arg in - "--mode=compile") - # insert --quiet before "--mode=compile" - set fnord "$@" --quiet - shift # fnord - ;; - esac - set fnord "$@" "$arg" - shift # fnord - shift # "$arg" - done - ;; - esac - "$@" -E | - sed -n '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' | - sed '$ s: \\$::' > "$tmpdepfile" - ) & - proc=$! - "$@" - stat=$? - wait "$proc" - if test "$stat" != 0; then exit $stat; fi - rm -f "$depfile" - echo "$object : \\" > "$depfile" - cat < "$tmpdepfile" >> "$depfile" - sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" - rm -f "$tmpdepfile" - ;; - -msvisualcpp) - # Important note: in order to support this mode, a compiler *must* - # always write the proprocessed file to stdout, regardless of -o, - # because we must use -o when running libtool. - ( IFS=" " - case " $* " in - *" --mode=compile "*) - for arg - do # cycle over the arguments - case $arg in - "--mode=compile") - # insert --quiet before "--mode=compile" - set fnord "$@" --quiet - shift # fnord - ;; - esac - set fnord "$@" "$arg" - shift # fnord - shift # "$arg" - done - ;; - esac - "$@" -E | - sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile" - ) & - proc=$! - "$@" - stat=$? - wait "$proc" - if test "$stat" != 0; then exit $stat; fi - rm -f "$depfile" - echo "$object : \\" > "$depfile" - . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile" - echo " " >> "$depfile" - . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::\1\::p' >> "$depfile" - rm -f "$tmpdepfile" - ;; - -none) - exec "$@" - ;; - -*) - echo "Unknown depmode $depmode" 1>&2 - exit 1 - ;; -esac - -exit 0 +/usr/share/automake-1.16/depcomp \ No newline at end of file
--- a/html/Makefile.am Mon Dec 24 08:31:27 2018 -0800 +++ b/html/Makefile.am Wed Jul 15 13:38:43 2020 -0700 @@ -1,3 +1,3 @@ htmldir = ${datadir}/doc/@PACKAGE@-@VERSION@ -html_DATA = index.html rn01re01.html rn01re02.html syslog2iptables.pdf +html_DATA = index.html rn01re01.html rn01re02.html EXTRA_DIST = $(html_DATA)
--- a/missing Mon Dec 24 08:31:27 2018 -0800 +++ b/missing Wed Jul 15 13:38:43 2020 -0700 @@ -1,336 +1,1 @@ -#! /bin/sh -# Common stub for a few missing GNU programs while installing. -# Copyright (C) 1996, 1997, 1999, 2000, 2002 Free Software Foundation, Inc. -# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996. - -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2, or (at your option) -# any later version. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA -# 02111-1307, USA. - -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - -if test $# -eq 0; then - echo 1>&2 "Try \`$0 --help' for more information" - exit 1 -fi - -run=: - -# In the cases where this matters, `missing' is being run in the -# srcdir already. -if test -f configure.ac; then - configure_ac=configure.ac -else - configure_ac=configure.in -fi - -case "$1" in ---run) - # Try to run requested program, and just exit if it succeeds. - run= - shift - "$@" && exit 0 - ;; -esac - -# If it does not exist, or fails to run (possibly an outdated version), -# try to emulate it. -case "$1" in - - -h|--h|--he|--hel|--help) - echo "\ -$0 [OPTION]... PROGRAM [ARGUMENT]... - -Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an -error status if there is no known handling for PROGRAM. - -Options: - -h, --help display this help and exit - -v, --version output version information and exit - --run try to run the given command, and emulate it if it fails - -Supported PROGRAM values: - aclocal touch file \`aclocal.m4' - autoconf touch file \`configure' - autoheader touch file \`config.h.in' - automake touch all \`Makefile.in' files - bison create \`y.tab.[ch]', if possible, from existing .[ch] - flex create \`lex.yy.c', if possible, from existing .c - help2man touch the output file - lex create \`lex.yy.c', if possible, from existing .c - makeinfo touch the output file - tar try tar, gnutar, gtar, then tar without non-portable flags - yacc create \`y.tab.[ch]', if possible, from existing .