added per set blocktime
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
85d85a4ae4
commit
9739dd895c
@ -40,7 +40,6 @@ pub struct SetMap {
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct Flags {
|
||||
pub debug: bool,
|
||||
pub interval: usize,
|
||||
pub server: String,
|
||||
}
|
||||
|
||||
@ -59,7 +58,6 @@ impl Context {
|
||||
flags: Flags {
|
||||
debug: debug,
|
||||
server: server,
|
||||
interval: 60,
|
||||
},
|
||||
hostname: gethostname(true),
|
||||
discovery: Discovery {
|
||||
@ -147,20 +145,25 @@ impl Context {
|
||||
}
|
||||
|
||||
pub async fn gc_blocklist(&mut self) -> Vec<IpData> {
|
||||
let now: DateTime<Local> = Local::now().trunc_subsecs(0);
|
||||
let delta: Duration = Duration::minutes(self.flags.interval as i64);
|
||||
let mindate = now - delta;
|
||||
let mut toremove: Vec<IpData> = vec![];
|
||||
let mut removed: Vec<IpData> = vec![];
|
||||
|
||||
// nightly, future use
|
||||
//let drained: HashMap<String,IpData> = ctx.blocklist.drain_filter(|k,v| v.parse_date() < mindate)
|
||||
for (k, v) in self.blocklist.clone().iter() {
|
||||
if v.parse_date() < mindate {
|
||||
self.blocklist.remove(&k.to_string()).unwrap();
|
||||
toremove.push(v.clone());
|
||||
for (id, blocked) in self.blocklist.clone().iter() {
|
||||
for set in self.cfg.sets.clone() {
|
||||
if blocked.src == set.t {
|
||||
let now: DateTime<Local> = Local::now().trunc_subsecs(0);
|
||||
let mindate = now - Duration::minutes(set.blocktime);
|
||||
|
||||
if blocked.parse_date() < mindate {
|
||||
self.blocklist.remove(&id.to_string()).unwrap();
|
||||
removed.push(blocked.clone());
|
||||
}
|
||||
}
|
||||
toremove
|
||||
break;
|
||||
}
|
||||
}
|
||||
removed
|
||||
}
|
||||
|
||||
pub async fn update_blocklist(&mut self, ip: &IpData) {
|
||||
@ -228,24 +231,28 @@ impl Config {
|
||||
filename: "mail.log".to_string(),
|
||||
regex: "(SASL LOGIN authentication failed)".to_string(),
|
||||
path: "/var/log".to_string(),
|
||||
blocktime: 60,
|
||||
},
|
||||
Set {
|
||||
t: "ssh".to_string(),
|
||||
filename: "auth.log".to_string(),
|
||||
regex: "(Invalid user|BREAK|not allowed because|no matching key exchange method found)".to_string(),
|
||||
path: "/var/log".to_string(),
|
||||
blocktime: 60,
|
||||
},
|
||||
Set {
|
||||
t: "http".to_string(),
|
||||
filename: "".to_string(),
|
||||
regex: "(anonymousfox.co)".to_string(),
|
||||
path: "/var/log/nginx".to_string(),
|
||||
blocktime: 60,
|
||||
}
|
||||
,Set {
|
||||
t: "openvpn".to_string(),
|
||||
filename: "status".to_string(),
|
||||
regex: "(UNDEF)".to_string(),
|
||||
path: "/var/run/openvpn".to_string(),
|
||||
blocktime: 60,
|
||||
},
|
||||
],
|
||||
trustnets: vec![
|
||||
@ -346,6 +353,7 @@ pub struct Set {
|
||||
pub filename: String,
|
||||
pub regex: String,
|
||||
pub path: String,
|
||||
pub blocktime: i64,
|
||||
}
|
||||
|
||||
#[derive(Debug, Deserialize, Serialize, Clone)]
|
||||
|
Loading…
Reference in New Issue
Block a user