]> git.ipfire.org Git - ipfire-2.x.git/blame - html/cgi-bin/guardian.cgi
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-suricata
[ipfire-2.x.git] / html / cgi-bin / guardian.cgi
CommitLineData
01dbccb1
SS		 1#!/usr/bin/perl
2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
b5f7d903 5# Copyright (C) 2016 IPFire Team <info@ipfire.org> #
01dbccb1
SS		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
21
22use strict;
b5f7d903 23use Locale::Codes::Country;
af6856af 24use Guardian::Socket;
01dbccb1
SS		 25
26# enable only the following on debugging purpose
eff1feb8
SS		 27#use warnings;
28#use CGI::Carp 'fatalsToBrowser';
01dbccb1
SS		 29
30require '/var/ipfire/general-functions.pl';
31require "${General::swroot}/lang.pl";
32require "${General::swroot}/header.pl";
33
34#workaround to suppress a warning when a variable is used only once
b1597f87
MF		 35my @dummy = (
36 ${Header::colourred},
37 ${Header::colourgreen}
38);
39
01dbccb1
SS		 40undef (@dummy);
41
42my $string=();
43my $memory=();
44my @memory=();
45my @pid=();
46my @guardian=();
01dbccb1
SS		 47
48# Path to the guardian.ignore file.
49my $ignorefile ='/var/ipfire/guardian/guardian.ignore';
50
52958991
SS		 51# Hash which contains the supported modules and the
52# file locations on IPFire systems.
53my %module_file_locations = (
54 "HTTPD" => "/var/log/httpd/error_log",
dadee76d 55 "SNORT" => "/var/log/snort/alert",
52958991
SS		 56 "SSH" => "/var/log/messages",
57);
58
01dbccb1
SS		 59our %netsettings = ();
60&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
61
62our %color = ();
63our %mainsettings = ();
64&General::readhash("${General::swroot}/main/settings", \%mainsettings);
65&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
66
7edbe063
SS		 67# File declarations.
68my $settingsfile = "${General::swroot}/guardian/settings";
69my $ignoredfile = "${General::swroot}/guardian/ignored";
70
71# Create empty settings and ignoredfile if they do not exist yet.
72unless (-e "$settingsfile") { system("touch $settingsfile"); }
73unless (-e "$ignoredfile") { system("touch $ignoredfile"); }
74
01dbccb1 75our %settings = ();
7edbe063 76our %ignored = ();
01dbccb1 77
28981fac
SS		 78$settings{'ACTION'} = '';
79
01dbccb1 80$settings{'GUARDIAN_ENABLED'} = 'off';
723648ac
SS		 81$settings{'GUARDIAN_MONITOR_SNORT'} = 'on';
82$settings{'GUARDIAN_MONITOR_SSH'} = 'on';
83$settings{'GUARDIAN_MONITOR_HTTPD'} = 'on';
84$settings{'GUARDIAN_MONITOR_OWNCLOUD'} = '';
52958991 85$settings{'GUARDIAN_LOG_FACILITY'} = 'syslog';
a35a0668
SS		 86$settings{'GUARDIAN_LOGLEVEL'} = 'info';
87$settings{'GUARDIAN_BLOCKCOUNT'} = '3';
01dbccb1 88$settings{'GUARDIAN_BLOCKTIME'} = '86400';
2d17c6e6 89$settings{'GUARDIAN_FIREWALL_ACTION'} = 'DROP';
01dbccb1 90$settings{'GUARDIAN_LOGFILE'} = '/var/log/guardian/guardian.log';
52958991 91$settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'} = '3';
01dbccb1 92
01dbccb1
SS		 93my $errormessage = '';
94
95&Header::showhttpheaders();
96
97# Get GUI values.
98&Header::getcgihash(\%settings);
01dbccb1 99
f8c3bfe0
SS		 100# Check if guardian is running and grab some stats.
101&daemonstats();
922ddf0e 102my $pid = $pid[0];
f8c3bfe0 103
01dbccb1
SS		 104## Perform input checks and save settings.
105#
106if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
01dbccb1 107 # Check for valid blocktime.
96655fa6 108 unless(($settings{'GUARDIAN_BLOCKTIME'} =~ /^\d+$/) && ($settings{'GUARDIAN_BLOCKTIME'} ne "0")) {
01dbccb1 109 $errormessage = "$Lang::tr{'guardian invalid blocktime'}";
a35a0668
SS		 110 }
111
d68ead3d 112 # Check if the blockcount is valid.
96655fa6 113 unless(($settings{'GUARDIAN_BLOCKCOUNT'} =~ /^\d+$/) && ($settings{'GUARDIAN_BLOCKCOUNT'} ne "0")) {
a35a0668 114 $errormessage = "$Lang::tr{'guardian invalid blockcount'}";
01dbccb1
SS		 115 }
116
117 # Check Logfile.
96655fa6 118 unless($settings{'GUARDIAN_LOGFILE'} =~ /^[a-zA-Z0-9\.\/]+$/) {
a35a0668 119 $errormessage = "$Lang::tr{'guardian invalid logfile'}";
01dbccb1
SS		 120 }
121
01dbccb1 122 # Only continue if no error message has been set.
96655fa6 123 if($errormessage eq '') {
01dbccb1
SS		 124 # Write configuration settings to file.
125 &General::writehash("${General::swroot}/guardian/settings", \%settings);
126
127 # Update configuration files.
128 &BuildConfiguration();
129 }
130
7edbe063 131## Add/edit an entry to the ignore file.
01dbccb1 132#
7edbe063 133} elsif (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang::tr{'update'})) {
01dbccb1
SS		 134
135 # Check if any input has been performed.
7edbe063 136 if ($settings{'IGNORE_ENTRY_ADDRESS'} ne '') {
01dbccb1
SS		 137
138 # Check if the given input is no valid IP-address or IP-address with subnet, display an error message.
7edbe063 139 if ((!&General::validip($settings{'IGNORE_ENTRY_ADDRESS'})) && (!&General::validipandmask($settings{'IGNORE_ENTRY_ADDRESS'}))) {
01dbccb1
SS		 140 $errormessage = "$Lang::tr{'guardian invalid address or subnet'}";
141 }
142 } else {
143 $errormessage = "$Lang::tr{'guardian empty input'}";
144 }
145
146 # Go further if there was no error.