[ch]" - ;; - - -v|--v|--ve|--ver|--vers|--versi|--versio|--version) - echo "missing 0.4 - GNU automake" - ;; - - -*) - echo 1>&2 "$0: Unknown \`$1' option" - echo 1>&2 "Try \`$0 --help' for more information" - exit 1 - ;; - - aclocal*) - if test -z "$run" && ($1 --version) > /dev/null 2>&1; then - # We have it, but it failed. - exit 1 - fi - - echo 1>&2 "\ -WARNING: \`$1' is missing on your system. You should only need it if - you modified \`acinclude.m4' or \`${configure_ac}'. You might want - to install the \`Automake' and \`Perl' packages. Grab them from - any GNU archive site." - touch aclocal.m4 - ;; - - autoconf) - if test -z "$run" && ($1 --version) > /dev/null 2>&1; then - # We have it, but it failed. - exit 1 - fi - - echo 1>&2 "\ -WARNING: \`$1' is missing on your system. You should only need it if - you modified \`${configure_ac}'. You might want to install the - \`Autoconf' and \`GNU m4' packages. Grab them from any GNU - archive site." - touch configure - ;; - - autoheader) - if test -z "$run" && ($1 --version) > /dev/null 2>&1; then - # We have it, but it failed. - exit 1 - fi - - echo 1>&2 "\ -WARNING: \`$1' is missing on your system. You should only need it if - you modified \`acconfig.h' or \`${configure_ac}'. You might want - to install the \`Autoconf' and \`GNU m4' packages. Grab them - from any GNU archive site." - files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` - test -z "$files" && files="config.h" - touch_files= - for f in $files; do - case "$f" in - *:*) touch_files="$touch_files "`echo "$f" | - sed -e 's/^[^:]*://' -e 's/:.*//'`;; - *) touch_files="$touch_files $f.in";; - esac - done - touch $touch_files - ;; - - automake*) - if test -z "$run" && ($1 --version) > /dev/null 2>&1; then - # We have it, but it failed. - exit 1 - fi - - echo 1>&2 "\ -WARNING: \`$1' is missing on your system. You should only need it if - you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. - You might want to install the \`Automake' and \`Perl' packages. - Grab them from any GNU archive site." - find . -type f -name Makefile.am -print | - sed 's/\.am$/.in/' | - while read f; do touch "$f"; done - ;; - - autom4te) - if test -z "$run" && ($1 --version) > /dev/null 2>&1; then - # We have it, but it failed. - exit 1 - fi - - echo 1>&2 "\ -WARNING: \`$1' is needed, and you do not seem to have it handy on your - system. You might have modified some files without having the - proper tools for further handling them. - You can get \`$1Help2man' as part of \`Autoconf' from any GNU - archive site." - - file=`echo "$*" | sed -n 's/.*--output[ =]*\([^ ]*\).*/\1/p'` - test -z "$file" && file=`echo "$*" | sed -n 's/.*-o[ ]*\([^ ]*\).*/\1/p'` - if test -f "$file"; then - touch $file - else - test -z "$file" || exec >$file - echo "#! /bin/sh" - echo "# Created by GNU Automake missing as a replacement of" - echo "# $ $@" - echo "exit 0" - chmod +x $file - exit 1 - fi - ;; - - bison|yacc) - echo 1>&2 "\ -WARNING: \`$1' is missing on your system. You should only need it if - you modified a \`.y' file. You may need the \`Bison' package - in order for those modifications to take effect. You can get - \`Bison' from any GNU archive site." - rm -f y.tab.c y.tab.h - if [ $# -ne 1 ]; then - eval LASTARG="\${$#}" - case "$LASTARG" in - *.y) - SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` - if [ -f "$SRCFILE" ]; then - cp "$SRCFILE" y.tab.c - fi - SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` - if [ -f "$SRCFILE" ]; then - cp "$SRCFILE" y.tab.h - fi - ;; - esac - fi - if [ ! -f y.tab.h ]; then - echo >y.tab.h - fi - if [ ! -f y.tab.c ]; then - echo 'main() { return 0; }' >y.tab.c - fi - ;; - - lex|flex) - echo 1>&2 "\ -WARNING: \`$1' is missing on your system. You should only need it if - you modified a \`.l' file. You may need the \`Flex' package - in order for those modifications to take effect. You can get - \`Flex' from any GNU archive site." - rm -f lex.yy.c - if [ $# -ne 1 ]; then - eval LASTARG="\${$#}" - case "$LASTARG" in - *.l) - SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` - if [ -f "$SRCFILE" ]; then - cp "$SRCFILE" lex.yy.c - fi - ;; - esac - fi - if [ ! -f lex.yy.c ]; then - echo 'main() { return 0; }' >lex.yy.c - fi - ;; - - help2man) - if test -z "$run" && ($1 --version) > /dev/null 2>&1; then - # We have it, but it failed. - exit 1 - fi - - echo 1>&2 "\ -WARNING: \`$1' is missing on your system. You should only need it if - you modified a dependency of a manual page. You may need the - \`Help2man' package in order for those modifications to take - effect. You can get \`Help2man' from any GNU archive site." - - file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` - if test -z "$file"; then - file=`echo "$*" | sed -n 's/.*--output=\([^ ]*\).*/\1/p'` - fi - if [ -f "$file" ]; then - touch $file - else - test -z "$file" || exec >$file - echo ".ab help2man is required to generate this page" - exit 1 - fi - ;; - - makeinfo) - if test -z "$run" && (makeinfo --version) > /dev/null 2>&1; then - # We have makeinfo, but it failed. - exit 1 - fi - - echo 1>&2 "\ -WARNING: \`$1' is missing on your system. You should only need it if - you modified a \`.texi' or \`.texinfo' file, or any other file - indirectly affecting the aspect of the manual. The spurious - call might also be the consequence of using a buggy \`make' (AIX, - DU, IRIX). You might want to install the \`Texinfo' package or - the \`GNU make' package. Grab either from any GNU archive site." - file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` - if test -z "$file"; then - file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` - file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file` - fi - touch $file - ;; - - tar) - shift - if test -n "$run"; then - echo 1>&2 "ERROR: \`tar' requires --run" - exit 1 - fi - - # We have already tried tar in the generic part. - # Look for gnutar/gtar before invocation to avoid ugly error - # messages. - if (gnutar --version > /dev/null 2>&1); then - gnutar "$@" && exit 0 - fi - if (gtar --version > /dev/null 2>&1); then - gtar "$@" && exit 0 - fi - firstarg="$1" - if shift; then - case "$firstarg" in - *o*) - firstarg=`echo "$firstarg" | sed s/o//` - tar "$firstarg" "$@" && exit 0 - ;; - esac - case "$firstarg" in - *h*) - firstarg=`echo "$firstarg" | sed s/h//` - tar "$firstarg" "$@" && exit 0 - ;; - esac - fi - - echo 1>&2 "\ -WARNING: I can't seem to be able to run \`tar' with the given arguments. - You may want to install GNU tar or Free paxutils, or check the - command line arguments." - exit 1 - ;; - - *) - echo 1>&2 "\ -WARNING: \`$1' is needed, and you do not seem to have it handy on your - system. You might have modified some files without having the - proper tools for further handling them. Check the \`README' file, - it often tells you about the needed prerequirements for installing - this package. You may also peek at any GNU archive site, in case - some other package would contain this missing \`$1' program." - exit 1 - ;; -esac - -exit 0 +/usr/share/automake-1.16/missing \ No newline at end of file
--- a/src/Makefile.am Mon Dec 24 08:31:27 2018 -0800 +++ b/src/Makefile.am Wed Jul 15 13:38:43 2020 -0700 @@ -4,7 +4,7 @@ EXTRA_DIST = daemon.c # set the include path found by configure -INCLUDES= $(all_includes) +AM_CPPFLAGS = $(all_includes) # the library search path. syslog2iptables_LDFLAGS = $(PTHREAD_CFLAGS) $(PTHREAD_LIBS)
