# Used variables and default values..
my $configfile = "$General::swroot/guardian/guardian.conf";
my $ignorefile;
+my $loglevel;
my $logfile;
my $TimeLimit = "86400";
# Hash to store the given command line options.
my %options = ();
+# Hash to store all supported loglevels.
+my %loglevels = (
+ "off" => 0,
+ "info" => 1,
+ "debug" => 2
+);
+
# Hash to store IP addresses and their current state.
my %addresshash = ();
&load_conf;
# Update array for monitored_files after the config file has been loaded.
-my @monitored_files = ( "$syslogfile",
- "$alert_file",
- "$httpdlog_file" );
+my @monitored_files = (
+ "$syslogfile",
+ "$alert_file",
+ "$httpdlog_file"
+);
# Setup signal handler.
&sig_handler_setup;
if (! $hostipaddr) {
die "Invalid $hostipaddr. Cannot go further!\n";
}
-&debugger("My host IP-address is: $hostipaddr\n");
+&logger("debug", "My host IP-address is: $hostipaddr\n");
# Get gateway address.
my $gatewayaddr = &get_address("$gatewayaddress_file");
-&debugger("My gatewayaddess is: $gatewayaddr\n");
+&logger("debug", "My gatewayaddess is: $gatewayaddr\n");
# Generate hash for ignored hosts or networks.
&build_ignore_hash;
# Check if we are running in debug mode or we can deamonize.
if (defined($options{"d"})) {
- &debugger("Running in debug mode...\n");
+ &logger("debug", "Running in debug mode...\n");
} else {
&daemonize;
}
# Watch if the source address is part of our ignore list.
if ($ignorehash{$source} == 1) {
- &logger("Ignoring attack because $source is in my ignore list!\n");
+ &logger("info", "Ignoring attack because $source is in my ignore list!\n");
return 1;
}
# Check if $source addres is part of an ignored network.
if (($src >= $first) && ($src <= $last)) {
# Write out log messages.
- &logger("Ignoring attack because $source is part of an ignored network\n");
+ &logger("info", "Ignoring attack because $source is part of an ignored network\n");
return 1;
}
}
# Check if the "source" reached our blocking count (4).
if ( $addresshash{$source} == 4 ) {
# Write out log message.
- &logger("Blocking $source: $message\n");
+ &logger("info", "Blocking $source: $message\n");
# Block the source address.
&call_block($source);
# Set addresshash to "1".
$addresshash{$source} = 1;
- &debugger("Start counting for $source\n");
+ &logger("debug", "Start counting for $source\n");
return 0;
} else {
# Increase counting of existing addresses.
$addresshash{$source} = $addresshash{$source}+1;
- &debugger("Source $source count $addresshash{$source} - No action done yet.\n");
+ &logger("debug", "Source $source count $addresshash{$source} - No action done yet.\n");
}
}
}
# Write out log message.
- &debugger("Loaded $count entries from $ignorefile\n");
+ &logger("debug", "Loaded $count entries from $ignorefile\n");
# Return ignored_networks array.
return @ignored_networks;
} else {
# Handle empty or missing ignorefile.
- &debugger("No ignore file was loaded!\n");
+ &logger("debug", "No ignore file was loaded!\n");
}
}
# Skip comments.
next if (/^#/);
+ # Get loglevel.
+ if (/LogLevel\s+(.*)/) {
+ $loglevel = $1;
+ }
+
# Read-in path to logfile.
if (/LogFile\s+(.*)/) {
$logfile = $1;
#
# Check if an ignorefile has been defined.
if ($ignorefile eq "") {
- &debugger("Warning! IgnoreFile is undefined.. going with default ignore list (hostname and gateway)!\n");
+ &logger("debug", "Warning! IgnoreFile is undefined.. going with default ignore list (hostname and gateway)!\n");
+ }
+
+ # Check if a valid LogLevel has been given or use default one (info).