147 if ($errormessage eq '') {
7edbe063
SS		 148 my %ignored = ();
149 my $id;
150 my $status;
151
152 # Assign hash values.
153 my $new_entry_address = $settings{'IGNORE_ENTRY_ADDRESS'};
154 my $new_entry_remark = $settings{'IGNORE_ENTRY_REMARK'};
155
156 # Read-in ignoredfile.
157 &General::readhasharray($ignoredfile, \%ignored);
158
159 # Check if we should edit an existing entry and got an ID.
160 if (($settings{'ACTION'} eq $Lang::tr{'update'}) && ($settings{'ID'})) {
161 # Assin the provided id.
162 $id = $settings{'ID'};
163
164 # Undef the given ID.
165 undef($settings{'ID'});
166
167 # Grab the configured status of the corresponding entry.
168 $status = $ignored{$id}[2];
169 } else {
170 # Each newly added entry automatically should be enabled.
171 $status = "enabled";
01dbccb1 172
7edbe063
SS		 173 # Generate the ID for the new entry.
174 #
d68ead3d 175 # Sort the keys by their ID and store them in an array.
7edbe063 176 my @keys = sort { $a <=> $b } keys %ignored;
01dbccb1 177
7edbe063
SS		 178 # Reverse the key array.
179 my @reversed = reverse(@keys);
180
181 # Obtain the last used id.
182 my $last_id = @reversed[0];
183
184 # Increase the last id by one and use it as id for the new entry.
185 $id = ++$last_id;
186 }
187
188 # Add/Modify the entry to/in the ignored hash.
189 $ignored{$id} = ["$new_entry_address", "$new_entry_remark", "$status"];
190
191 # Write the changed ignored hash to the ignored file.
192 &General::writehasharray($ignoredfile, \%ignored);
193
194 # Regenerate the ignore file.
97849142 195 &GenerateIgnoreFile();
01dbccb1
SS		 196 }
197
f8c3bfe0
SS		 198 # Check if guardian is running.
199 if ($pid > 0) {
af6856af 200 # Send reload command through socket connection.
1cc65323 201 &Guardian::Socket::Client("reload-ignore-list");
f8c3bfe0
SS		 202 }
203
7edbe063 204## Toggle Enabled/Disabled for an existing entry on the ignore list.
01dbccb1 205#
7edbe063
SS		 206
207} elsif ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
208 my %ignored = ();
209
210 # Only go further, if an ID has been passed.
211 if ($settings{'ID'}) {
212 # Assign the given ID.
213 my $id = $settings{'ID'};
214
215 # Undef the given ID.
216 undef($settings{'ID'});
217
218 # Read-in ignoredfile.
219 &General::readhasharray($ignoredfile, \%ignored);
220
221 # Grab the configured status of the corresponding entry.
222 my $status = $ignored{$id}[2];
223
224 # Switch the status.
225 if ($status eq "disabled") {
226 $status = "enabled";
227 } else {
228 $status = "disabled";
229 }
230
231 # Modify the status of the existing entry.
232 $ignored{$id} = ["$ignored{$id}[0]", "$ignored{$id}[1]", "$status"];
233
234 # Write the changed ignored hash to the ignored file.
235 &General::writehasharray($ignoredfile, \%ignored);
236
237 # Regenerate the ignore file.
97849142 238 &GenerateIgnoreFile();
7edbe063
SS		 239
240 # Check if guardian is running.
241 if ($pid > 0) {
242 # Send reload command through socket connection.
1cc65323 243 &Guardian::Socket::Client("reload-ignore-list");
01dbccb1
SS		 244 }
245 }
7edbe063
SS		 246
247## Remove entry from ignore list.
248#
249} elsif ($settings{'ACTION'} eq $Lang::tr{'remove'}) {
250 my %ignored = ();
251
252 # Read-in ignoredfile.
253 &General::readhasharray($ignoredfile, \%ignored);
254
255 # Drop entry from the hash.
256 delete($ignored{$settings{'ID'}});
257
258 # Undef the given ID.
259 undef($settings{'ID'});
260
261 # Write the changed ignored hash to the ignored file.
262 &General::writehasharray($ignoredfile, \%ignored);
263
264 # Regenerate the ignore file.
97849142 265 &GenerateIgnoreFile();
01dbccb1 266
f8c3bfe0
SS		 267 # Check if guardian is running.
268 if ($pid > 0) {
af6856af 269 # Send reload command through socket connection.
1cc65323 270 &Guardian::Socket::Client("reload-ignore-list");
f8c3bfe0
SS		 271 }
272
01dbccb1
SS		 273## Block a user given address or subnet.
274#
275} elsif ($settings{'ACTION'} eq $Lang::tr{'block'}) {
276
c973d6da
SS		 277 # Assign some temporary variables used for input validation.
278 my $input = $settings{'ADDRESS_BLOCK'};
279 my $green = $netsettings{'GREEN_ADDRESS'};
280 my $blue = $netsettings{'BLUE_ADDRESS'};
281 my $orange = $netsettings{'ORANGE_ADDRESS'};
282 my $red = $netsettings{'RED_ADDRESS'};
01dbccb1 283
c232e348
SS		 284 # File declarations.
285 my $gatewayfile = "${General::swroot}/red/remote-ipaddress";
286 my $dns1file = "${General::swroot}/red/dns1";
287 my $dns2file = "${General::swroot}/red/dns2";
288
c973d6da 289 # Get gateway address.
c232e348
SS		 290 my $gateway = &_get_address_from_file($gatewayfile);
291
292 # Get addresses from the used dns servers.
293 my $dns1 = &_get_address_from_file($dns1file);
294 my $dns2 = &_get_address_from_file($dns2file);
01dbccb1 295
c973d6da
SS		 296 # Check if any input has been performed.
297 if ($input eq '') {
298 $errormessage = "$Lang::tr{'guardian empty input'}";
299 }
300
301 # Check if the given input is localhost (127.0.0.1).
