X-Git-Url: http://git.ipfire.org/?p=people%2Fstevee%2Fguardian.git;a=blobdiff_plain;f=guardian;h=148f50e38e9f2b166336c16642087965e0c02be6;hp=fd16b3a6fd49b476cfde440dc16de30197e21eb1;hb=d79cbb10a6c67b54da71f7684f0e052dcf44fdf5;hpb=f7821b2361477128f27c8ff6838b47893b4482be

diff --git a/guardian b/guardian
index fd16b3a..148f50e 100644
--- a/guardian
+++ b/guardian
@@ -27,20 +27,22 @@ use Thread::Queue;
 use Linux::Inotify2;
 use Time::HiRes qw[ time sleep ];
 
+require Guardian::Base;
 require Guardian::Config;
+require Guardian::Daemon;
+require Guardian::Events;
+require Guardian::Logger;
 require Guardian::Parser;
 require Guardian::Socket;
 
 use warnings;
 
+# Disable warnings of unjoinded threads when stopping guardian.
+no warnings 'threads';
+
 # Define version.
 my $version ="2.0";
 
-# Array to store the monitored logfiles.
-my @monitored_files = (
-	"/var/log/snort/alert",
-);
-
 # Get and store the given command line arguments in a hash.
 my %cmdargs = ();
 
@@ -65,18 +67,54 @@ if (defined($cmdargs{"help"})) {
 	exit;
 }
 
+# Check if another instance of guardian is allready running.
+if (&Guardian::Daemon::IsRunning()) {
+	die "Another instance of Guardian is allready running...\n";
+}
+
 # Read-in the configuration file and store the settings.
 # Push the may be given config file argument.
 my %mainsettings = &Guardian::Config::UseConfig($cmdargs{"config"});
 
+# Initialize Logger.
+my $logger = Guardian::Logger->Init(%mainsettings);
+$logger->Log("debug", "Logger successfully initialized...");
+
+# Add the logger object to the mainsettings for passing
+# it to the modules.
+$mainsettings{Logger} = $logger;
+
+# Redirect perls "die" messages to the logger before exiting.
+$SIG{__DIE__} = sub { $logger->Log("err", "@_"); };
+
+# Initialize the event handler.
+my $events = Guardian::Events->Init(%mainsettings);
+
+# Hash to store the currently monitored files and their configured
+# parsers.
+my %monitored_files = ();
+
+# Shared hash between the main process and all threads. It will store the
+# monitored files and their current file position.
+my %file_positions :shared = ();
+
 # Create the main queue. It is used to store and process all events which are
 # reported and enqueued by the worker threads.
-my $queue :shared = new Thread::Queue or die "Could not create new, empty queue. $!\n";;
+my $queue :shared = new Thread::Queue or die "Could not create new, empty queue. $!";;
 
 # Array to store all currently running worker objects.
 # (Does not include the socket thread)
 my @running_workers;
 
+# Check if guardian should be daemonized or keep in the foreground.
+unless (defined($cmdargs{"foreground"})) {
+	# Fork into background.
+	&Guardian::Daemon::Daemonize();
+} else {
+	# Write PID (process-id).
+	&Guardian::Daemon::WritePID();
+}
+
 # Call Init function to initzialize guardian.
 &Init();
 
@@ -91,12 +129,21 @@ while(1) {
 		# Grab the data of the top enqueued event.
 		my $event = $queue->peek();
 
-		print "Got event: $event\n";
+		# Log processed event.
+		$logger->Log("debug", "QUEUE - Processed event: $event");
+
+		# Send event data to the events parser to determine
+		# if any action is required.
+		$events->CheckAction($event);
 
 		# Drop processed event from queue.
 		$queue->dequeue();
 	}
 
+	# Call RemoveBlocks routine from the Events module to check
+	# if items from the block list can be dropped.
+	$events->RemoveBlocks();
+
 	# Sleep 10ms to reduce the load of the main process.
 	sleep(0.01);
 }
@@ -114,6 +161,9 @@ sub Init () {
 	# Setup IPC mechanism via Socket in an own thread.
 	threads->create(\&Socket);
 
+	# Generate hash of monitored files.
+	%monitored_files = &Guardian::Base::GenerateMonitoredFiles(\%mainsettings, \%monitored_files);
+
 	# Start worker threads.
 	&StartWorkers();
 }
@@ -141,21 +191,25 @@ sub Init () {
 sub Worker ($) {
 	my $file = $_[0];
 
+	# Obtain the parser name which should be used to parser any
+	# messages of this file.
+	my $parser = $monitored_files{$file};
+
 	# Signal handler to kill worker.
 	$SIG{'KILL'} = sub { threads->exit(); };
 
-	# Get the fileposition.
-	my $fileposition = &Init_fileposition("$file");
-
 	# Create inotify watcher.
-	my $watcher = new Linux::Inotify2 or die "Could not use inotify. $!\n";
+	my $watcher = new Linux::Inotify2 or die "Could not use inotify. $!";
 
 	# Monitor the specified file.
-	$watcher->watch("$file", IN_MODIFY) or die "Could not monitor $file. $!\n";
+	$watcher->watch("$file", IN_MODIFY) or die "Could not monitor $file. $!";
 
 	# Switch watcher into non-blocking mode.
 	$watcher->blocking(0);
 
+	# Log successfully spawned worker.
+	$logger->Log("debug", "Spawned worker thread for: $file");
+
 	# Infinite loop.
 	while(1) {
 		# Check for any events and perform them, if there
@@ -163,8 +217,11 @@ sub Worker ($) {
 		if ($watcher->read) {
 			my @message = ();
 
