Stefan Schantl [Mon, 27 Jun 2016 10:12:26 +0000 (12:12 +0200)]
Introduce guardianctrl.
guardianctrl is a small perl written CLI client to interact with
a running guardian daemon.
It supports grabbing the current status of guardian, blocking and unblocking
of addresses, sending commands for releasing all currently blocks, reloading
the configuration, regenerating the ignore list and to tell the running daemon
that the monitored files have been rotated by logrotate.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Tue, 14 Jun 2016 11:28:16 +0000 (13:28 +0200)]
Add ability to reload the ignore list.
From now the ignore list easily can be reloaded by sending a
"SIGUSR1" signal to the guardian main process or by using the
UNIX socket and sending a "reload-ignore-list".
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Tue, 14 Jun 2016 11:18:17 +0000 (13:18 +0200)]
Allow including additional ignore files.
This commit adds the ability to specify additinal files
in the include file which should be included. Any containing
IP-addresses of those files also will be added to the hash
of ignored IP-addresses.
To include a file, just add "Include_File = /file/to/be/included" to
the ignore file. There is no limitation for number of included files.
This feature can be used, to include system specific files which contains
IP-addresses which also should be added to the ignore list.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Mon, 29 Feb 2016 10:34:46 +0000 (11:34 +0100)]
Allow to process multiple events at once.
If a parser recives multiple lines at once, all of them
needs to be parsed and the result has to be returned to
the main process for enqueuing into the event queue.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Thu, 18 Feb 2016 12:13:31 +0000 (13:13 +0100)]
Introduce message parser for HTTPD related notifications.
This new messge parser is able to detect htaccess related
brute-force login attempts on a running HTTPD server and
to report the source IP-address (IPv4 and IPv6).
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 3 Feb 2016 07:41:24 +0000 (08:41 +0100)]
Drop obsolete IsValidAddressOrNetwork() function.
This function is not longer used, because during converting a given
address or network the input will be validated, so there is no need for
this function anymore.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 3 Feb 2016 07:34:12 +0000 (08:34 +0100)]
Add functionality for whitelisting single addresses or network ranges.
This commit adds the posibilty for generating a ignore list based on a
set of IP addresses or networks (IPv4/IPv6 are supported) which are provided
by an so called ignore file.
The path and the filename can be configured by using the "IgnoreFile = /path/to/somefile"
option inside the config file of guardian. Using this feature is completely optional and
only be activated if an ignore file has been specified.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Fri, 22 Jan 2016 12:26:55 +0000 (13:26 +0100)]
Allow to configure the used parser for a monitored file.
This commit adds support to assign the used parser for a
configured monitored file. The information which parser
should be used directly will be obtained from the
configuration option.
For example "Monitor_Snort = /path/to/snort/alert/file" will
monitor the specified file as before, but will try to use
the parser called "snort" (parsers internal completely are handled
in lower case format) to parser any messages which are written to
that file.
This will remove the static filename <-> parser structure, which will
allow a better implementation of parsers or customized parsers in the
future and a better portability to other systems.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Tue, 19 Jan 2016 12:57:26 +0000 (13:57 +0100)]
Enhance returned error messages from Event module.
Add details about the used FirewallEngine, when recieving any error
message from the responsible engine module. This information will be
quite usefull, in error case and help to debug the main problem.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Tue, 19 Jan 2016 11:51:05 +0000 (12:51 +0100)]
Use Events module to perform various actions.
Guardian now uses the Events module to perform various actions, based
on the recieved event by a parser or the socket.
Periodly guardian is calling the "RemoveBlocks" function from the
Events module to release the block of an IP address if the configured
BlockTime has been passed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Tue, 19 Jan 2016 11:32:32 +0000 (12:32 +0100)]
Introduce "Events" module
This module is responsible for reading the the events which will be enqued by
the various parsers and perform various actions, based on the type of the event.
The default action is to count all events for a given IP address and if the configured
"BlockCount" has been reached to call the configured "FirewallEngine" to perform a
block for this address.