302 elsif ($input eq "127.0.0.1") {
303 $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}";
304 }
305
306 # Check if the given input is anywhere (0.0.0.0).
307 elsif ($input eq "0.0.0.0") {
308 $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}";
309 }
310
311 # Check if the given input is one of the interface addresses or our gateway.
62fd0e6f 312 elsif ($input eq "$green" || $input eq "$blue" || $input eq "$orange" || $input eq "$red" || $input eq "$gateway" || $input eq "$dns1" || $input eq "$dns2") {
c973d6da
SS		 313 $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}";
314 }
315
316 # Check if the given input is a valid IP address.
317 elsif (!&General::validip($input)) {
318 $errormessage = "$Lang::tr{'guardian invalid address or subnet'}";
319 }
01dbccb1
SS		 320
321 # Go further if there was no error.
322 if ($errormessage eq '') {
323 my $block = $settings{'ADDRESS_BLOCK'};
324
af6856af
SS		 325 # Send command to block the specified address through socket connection.
326 &Guardian::Socket::Client("block $block");
01dbccb1
SS		 327 }
328
329## Unblock address or subnet.
330#
331} elsif ($settings{'ACTION'} eq $Lang::tr{'unblock'}) {
332
333 # Check if no empty input has been performed.
334 if ($settings{'ADDRESS_UNBLOCK'} ne '') {
335
336 # Check if the given input is no valid IP-address or IP-address with subnet, display an error message.
337 if ((!&General::validip($settings{'ADDRESS_UNBLOCK'})) && (!&General::validipandmask($settings{'ADDRESS_UNBLOCK'}))) {
338 $errormessage = "$Lang::tr{'guardian invalid address or subnet'}";
339 }
340
341 } else {
342 $errormessage = "$Lang::tr{'guardian empty input'}";
343 }
344
345 # Go further if there was no error.
346 if ($errormessage eq '') {
347 my $unblock = $settings{'ADDRESS_UNBLOCK'};
348
af6856af
SS		 349 # Send command to unblock the given address through socket connection.
350 &Guardian::Socket::Client("unblock $unblock");
01dbccb1
SS		 351 }
352
353## Unblock all.
354#
355} elsif ($settings{'ACTION'} eq $Lang::tr{'unblock all'}) {
356
af6856af
SS		 357 # Send flush command through socket connection.
358 &Guardian::Socket::Client("flush");
01dbccb1
SS		 359}
360
7edbe063 361# Load settings from files.
36dbcf2e 362&General::readhash("${General::swroot}/guardian/settings", \%settings);
7edbe063 363&General::readhasharray("${General::swroot}/guardian/ignored", \%ignored);
01dbccb1
SS		 364
365# Call functions to generate whole page.
366&showMainBox();
367&showIgnoreBox();
368
369# Display area only if guardian is running.
f8c3bfe0 370if ( ($memory != 0) && ($pid > 0) ) {
01dbccb1
SS		 371 &showBlockedBox();
372}
373
374# Function to display the status of guardian and allow base configuration.
375sub showMainBox() {
376 my %checked = ();
7899718f 377 my %selected = ();
01dbccb1
SS		 378
379 $checked{'GUARDIAN_ENABLED'}{'on'} = '';
380 $checked{'GUARDIAN_ENABLED'}{'off'} = '';
381 $checked{'GUARDIAN_ENABLED'}{$settings{'GUARDIAN_ENABLED'}} = 'checked';
723648ac
SS		 382 $checked{'GUARDIAN_MONITOR_SNORT'}{'off'} = '';
383 $checked{'GUARDIAN_MONITOR_SNORT'}{'on'} = '';
384 $checked{'GUARDIAN_MONITOR_SNORT'}{$settings{'GUARDIAN_MONITOR_SNORT'}} = "checked='checked'";
385 $checked{'GUARDIAN_MONITOR_SSH'}{'off'} = '';
386 $checked{'GUARDIAN_MONITOR_SSH'}{'on'} = '';
387 $checked{'GUARDIAN_MONITOR_SSH'}{$settings{'GUARDIAN_MONITOR_SSH'}} = "checked='checked'";
388 $checked{'GUARDIAN_MONITOR_HTTPD'}{'off'} = '';
389 $checked{'GUARDIAN_MONITOR_HTTPD'}{'on'} = '';
390 $checked{'GUARDIAN_MONITOR_HTTPD'}{$settings{'GUARDIAN_MONITOR_HTTPD'}} = "checked='checked'";
391 $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'off'} = '';
392 $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'on'} = '';
393 $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{$settings{'GUARDIAN_MONITOR_OWNCLOUD'}} = "checked='checked'";
01dbccb1 394
52958991 395 $selected{'GUARDIAN_LOG_FACILITY'}{$settings{'GUARDIAN_LOG_FACILITY'}} = 'selected';
4a7fc9f6 396 $selected{'GUARDIAN_LOGLEVEL'}{$settings{'GUARDIAN_LOGLEVEL'}} = 'selected';
52958991 397 $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{$settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'}} = 'selected';
2d17c6e6 398 $selected{'GUARDIAN_FIREWALL_ACTION'}{$settings{'GUARDIAN_FIREWALL_ACTION'}} = 'selected';
7899718f 399
01dbccb1
SS		 400 &Header::openpage($Lang::tr{'guardian configuration'}, 1, '');
401 &Header::openbigbox('100%', 'left', '', $errormessage);
402
403 # Print errormessage if there is one.
404 if ($errormessage) {
405 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
406 print "<font class='base'>$errormessage&nbsp;</font>\n";
407 &Header::closebox();
408 }
409
2daa1f5b
SS		 410 ### Java Script ###
411 print<<END;
412 <script>
f617f21c 413 var update_options = function() {
2daa1f5b
SS		 414
415 var logfacility = \$("#GUARDIAN_LOG_FACILITY").val();
f617f21c 416 var loglevel = \$("#GUARDIAN_LOGLEVEL").val();
2daa1f5b
SS		 417
418 if (logfacility === undefined)
419 return;
420
f617f21c
SS		 421 if (loglevel === undefined)
422 return;
423
424 // Show / Hide input for specifying the path to the logfile.