+			# Obtain fileposition from hash.
+			my $fileposition = $file_positions{$file};
+
 			# Open the file.
-			open (FILE, $file) or die "Could not open $file. $!\n";
+			open (FILE, $file) or die "Could not open $file. $!";
 
 			# Seek to the last known position.
 			seek (FILE, $fileposition, 0);
@@ -178,24 +235,29 @@ sub Worker ($) {
 				push (@message, $line);
 			}
 
-			# Update fileposition.
-			$fileposition = tell(FILE);
+			{
+				# Lock shared hash.
+				lock(%file_positions);
+
+				# Update fileposition.
+				$file_positions{$file} = tell(FILE);
+			}
 
 			# Close file.
 			close(FILE);
 
 			# Send filename and message to the parser,
 			# which will return if an action has to be performed.
-			my @action = &Guardian::Parser::Parser("$file", @message);
+			my $action = &Guardian::Parser::Parser("$parser", @message);
 
 			# Send the action to the main process and put it into
 			# the queue.
-			if (@action) {
+			if (defined ($action)) {
 				# Lock the queue.
 				lock($queue);
 
 				# Put the required action into the queue.
-				$queue->enqueue(@action);
+				$queue->enqueue($action);
 			}
 		} else {
 			# Sleep for 10ms until the next round of the loop will start.
@@ -217,7 +279,10 @@ sub Worker ($) {
 #
 sub Socket () {
 	# Create the Server socket by calling the responsible function.
-	my $server = &Guardian::Socket::Server();
+	my $server = &Guardian::Socket::Server($mainsettings{SocketOwner});
+
+	# Log successfull creation of socket.
+	$logger->Log("debug", "Listening to Socket...");
 
         # Accept incomming connections from the socket.
         while (my $connection = $server->accept()) {
@@ -230,6 +295,9 @@ sub Socket () {
 			# Remove any newlines.
 			chomp($message);
 
+			# Log recieved socket command.
+			$logger->Log("debug", "Socket - Recieved message: $message");
+
 			# Send the recieved data message to the
 			# socket parser.
 			my $action = &Guardian::Socket::Message_Parser($message);
@@ -257,24 +325,26 @@ sub SignalHandler {
 	$SIG{INT} = \&Shutdown;
 	$SIG{TERM} = \&Shutdown;
 	$SIG{QUIT} = \&Shutdown;
+	$SIG{HUP} = \&Reload;
 }
 
 #
 ## Function to start the workers (threads) for all monitored files.
 #
-## This function will loop through the array of monitored files and will
+## This function will loop through the hash of monitored files and will
 ## spawn an own thread based worker for each file. Every created worker will
 ## be added to the array of running workers.
 #
 sub StartWorkers () {
-	# Loop through the array of which files should be monitored and
-	# create a worker thread for each single one.
-	foreach my $monitored_file (@monitored_files) {
-		# Check if the file exists and is readable.
-		if (-r "$monitored_file") {
-			# Create worker thread for the file.
-			push @running_workers, threads->create(\&Worker,$monitored_file);
-		}
+	# Init/Update hash which contains the cursor position of EOF.
+	%file_positions = &Guardian::Base::FilePositions(\%monitored_files, \%file_positions);
+
+	# Loop through the hash which contains the monitored files and start
+	# a worker thread for each single one.
+	foreach my $file (keys %monitored_files) {
+		$logger->Log("debug", "Starting worker thread for $file");
+		# Create worker thread for the file.
+		push @running_workers, threads->create(\&Worker,$file);
 	}
 }
 
@@ -289,8 +359,44 @@ sub StopWorkers () {
 	foreach my $worker (@running_workers) {
 		# Send the worker the "KILL" signal and detach the
 		# thread so perl can do an automatically clean-up.
-		$worker->kill('KILL')->detach();
+		$worker->kill('KILL');
+	}
+	$logger->Log("debug", "All workers are stopped now...");
+}
+
+#
+## Reload function.
+#
+## This function will get called if the signal handler recieves a "SIGHUP" signal,
+## or the reload command will be sent via socket connection. It is responsible for
+## reloading all configure options and stopping/starting the worker threads.
+#
+sub Reload () {
+	# Log reload.
+	$logger->Log("info", "Reload configuration...");
+
+	# Stop all running workers.
+	&StopWorkers();
+
+	# Re-read configuration file.
+	%mainsettings = &Guardian::Config::UseConfig($cmdargs{"config"});
+
+	# Update Logger settings.
+	$logger = Guardian::Logger->Init(%mainsettings);
+
+	# Update logger object in mainsettings hash.
+	$mainsettings{Logger} = $logger;
+
+	# Update ignore list, if one has been specified.
+	if (exists($mainsettings{IgnoreFile})) {
+		&Guardian::Events::GenerateIgnoreList($mainsettings{IgnoreFile});
 	}
+
+	# Re-generate hash of monitored files.
+	%monitored_files = &Guardian::Base::GenerateMonitoredFiles(\%mainsettings, \%monitored_files);
+
+	# Restart the worker threads.
+	&StartWorkers();
 }
 
 #
@@ -300,12 +406,26 @@ sub StopWorkers () {
 ## by the signal handler when recieving INT (2), QUIT (3) and TERM (15) signals.
 #
 sub Shutdown () {
+	# Log shutdown.
+	$logger->Log("info", "Shutting down...");
+
 	# Stop all workers.
 	&StopWorkers();
 
 	# Remove socket file on exit.
 	&Guardian::Socket::RemoveSocketFile();
 
+	# Remove pid file on exit.
+	&Guardian::Daemon::RemovePIDFile();
+
+	# Sleep for one second to give perl some
+	# time to proper clean up everything before
+	# exiting.
+	sleep(1);
+
+	# Log good bye message.
+	$logger->Log("debug", "Good Bye!");
+
 	# Exit guardian.
 	exit;
 }