--- a/src/syslogconfig.cpp Mon Dec 24 08:31:27 2018 -0800 +++ b/src/syslogconfig.cpp Wed Jul 15 13:38:43 2020 -0700 @@ -30,7 +30,7 @@ const char *token_slash; const char *token_threshold; string_set all_strings;// owns all the strings, only modified by the config loader thread -recorder_map recorders; // all the recorders are named +recorder_map recorders; // all the recorders are named by their context const int maxlen = 1000; // used for snprintf buffers const int scale_max = 500000; @@ -65,6 +65,7 @@ void IPR::add(int ip, int amount, CONTEXT &con, const char *file_name, int pattern_index, const char *message) { if (con.looking(ip)) { if (amount > 0) { + int original_amount = amount; ip_buckets::iterator j = repeat_offenders.find(ip); int scale = (j == repeat_offenders.end()) ? 1 : (*j).second.count; amount *= scale; @@ -74,6 +75,7 @@ bucket b; b.count = amount; b.blocked = (con.get_threshold() <= b.count); + b.max_scale = 1; violations[ip] = b; if (b.blocked) { update(ip, true, scale, file_name, pattern_index, message); @@ -86,7 +88,25 @@ // good authentication (count<0) prevents blocking // not much point in blocking for more than a month b.count += amount; - if ((!b.blocked) && (con.get_threshold() <= b.count)) { + int threshold = con.get_threshold(); + if (b.blocked) { + int effective_scale = 1; + while (original_amount * effective_scale < b.count) { + effective_scale = effective_scale * 3 / 2; + } + if (effective_scale > b.max_scale) { + b.max_scale = effective_scale; + if (debug_syslog > 2) { + char buf[maxlen]; + in_addr ad; + ad.s_addr = htonl(ip); + if (message) snprintf(buf, maxlen, "upgrade dropping traffic from/to %s based on %s in %s, scale %d", inet_ntoa(ad), message, file_name, effective_scale); + else snprintf(buf, maxlen, "upgrade dropping traffic from/to %s based on pattern match %d in %s, scale %d", inet_ntoa(ad), pattern_index, file_name, effective_scale); + my_syslog(buf); + } + } + } + if ((!b.blocked) && (threshold <= b.count)) { b.blocked = true; update(ip, true, scale, file_name, pattern_index, message); changed(con, ip, true); @@ -113,6 +133,7 @@ bucket b; b.count = amount; b.blocked = false; + b.max_scale = 1; violations[ip] = b; } else { @@ -193,18 +214,21 @@ void IPR::update(int ip, bool added, int scale, const char *file_name, int pattern_index, const char *message) { - if (debug_syslog > 2) { char buf[maxlen]; in_addr ad; ad.s_addr = htonl(ip); if (added) { + if (debug_syslog > 2) { if (message) snprintf(buf, maxlen, "dropping traffic from/to %s based on %s in %s, scale %d", inet_ntoa(ad), message, file_name, scale); - else snprintf(buf, maxlen, "dropping traffic from/to %s based on pattern match %d in %s", inet_ntoa(ad), pattern_index, file_name); + else snprintf(buf, maxlen, "dropping traffic from/to %s based on pattern match %d in %s, scale %d", inet_ntoa(ad), pattern_index, file_name, scale); + my_syslog(buf); + } ip_buckets::iterator j = repeat_offenders.find(ip); if (j == repeat_offenders.end()) { bucket b; b.count = 2; b.blocked = true; // unused + b.max_scale = 1; // unused repeat_offenders[ip] = b; } else { @@ -212,10 +236,13 @@ if (b.count < scale_max) b.count = b.count * 3 / 2; } } - else snprintf(buf, maxlen, "allowing traffic from/to %s", inet_ntoa(ad)); + else { + if (debug_syslog > 2) { + snprintf(buf, maxlen, "allowing traffic from/to %s", inet_ntoa(ad)); my_syslog(buf); } } +} void IPR::changed(CONTEXT &con, int ip, bool added) {
--- a/src/syslogconfig.h Mon Dec 24 08:31:27 2018 -0800 +++ b/src/syslogconfig.h Wed Jul 15 13:38:43 2020 -0700 @@ -42,6 +42,7 @@ struct bucket { int count; bool blocked; // true iff ever count>threshold + int max_scale; // maximum effective scale }; typedef map<int, bucket, ltint> ip_buckets;
--- a/syslog2iptables.spec.in Mon Dec 24 08:31:27 2018 -0800 +++ b/syslog2iptables.spec.in Wed Jul 15 13:38:43 2020 -0700 @@ -111,6 +111,9 @@ %changelog +* Wed Jul 15 2020 Carl Byington <carl@five-ten-sg.com> - 1.18-1 +- add more logging when blocked addresses move to higher scale values + * Thu Feb 09 2017 Carl Byington <carl@five-ten-sg.com> - 1.17-1 - RHEL7 systemd and /var/run is on tmpfs
--- a/xml/Makefile.am Mon Dec 24 08:31:27 2018 -0800 +++ b/xml/Makefile.am Wed Jul 15 13:38:43 2020 -0700 @@ -5,6 +5,5 @@ rm -f ../html/*pdf xmlto -o ../man man syslog2iptables.xml xmlto -o ../html xhtml syslog2iptables.xml - xmlto -o ../html pdf syslog2iptables.xml docbook2texi -o ../info syslog2iptables.sgml rm -f syslog2iptables.xml syslog2iptables.sgml