From 7c9a6cf1631cd68970762cbb61056618f6de4c2e Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 6 Feb 2024 18:11:48 +0000 Subject: [PATCH] firewall: graphs: Add a line for the total number of hostile hits Signed-off-by: Michael Tremer --- config/cfgroot/graphs.pl | 13 +++++++++++++ doc/language_issues.de | 1 + doc/language_issues.en | 1 + doc/language_issues.es | 1 + doc/language_issues.fr | 1 + doc/language_issues.it | 1 + doc/language_issues.nl | 1 + doc/language_issues.pl | 1 + doc/language_issues.ru | 1 + doc/language_issues.tr | 1 + doc/language_missings | 8 ++++++++ langs/en/cgi-bin/en.pl | 1 + 12 files changed, 31 insertions(+) diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl index f527447b53..a23e49c980 100644 --- a/config/cfgroot/graphs.pl +++ b/config/cfgroot/graphs.pl @@ -695,6 +695,14 @@ sub updatefwhitsgraph { "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE", "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + "DEF:hostilelegacy=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + + # This creates a new combined hostile segment. + # Previously we did not split into incoming/outgoing, but we cannot go back in time. This CDEF will take the values + # from the old RRD database unless those are UNKNOWN (i.e. we started collected IN/OUT). If the values are unknown, + # we replace them with them sum of IN + OUT. + "CDEF:hostile=hostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF", + "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}), "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}), "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), @@ -740,6 +748,11 @@ sub updatefwhitsgraph { "GPRINT:hostileout:AVERAGE:%8.1lf %sBps", "GPRINT:hostileout:MIN:%8.1lf %sBps", "GPRINT:hostileout:LAST:%8.1lf %sBps\\j", + "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}), + "GPRINT:hostile:MAX:%8.1lf %sBps", + "GPRINT:hostile:AVERAGE:%8.1lf %sBps", + "GPRINT:hostile:MIN:%8.1lf %sBps", + "GPRINT:hostile:LAST:%8.1lf %sBps\\j", ); $ERROR = RRDs::error; return "Error in RRD::graph for firewallhits: ".$ERROR."\n" if $ERROR; diff --git a/doc/language_issues.de b/doc/language_issues.de index 29bf5b8d79..51186be083 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -926,6 +926,7 @@ WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hostile networks in = Hostile networks in WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: hostile networks total = Hostile networks total WARNING: untranslated string: ids subscription code required = The selected ruleset requires a subscription code WARNING: untranslated string: invalid input for subscription code = Invalid input for subscription code WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es) diff --git a/doc/language_issues.en b/doc/language_issues.en index 4f37e43f77..7f35bbc36a 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1041,6 +1041,7 @@ WARNING: untranslated string: host ip = Host IP address WARNING: untranslated string: host to net vpn = Host-to-Net Virtual Private Network (RoadWarrior) WARNING: untranslated string: hostile networks in = Hostile networks in WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: hostile networks total = Hostile networks total WARNING: untranslated string: hostname = Hostname WARNING: untranslated string: hostname cant be empty = Hostname cannot be empty. WARNING: untranslated string: hostname not set = Hostname not set. diff --git a/doc/language_issues.es b/doc/language_issues.es index 22b6efbc36..cad67f5d37 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -992,6 +992,7 @@ WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: hostile networks in = Hostile networks in WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: hostile networks total = Hostile networks total WARNING: untranslated string: info messages = unknown string WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 68514699dc..c72cf45ae5 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -950,6 +950,7 @@ WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hostile networks in = Hostile networks in WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: hostile networks total = Hostile networks total WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks WARNING: untranslated string: pakfire ago = ago. diff --git a/doc/language_issues.it b/doc/language_issues.it index fed7f41950..d3341e285a 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -1070,6 +1070,7 @@ WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: hostile networks in = Hostile networks in WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: hostile networks total = Hostile networks total WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 9f9fce6899..065cacc496 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -1075,6 +1075,7 @@ WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: hostile networks in = Hostile networks in WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: hostile networks total = Hostile networks total WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 48c0974e8b..7c2425d57b 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1215,6 +1215,7 @@ WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: hostile networks in = Hostile networks in WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: hostile networks total = Hostile networks total WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply diff --git a/doc/language_issues.ru b/doc/language_issues.ru index a1112396cd..20d7afdffa 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1212,6 +1212,7 @@ WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: hostile networks in = Hostile networks in WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: hostile networks total = Hostile networks total WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 649ebf6b4e..d9a1891cb2 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -1012,6 +1012,7 @@ WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilities WARNING: untranslated string: hostile networks in = Hostile networks in WARNING: untranslated string: hostile networks out = Hostile networks out +WARNING: untranslated string: hostile networks total = Hostile networks total WARNING: untranslated string: ids add provider = Add provider WARNING: untranslated string: ids adjust ruleset = Adjust rules and add user defined customizations... WARNING: untranslated string: ids apply = Apply diff --git a/doc/language_missings b/doc/language_missings index 8a92fde97f..eb58bd3859 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -60,6 +60,7 @@ < g.lite < hostile networks in < hostile networks out +< hostile networks total < ids automatic rules update < ids subscription code required < insert removable device @@ -120,6 +121,7 @@ < hardware vulnerabilities < hostile networks in < hostile networks out +< hostile networks total < invalid ip or hostname < log drop hostile in < log drop hostile out @@ -148,6 +150,7 @@ < g.lite < hostile networks in < hostile networks out +< hostile networks total < log drop hostile in < log drop hostile out < reiserfs warning1 @@ -375,6 +378,7 @@ < hardware vulnerabilities < hostile networks in < hostile networks out +< hostile networks total < ids add provider < ids adjust ruleset < ids apply @@ -897,6 +901,7 @@ < hardware vulnerabilities < hostile networks in < hostile networks out +< hostile networks total < ids add provider < ids adjust ruleset < ids apply @@ -1724,6 +1729,7 @@ < hardware vulnerabilities < hostile networks in < hostile networks out +< hostile networks total < ids add provider < ids adjust ruleset < ids apply @@ -2718,6 +2724,7 @@ < hardware vulnerabilities < hostile networks in < hostile networks out +< hostile networks total < hour-graph < ids add provider < ids adjust ruleset @@ -3306,6 +3313,7 @@ < hardware vulnerabilities < hostile networks in < hostile networks out +< hostile networks total < ids add provider < ids adjust ruleset < ids apply diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 935217f0b4..303fc3d5ba 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1411,6 +1411,7 @@ 'host to net vpn' => 'Host-to-Net Virtual Private Network (RoadWarrior)', 'hostile networks in' => 'Hostile networks in', 'hostile networks out' => 'Hostile networks out', +'hostile networks total' => 'Hostile networks total', 'hostname' => 'Hostname', 'hostname and domain already in use' => 'Hostname and domain already in use.', 'hostname cant be empty' => 'Hostname cannot be empty.', -- 2.39.2