From b8425f5453eab4a0fe475952af89d55ace45878e Mon Sep 17 00:00:00 2001 From: Peter Kozak Date: Sun, 3 Mar 2013 04:03:24 -0500 Subject: firewall restart after intruder changes --- app/controllers/intruders_controller.rb | 3 +- app/models/intruder.rb | 86 ++++++++++++++++++++++++------- app/views/intruders/_form_core.html.haml | 4 +- app/views/intruders/_index_core.html.haml | 12 +---- app/views/intruders/index.html.haml | 9 ++-- 5 files changed, 79 insertions(+), 35 deletions(-) (limited to 'app') diff --git a/app/controllers/intruders_controller.rb b/app/controllers/intruders_controller.rb index d3c767e..bdda230 100644 --- a/app/controllers/intruders_controller.rb +++ b/app/controllers/intruders_controller.rb @@ -2,7 +2,8 @@ class IntrudersController < ApplicationController load_and_authorize_resource :intruder def index - @intruders = Intruder.order('list_type ASC, contact_last DESC').all + @intruders = Intruder.order('list_type ASC, contact_last DESC') + @list_types = @intruders.pluck(:list_type).uniq.sort spread_breadcrumbs end diff --git a/app/models/intruder.rb b/app/models/intruder.rb index 97e3773..9a1c39a 100644 --- a/app/models/intruder.rb +++ b/app/models/intruder.rb @@ -17,6 +17,10 @@ class Intruder < ActiveRecord::Base before_validation :set_key_if_empty + after_create :check_if_new_entry_relevant + after_update :check_if_update_relevant + after_destroy :check_if_delete_relevant + def to_s key end @@ -31,26 +35,6 @@ class Intruder < ActiveRecord::Base end end - def self.write_firewall_blacklist - firewall_blacklist_file = GsParameter.get('blacklist_file', 'perimeter', 'general') - entry_template = GsParameter.get('blacklist_file_entry', 'perimeter', 'general') - comment_template = GsParameter.get('blacklist_file_comment', 'perimeter', 'general') - File.open(firewall_blacklist_file, 'w') do |file| - Intruder.where(:list_type => 'blacklist').where('bans > 0').all.each do |entry| - if ! comment_template.blank? - file.write(self.expand_variables(comment_template, entry.to_hash) + "\n") - end - file.write(self.expand_variables(entry_template, entry.to_hash) + "\n") - end - end - end - - def self.expand_variables(line, variables) - return line.gsub(/\{([a-z_]+)\}/) do |m| - variables[$1.to_sym] - end - end - def to_hash return { :key => self.key, @@ -72,4 +56,66 @@ class Intruder < ActiveRecord::Base self.key = self.contact_ip end end + + def expand_variables(line, variables) + return line.gsub(/\{([a-z_]+)\}/) do |m| + variables[$1.to_sym] + end + end + + def write_firewall_list + firewall_blacklist_file = GsParameter.get('blacklist_file', 'perimeter', 'general') + blacklist_entry_template = GsParameter.get('blacklist_file_entry', 'perimeter', 'general') + whitelist_entry_template = GsParameter.get('whitelist_file_entry', 'perimeter', 'general') + comment_template = GsParameter.get('blacklist_file_comment', 'perimeter', 'general') + File.open(firewall_blacklist_file, 'w') do |file| + Intruder.where(:list_type => ['whitelist', 'blacklist']).order('list_type DESC, contact_last ASC').all.each do |entry| + if !whitelist_entry_template.blank? && entry.list_type == 'whitelist' + if ! comment_template.blank? + file.write(expand_variables(comment_template, entry.to_hash) + "\n") + end + file.write(expand_variables(whitelist_entry_template, entry.to_hash) + "\n") + elsif !blacklist_entry_template.blank? && entry.list_type == 'blacklist' && entry.bans.to_i > 0 + if ! comment_template.blank? + file.write(expand_variables(comment_template, entry.to_hash) + "\n") + end + file.write(expand_variables(blacklist_entry_template, entry.to_hash) + "\n") + end + end + end + end + + def restart_firewall + command = GsParameter.get('ban_command', 'perimeter', 'general') + if !command.blank? + system expand_variables(command, self.to_hash) + end + end + + def check_if_update_relevant + if key_changed? || contact_ip_changed? || list_type_changed? || bans_changed? || points_changed? + if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank? + write_firewall_list + restart_firewall + end + end + end + + def check_if_new_entry_relevant + if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank? + if self.list_type != 'blacklist' || self.bans.to_i > 0 + write_firewall_list + restart_firewall + end + end + end + + def check_if_delete_relevant + if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank? + if self.list_type != 'blacklist' || self.bans.to_i > 0 + write_firewall_list + restart_firewall + end + end + end end diff --git a/app/views/intruders/_form_core.html.haml b/app/views/intruders/_form_core.html.haml index 780d8cd..a0c2eb0 100644 --- a/app/views/intruders/_form_core.html.haml +++ b/app/views/intruders/_form_core.html.haml @@ -1,5 +1,7 @@ .inputs = f.input :list_type, :collection => Intruder::LIST_TYPES, :label => t('intruders.form.list_type.label'), :hint => conditional_hint('intruders.form.list_type.hint'), :include_blank => false = f.input :contact_ip, :label => t('intruders.form.contact_ip.label'), :hint => conditional_hint('intruders.form.contact_ip.hint') - = f.input :ban_end, :label => t('intruders.form.ban_end.label'), :hint => conditional_hint('intruders.form.ban_end.hint') + = f.input :points, :label => t('intruders.form.points.label'), :hint => conditional_hint('intruders.form.points.hint') + = f.input :bans, :label => t('intruders.form.bans.label'), :hint => conditional_hint('intruders.form.bans.hint'), as: :boolean + = f.input :comment, :label => t('intruders.form.comment.label'), :hint => conditional_hint('intruders.form.comment.hint') diff --git a/app/views/intruders/_index_core.html.haml b/app/views/intruders/_index_core.html.haml index 63f2253..b9c5a76 100644 --- a/app/views/intruders/_index_core.html.haml +++ b/app/views/intruders/_index_core.html.haml @@ -2,11 +2,8 @@ %tr %th %th= t('intruders.index.contact_ip') - %th= t('intruders.index.contact_port') %th= t('intruders.index.points') - %th= t('intruders.index.bans') %th= t('intruders.index.ban_last') - %th= t('intruders.index.ban_end') %th= t('intruders.index.contact_count') %th= t('intruders.index.contact_last') %th= t('intruders.index.contacts_per_second') @@ -19,21 +16,16 @@ %td - if intruder.list_type == 'whitelist' %i.icon-ok - - elsif intruder.bans > 0 + - elsif intruder.bans.to_i > 0 %i.icon-fire - - elsif intruder.points > 0 + - elsif intruder.points.to_i > 0 %i.icon-warning-sign %td= intruder.contact_ip - %td= intruder.contact_port %td= intruder.points - %td= intruder.bans %td - if intruder.ban_last = l intruder.ban_last, :format => :short - %td - - if intruder.ban_end - = l intruder.ban_end, :format => :short %td= intruder.contact_count %td diff --git a/app/views/intruders/index.html.haml b/app/views/intruders/index.html.haml index 72b8882..79b4ceb 100644 --- a/app/views/intruders/index.html.haml +++ b/app/views/intruders/index.html.haml @@ -1,6 +1,9 @@ - content_for :title, t("intruders.index.page_title") -- if @intruders && @intruders.count > 0 - = render "index_core", :intruders => @intruders +- if @intruders && @intruders.count > 0 && @list_types && @list_types.count > 0 + - @list_types.each do |list_type| + %h3= list_type + %table.table.table-striped + = render "index_core", :intruders => @intruders.where(:list_type => list_type) -= render :partial => 'shared/create_link', :locals => {:child_class => Intruder} \ No newline at end of file += render :partial => 'shared/create_link', :locals => {:child_class => Intruder} -- cgit v1.2.3