]> git.ipfire.org Git - people/stevee/guardian.git/blob - modules/Config.pm
projects / people / stevee / guardian.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Set default FirewallEngine to "none".
[people/stevee/guardian.git] / modules / Config.pm
1 package Guardian::Config;
2 use strict;
3 use warnings;
4
5 use Exporter qw(import);
6
7 our @EXPORT_OK = qw(CheckConfig UseConfig);
8
9 # The default config file which is used, if no one has been specified.
10 my $configfile = "/etc/guardian/guardian.conf";
11
12 # The maximum amount of chars, which a line in the configfile is allowed to contain.
13 my $maxlength = "64";
14
15 # Hash with default settings. They may be overwritten by settings of the config file.
16 my %defaults = (
17 "LogLevel" => "info",
18 "LogFacility" => "syslog",
19 "BlockCount" => "3",
20 "BlockTime" => "86400",
21 "FirewallEngine" => "none",
22 );
23
24 #
25 ## UseConfig configuration function.
26 #
27 ## This function does the main work. It is responsible for calling the subfunction
28 ## to read the given config file (or use the default one if none has been specified),
29 ## and push the returned object to the validate subfunction. Finally the validated
30 ## settings will be merged with the default ones (existing defaults will be overwritten).
31 #
32 sub UseConfig ($) {
33 my $file = $_[0];
34
35 # If not file has been specified, use the default one.
36 unless ($file) {
37 $file = $configfile;
38 }
39
40 # Call subfunction to get the settings from config file.
41 # Store the options and values in a temporary hash.
42 my %temp = &ReadConfig($file);
43
44 # Validate config settings.
45 my $error = &CheckConfig(\%temp);
46
47 # As long, as no error message is returned, the config is valid.
48 unless ($error) {
49 # Merge hash with contains the default
50 # and temporary config hash. If both hashes contains
51 # the same keys, the keys+values of the first one (%defaults)
52 # will be overwritten.
53 my %config = (%defaults, %temp);
54
55 # Return the final configuration hash.
56 return %config;
57
58 # If an error message is returned, exit and print the error message.
59 } else {
60 die "Invalid configuration: $error";
61 }
62 }
63
64 #
65 ## ReadConfig (configfile) function.
66 #
67 ## This function is used to read a given configuration file and store the
68 ## values into a hash which will be returned.
69 #
70 sub ReadConfig ($) {
71 my $file = $_[0];
72
73 # Hash to store the read-in configuration options and values.
74 my %config = ();
75
76 # Check if the configfile exists and is read-able.
77 unless (-r "$file") {
78 die "The given configfile ($file) does not exist, or is not read-able: $!";
79 }
80
81 # Open the config file and read-in all configuration options and values.
82 open(CONF, "$file") or die "Could not open $file: $!";
83
84 # Process line by line.
85 while (my $line = <CONF>) {
86 # Skip comments.
87 next if ($line =~ /\#/);
88
89 # Skip blank lines.
90 next if ($line =~ /^\s*$/);
91
92 # Remove any newlines.
93 chomp($line);
94
95 # Check line lenght, skip it, if it is longer than, the
96 # allowed maximum.
97 my $length = length("$line");
98 next if ($length gt $maxlength);
99
100 # Remove any whitespaces.
101 $line=~ s/ //g;
102
103 # Splitt line into two parts.
104 my ($option, $value) = split (/=/, $line);
105
106 # Add config option and value to the config hash.
107 $config{$option} = $value;
108 }
109
110 # Close the config file.
111 close(CONF);
112
113 # Return the configuration hash.
114 return %config;
115 }
116
117 #
118 ## The CheckConfig function.
119 #
120 ## This function is responsible to validate configure options which has
121 ## to be passed as a hash. It will return an error message which provides some
122 ## deeper details, if any problems have been detected.
123 #
124 sub CheckConfig (\%) {
125 # Dereference the given hash-ref and store
126 # them into a new temporary hash.
127 my %config = %{ $_[0] };
128
129 # If a BlockTime has been configured, check if the value is a natural number.
130 if (exists($config{BlockTime})) {
131 # Get the configured value for "BlockTime".
132 my $value = $config{BlockTime};
133
134 # Call subroutine for validation.
135 my $error = &check_number("$value");
136
137 # If the check fails, immediately return an error message.
138 if ($error) {
139 return "Invalid BlockTime: $error";
140 }
141 }
142
143 # If a BlockCount has been configured, check if the value is a natural number.
144 if (exists($config{BlockCount})) {
145 # Get the configured value for "BlockCount".
146 my $value = $config{BlockCount};
147
148 # Call subroutine for validation.
149 my $error = &check_number("$value");
150
151 # If the check fails, immediately return an error message.
152 if ($error) {
153 return "Invalid BlockCount: $error";
154 }
155 }
156
157 # Gather details about supported log levels.
158 my %supported_loglevels = &Guardian::Logger::GetLogLevels();
159
160 # Check if the configured log level is valid.
161 unless (exists ($supported_loglevels{$config{LogLevel}})) {
162 return "Invalid LogLevel: $config{LogLevel}";
163 }
164
165 # The config looks good, so return nothing (no error message).
166 return undef
167 }
168
169 #
170 ## The check_number subroutine.
171 #
172 ## This simple subroutine is used to check if a given string is numeric
173 ## and contains a natural number which has to be greater than zero.
174 #
175 sub check_number ($) {
176 my $input = $_[0];
177
178 # Check if the input is a natural number.
179 unless ($input =~ /^\d+$/) {
180 return "$input is not a natural number";
181 }
182
183 # Check if the number is greater than zero.
184 unless ($input gt "0") {
185 return "$input has to be greater than zero";
186 }
187
188 # Input is okay, return no error message (nothing).
189 return undef;
190 }
191
192 1;
A perl written Intrusion Prevention System.