2daa1f5b
SS		 425 if (logfacility === "file") {
426 \$(".GUARDIAN_LOGFILE").show();
427 } else {
428 \$(".GUARDIAN_LOGFILE").hide();
429 }
f617f21c
SS		 430
431 // Show / Hide loglevel debug if the facility is set to syslog.
432 if (logfacility === "syslog") {
433 \$("#loglevel_debug").hide();
434 } else {
435 \$("#loglevel_debug").show();
436 }
437
438 // Show / Hide logfacility syslog if the loglevel is set to debug.
439 if (loglevel === "debug") {
440 \$("#logfacility_syslog").hide();
441 } else {
442 \$("#logfacility_syslog").show();
443 }
2daa1f5b
SS		 444 };
445
446 \$(document).ready(function() {
f617f21c
SS		 447 \$("#GUARDIAN_LOG_FACILITY").change(update_options);
448 \$("#GUARDIAN_LOGLEVEL").change(update_options);
449 update_options();
2daa1f5b
SS		 450
451 // Show / Hide snort priority level option, based if
452 // snort is enabled / disabled.
453 if (\$('input[name=GUARDIAN_MONITOR_SNORT]:checked').val() == 'on') {
454 \$('.GUARDIAN_SNORT_PRIORITY_LEVEL').show();
455 } else {
456 \$('.GUARDIAN_SNORT_PRIORITY_LEVEL').hide();
457 }
458
459 // Show/Hide snort priority level when GUARDIAN_MONITOR_SNORT get changed.
460 \$('input[name=GUARDIAN_MONITOR_SNORT]').change(function() {
461 \$('.GUARDIAN_SNORT_PRIORITY_LEVEL').toggle();
462 });
463 });
464 </script>
465END
466
467
01dbccb1
SS		 468
469 # Draw current guardian state.
470 &Header::openbox('100%', 'center', $Lang::tr{'guardian'});
471
f8c3bfe0 472 # Get current status of guardian.
01dbccb1 473 &daemonstats();
922ddf0e 474 $pid = $pid[0];
01dbccb1
SS		 475
476 # Display some useful information related to guardian, if daemon is running.
f8c3bfe0 477 if ( ($memory != 0) && ($pid > 0) ){
01dbccb1
SS		 478 print <<END;
479 <table width='95%' cellspacing='0' class='tbl'>
480 <tr>
481 <th bgcolor='$color{'color20'}' colspan='3' align='left'><strong>$Lang::tr{'guardian service'}</strong></th>
482 </tr>
483 <tr>
484 <td class='base'>$Lang::tr{'guardian daemon'}</td>
485 <td align='center' colspan='2' width='75%' bgcolor='${Header::colourgreen}'><font color='white'><strong>$Lang::tr{'running'}</strong></font></td>
486 </tr>
487 <tr>
488 <td class='base'></td>
489 <td bgcolor='$color{'color20'}' align='center'><strong>PID</strong></td>
490 <td bgcolor='$color{'color20'}' align='center'><strong>$Lang::tr{'memory'}</strong></td>
491 </tr>
492 <tr>
493 <td class='base'></td>
922ddf0e 494 <td bgcolor='$color{'color22'}' align='center'>$pid</td>
01dbccb1
SS		 495 <td bgcolor='$color{'color22'}' align='center'>$memory KB</td>
496 </tr>
497 </table>
498END
499 } else {
500 # Otherwise display a hint that the service is not launched.
501 print <<END;
502 <table width='95%' cellspacing='0' class='tbl'>
503 <tr>
504 <th bgcolor='$color{'color20'}' colspan='3' align='left'><strong>$Lang::tr{'guardian service'}</strong></th>
505 </tr>
506 <tr>
507 <td class='base'>$Lang::tr{'guardian daemon'}</td>
508 <td align='center' width='75%' bgcolor='${Header::colourred}'><font color='white'><strong>$Lang::tr{'stopped'}</strong></font></td>
509 </tr>
510 </table>
511END
512 }
513
514 &Header::closebox();
515
516 # Draw elements for guardian configuration.
517 &Header::openbox('100%', 'center', $Lang::tr{'guardian configuration'});
518
519 print <<END;
520 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
521
522 <table width='95%'>
523 <tr>
d2fea55e 524 <td colspan='2' class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'guardian common settings'}</b></td>
01dbccb1 525 </tr>
c5f633c9 526
01dbccb1 527 <tr>
c5f633c9 528 <td width='25%' class='base'>$Lang::tr{'guardian enabled'}:</td>
d2fea55e 529 <td><input type='checkbox' name='GUARDIAN_ENABLED' $checked{'GUARDIAN_ENABLED'}{'on'} /></td>
01dbccb1 530 </tr>
c5f633c9 531
26fcd31e
SS		 532 <tr>
533 <td colspan='2'><br></td>
534 </tr>
c5f633c9 535
26fcd31e 536 <tr>
c5f633c9 537 <td width='25%' class='base'>$Lang::tr{'guardian watch snort alertfile'}</td>
723648ac
SS		 538 <td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_SNORT' value='on' $checked{'GUARDIAN_MONITOR_SNORT'}{'on'} /> /
539 <input type='radio' name='GUARDIAN_MONITOR_SNORT' value='off' $checked{'GUARDIAN_MONITOR_SNORT'}{'off'} /> off</td>
26fcd31e 540 </tr>
c5f633c9 541
26fcd31e 542 <tr>
c5f633c9 543 <td width='25%' class='base'>$Lang::tr{'guardian block ssh brute-force'}</td>
723648ac
SS		 544 <td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_SSH' value='on' $checked{'GUARDIAN_MONITOR_SSH'}{'on'} /> /
545 <input type='radio' name='GUARDIAN_MONITOR_SSH' value='off' $checked{'GUARDIAN_MONITOR_SSH'}{'off'} /> off</td>
26fcd31e 546 </tr>
c5f633c9 547
26fcd31e 548 <tr>
c5f633c9 549 <td width='25%' class='base'>$Lang::tr{'guardian block httpd brute-force'}</td>