The Events module also will be used, to perform any event which will be sent through the
Socket.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 9 Dec 2015 13:46:17 +0000 (14:46 +0100)]
Add support to daemonize guardian.
Guardian now will be launched in daemon mode as default. Using the
"--foreground (-f)" command line switch will prevent the process from
forking into the background.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 9 Dec 2015 13:43:36 +0000 (14:43 +0100)]
Add "Daemon" module.
This module contains various functions which can be used to Daemonize (forking guardian into background), writing PID (process-id) files and to determine if an instance of guardian is already running.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Sun, 6 Dec 2015 10:27:29 +0000 (11:27 +0100)]
Remove any whitespaces from configlines.
Previously only whitespaces from the begin and end
of a config line has been dropped which cause
troubles if a line contains them between the config
option and the value. (LogLevel = debug)
Now simply all whitespaces will be dropped which solved
those problems.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 25 Nov 2015 11:22:49 +0000 (12:22 +0100)]
Just send "KILL" signal to the worker threads.
Only send the "KILL" signal to the worker threads, do not detach
the process anymore. Otherwise guardian will fail after a second reload
because a detached thread cannot be detached a second time.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 25 Nov 2015 08:24:54 +0000 (09:24 +0100)]
Decelerate shutdown process for one second.
When shutting down guardian the function now will pause for
one second to give perl some more time to proper clean up
everything before finally exiting the process.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 25 Nov 2015 08:07:55 +0000 (09:07 +0100)]
Rework handling of monitored files.
From now a hash is used to store which files should be monitored
and to store their current cursor position. The entire hash is shared
between the main process and the worker threads.
A benefit of this is, to keep the current cursor position of each monitored file
during thread restarts and the hash is also designed to be re-generated in case of
a service reload without loosing any relevant data.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Mon, 23 Nov 2015 09:34:55 +0000 (10:34 +0100)]
Capture process signals.
guardian now captures sent process siganls and can perform
various actions based on the captured signal. Currently only
"INT", "TERM", and "QUIT" signals are handeled. Some other
may be added in the future.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Mon, 23 Nov 2015 08:57:25 +0000 (09:57 +0100)]
Add support for command line arguments and usage of "Config" module.
guardian now can be called with some additional command line arguments, like
"--config" to specify a different config file than the default one. The optoions
"--help" and "--vesion" will display some help texts and version informations on
the console. The "--foreground" option is not supported/implemented yet and will
be used to keep the process in the foreground and not fork into background at a later
time.
The "Config" module now also is used to get all settings from the config file and
store them into a hash called mainsettings for a later usage.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Fri, 20 Nov 2015 21:56:02 +0000 (22:56 +0100)]
Use socket module to provide an IPC mechanism.
Guardian now supports inter-process-communication based on
an UNIX socket, which is based on the guardians socket module.
All recieved messages via socket automatically will be accepted
and parsed. If they are valid, the corresponding events will be
enqueued into the main event queue of guardian.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Fri, 20 Nov 2015 21:37:29 +0000 (22:37 +0100)]
Add "Socket" module.
The Socket module provides an IPC mechanism for guardian, based
on a UNIX socket. It contains a server, a client and a message parser
function which easily can be re-used.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Fri, 20 Nov 2015 20:56:49 +0000 (21:56 +0100)]
Add "Config" module.
This module contains functions to read, validate and set various
configure options which are used in guardian.
The main functions called "UseConfig" allows to pass which config file
should be read and validates the input by calling a subfunction. The
validated settings will be returend as a hash.
The "CheckConfig" function directly can be called with a hash, which
contains the various config options and values and will return an
error message if there are any problems.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Fri, 20 Nov 2015 14:23:56 +0000 (15:23 +0100)]
Add "Logger" module.
This module is responsible for logging any messages which are generated by
guaridan or one of its submodules during runtime and displays them on the
console or send them to the syslog.
When using the logger module, it has to be initialized as an object, which calls the
"New" function and requires the following settings:
* LogLevel - which has to be "off, err, info or debug"
* LogFacility - which currently supports "console or syslog"
After that, logging can be done, by using the "Log" function on the object, by providing
the type of the message (LogLevel) and the message self.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>