+ if(!$loglevels{$loglevel}) {
+ $loglevel = "info";
}
# Check if a path for the LogFile has been given.
if ($logfile eq "") {
print "Warning! LogFile is undefined.. Assuming debug mode, output to STDOUT\n";
+ $loglevel = "debug";
$options{"d"} = 1;
}
# Check if our logfile is writeable.
if (! -w $logfile) {
print "Warning! Logfile is not writeable! Engaging debug mode, output to STDOUT\n";
+ $loglevel = "debug";
$options{"d"} = 1;
}
}
#
-## Function to write messages to guardians logfile.
+## Function to handle logging.
+#
+## This function requires two arguments: The required loglevel and
+## the message itself. The required loglevel will be compared with the
+## current one to gather if the given message should be logged or ignored.
#
sub logger {
- my $message = $_[0];
- my $date = localtime();
+ my ($level, $message) = @_;
- # Open Logfile.
- open (LOG, ">>$logfile");
+ if(!$loglevels{$level}) {
+ &logger("debug", "The logger has been called with an invalid loglevel ($level)!\n");
+ return;
+ }
- # Append message.
- print LOG $date.": ".$message;
+ # Get value for the current used loglevel.
+ my $current_level = $loglevels{$loglevel};
- # Close the file afterwards.
- close (LOG);
+ # Get value for the required loglevel.
+ my $required_level = $loglevels{$level};
- # Also print send to STDOUT if we are running in debug mode.
- &debugger("$message");
-}
+ # Check if the message should be handled.
+ if ($current_level >= $required_level) {
+ # Check if we are running in debug mode or we should
+ # log to a logfile.
+ if (((defined($options{"d"}))) || ($logfile eq "")) {
+ # Print out to STDOUT.
+ print STDOUT $message;
+ } else {
+ # Get date.
+ my $date = localtime();
-#
-## Function to write debug content to STDOUT.
-#
-sub debugger {
- my $message = $_[0];
+ # Open Logfile.
+ open (LOG, ">>$logfile") or die "Could not open $logfile for writing. $!\n";
+
+ # Append message.
+ print LOG $date.": ".$message;
- # Only write to STDOUT if debug mode has been enabled.
- if (defined($options{"d"})) {
- # Print out to STDOUT.
- print STDOUT $message;
+ # Close the file afterwards.
+ close (LOG);
+ }
}
}
exit(0);
} else {
# child
- &debugger("Guardian process id $$\n");
+ &logger("debug", "Guardian process id $$\n");
$home = (getpwuid($>))[7] || die "No home directory!\n";
chdir($home); # go to my homedir
setpgrp(0,0); # become process leader
# Check if the time for the address has expired.
if ($blockhash{$address} < $time) {
# Call unblock.
- &debugger("Block time for $address has expired\n");
+ &logger("info", "Block time for $address has expired\n");
&call_unblock($address);
# Drop address from blockhash.
#
## Subroutine to handle shutdown of the programm.
sub clean_up_and_exit {
- &debugger("received kill sig.. shutting down\n");
+ &logger("debug", "received kill sig.. shutting down\n");
# Unblock all currently blocked addresses.
foreach my $address (keys %blockhash) {
# Unblock the address.
- &debugger("Removing $address for shutdown\n");
+ &logger("debug", "Removing $address for shutdown\n");
&call_unblock ($address);
}
exit;
# Get name of the red interface.
my $interface = &General::get_red_interface;
- &debugger("Scanning for aliases on $interface and add them to the ignore hash...\n");
+ &logger("debug", "Scanning for aliases on $interface and add them to the ignore hash...\n");
# Use shell ip command to get additional addresses.
open (IFCONFIG, "/sbin/ip addr show $interface |");
# Check if the address is valid.
if (&Network::check_ip_address($ip)) {
- &debugger("Got $ip on $interface ...\n");
+ &logger("debug", "Got $ip on $interface ...\n");
$ignorehash{"ip"}=1;
}
}
projects / people / stevee / ipfire-2.x.git / commitdiff
