misc/freeswitch/scripts/common/intruder.lua


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

-- Gemeinschaft 5 module: intruder class
-- (c) AMOOMA GmbH 2013
--

module(...,package.seeall)


Intruder = {}


function Intruder.new(self, arg)
  arg = arg or {}
  object = arg.object or {}
  setmetatable(object, self);
  self.__index = self;
  self.log = arg.log;
  self.class = 'intruder'
  self.database = arg.database;

  return object;
end


function Intruder.update_blacklist(self, event)
  local intruder_record = {
    list_type = 'blacklist',
    key = event.key,
    points = event.points,
    bans = event.record.banned,
    contact_ip = event.received_ip,
    contact_port = event.received_port,
    contact_count = event.record.contact_count + 1,
    contact_last = { 'FROM_UNIXTIME(' .. tostring(math.floor(event.timestamp/1000000)) .. ')', raw = true },
    contacts_per_second = event.contacts_per_second,
    contacts_per_second_max = event.contacts_per_second_max,
    user_agent = event.user_agent,
    to_user = event.to_user,
    comment = 'Perimeter',
    created_at = {'NOW()', raw = true },
    updated_at = {'NOW()', raw = true },
  };

  if tonumber(event.ban_time) then
    intruder_record.ban_last = { 'FROM_UNIXTIME(' .. event.ban_time .. ')', raw = true };
  end
  if tonumber(event.ban_end) then
    intruder_record.ban_end = { 'FROM_UNIXTIME(' .. event.ban_end .. ')', raw = true };
  end

  self.database:insert_or_update('intruders', intruder_record, { created_at = false, comment = false });
end


function Intruder.sources_list(self, key)
  local sql_query = nil;

  if key then
    sql_query = 'SELECT * FROM `intruders` WHERE `key` = ' .. self.database:escape(key, '"') .. ' LIMIT 1';
  else
    sql_query = 'SELECT * FROM `intruders`';
  end

  local sources = {};
  local sources_count = 0;
  local blacklist_count = 0;
  local whitelist_count = 0;

  self.database:query(sql_query, function(record)
    sources[record.key] = {
      ignore = (record.list_type == 'whitelist'),
      contact_first = 0,
      contact_last = 0,
      contact_count = tonumber(record.contact_count) or 0,
      span_contact_count = 0,
      span_start = 0,
      points = tonumber(record.points) or 0,
      banned = tonumber(record.bans) or 0,
    };
    sources_count = sources_count + 1;
    if record.list_type == 'whitelist' then
      whitelist_count = whitelist_count + 1;
    elseif record.list_type == 'blacklist' then
      blacklist_count = blacklist_count + 1;
    end
  end);

  self.log:info('[intruder] INTRUDER_LIST - entries loaded: ', sources_count, ', blacklist: ', blacklist_count, ', whitelist: ', whitelist_count);
  
  if key then
    return sources[key];
  end

  return sources;
end