723648ac
SS		 550 <td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_HTTPD' value='on' $checked{'GUARDIAN_MONITOR_HTTPD'}{'on'} /> /
551 <input type='radio' name='GUARDIAN_MONITOR_HTTPD' value='off' $checked{'GUARDIAN_MONITOR_HTTPD'}{'off'} /> off</td>
26fcd31e 552 </tr>
c5f633c9 553
52958991
SS		 554 <tr>
555 <td colspan='2'><br></td>
556 </tr>
c5f633c9 557
52958991
SS		 558 <tr>
559 <td align='left' width='20%'>$Lang::tr{'guardian logfacility'}:</td>
c5f633c9
MF		 560 <td width='25%'><select id='GUARDIAN_LOG_FACILITY' name='GUARDIAN_LOG_FACILITY'>
561 <option id='logfacility_syslog' value='syslog' $selected{'GUARDIAN_LOG_FACILITY'}{'syslog'}>$Lang::tr{'guardian logtarget_syslog'}</option>
562 <option id='logfacility_file' value='file' $selected{'GUARDIAN_LOG_FACILITY'}{'file'}>$Lang::tr{'guardian logtarget_file'}</option>
563 <option id='logfacility_console' value='console' $selected{'GUARDIAN_LOG_FACILITY'}{'console'}>$Lang::tr{'guardian logtarget_console'}</option>
564 </select></td>
565
566 <td align='left' width='20%'>$Lang::tr{'guardian loglevel'}:</td>
567 <td width='25%'><select id='GUARDIAN_LOGLEVEL' name='GUARDIAN_LOGLEVEL'>
568 <option id='loglevel_off' value='off' $selected{'GUARDIAN_LOGLEVEL'}{'off'}>$Lang::tr{'guardian loglevel_off'}</option>
569 <option id='loglevel_info' value='info' $selected{'GUARDIAN_LOGLEVEL'}{'info'}>$Lang::tr{'guardian loglevel_info'}</option>
570 <option id='loglevel_debug' value='debug' $selected{'GUARDIAN_LOGLEVEL'}{'debug'}>$Lang::tr{'guardian loglevel_debug'}</option>
52958991
SS		 571 </select></td>
572 </tr>
c5f633c9
MF		 573
574 <tr class="GUARDIAN_LOGFILE">
26fcd31e
SS		 575 <td colspan='2'><br></td>
576 </tr>
c5f633c9
MF		 577
578 <tr class="GUARDIAN_LOGFILE">
579 <td width='25%' class='base'>$Lang::tr{'guardian logfile'}:</td>
580 <td><input type='text' name='GUARDIAN_LOGFILE' value='$settings{'GUARDIAN_LOGFILE'}' size='30' /></td>
7899718f 581 </tr>
c5f633c9 582
2daa1f5b 583 <tr class="GUARDIAN_SNORT_PRIORITY_LEVEL">
a35a0668
SS		 584 <td colspan='2'><br></td>
585 </tr>
c5f633c9 586
2daa1f5b 587 <tr class="GUARDIAN_SNORT_PRIORITY_LEVEL">
4a7fc9f6 588 <td align='left' width='20%'>$Lang::tr{'guardian priority level'}:</td>
52958991 589 <td><select name='GUARDIAN_SNORT_PRIORITY_LEVEL'>
c5f633c9
MF		 590 <option value='1' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'1'}>$Lang::tr{'guardian priolevel_high'}</option>
591 <option value='2' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'2'}>$Lang::tr{'guardian priolevel_medium'}</option>
592 <option value='3' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'3'}>$Lang::tr{'guardian priolevel_low'}</option>
593 <option value='4' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'4'}>$Lang::tr{'guardian priolevel_very_low'}</option>
4a7fc9f6 594 </select></td>
c5f633c9
MF		 595
596 <td width='25%' class='base'>$Lang::tr{'guardian blockcount'}:</td>
597 <td><input type='text' name='GUARDIAN_BLOCKCOUNT' value='$settings{'GUARDIAN_BLOCKCOUNT'}' size='5' /></td>
4a7fc9f6 598 </tr>
c5f633c9 599
4a7fc9f6
SS		 600 <tr>
601 <td colspan='2'><br></td>
602 </tr>
c5f633c9 603
2d17c6e6 604 <tr>
c5f633c9 605 <td width='25%' class='base'>$Lang::tr{'guardian firewallaction'}:</td>
2d17c6e6
SS		 606 <td><select name='GUARDIAN_FIREWALL_ACTION'>
607 <option value='DROP' $selected{'GUARDIAN_FIREWALL_ACTION'}{'DROP'}>Drop</option>
608 <option value='REJECT' $selected{'GUARDIAN_FIREWALL_ACTION'}{'REJECT'}>Reject</option>
609 </select></td>
c5f633c9
MF		 610
611 <td width='25%' class='base'>$Lang::tr{'guardian blocktime'}:</td>
d2fea55e 612 <td><input type='text' name='GUARDIAN_BLOCKTIME' value='$settings{'GUARDIAN_BLOCKTIME'}' size='10' /></td>
01dbccb1 613 </tr>
c5f633c9 614
01dbccb1
SS		 615 </table>
616END
617
618 print <<END;
619 <hr>
620
621 <table width='95%'>
622 <tr>
623 <td>&nbsp;</td>
624 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
625 <td>&nbsp;</td>
626 </tr>
627 </table>
628 </form>
629END
630
631 &Header::closebox();
632}
633
634# Function to show elements of the guardian ignorefile and allow to add or remove single members of it.
635sub showIgnoreBox() {
636 &Header::openbox('100%', 'center', $Lang::tr{'guardian ignored hosts'});
637
638 print <<END;
7edbe063 639 <table width='80%'>
01dbccb1 640 <tr>
7edbe063
SS		 641 <td class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'ip address'}</b></td>
642 <td class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'remark'}</b></td>
643 <td class='base' colspan='3' bgcolor='$color{'color20'}'></td>
01dbccb1
SS		 644 </tr>
645END
d68ead3d 646 # Check if some hosts have been added to be ignored.
