Gnucomo-0.0.8: September 4th 2003
$Log: gcm_daemon.php,v $
- Revision 1.25 2007-12-12 09:06:21 arjen
+ Revision 1.26 2011-03-24 09:46:36 arjen
+ Resolve a hostname before adding to the abuses.
+
+ Revision 1.25 2007/12/12 09:06:21 arjen
Added a new script gcm_maintenance.php to cleanup the database
and check referential integrity. Purging old log entries is
removed from the gcm_daemon script.
*/
-// $Id: gcm_daemon.php,v 1.25 2007-12-12 09:06:21 arjen Exp $
+// $Id: gcm_daemon.php,v 1.26 2011-03-24 09:46:36 arjen Exp $
ini_set('include_path', '.:./classes:../phpclasses');
ini_set('html_errors', 'false');
-define("BATCHSIZE", 10000);
-
-//Tell the log that we're up.
-define_syslog_variables();
+define("BATCHSIZE", 50000);
require_once "gnucomo_config.php";
require_once "db.class.php";
$project_name = "gnucomo"; // name of the entire project
$app_name = "gcm_daemon"; // name of the application running
$developrelease = "FALSE"; // Indicates if special debug settings are needed
-$db_version = 53; // The db_version indicates what the level of
+$db_version = 54; // The db_version indicates what the level of
// the database should be. If the database is
// old an update will be generated.
$gcmd_version = 5; // This value indicates the active version of
do
{
- echo "Processing logs...\n";
+ //echo "Processing logs...\n";
process_log ();
service_check();
- find_notifications();
//mail_notifications();
// Gather the statistics for each object
for ($obj = 0; $obj < $dbms->num_rows($obj_result); $obj++)
{
$object = $dbms->fetch_object($obj_result, $obj);
- echo "Gathering statistics for object " . $object->objectid . "\n";
+ // echo "Gathering statistics for object " . $object->objectid . "\n";
GatherStatistics($object->objectid);
}
$last_log = $dbms->db_result_row[0];
}
- echo "Last processed logid = $last_log \n";
+ //echo "Last processed logid = $last_log \n";
//Query the log-table
$log_limit = $last_log + BATCHSIZE;
$local_sql = "UPDATE db_value SET setting_value = '"
. $local_upper_row ."' where setting = 'log_processing'";
$dbms->query($local_sql);
-
+
// Update the statistics for the object-table
//echo "Recording abuse for address ", $srv_pat->argument, "\n Log entry:\n ";
//echo $logentry->rawdata, "\n Pattern:\n ", $srv_pat->pattern, "\n\n";
- if (record_abuse($logentry->logid, $logentry->objectid, $srv_pat->argument, 1) >= 32)
+ $nr_abuses = record_abuse($logentry->logid, $logentry->objectid, $srv_pat->argument, 1);
+ if ($nr_abuses < 0)
+ {
+ echo "ERROR in recording abuse for address ", $srv_pat->argument, "\n Log entry:\n ";
+ echo $logentry->rawdata, "\n Pattern:\n ", $srv_pat->pattern, "\n\n";
+ }
+ if ($nr_abuses >= 32)
{
- $source_ip = $srv_pat->argument;
+ $source_ip = gethostbyname($srv_pat->argument);
$notif = 'abuses exceeded';
if (!isset($notifications[$logentry->objectid][$notif][$source_ip]))
{
- echo "Creating notification $notif for object " . $logentry->objectid . ".\n";
+ //echo "Creating notification $notif for object " . $logentry->objectid . ".\n";
$remark = "Abuses from IP address $source_ip exceeded the limit.";
$notifid = $dbms->new_notification($logentry->objectid, $notif, $remark);
$notifications[$logentry->objectid][$notif][$source_ip] = $notifid;
// Add log entries from previously detected abuses
- echo " Add log entries from previously detected abuses\n";
+ //echo " Add log entries from previously detected abuses\n";
$abuses = $dbms->query("SELECT logid FROM log_abuse WHERE objectid = '" .
