X-Git-Url: http://git.ipfire.org/?p=people%2Fstevee%2Fguardian.git;a=blobdiff_plain;f=guardian;h=d01612525dfe2ec2332b3aefc6afd3b74dd8f111;hp=2ec8ac4b4cf59cd7399b4767d5a2e9183dc1cb23;hb=ab7c10eb2c226795115499b3ab2f88cd4f958c0b;hpb=915d9f4513423b25b2dfb1a375c0476a0394b9b4

diff --git a/guardian b/guardian
index 2ec8ac4..d016125 100644
--- a/guardian
+++ b/guardian
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2015  IPFire Development Team                                 #
+# Copyright (C) 2015-2016  IPFire Development Team                            #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -25,19 +25,24 @@ use threads::shared;
 use Getopt::Long;
 use Thread::Queue;
 use Linux::Inotify2;
+use Time::HiRes qw[ time sleep ];
 
+require Guardian::Base;
 require Guardian::Config;
+require Guardian::Daemon;
+require Guardian::Events;
+require Guardian::Logger;
 require Guardian::Parser;
 require Guardian::Socket;
 
+use warnings;
+
+# Disable warnings of unjoinded threads when stopping guardian.
+no warnings 'threads';
+
 # Define version.
 my $version ="2.0";
 
-# Array to store the monitored logfiles.
-my @monitored_files = (
-	"/var/log/snort/alert",
-);
-
 # Get and store the given command line arguments in a hash.
 my %cmdargs = ();
 
@@ -62,13 +67,53 @@ if (defined($cmdargs{"help"})) {
 	exit;
 }
 
+# Check if another instance of guardian is allready running.
+if (&Guardian::Daemon::IsRunning()) {
+	die "Another instance of Guardian is allready running...\n";
+}
+
 # Read-in the configuration file and store the settings.
 # Push the may be given config file argument.
 my %mainsettings = &Guardian::Config::UseConfig($cmdargs{"config"});
 
+# Initialize Logger.
+my $logger = Guardian::Logger->Init(%mainsettings);
+$logger->Log("debug", "Logger successfully initialized...");
+
+# Add the logger object to the mainsettings for passing
+# it to the modules.
+$mainsettings{Logger} = $logger;
+
+# Redirect perls "die" messages to the logger before exiting.
+$SIG{__DIE__} = sub { $logger->Log("err", "@_"); };
+
+# Initialize the event handler.
+my $events = Guardian::Events->Init(%mainsettings);
+
+# Hash to store the currently monitored files and their configured
+# parsers.
+my %monitored_files = ();
+
+# Shared hash between the main process and all threads. It will store the
+# monitored files and their current file position.
+my %file_positions :shared = ();
+
 # Create the main queue. It is used to store and process all events which are
 # reported and enqueued by the worker threads.
-my $queue :shared = new Thread::Queue or die "Could not create new, empty queue. $!\n";;
+my $queue :shared = new Thread::Queue or die "Could not create new, empty queue. $!";;
+
+# Array to store all currently running worker objects.
+# (Does not include the socket thread)
+my @running_workers;
+
+# Check if guardian should be daemonized or keep in the foreground.
+unless (defined($cmdargs{"foreground"})) {
+	# Fork into background.
+	&Guardian::Daemon::Daemonize();
+} else {
+	# Write PID (process-id).
+	&Guardian::Daemon::WritePID();
+}
 
 # Call Init function to initzialize guardian.
 &Init();
@@ -84,15 +129,23 @@ while(1) {
 		# Grab the data of the top enqueued event.
 		my $event = $queue->peek();
 
-		print "Got event: $event\n";
+		# Log processed event.
+		$logger->Log("debug", "QUEUE - Processed event: $event");
+
+		# Send event data to the events parser to determine
+		# if any action is required.
+		$events->CheckAction($event);
 
 		# Drop processed event from queue.
 		$queue->dequeue();
 	}
 
-	# XXX
-	# Temporary workaround to reduce the load of the main process.
-	sleep(1);
+	# Call RemoveBlocks routine from the Events module to check
+	# if items from the block list can be dropped.
+	$events->RemoveBlocks();
+
+	# Sleep 10ms to reduce the load of the main process.
+	sleep(0.01);
 }
 
 #
@@ -108,15 +161,11 @@ sub Init () {
 	# Setup IPC mechanism via Socket in an own thread.
 	threads->create(\&Socket);
 
-	# Loop through the array of which files should be monitored and
-	# create a worker thread for each single one.
-	foreach my $monitored_file (@monitored_files) {
-		# Check if the file exists and is readable.
-		if (-r "$monitored_file") {
-			# Create worker thread for the file.
-			threads->create(\&Worker,$monitored_file);
-		}
-	}
+	# Generate hash of monitored files.
+	%monitored_files = &Guardian::Base::GenerateMonitoredFiles(\%mainsettings, \%monitored_files);
+
+	# Start worker threads.
+	&StartWorkers();
 }
 
 #
@@ -140,54 +189,86 @@ sub Init () {
 ## shared event queue.
 #
 sub Worker ($) {
-	my $file = @_[0];
+	my $file = $_[0];
+
+	# Obtain the parser name which should be used to parser any
+	# messages of this file.
+	my $parser = $monitored_files{$file};
 
-	# Get the fileposition.
-	my $fileposition = &Init_fileposition("$file");
+	# Signal handler to kill worker.
+	$SIG{'KILL'} = sub { threads->exit(); };
 
 	# Create inotify watcher.
-	my $watcher = new Linux::Inotify2 or die "Could not use inotify. $!\n";
+	my $watcher = new Linux::Inotify2 or die "Could not use inotify. $!";
 
 	# Monitor the specified file.
-	$watcher->watch("$file", IN_MODIFY) or die "Could not monitor $file. $!\n";
+	$watcher->watch("$file", IN_MODIFY) or die "Could not monitor $file. $!";
 
-	# Get all notifications.
-	while ($watcher->read) {
-		my @message = ();
+	# Switch watcher into non-blocking mode.
+	$watcher->blocking(0);
 
-		# Open the file.
-		open (FILE, $file) or die "Could not open $file. $!\n";
+	# Log successfully spawned worker.
+	$logger->Log("debug", "Spawned worker thread for: $file");
 
-		# Seek to the last known position.
-		seek (FILE, $fileposition, 0);
+	# Infinite loop.
+	while(1) {
+		# Check for any events and perform them, if there
+		# is a least one.
+		if ($watcher->read) {
+			my @message = ();
 
-		# Get the log message.
-		while (my $line = <FILE>) {
-			# Remove any newlines.
-			chomp $line;
+			# Obtain fileposition from hash.
+			my $fileposition = $file_positions{$file};
 
-			# Add all lines to the message array.
-			push (@message, $line);
-		}
+			# Open the file.
+			open (FILE, $file) or die "Could not open $file. $!";
+
+			# Seek to the last known position.
+			seek (FILE, $fileposition, 0);
 
-		# Update fileposition.
-		$fileposition = tell(FILE);
+			# Get the log message.
+			while (my $line = <FILE>) {
+				# Remove any newlines.
+				chomp $line;
 
-		# Close file.
-		close(FILE);
+				# Add all lines to the message array.
+				push (@message, $line);
+			}
+
+			{
+				# Lock shared hash.
+				lock(%file_positions);
 
-		# Send filename and message to the parser,
-		# which will return if an action has to be performed.
-		my @action = &Guardian::Parser::Parser("$file", @message);
+				# Update fileposition.
+				$file_positions{$file} = tell(FILE);
+			}
 
-		# Send the action to the main process and put it into
-		# the queue.
-		if (@action) {
-			# Lock the queue.
-			lock($queue);
+			# Close file.
+			close(FILE);
 
-			# Put the required action into the queue.
-			$queue->enqueue(@action);
+			# Send filename and message to the parser,
+			# which will return if any actions have to be performed.
+			my @actions = &Guardian::Parser::Parser("$parser", @message);
+
+			# Send the action to the main process and put it into
+			# the queue.
+			if (@actions) {
+				# Lock the queue.
+				lock($queue);
+
+				# Loop through the actions array, and perform
+				# every single action.
+				foreach my $action (@actions) {
+					# Prevent from enqueuing empty actions.
+					if (defined($action)) {
+						# Put the required action into the queue.
+						$queue->enqueue($action);
+					}
+				}
+			}
+		} else {
+			# Sleep for 10ms until the next round of the loop will start.
+			sleep(0.01);
 		}
 	}
 }
@@ -205,7 +286,10 @@ sub Worker ($) {
 #
 sub Socket () {
 	# Create the Server socket by calling the responsible function.
-	my $server = &Guardian::Socket::Server();
+	my $server = &Guardian::Socket::Server($mainsettings{SocketOwner});
+
+	# Log successfull creation of socket.
+	$logger->Log("debug", "Listening to Socket...");
 
         # Accept incomming connections from the socket.
         while (my $connection = $server->accept()) {
@@ -218,6 +302,9 @@ sub Socket () {
 			# Remove any newlines.
 			chomp($message);
 
+			# Log recieved socket command.
+			$logger->Log("debug", "Socket - Recieved message: $message");
+
 			# Send the recieved data message to the
 			# socket parser.
 			my $action = &Guardian::Socket::Message_Parser($message);
@@ -236,44 +323,105 @@ sub Socket () {
 }
 
