From 900cad7f5f64548c892995a4869dfef37b71b974 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Tue, 14 Jun 2016 13:18:17 +0200 Subject: [PATCH] Allow including additional ignore files. This commit adds the ability to specify additinal files in the include file which should be included. Any containing IP-addresses of those files also will be added to the hash of ignored IP-addresses. To include a file, just add "Include_File = /file/to/be/included" to the ignore file. There is no limitation for number of included files. This feature can be used, to include system specific files which contains IP-addresses which also should be added to the ignore list. Signed-off-by: Stefan Schantl --- modules/Events.pm | 101 +++++++++++++++++++++++++++++++++++++--------- 1 file changed, 81 insertions(+), 20 deletions(-) diff --git a/modules/Events.pm b/modules/Events.pm index 025fe4f..e769967 100644 --- a/modules/Events.pm +++ b/modules/Events.pm @@ -303,6 +303,11 @@ sub CallUnblock ($) { # sub GenerateIgnoreList($) { my $file = shift; + my @include_files; + + # Reset current ignore hash and add + # localhost related IP addresses. + %ignorehash = &_whitelist_localhost(); # Check if the given IgnoreFile could be opened. unless(-e $file) { @@ -310,11 +315,7 @@ sub GenerateIgnoreList($) { return; } - # Reset current ignore hash and add - # localhost related IP addresses. - %ignorehash = &_whitelist_localhost(); - - # Open the given IgnoreFile. + # Open the given IgnoreFile. open (IGNORE, $file); # Read-in the file line by line. @@ -328,29 +329,89 @@ sub GenerateIgnoreList($) { # Remove any newlines. chomp; - # Check if the line contains a valid single address or network and - # convert it into binary format. Store the result/start and - # end values in a temporary array. - my @values = &Guardian::Base::IPOrNet2Int($_); + # Check for an include instruction. + if ($_ =~ /^Include_File = (.*)/) { + my $include_file = $1; - # If the function returned any values, the line contained a valid - # single address or network which successfully has been converted into - # binary format. - if (@values) { - # Assign the array as value to the ignorehash. - $ignorehash{$_} = [@values]; - } else { - # Log invalid entry. - $logger->Log("err", "IgnoreFile contains an invalid address/network: $_"); + # Check if the parsed include file exists and is read-able. + if (-e $include_file) { + # Add file to the array of files wich will be included. + push(@include_files, $include_file); - # Skip line. - next; + # Write out log message. + $logger->Log("debug", "Addresses from $include_file will be included..."); + } else { + # Log missing file. + $logger->Log("err", "$include_file will not be included. File does not exist!"); + } + } else { + # Check if the line contains a valid single address or network and + # convert it into binary format. Store the result/start and + # end values in a temporary array. + my @values = &Guardian::Base::IPOrNet2Int($_); + + # If the function returned any values, the line contained a valid + # single address or network which successfully has been converted into + # binary format. + if (@values) { + # Assign the array as value to the ignorehash. + $ignorehash{$_} = [@values]; + } else { + # Log invalid entry. + $logger->Log("err", "IgnoreFile contains an invalid address/network: $_"); + + # Skip line. + next; + } } } # Close filehandle for the IgnoreFile. close (IGNORE); + # Check if any files should be included. + if (@include_files) { + # Loop through the array of files which should be included. + foreach my $file (@include_files) { + # Open the file. + open(INCLUDE, $file); + + # Read-in file line by line. + while() { + # Skip any comments. + next if (/\#/); + + # Skip any blank lines. + next if (/^\s*$/); + + # Chomp any newlines. + chomp; + + # Check if the line contains a valid single address or network and + # convert it into binary format. Store the result/start and + # end values in a temporary array. + my @values = &Guardian::Base::IPOrNet2Int($_); + + # If the function returned any values, the line contained a valid + # single address or network which successfully has been converted into + # binary format. + if (@values) { + # Assign the array as value to the ignorehash. + $ignorehash{$_} = [@values]; + } else { + # Log invalid entry. + $logger->Log("err", "$file contains an invalid address/network: $_"); + + # Skip line. + next; + } + } + + # Close filehandle. + close(INCLUDE); + } + } + # Get amount of current elements in hash. my $amount = scalar(keys(%ignorehash)); -- 2.39.2