app/models/intruder.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

class Intruder < ActiveRecord::Base
  attr_accessible :list_type, :key, :points, :bans, :ban_last, :ban_end, :contact_ip, :contact_port, :contact_count, :contact_last, :contacts_per_second, :contacts_per_second_max, :user_agent, :to_user, :comment

  LIST_TYPES = ['blacklist', 'whitelist']

  validates :list_type,
            :presence => true,
            :inclusion => { :in => LIST_TYPES }

  validates :key,
            :presence => true,
            :uniqueness => true

  validates :contact_ip,
            :presence => true,
            :uniqueness => true

  before_validation :set_key_if_empty

  after_create :check_if_new_entry_relevant
  after_update :check_if_update_relevant
  after_destroy :check_if_delete_relevant

  def to_s
    key
  end

  def whois(ip_address = self.contact_ip)
    if ! ip_address.blank?
      begin
        return Whois.whois(ip_address).to_s.gsub(/[^\u{0000}-\u{007F}]/, '')
      rescue
        return nil
      end
    end
  end

  def to_hash
    return {
      :key => self.key, 
      :points => self.points, 
      :bans => self.bans, 
      :received_port => self.contact_port, 
      :received_ip => self.contact_ip,
      :contact_count => self.contact_count, 
      :user_agent => self.user_agent, 
      :to_user => self.to_user, 
      :comment => self.comment,
      :date => DateTime.now.strftime('%Y-%m-%d %X')
    }
  end

  def perimeter_db_rescan
    Intruder.perimeter_control(:db_rescan, :key => self.key)
  end

  def self.perimeter_db_rescan(key=nil)
    Intruder.perimeter_control(:db_rescan, :key => key)
  end

  def self.perimeter_control(action, attributes={})
    require 'freeswitch_event'
    event = FreeswitchEvent.new('CUSTOM')
    event.add_header('Event-Subclass', 'perimeter::control')
    event.add_header('action', action)
    attributes.each do |name, value|
      if !name.blank? && value then
        event.add_header(name, value)
      end
    end
    return event.fire()
  end

  private
  def set_key_if_empty
    if self.key.blank?
      self.key = self.contact_ip
    end
  end

  def expand_variables(line, variables)
    return line.gsub(/\{([a-z_]+)\}/) do |m| 
      variables[$1.to_sym]
    end
  end

  def write_firewall_list
    firewall_blacklist_file = GsParameter.get('blacklist_file', 'perimeter', 'general')
    blacklist_entry_template = GsParameter.get('blacklist_file_entry', 'perimeter', 'general')
    whitelist_entry_template = GsParameter.get('whitelist_file_entry', 'perimeter', 'general')
    comment_template = GsParameter.get('blacklist_file_comment', 'perimeter', 'general')
    File.open(firewall_blacklist_file, 'w') do |file|
      Intruder.where(:list_type => ['whitelist', 'blacklist']).order('list_type DESC, contact_last ASC').all.each do |entry|
        if !whitelist_entry_template.blank? && entry.list_type == 'whitelist'
          if ! comment_template.blank?
            file.write(expand_variables(comment_template, entry.to_hash) + "\n")
          end
          file.write(expand_variables(whitelist_entry_template, entry.to_hash) + "\n")
        elsif !blacklist_entry_template.blank? && entry.list_type == 'blacklist' && entry.bans.to_i > 0
          if ! comment_template.blank?
            file.write(expand_variables(comment_template, entry.to_hash) + "\n")
          end
          file.write(expand_variables(blacklist_entry_template, entry.to_hash) + "\n")
        end
      end
    end
  end

  def restart_firewall
    command = GsParameter.get('ban_command', 'perimeter', 'general')
    if !command.blank?
      system expand_variables(command, self.to_hash)
    end
  end

  def check_if_update_relevant
    if key_changed? || contact_ip_changed? || list_type_changed? || bans_changed? || points_changed?
      if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank?
        write_firewall_list
        restart_firewall
      end
      self.perimeter_db_rescan
    end
  end

  def check_if_new_entry_relevant
    if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank?
      if self.list_type != 'blacklist' || self.bans.to_i > 0
        write_firewall_list
        restart_firewall
      end
    end
    self.perimeter_db_rescan
  end

  def check_if_delete_relevant
    if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank?
      if self.list_type != 'blacklist' || self.bans.to_i > 0
        write_firewall_list
        restart_firewall
      end
    end
    self.perimeter_db_rescan
  end 
end