 #
-## Function for fileposition initialization.
+## Function for capturing process signals.
 #
-## This function is used to get the cursor position of the end of file (EOF) of
-## a specified file.
+## This function captures any sent process signals and will call various
+## actions, basend on the captured signal.
 #
-## In order to prevent from permanently read and keep files opened, or dealing
-## with huge logfiles, at initialization time of the worker processes, the file will
-## be opened once and the cursor position of the end of file (EOF) get stored.
+sub SignalHandler {
+	$SIG{INT} = \&Shutdown;
+	$SIG{TERM} = \&Shutdown;
+	$SIG{QUIT} = \&Shutdown;
+	$SIG{HUP} = \&Reload;
+	$SIG{USR1} = \&ReloadIgnoreList;
+}
+
 #
-sub Init_fileposition ($) {
-	my $file = $_[0];
+## Function to start the workers (threads) for all monitored files.
+#
+## This function will loop through the hash of monitored files and will
+## spawn an own thread based worker for each file. Every created worker will
+## be added to the array of running workers.
+#
+sub StartWorkers () {
+	# Init/Update hash which contains the cursor position of EOF.
+	%file_positions = &Guardian::Base::FilePositions(\%monitored_files, \%file_positions);
+
+	# Loop through the hash which contains the monitored files and start
+	# a worker thread for each single one.
+	foreach my $file (keys %monitored_files) {
+		$logger->Log("debug", "Starting worker thread for $file");
+		# Create worker thread for the file.
+		push @running_workers, threads->create(\&Worker,$file);
+	}
+}
 
-	# Open the file.
-	open(FILE, $file) or die "Could not open $file. $!\n";
+#
+## Function to stop all running workers.
+#
+## This function is used to stop all currently running workers and will be
+## called when reloading or shutting down guardian.
+#
+sub StopWorkers () {
+	# Loop through all running workers.
+	foreach my $worker (@running_workers) {
+		# Send the worker the "KILL" signal and detach the
+		# thread so perl can do an automatically clean-up.
+		$worker->kill('KILL');
+	}
+	$logger->Log("debug", "All workers are stopped now...");
+}
 
-	# Just seek to the end of the file (EOF).
-	seek(FILE, 0, 2);
+#
+## Reload function.
+#
+## This function will get called if the signal handler recieves a "SIGHUP" signal,
+## or the reload command will be sent via socket connection. It is responsible for
+## reloading all configure options and stopping/starting the worker threads.
+#
+sub Reload () {
+	# Log reload.
+	$logger->Log("info", "Reload configuration...");
 
-	# Get and store the position.
-	my $position = tell(FILE),
+	# Stop all running workers.
+	&StopWorkers();
 
-	# Close the file again.
-	close(FILE);
+	# Re-read configuration file.
+	%mainsettings = &Guardian::Config::UseConfig($cmdargs{"config"});
 
-	# Return the position.
-	return $position;
+	# Update Logger settings.
+	$logger = Guardian::Logger->Init(%mainsettings);
+
+	# Update logger object in mainsettings hash.
+	$mainsettings{Logger} = $logger;
+
+	# Update ignore list.
+	&ReloadIgnoreList();
+
+	# Re-generate hash of monitored files.
+	%monitored_files = &Guardian::Base::GenerateMonitoredFiles(\%mainsettings, \%monitored_files);
+
+	# Restart the worker threads.
+	&StartWorkers();
 }
 
 #
-## Function for capturing process signals.
+## ReloadIgnoreList function.
 #
-## This function captures any sent process signals and will call various
-## actions, basend on the captured signal.
+## This function will be called if the signal handler recieves a "SIGUSR1" signal,
+## or the reload-ignore-list command will be sent via the socket connection. It just
+## performs a simple check if an ignore file has been configured and calls the responsible
+## function on the events module.
 #
-sub SignalHandler {
-	$SIG{INT} = \&Shutdown;
-	$SIG{TERM} = \&Shutdown;
-	$SIG{QUIT} = \&Shutdown;
+sub ReloadIgnoreList () {
+	# Update ignore list, if an ignorefile has been specified.
+	if (exists($mainsettings{IgnoreFile})) {
+		# Log reload of the ignore list.
+		$logger->Log("info", "Reloading ignore list...");
+
+		# Call responsible function from the events module.
+		&Guardian::Events::GenerateIgnoreList($mainsettings{IgnoreFile});
+	}
 }
 
 #
@@ -283,9 +431,26 @@ sub SignalHandler {
 ## by the signal handler when recieving INT (2), QUIT (3) and TERM (15) signals.
 #
 sub Shutdown () {
+	# Log shutdown.
+	$logger->Log("info", "Shutting down...");
+
+	# Stop all workers.
+	&StopWorkers();
+
 	# Remove socket file on exit.
 	&Guardian::Socket::RemoveSocketFile();
 
+	# Remove pid file on exit.
+	&Guardian::Daemon::RemovePIDFile();
+
+	# Sleep for one second to give perl some
+	# time to proper clean up everything before
+	# exiting.
+	sleep(1);
+
+	# Log good bye message.
+	$logger->Log("debug", "Good Bye!");
+
 	# Exit guardian.
 	exit;
 }