|
Packit |
57988d |
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
# $Id$
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
########################################################
|
|
Packit |
57988d |
# This was written and is maintained by:
|
|
Packit |
57988d |
# Osma Ahvenlampi <oa@iki.fi>
|
|
Packit |
57988d |
########################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
#######################################################
|
|
Packit |
57988d |
## Copyright (c) 2008 Osma Ahvenlampi
|
|
Packit |
57988d |
## Covered under the included MIT/X-Consortium License:
|
|
Packit |
57988d |
## http://www.opensource.org/licenses/mit-license.php
|
|
Packit |
57988d |
## All modifications and contributions by other persons to
|
|
Packit |
57988d |
## this script are assumed to have been donated to the
|
|
Packit |
57988d |
## Logwatch project and thus assume the above copyright
|
|
Packit |
57988d |
## and licensing terms. If you want to make contributions
|
|
Packit |
57988d |
## under your own copyright or a different license this
|
|
Packit |
57988d |
## must be explicitly stated in the contribution an the
|
|
Packit |
57988d |
## Logwatch project reserves the right to not accept such
|
|
Packit |
57988d |
## contributions. If you have made significant
|
|
Packit |
57988d |
## contributions to this script and want to claim
|
|
Packit |
57988d |
## copyright please contact logwatch-devel@lists.sourceforge.net.
|
|
Packit |
57988d |
#########################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
use Logwatch ':ip';
|
|
Packit |
57988d |
|
|
Packit |
57988d |
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
|
|
Packit |
57988d |
|
|
Packit |
57988d |
while (defined($ThisLine = <STDIN>)) {
|
|
Packit |
57988d |
chomp($ThisLine);
|
|
Packit |
57988d |
next if ($ThisLine eq "");
|
|
Packit |
57988d |
if ( ( $ThisLine =~ /Starting portsentry/ ) or
|
|
Packit |
57988d |
( $ThisLine =~ /PortSentry is now active/ ) or
|
|
Packit |
57988d |
( $ThisLine =~ /Psionic PortSentry .* (starting|shutting)/ ) or
|
|
Packit |
57988d |
( $ThisLine =~ /portsentry shutdown/ ) ) {
|
|
Packit |
57988d |
# don't care
|
|
Packit |
57988d |
} elsif( ($scan,$host,$proto,$port) = ( $ThisLine =~ m|attackalert: (.+) scan from host: [^/]+/(\S+) to (\w+) port: (\d+)| ) ){
|
|
Packit |
57988d |
$host = LookupIP($host);
|
|
Packit |
57988d |
$Scans{$scan}{$host}{$port}++;
|
|
Packit |
57988d |
} elsif ( ($host) = ( $ThisLine =~ /Host (\S+) has been blocked/ ) ){
|
|
Packit |
57988d |
$host = LookupIP($host);
|
|
Packit |
57988d |
$Blocked{$host}++;
|
|
Packit |
57988d |
} elsif( ($host) = ( $ThisLine =~ /Host: (\S+) is already blocked/ ) ){
|
|
Packit |
57988d |
# ignore
|
|
Packit |
57988d |
} elsif( ($mode,$proto,$port) = ( $ThisLine =~ /: (.+) scan detection mode activated. Ignored (\w+) port: (\d+)/ ) ){
|
|
Packit |
57988d |
$Ignored{$mode}{$proto}{$port}++;
|
|
Packit |
57988d |
} elsif( ($mode,$port) = ( $ThisLine =~ /: (.+) mode will manually exclude port: (\d+)/ ) ){
|
|
Packit |
57988d |
$Exclude{$mode}{$port}++;
|
|
Packit |
57988d |
} else{
|
|
Packit |
57988d |
$Unknown{$ThisLine}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %Scans) {
|
|
Packit |
57988d |
print "\nWarning: Portscans detected";
|
|
Packit |
57988d |
foreach $mode (sort {$a cmp $b} keys %Scans) {
|
|
Packit |
57988d |
print "\n " . $mode . " from:";
|
|
Packit |
57988d |
foreach $host (sort {$a cmp $b} keys %{$Scans{$mode}}) {
|
|
Packit |
57988d |
print "\n " . $host . ": ports:";
|
|
Packit |
57988d |
$ports = $prev = $list = undef;
|
|
Packit |
57988d |
foreach $port (sort {$a <=> $b} keys %{$Scans{$mode}{$host}}) {
|
|
Packit |
57988d |
if ($prev && ($port-1) == $prev) {
|
|
Packit |
57988d |
$ports .= "-" if (!$list);
|
|
Packit |
57988d |
$list = 1;
|
|
Packit |
57988d |
} elsif ($list) {
|
|
Packit |
57988d |
$ports .= "$prev $port";
|
|
Packit |
57988d |
$list = undef;
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$ports .= " $port";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
$prev = $port;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
$ports .= $prev if ($list);
|
|
Packit |
57988d |
# don't display the port list if it doesn't fit on one line
|
|
Packit |
57988d |
if (length($ports) > 55 && $Detail < 10) {
|
|
Packit |
57988d |
print " (too many, set Detail to High for complete list)";
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
print $ports;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
print "\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %Blocked) {
|
|
Packit |
57988d |
print "\n";
|
|
Packit |
57988d |
foreach $host (keys %Blocked) {
|
|
Packit |
57988d |
print "Warning: Blocked route from/to $host $Blocked{$host} times(s).\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ($Detail >= 10) and (keys %Ignored) ) {
|
|
Packit |
57988d |
print "\nIgnored following ports";
|
|
Packit |
57988d |
foreach $mode (sort {$a cmp $b} keys %Ignored) {
|
|
Packit |
57988d |
print "\n " . $mode . ":";
|
|
Packit |
57988d |
foreach $proto (sort {$a cmp $b} keys %{$Ignored{$mode}}) {
|
|
Packit |
57988d |
print "\n " . $proto . ": ports:";
|
|
Packit |
57988d |
$prev = $list = undef;
|
|
Packit |
57988d |
foreach $port (sort {$a <=> $b} keys %{$Ignored{$mode}{$proto}}) {
|
|
Packit |
57988d |
if ($prev && ($port-1) == $prev) {
|
|
Packit |
57988d |
print "-" if (!$list);
|
|
Packit |
57988d |
$list = 1;
|
|
Packit |
57988d |
} elsif ($list) {
|
|
Packit |
57988d |
print "$prev $port";
|
|
Packit |
57988d |
$list = undef;
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
print " $port";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
$prev = $port;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
print $prev if ($list);
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
print "\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ($Detail >= 10) and (keys %Exclude) ) {
|
|
Packit |
57988d |
print "\nExcluded following ports";
|
|
Packit |
57988d |
foreach $mode (sort {$a cmp $b} keys %Exclude) {
|
|
Packit |
57988d |
print "\n " . $mode . ": ports:";
|
|
Packit |
57988d |
$prev = $list = undef;
|
|
Packit |
57988d |
foreach $port (sort {$a <=> $b} keys %{$Exclude{$mode}}) {
|
|
Packit |
57988d |
if ($prev && ($port-1) == $prev) {
|
|
Packit |
57988d |
print "-" if (!$list);
|
|
Packit |
57988d |
$list = 1;
|
|
Packit |
57988d |
} elsif ($list) {
|
|
Packit |
57988d |
print "$prev $port";
|
|
Packit |
57988d |
$list = undef;
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
print " $port";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
$prev = $port;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
print $prev if ($list);
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
print "\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ($Detail >= 5) and (keys %Unknown) ) {
|
|
Packit |
57988d |
print "\n**Unmached entries**\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$a cmp $b} keys %Unknown) {
|
|
Packit |
57988d |
print $Unknown{$ThisOne} . " Time(s): " . $ThisOne . "\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
exit(0);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# vi: shiftwidth=3 tabstop=3 syntax=perl et
|
|
Packit |
57988d |
# Local Variables:
|
|
Packit |
57988d |
# mode: perl
|
|
Packit |
57988d |
# perl-indent-level: 3
|
|
Packit |
57988d |
# indent-tabs-mode: nil
|
|
Packit |
57988d |
# End:
|