7edbe063 647 if (keys (%ignored)) {
01dbccb1
SS		 648 my $col = "";
649
d68ead3d 650 # Loop through all entries of the hash.
7edbe063
SS		 651 while( (my $key) = each %ignored) {
652 # Assign data array positions to some nice variable names.
653 my $address = $ignored{$key}[0];
654 my $remark = $ignored{$key}[1];
655 my $status = $ignored{$key}[2];
656
657 # Check if the key (id) number is even or not.
658 if ($settings{'ID'} eq $key) {
659 $col="bgcolor='${Header::colouryellow}'";
660 } elsif ($key % 2) {
01dbccb1
SS		 661 $col="bgcolor='$color{'color22'}'";
662 } else {
663 $col="bgcolor='$color{'color20'}'";
664 }
665
7edbe063
SS		 666 # Choose icon for the checkbox.
667 my $gif;
668 my $gdesc;
669
670 # Check if the status is enabled and select the correct image and description.
671 if ($status eq 'enabled' ) {
672 $gif = 'on.gif';
673 $gdesc = $Lang::tr{'click to disable'};
674 } else {
675 $gif = 'off.gif';
676 $gdesc = $Lang::tr{'click to enable'};
677 }
678
01dbccb1
SS		 679 print <<END;
680 <tr>
7edbe063
SS		 681 <td width='20%' class='base' $col>$address</td>
682 <td width='65%' class='base' $col>$remark</td>
683
684 <td align='center' $col>
685 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
686 <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
687 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc' />
688 <input type='hidden' name='ID' value='$key' />
689 </form>
690 </td>
691
692 <td align='center' $col>
693 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
694 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
695 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
696 <input type='hidden' name='ID' value='$key' />
697 </form>
698 </td>
699
700 <td align='center' $col>
701 <form method='post' name='$key' action='$ENV{'SCRIPT_NAME'}'>
01dbccb1 702 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}'>
7edbe063 703 <input type='hidden' name='ID' value='$key'>
01dbccb1
SS		 704 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}'>
705 </form>
706 </td>
707 </tr>
708END
709 }
01dbccb1 710 } else {
7edbe063 711 # Print notice that currently no hosts are ignored.
01dbccb1
SS		 712 print "<tr>\n";
713 print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n";
714 print "</tr>\n";
715 }
716
717 print "</table>\n";
718
7edbe063 719 # Section to add new elements or edit existing ones.
01dbccb1 720 print <<END;
1d5702a7 721 <br>
7edbe063
SS		 722 <hr>
723 <br>
724
1d5702a7 725 <div align='center'>
7edbe063
SS		 726 <table width='100%'>
727END
728
729 # Assign correct headline and button text.
730 my $buttontext;
731 my $entry_address;
732 my $entry_remark;
733
734 # Check if an ID (key) has been given, in this case an existing entry should be edited.
735 if ($settings{'ID'} ne '') {
736 $buttontext = $Lang::tr{'update'};
737 print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'update'}</b></td></tr>\n";
738
739 # Grab address and remark for the given key.
740 $entry_address = $ignored{$settings{'ID'}}[0];
741 $entry_remark = $ignored{$settings{'ID'}}[1];
742 } else {
743 $buttontext = $Lang::tr{'add'};
744 print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'dnsforward add a new entry'}</b></td></tr>\n";
745 }
746
747 print <<END;
01dbccb1 748 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
7edbe063 749 <input type='hidden' name='ID' value='$settings{'ID'}'>
01dbccb1 750 <tr>
7edbe063
SS		 751 <td width='30%'>$Lang::tr{'ip address'}: </td>
752 <td width='50%'><input type='text' name='IGNORE_ENTRY_ADDRESS' value='$entry_address' size='24' /></td>
753
754 <td width='30%'>$Lang::tr{'remark'}: </td>
755 <td wicth='50%'><input type='text' name=IGNORE_ENTRY_REMARK value='$entry_remark' size='24' /></td>
756 <td align='center' width='20%'><input type='submit' name='ACTION' value='$buttontext' /></td>
01dbccb1
SS		 757 </tr>
758 </form>
759 </table>
760 </div>
761END
1d5702a7
SS		 762
763 &Header::closebox();
01dbccb1
SS		 764}
765
d68ead3d 766# Function to list currently blocked addresses from guardian and unblock them or add custom entries to block.
01dbccb1
SS		 767sub showBlockedBox() {
768 &Header::openbox('100%', 'center', $Lang::tr{'guardian blocked hosts'});
769
01dbccb1
SS		 770 print <<END;
771 <table width='60%'>
772 <tr>
773 <td colspan='2' class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'guardian blocked hosts'}</b></td>
774 </tr>
775END
776
d68ead3d 777 # Launch function to get the currently blocked hosts.
5f462919
SS		 778 my @blocked_hosts = &GetBlockedHosts();
779
01dbccb1 780 my $id = 0;
01dbccb1 781 my $col = "";
01dbccb1 782
5f462919
SS		 783 # Loop through our blocked hosts array.
784 foreach my $blocked_host (@blocked_hosts) {
01dbccb1
SS		 785
786 # Increase id number for each element in the ignore file.
787 $id++;
788
789 # Check if the id number is even or not.
790 if ($id % 2) {
791 $col="bgcolor='$color{'color22'}'";
792 } else {
793 $col="bgcolor='$color{'color20'}'";
794 }
795
796 print <<END;
797 <tr>
8b8413e5 798 <td width='80%' class='base' $col><a href='/cgi-bin/ipinfo.cgi?ip=$blocked_host'>$blocked_host</a></td>
01dbccb1
SS		 799 <td width='20%' align='center' $col>
800 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
801 <input type='image' name='$Lang::tr{'unblock'}' src='/images/delete.gif' title='$Lang::tr{'unblock'}' alt='$Lang::tr{'unblock'}'>
802 <input type='hidden' name='ADDRESS_UNBLOCK' value='$blocked_host'>
803 <input type='hidden' name='ACTION' value='$Lang::tr{'unblock'}'>
804 </form>
805 </td>
806 </tr>
807END
808 }
809
d68ead3d 810 # If the loop only has been run once the id still is "0", which means there are no
01dbccb1
SS		 811 # additional entries (blocked hosts) in the iptables chain.