$logentry->objectid . "' AND source = '$source_ip'");
for ($abusenr = 0; $abusenr < $dbms->num_rows($abuses); $abusenr++)
$abres = $dbms->query("SELECT * FROM object_abuse WHERE objectid='$objectid' AND source='$sourceip'");
- if (pg_numrows($abres) == 0 && $points > 0)
+ if ($abres == false)
{
- //echo "$sourceip is new.\n";
- $dbms->query("INSERT INTO object_abuse VALUES ('$objectid', '$sourceip', '$points', '', NOW())");
- $dbms->query("INSERT INTO log_abuse VALUES ('$logid', '$objectid', '$sourceip')");
+ $abuse_points = -1; // return an error
}
- else if (pg_numrows($abres) != 0)
+ else
{
- $abuse = $dbms->fetch_object($abres, 0);
- if ($abuse->status == '' || $abuse->status == 'dropped')
+ if (pg_numrows($abres) == 0 && $points > 0)
+ {
+ //echo "$sourceip is new.\n";
+ $dbms->query("INSERT INTO object_abuse VALUES ('$objectid', '$sourceip', '$points', '', NOW())");
+ $dbms->query("INSERT INTO log_abuse VALUES ('$logid', '$objectid', '$sourceip')");
+ }
+ else if (pg_numrows($abres) != 0)
{
- $abuse_points = $abuse->nr_abuses + $points;
- if ($abuse_points < 0)
+ $abuse = $dbms->fetch_object($abres, 0);
+ if ($abuse->status == '' || $abuse->status == 'dropped')
{
- $abuse_points = 0;
- }
- //echo $sourceip . " will get " . $abuse_points . " abuse points, ";
- //echo "Status was " . $abuse->status . "\n";
- $dbms->query("UPDATE object_abuse SET nr_abuses='$abuse_points'" .
- ", last_change=NOW() WHERE objectid='$objectid' AND source='$sourceip'");
+ $abuse_points = $abuse->nr_abuses + $points;
+ if ($abuse_points < 0)
+ {
+ $abuse_points = 0;
+ }
+ //echo $sourceip . " will get " . $abuse_points . " abuse points, ";
+ //echo "Status was " . $abuse->status . "\n";
+ $dbms->query("UPDATE object_abuse SET nr_abuses='$abuse_points'" .
+ ", last_change=NOW() WHERE objectid='$objectid' AND source='$sourceip'");
- if ($points > 0)
- {
- $dbms->query("INSERT INTO log_abuse VALUES ('$logid', '$objectid', '$sourceip')");
- }
- if ($abuse_points >= 32)
- {
- //echo " BLOCK IP adrress $sourceip on the firewall.\n";
- $dbms->query("UPDATE object_abuse SET status='dropped'" .
- " WHERE objectid='$objectid' AND source='$sourceip'");
+ if ($points > 0)
+ {
+ $dbms->query("INSERT INTO log_abuse VALUES ('$logid', '$objectid', '$sourceip')");
+ }
+ if ($abuse_points >= 32)
+ {
+ //echo " BLOCK IP adrress $sourceip on the firewall.\n";
+ $dbms->query("UPDATE object_abuse SET status='dropped'" .
+ " WHERE objectid='$objectid' AND source='$sourceip'");
+ }
}
}
}
VALUES ('log_servicecheck', '0')");
}
- echo "Running service check from log id $last_log.\n";
+ //echo "Running service check from log id $last_log.\n";
// Query the log-table
$log_limit = $last_log + BATCHSIZE;
$dbms->query($qry);
}
-function find_notifications ()
-{
-
-/*
- * Do something with notification checks.
- *
- * INPUT : NONE
- * OUTPUT : NONE
- */
-
- global $dbms;
-
- // Find checks that have to be executed.
- $local_sql = "select * from notification_check where
- age(last_execution) > time_between_executions";
- $dbms->query($local_sql);
-
- for ($i=0; $i<$dbms->num_rows(); $i++)
- {
- // A check has been found that has to be executed
- $dbms->fetch_row();
- }
-}
-
/*
* find open notifications and send an email to the object's users.
*/
return $command;
}
-?>
+// ereg function are removed from PHP since version 7.0
+// These wrappers use the alternative preg functions.
+function ereg($pattern, $string, &$matches)
+{
+ $pattern = "#" . $pattern . "#";
+ return preg_match($pattern, $string, $matches);
+}
+
+function ereg_replace($pattern, $replacement, $string)
+{
+ $pattern = "#" . $pattern . "#";
+ return preg_replace($pattern, $replacement, $string);
+}
+?>