]> git.ipfire.org Git - people/stevee/guardian.git/blob - guardianctrl.in
projects / people / stevee / guardian.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Introduce guardianctrl.
[people/stevee/guardian.git] / guardianctrl.in
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2015-2016 IPFire Development Team #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23 use Switch;
24
25 require Guardian::Base;
26 require Guardian::Daemon;
27 require Guardian::Socket;
28
29 use warnings;
30
31 # Define version.
32 my $version ="@PACKAGE_VERSION@";
33
34 # Assign given command line arguments some pretty variable names.
35 my ($command, $opt_argument) = @ARGV;
36
37 # Process given command from command line.
38 switch($command) {
39 case "status" { &HandleStatus(); }
40
41 case "block" { &HandleBlockUnblockCommand($command, $opt_argument); }
42 case "unblock" { &HandleBlockUnblockCommand($command, $opt_argument); }
43
44 case "flush" { &SendCommand("flush"); }
45 case "reload" { &SendCommand("reload"); }
46 case "reload-ignore-list" { &SendCommand("reload-ignore-list"); }
47 case "logrotate" { &SendCommand("logrotate"); }
48
49 # Print usage / help text.
50 else {
51 print "Guardian $version \n";
52 print "Usage: guardianctrl <command> <optional arguments>\n";
53 print " block <address>\tBlock the given IP-address.\n";
54 print " unblock <address>\tUnblock the given IP-address.\n\n";
55
56 print " flush\t\t\tUnblock/Flush all blocked IP-addresses.\n";
57 print " status\t\t\tDisplay weather guardian is running and some details.\n\n";
58
59 print " reload\t\t\tReload the configuration.\n";
60 print " reload-ignore-list\tForce guardian to reload/regenerate it's ignore list.\n";
61 print " logrotate\t\tTell guardian that the monitored files have been rotated by logrotate.\n";
62 }
63 }
64
65 #
66 ## The SendCommand function.
67 #
68 ## This function is responsible for sending commands to guardian by using the provided
69 ## client function from guardian's socket module. It also does a check if guardian has
70 ## been launched, before trying to sent the desired command.
71 #
72 sub SendCommand ($) {
73 my ($command) = @_;
74
75 # Abort if no guardian instance is running.
76 unless (&Guardian::Daemon::IsRunning()) {
77 print STDERR "No running guardian instance found. Aborting!\n";
78 return;
79 }
80
81 # Use the Socket client to transmitt the requested command to the daemon.
82 &Guardian::Socket::Client($command);
83 }
84
85 #
86 ## HandleBlockUnblockCommand function.
87 #
88 ## This function mostly does the input validation for blocking and unblocking addresses
89 ## before using the SendCommand() function to submit the desired command to the running
90 ## guardian process.
91 #
92 sub HandleBlockUnblockCommand ($$) {;
93 my ($command, $address) = @_;
94
95 # Check if an address has been given.
96 unless ($address) {
97 print STDERR "No address has been given.\n";
98 return;
99 }
100
101 # Check if the provided address is valid.
102 # The called function will return 4 or 6 for the used IP-protocol
103 # version if the address is valid.
104 unless (&Guardian::Base::DetectIPProtocolVersion($address)) {
105 print STDERR "$address is not a valid IPv4 nor IPv6 address.\n";
106 return;
107 }
108
109 # Check if the given address is localhost.
110 if (($address eq "127.0.0.1") || ($address eq "::1")) {
111 print STDERR "$address is localhost and must not be blocked.\n";
112 return;
113 }
114
115 # Check if block/unblock has been called.
116 if (($command eq "block") || ($command eq "unblock")) {
117 # Call subfunction to send the command through the socket.
118 &SendCommand("$command $address");
119 }
120 }
121
122 #
123 ## HandleStatus function.
124 #
125 ## This function just checks if guardian is running and will print some additional details.
126 #
127 sub HandleStatus () {
128 # Check if guardian is running.
129 unless (&Guardian::Daemon::IsRunning()) {
130 print STDERR "Guardian is not running yet.\n";
131 return;
132 }
133
134 # Grab process-id.
135 my $pid = &Guardian::Daemon::GetPid();
136
137 # Print out grabbed details.
138 print "Guardian is running with process-id ($pid).\n";
139 }
A perl written Intrusion Prevention System.