Commit 0d62e128 authored by Patrick J Cherry's avatar Patrick J Cherry
Browse files

Updated whitelist to use syslog, and only update entries if needed.

parent 6703cb0d
symbiosis-firewall (2012:0221) stable; urgency=low
* Firewall black/whitelists now log to syslog.
* Whitelist interacts better with incron.
-- Patrick J Cherry <patrick@bytemark.co.uk> Tue, 21 Feb 2012 10:12:30 +0000
symbiosis-firewall (2012:0215) stable; urgency=low
* Renamed match-uid-not-www-data to reject-www-data for sanity.
......
......@@ -59,7 +59,7 @@
require 'getoptlong'
require 'tempfile'
require 'fileutils'
require 'syslog'
#
# The options set by the command line.
......@@ -168,6 +168,7 @@ end
#
expired = 0
whitelist_d = File.join(base_dir, "whitelist.d")
syslog = Syslog.open( File.basename($0), Syslog::LOG_NDELAY, Syslog::LOG_USER)
#
# Work out which user we're supposed to create the whitelist directory as.
......@@ -177,7 +178,7 @@ begin
admin_uid = srv.uid
admin_gid = srv.gid
rescue Errno::ENOENT
admin_gid = admin_uid = 0
admin_gid = admin_uid = 1000
end
#
......@@ -197,6 +198,19 @@ updated=false
#
expire_before = Time.now - ( expire_after * ( 24 * 60 * 60 ) )
#
# Check to see when we were last run.
#
stamp_file = '/var/lib/symbiosis/symbiosis-firewall-whitelist.stamp'
if File.exists?(stamp_file)
last_run = File.stat(stamp_file).mtime
else
last_run = nil
end
FileUtils.touch(stamp_file)
#
#
# Fetch the IP addresses
......@@ -252,10 +266,16 @@ Symbiosis::Utmp.read(wtmp_file).each do |entry|
if false == value
puts "\tAdding whitelist entry" if $VERBOSE
syslog.info("adding #{ip} to whitelist")
value = "all"
else
elsif last_run.nil? or at > last_run
puts "\tUpdating whitelist entry" if $VERBOSE
syslog.info("updating #{ip} in whitelist")
else
next
end
#
......@@ -282,6 +302,8 @@ Dir.glob( File.join(whitelist_d,"*.auto" ) ).each do |entry|
if File.mtime(entry) < expire_before
puts "Removing #{entry}" if ( $VERBOSE )
syslog.info("expiring #{File.basename(entry,".auto")} from whitelist")
File.unlink(entry)
expired += 1
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment