Commit b5f6a253 authored by Patrick J Cherry's avatar Patrick J Cherry
Browse files

Updated whitelist to execute it rules and delete aftewards.

parent 4a3c0e14
...@@ -72,7 +72,7 @@ $VERBOSE = false ...@@ -72,7 +72,7 @@ $VERBOSE = false
base_dir = "/etc/symbiosis/firewall/" base_dir = "/etc/symbiosis/firewall/"
wtmp_file = "/var/log/wtmp" wtmp_file = "/var/log/wtmp"
delete = true delete = true
execute = false execute = true
template_dir = nil template_dir = nil
force = false force = false
expire_after = 8 expire_after = 8
...@@ -156,6 +156,7 @@ end ...@@ -156,6 +156,7 @@ end
# manpages. # manpages.
# #
require 'symbiosis/utmp' require 'symbiosis/utmp'
require 'symbiosis/utils'
require 'symbiosis/firewall/directory' require 'symbiosis/firewall/directory'
require 'symbiosis/firewall/template' require 'symbiosis/firewall/template'
require 'symbiosis/ipaddr' require 'symbiosis/ipaddr'
...@@ -174,40 +175,34 @@ end ...@@ -174,40 +175,34 @@ end
expired = 0 expired = 0
whitelist_d = File.join(base_dir, "whitelist.d") whitelist_d = File.join(base_dir, "whitelist.d")
# ensure the directory exists.
unless File.directory?(whitelist_d)
FileUtils.mkdir_p(whitelist_d)
end
# #
# Expiry is measured in days. # Work out which user we're supposed to create the whitelist directory as.
# #
expire_before = Time.now - ( expire_after * ( 24 * 60 * 60 ) ) begin
srv = File.stat("/srv")
admin_uid = srv.uid
admin_gid = srv.gid
rescue Errno::ENOENT
admin_gid = admin_uid = 0
end
#
# ensure the directory exists.
# #
# Expire old entries first of all, then add new ones. unless File.directory?( whitelist_d )
# Symbiosis::Utils.mkdir_p(whitelist_d, :user => admin_uid, :group => admin_gid)
puts "Expiring old whitelist entries" if ( $VERBOSE )
Dir.glob( File.join(whitelist_d,"*.auto" ) ).each do |entry|
if File.mtime(entry) < expire_before
puts "Removing #{entry}" if ( $VERBOSE )
File.unlink(entry)
expired += 1
end
end end
puts "Expiring done - removed #{expired} file(s)" if ( $VERBOSE )
# #
# Did we update? # Did we update?
# #
updated=false updated=false
#
# Expiry is measured in days.
#
expire_before = Time.now - ( expire_after * ( 24 * 60 * 60 ) )
# #
# #
# Fetch the IP addresses # Fetch the IP addresses
...@@ -249,42 +244,58 @@ Symbiosis::Utmp.read(wtmp_file).each do |entry| ...@@ -249,42 +244,58 @@ Symbiosis::Utmp.read(wtmp_file).each do |entry|
puts "Found IP address: #{ip}" if ( $VERBOSE ) puts "Found IP address: #{ip}" if ( $VERBOSE )
setting = ip.to_s.gsub("/","|")
# #
# Check filename without .auto first. # Check filename without .auto first.
# #
fn = File.join(whitelist_d,ip.to_s.gsub("/","|")) if Symbiosis::Utils.get_param(setting, whitelist_d) == false
if ( File.exists?(fn) )
puts "\tAlready manually whitelisted" if ( $VERBOSE )
else
# #
# Automatically whitelist. # Automatically whitelist.
# #
fn += ".auto" setting += ".auto"
value = Symbiosis::Utils.get_param(setting, whitelist_d)
if ! File.exists?(fn)
updated=true if false == value
puts "\tAdding to whitelist" if ( $VERBOSE ) puts "\tAdding whitelist entry" if $VERBOSE
value = "all"
#
# Create a new file. else
# puts "\tUpdating whitelist entry" if $VERBOSE
FileUtils.touch(fn, :mtime => at)
elsif File.mtime(fn) < at
#
# Update the mtime, if this entry is newer.
#
puts "\tUpdating whitelist entry" if ( $VERBOSE )
FileUtils.touch(fn, :mtime => at)
end end
#
# Yes, we're updating.
#
updated = true
Symbiosis::Utils.set_param(setting, value, whitelist_d)
else
puts "\tAlready manually whitelisted" if ( $VERBOSE )
end end
end end
#
# Now expire old entries
#
puts "Expiring old whitelist entries" if ( $VERBOSE )
Dir.glob( File.join(whitelist_d,"*.auto" ) ).each do |entry|
if File.mtime(entry) < expire_before
puts "Removing #{entry}" if ( $VERBOSE )
File.unlink(entry)
expired += 1
end
end
puts "Expiring done - removed #{expired} file(s)" if ( $VERBOSE )
# #
# Re-generate the whitelist chain # Re-generate the whitelist chain
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment