projects
/
gnucomo.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
2f23747
)
Record the date when adding the number of abuses for an IP address
author
arjen
<arjen>
Tue, 23 Oct 2007 11:23:52 +0000
(11:23 +0000)
committer
arjen
<arjen>
Tue, 23 Oct 2007 11:23:52 +0000
(11:23 +0000)
in the abuse list.
src/gcm_daemon/gcm_daemon.php
patch
|
blob
|
history
diff --git
a/src/gcm_daemon/gcm_daemon.php
b/src/gcm_daemon/gcm_daemon.php
index
7003d95
..
278c29e
100755
(executable)
--- a/
src/gcm_daemon/gcm_daemon.php
+++ b/
src/gcm_daemon/gcm_daemon.php
@@
-20,7
+20,11
@@
Gnucomo-0.0.8: September 4th 2003
$Log: gcm_daemon.php,v $
Gnucomo-0.0.8: September 4th 2003
$Log: gcm_daemon.php,v $
- Revision 1.21 2007-01-11 13:47:41 arjen
+ Revision 1.22 2007-10-23 11:23:52 arjen
+ Record the date when adding the number of abuses for an IP address
+ in the abuse list.
+
+ Revision 1.21 2007/01/11 13:47:41 arjen
Log_adv and derived tables removed.
Create notifications from log entries with pattern matching.
Log_adv and derived tables removed.
Create notifications from log entries with pattern matching.
@@
-73,12
+77,12
@@
*/
*/
-// $Id: gcm_daemon.php,v 1.2
1 2007-01-11 13:47:41
arjen Exp $
+// $Id: gcm_daemon.php,v 1.2
2 2007-10-23 11:23:52
arjen Exp $
ini_set('include_path', '.:./classes:../phpclasses');
ini_set('html_errors', 'false');
ini_set('include_path', '.:./classes:../phpclasses');
ini_set('html_errors', 'false');
-define("BATCHSIZE",
2
000);
+define("BATCHSIZE",
5
000);
//Tell the log that we're up.
define_syslog_variables();
//Tell the log that we're up.
define_syslog_variables();
@@
-259,7
+263,7
@@
function purge_old_logs($purge_date)
echo "Purging log entries before $purge_date\n";
echo "Purging log entries before $purge_date\n";
- $dbms->query("CREATE TABLE gcm_deamon_old_log AS SELECT logid FROM log WHERE
logid < $purge_date
");
+ $dbms->query("CREATE TABLE gcm_deamon_old_log AS SELECT logid FROM log WHERE
timestamp < '$purge_date'
");
$dbms->query("SELECT logid FROM gcm_deamon_old_log");
echo $dbms->num_rows() . " log entries found.\n";
$r = $dbms->query("select notificationid from log_notification where logid in
$dbms->query("SELECT logid FROM gcm_deamon_old_log");
echo $dbms->num_rows() . " log entries found.\n";
$r = $dbms->query("select notificationid from log_notification where logid in
@@
-633,6
+637,7
@@
function match_log_patterns($logstart)
for ($patnr = 0; !$match_found && $patnr < $dbms->num_rows($pattern_res); $patnr++)
{
$srv_pat = $dbms->fetch_object($pattern_res, $patnr);
for ($patnr = 0; !$match_found && $patnr < $dbms->num_rows($pattern_res); $patnr++)
{
$srv_pat = $dbms->fetch_object($pattern_res, $patnr);
+ //echo " Checking with pattern " . $srv_pat->pattern . "\n";
if (ereg($srv_pat->pattern, $logentry->rawdata, $matches))
{
// Scan the argument for '$n' expressions and expand
if (ereg($srv_pat->pattern, $logentry->rawdata, $matches))
{
// Scan the argument for '$n' expressions and expand
@@
-668,7
+673,7
@@
function match_log_patterns($logstart)
break;
case "abuse":
break;
case "abuse":
- if (record_abuse($logentry->logid, $logentry->objectid, $srv_pat->argument, 1) >=
6
)
+ if (record_abuse($logentry->logid, $logentry->objectid, $srv_pat->argument, 1) >=
32
)
{
$source_ip = $srv_pat->argument;
$notif = 'abuses exceeded';
{
$source_ip = $srv_pat->argument;
$notif = 'abuses exceeded';
@@
-743,7
+748,8
@@
function record_abuse($logid, $objectid, $sourceip, $points)
if (pg_numrows($abres) == 0 && $points > 0)
{
//echo "$sourceip is new.\n";
if (pg_numrows($abres) == 0 && $points > 0)
{
//echo "$sourceip is new.\n";
- $dbms->query("INSERT INTO object_abuse VALUES ('$objectid', '$sourceip', '$points')");
+ $dbms->query("INSERT INTO object_abuse VALUES ('$objectid', '$sourceip', '$points', '', NOW())");
+ $dbms->query("INSERT INTO log_abuse VALUES ('$logid', '$objectid', '$sourceip')");
}
else if (pg_numrows($abres) != 0)
{
}
else if (pg_numrows($abres) != 0)
{
@@
-758,13
+764,13
@@
function record_abuse($logid, $objectid, $sourceip, $points)
//echo $sourceip . " will get " . $abuse_points . " abuse points, ";
//echo "Status was " . $abuse->status . "\n";
$dbms->query("UPDATE object_abuse SET nr_abuses='$abuse_points'" .
//echo $sourceip . " will get " . $abuse_points . " abuse points, ";
//echo "Status was " . $abuse->status . "\n";
$dbms->query("UPDATE object_abuse SET nr_abuses='$abuse_points'" .
- " WHERE objectid='$objectid' AND source='$sourceip'");
+ "
, last_change=NOW()
WHERE objectid='$objectid' AND source='$sourceip'");
if ($points > 0)
{
$dbms->query("INSERT INTO log_abuse VALUES ('$logid', '$objectid', '$sourceip')");
}
if ($points > 0)
{
$dbms->query("INSERT INTO log_abuse VALUES ('$logid', '$objectid', '$sourceip')");
}
- if ($abuse_points >=
6
)
+ if ($abuse_points >=
32
)
{
//echo " BLOCK IP adrress $sourceip on the firewall.\n";
$dbms->query("UPDATE object_abuse SET status='dropped'" .
{
//echo " BLOCK IP adrress $sourceip on the firewall.\n";
$dbms->query("UPDATE object_abuse SET status='dropped'" .