]>
Commit | Line | Data |
---|---|---|
ec187877 SS |
1 | #!/usr/bin/perl |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | use strict; | |
23 | use POSIX; | |
24 | ||
25 | # Load perl module to talk to the kernel syslog. | |
26 | use Sys::Syslog qw(:DEFAULT setlogsock); | |
27 | ||
28 | require '/var/ipfire/general-functions.pl'; | |
29 | require "${General::swroot}/ipblocklist-functions.pl"; | |
30 | require "${General::swroot}/lang.pl"; | |
31 | ||
32 | # Hash to store the settings. | |
33 | my %settings = (); | |
34 | ||
35 | # The user and group name as which this script should be run. | |
36 | my $run_as = 'nobody'; | |
37 | ||
38 | # Get user and group id of the user. | |
39 | my ( $uid, $gid ) = ( getpwnam $run_as )[ 2, 3 ]; | |
40 | ||
41 | # Check if the script currently runs as root. | |
42 | if ( $> == 0 ) { | |
43 | # Drop privileges and switch to the specified user and group. | |
44 | POSIX::setgid( $gid ); | |
45 | POSIX::setuid( $uid ); | |
46 | } | |
47 | ||
48 | # Establish the connection to the syslog service. | |
49 | openlog('ipblocklist', 'cons,pid', 'user'); | |
50 | ||
51 | # Grab the configured providers. | |
52 | &General::readhash("${General::swroot}/ipblocklist/settings", \%settings); | |
53 | ||
54 | # Check if the blocklist feature is enabled. | |
55 | unless ($settings{'ENABLE'} eq "on") { | |
56 | # Exit. | |
57 | exit 0; | |
58 | } | |
59 | ||
60 | # Check if the red device is active. | |
61 | unless (-e "${General::swroot}/red/active") { | |
62 | # Log to syslog. | |
63 | &_log_to_syslog("<ERROR> Could not update any blocklist - The system is offline!"); | |
64 | ||
65 | # Exit. | |
66 | exit 1; | |
67 | } | |
68 | ||
69 | # Get all available blocklists. | |
70 | my @blocklists = &IPblocklist::get_blocklists(); | |
71 | ||
72 | # Gather the details, when a list got modified last time. | |
73 | my %modified = (); | |
74 | ||
75 | # Read-in data if the file exists. | |
76 | &General::readhash($IPblocklist::modified_file, \%modified ) if (-e $IPblocklist::modified_file); | |
77 | ||
78 | # Loop through the array of blocklists. | |
79 | foreach my $blocklist (@blocklists) { | |
80 | # Skip if the blocklist is not enabled. | |
81 | next if($settings{$blocklist} ne "on"); | |
82 | ||
83 | # Get current time. | |
84 | my $time = time(); | |
85 | ||
86 | # Get time, when the blocklist has been downloaded last. | |
87 | my $last_download_time = $modified{$blocklist}; | |
88 | ||
89 | # Get the holdoff rate in seconds for the current processed blocklist. | |
90 | my $rate_time = &IPblocklist::get_holdoff_rate($blocklist); | |
91 | ||
92 | # Calculate holdoff time. | |
93 | my $holdoff_time = $last_download_time + $rate_time; | |
94 | ||
95 | # Check if enough time has passed since the last download of the list. | |
96 | if ($time <= $holdoff_time) { | |
97 | # To frequent updates, log to syslog. | |
98 | &_log_to_syslog("<INFO> Skipping $blocklist blocklist - Too frequent update attempts!"); | |
99 | ||
100 | # Skip this provider. | |
101 | next; | |
102 | } | |
103 | ||
104 | # Try to download and update the blocklist. | |
105 | my $return = &IPblocklist::download_and_create_blocklist($blocklist); | |
106 | ||
107 | # Check if we got a return code. | |
108 | if ($return) { | |
109 | # Handle different return codes. | |
110 | if ($return eq "not_modified") { | |
111 | # Log notice to syslog. | |
112 | &_log_to_syslog("<INFO> Skipping $blocklist blocklist - It has not been modified!"); | |
113 | } elsif ($return eq "dl_error") { | |
114 | # Log error to the syslog. | |
115 | &_log_to_syslog("<ERROR> Could not update $blocklist blocklist - Download error\!"); | |
116 | } else { | |
117 | # Log error to syslog. | |
118 | &_log_to_syslog("<ERROR> Could not update $blocklist blocklist - Unexpected error\!"); | |
119 | } | |
120 | } else { | |
121 | # Log successfull update. | |
122 | &_log_to_syslog("<INFO> Successfully updated $blocklist blocklist."); | |
123 | } | |
124 | } | |
125 | ||
126 | END { | |
127 | # Close connection to syslog. | |
128 | closelog(); | |
129 | } | |
130 | ||
131 | # | |
132 | # Tiny function to sent the error message to the syslog. | |
133 | # | |
134 | sub _log_to_syslog($) { | |
135 | my ($message) = @_; | |
136 | ||
137 | # The syslog function works best with an array based input, | |
138 | # so generate one before passing the message details to syslog. | |
139 | my @syslog = ("ERR", "$message"); | |
140 | ||
141 | # Send the log message. | |
142 | syslog(@syslog); | |
143 | } | |
144 | ||
145 | 1; |