812 if ($id == 0) {
813
814 # Print notice that currently no hosts are blocked.
815 print "<tr>\n";
816 print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n";
817 print "</tr>\n";
818 }
819
820 print "</table>\n";
821
01dbccb1
SS		 822 # Section for a manual block of an IP-address.
823 print <<END;
1d5702a7
SS		 824 <br>
825 <div align='center'>
826 <table width='60%' border='0'>
01dbccb1
SS		 827 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
828 <tr>
829 <td width='30%'>$Lang::tr{'guardian block a host'}: </td>
830 <td width='40%'><input type='text' name='ADDRESS_BLOCK' value='' size='24' /></td>
831 <td align='center' width='15%'><input type='submit' name='ACTION' value='$Lang::tr{'block'}'></td>
832 <td align='center' width='15%'><input type='submit' name='ACTION' value='$Lang::tr{'unblock all'}'></td>
833 </tr>
834 </form>
835 </table>
836 </div>
837END
1d5702a7
SS		 838
839 &Header::closebox();
01dbccb1
SS		 840}
841
842&Header::closebigbox();
843&Header::closepage();
844
845# Function to check if guardian has been started.
846# Grab process id and consumed memory if the daemon is running.
847sub daemonstats() {
848 $memory = 0;
849 # for pid and memory
850 open(FILE, '/usr/local/bin/addonctrl guardian status | ');
851 @guardian = <FILE>;
852 close(FILE);
853 $string = join("", @guardian);
854 $string =~ s/[a-z_]//gi;
855 $string =~ s/\[[0-1]\;[0-9]+//gi;
856 $string =~ s/[\(\)\.]//gi;
857 $string =~ s/ //gi;
858 $string =~ s/\e//gi;
859 @pid = split(/\s/,$string);
860 if (open(FILE, "/proc/$pid[0]/statm")){
861 my $temp = <FILE>;
862 @memory = split(/ /,$temp);
863 close(FILE);
864 }
865 $memory+=$memory[0];
866}
867
5f462919 868sub GetBlockedHosts() {
5f462919
SS		 869 # Create new, empty array.
870 my @hosts;
871
d68ead3d 872 # Launch helper to get chains from iptables.
891ba055
SS		 873 system('/usr/local/bin/getipstat');
874
875 # Open temporary file which contains the chains and rules.
d68ead3d 876 open (FILE, '/var/tmp/iptables.txt');
891ba055
SS		 877
878 # Loop through the entire file.
879 while (<FILE>) {
880 my $line = $_;
881
882 # Search for the guardian chain and extract
883 # the lines between it and the next empty line
884 # which is placed before the next firewall
885 # chain starts.
886 if ($line =~ /^Chain GUARDIAN/ .. /^\s*$/) {
887 # Skip descriptive lines.
888 next if ($line =~ /^Chain/);
889 next if ($line =~ /^ pkts/);
890
d68ead3d 891 # Generate array, based on the line content (separator is a single or multiple space)
891ba055
SS		 892 my @comps = split(/\s{1,}/, $line);
893 my ($lead, $pkts, $bytes, $target, $prot, $opt, $in, $out, $source, $destination) = @comps;
894
895 # Assign different variable names.
896 my $blocked_host = $source;
897
898 # Add host to our hosts array.
899 if ($blocked_host) {
900 push(@hosts, $blocked_host);
901 }
902 }
903 }
5f462919 904
891ba055
SS		 905 # Close filehandle.
906 close(FILE);
5f462919 907
891ba055 908 # Remove recently created temporary files of the "getipstat" binary.
d68ead3d
MF		 909 system("rm -f /var/tmp/iptables.txt");
910 system("rm -f /var/tmp/iptablesmangle.txt");
911 system("rm -f /var/tmp/iptablesnat.txt");
5f462919
SS		 912
913 # Convert entries, sort them, write back and store the sorted entries into new array.
914 my @sorted = map { $_->[0] }
915 sort { $a->[1] <=> $b->[1] }
916 map { [$_, int sprintf("%03.f%03.f%03.f%03.f", split(/\./, $_))] }
917 @hosts;
918
919 # Return our sorted list.
920 return @sorted
921}
922
01dbccb1
SS		 923sub BuildConfiguration() {
924 my %settings = ();
925 &General::readhash("${General::swroot}/guardian/settings", \%settings);
926
927 my $configfile = "${General::swroot}/guardian/guardian.conf";
928
d68ead3d 929 # Create the configfile if none exists yet.
c880c2cb
SS		 930 unless (-e "$configfile") { system("touch $configfile"); }
931
7f728591 932 # Open configfile for writing.
01dbccb1
SS		 933 open(FILE, ">$configfile");
934
52958991
SS		 935 # Config file header.
936 print FILE "# Autogenerated configuration file.\n";
937 print FILE "# All user modifications will be overwritten.\n\n";
28981fac 938
52958991
SS		 939 # Settings for the logging mechanism.
940 print FILE "# Log settings.\n";
941 print FILE "LogFacility = $settings{'GUARDIAN_LOG_FACILITY'}\n";
942
943 if ($settings{'GUARDIAN_LOG_FACILITY'} eq "file") {
944 print FILE "LogFile = $settings{'GUARDIAN_LOGFILE'}\n";
28981fac
SS		 945 }
946
52958991
SS		 947 print FILE "LogLevel = $settings{'GUARDIAN_LOGLEVEL'}\n\n";
948
949 # IPFire related static settings.
950 print FILE "# IPFire related settings.\n";
951 print FILE "FirewallEngine = IPtables\n";
952 print FILE "SocketOwner = nobody:nobody\n";
953 print FILE "IgnoreFile = $ignorefile\n\n";
954
955 # Configured block values.
2d17c6e6 956 print FILE "# Configured block settings.\n";
52958991 957 print FILE "BlockCount = $settings{'GUARDIAN_BLOCKCOUNT'}\n";
2d17c6e6
SS		 958 print FILE "BlockTime = $settings{'GUARDIAN_BLOCKTIME'}\n";
959 print FILE "FirewallAction = $settings{'GUARDIAN_FIREWALL_ACTION'}\n\n";
52958991
SS		 960
961 # Enabled modules.
962 # Loop through whole settings hash.
963 print FILE "# Enabled modules.\n";
964 foreach my $option (keys %settings) {
965 # Search for enabled modules.
966 if ($option =~ /GUARDIAN_MONITOR_(.*)/) {
967 # Skip if module is not enabled.
968 next unless($settings{$option} eq "on");
969
970 # Skip module if no file location is available.
971 next unless(exists($module_file_locations{$1}));
972
973 # Add enabled module and defined path to the config file.
974 print FILE "Monitor_$1 = $module_file_locations{$1}\n";
975 }
976 }
977
978 # Module settings.
979 print FILE "\n# Module settings.\n";
980 # Check if SNORT is enabled and add snort priority.
981 if ($settings{'GUARDIAN_MONITOR_SNORT'} eq "on") {
982 print FILE "SnortPriorityLevel = $settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'}\n";
983 }
01dbccb1
SS		 984
985 close(FILE);
986
efd9c5ff
SS		 987 # Generate ignore file.
988 &GenerateIgnoreFile();
989
f8c3bfe0
SS		 990 # Check if guardian should be started or stopped.
991 if($settings{'GUARDIAN_ENABLED'} eq 'on') {
992 if($pid > 0) {
af6856af
SS		 993 # Send reload command through socket connection.
994 &Guardian::Socket::Client("reload");
f8c3bfe0
SS		 995 } else {
996 # Launch guardian.
af6856af 997 system("/usr/local/bin/addonctrl guardian start &>/dev/null");
f8c3bfe0 998 }
01dbccb1 999 } else {
f8c3bfe0 1000 # Stop the daemon.
af6856af 1001 system("/usr/local/bin/addonctrl guardian stop &>/dev/null");
01dbccb1
SS		 1002 }
1003}
97849142
SS		 1004
1005sub GenerateIgnoreFile() {
1006 my %ignored = ();
1007
1008 # Read-in ignoredfile.
1009 &General::readhasharray($ignoredfile, \%ignored);
1010
c880c2cb
SS		 1011 # Create the guardian.ignore file if not exist yet.
1012 unless (-e "$ignorefile") { system("touch $ignorefile"); }
1013
97849142
SS		 1014 # Open ignorefile for writing.
1015 open(FILE, ">$ignorefile");
1016
1017 # Config file header.
1018 print FILE "# Autogenerated configuration file.\n";
1019 print FILE "# All user modifications will be overwritten.\n\n";
1020
1021 # Add IFPire interfaces and gateway to the ignore file.
1022 #
1023 # Assign some temporary variables for the IPFire interfaces.
1024 my $green = $netsettings{'GREEN_ADDRESS'};
1025 my $blue = $netsettings{'BLUE_ADDRESS'};
1026 my $orange = $netsettings{'ORANGE_ADDRESS'};
97849142
SS		 1027
1028 # File declarations.
1cc65323 1029 my $public_address_file = "${General::swroot}/red/local-ipaddress";
97849142
SS		 1030 my $gatewayfile = "${General::swroot}/red/remote-ipaddress";
1031 my $dns1file = "${General::swroot}/red/dns1";
1032 my $dns2file = "${General::swroot}/red/dns2";
1033
97849142
SS		 1034 # Write the obtained addresses to the ignore file.
1035 print FILE "# IPFire local interfaces.\n";
1036 print FILE "$green\n";
1037
1038 # Check if a blue interface exists.
1039 if ($blue) {
1040 # Add blue address.
1041 print FILE "$blue\n";
1042 }
1043
1044 # Check if an orange interface exists.
1045 if ($orange) {
1046 # Add orange address.
1047 print FILE "$orange\n";
1048 }
1049
1050 print FILE "\n# IPFire red interface, gateway and used DNS-servers.\n";
1cc65323
SS		 1051 print FILE "# Include the corresponding files to obtain the addresses.\n";
1052 print FILE "Include_File = $public_address_file\n";
1053 print FILE "Include_File = $gatewayfile\n";
1054 print FILE "Include_File = $dns1file\n";
1055 print FILE "Include_File = $dns2file\n";
97849142
SS		 1056
1057 # Add all user defined hosts and networks to the ignore file.
1058 #
1059 # Check if the hash contains any elements.
1060 if (keys (%ignored)) {
1061 # Write headline.
1cc65323 1062 print FILE "\n# User defined hosts/networks.\n";
97849142
SS		 1063
1064 # Loop through the entire hash and write the host/network
1065 # and remark to the ignore file.
1066 while ( (my $key) = each %ignored) {
1067 my $address = $ignored{$key}[0];
1068 my $remark = $ignored{$key}[1];
1069 my $status = $ignored{$key}[2];
1070
1071 # Check if the status of the entry is "enabled".
1072 if ($status eq "enabled") {
1073 # Check if the address/network is valid.
1074 if ((&General::validip($address)) || (&General::validipandmask($address))) {
1075 # Write the remark to the file.
1076 print FILE "# $remark\n";
1077
1078 # Write the address/network to the ignore file.
1079 print FILE "$address\n\n";
1080 }
1081 }
1082 }
1083 }
1084
1085 close(FILE);
1086}
1087
1088# Private subfunction to obtain IP-addresses from given file names.
1089#
1090sub _get_address_from_file ($) {
1091 my $file = shift;
1092
1093 # Check if the file exists.
1094 if (-e $file) {
1095 # Open the given file.
1096 open(FILE, "$file") or die "Could not open $file.";
1097
1098 # Obtain the address from the first line of the file.
1099 my $address = <FILE>;
1100
1101 # Close filehandle
1102 close(FILE);
1103
1104 # Remove newlines.
1105 chomp $address;
1106
1107 # Check if the grabbed address is valid.
1108 if (&General::validip($address)) {
1109 # Return the address.
1110 return $address;
1111 }
1112 }
1113
1114 # Return nothing.
1115 return;
1116}
IPFire 2.x development tree