added per set blocktime
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Paul 2022-06-04 11:44:32 +02:00
parent 85d85a4ae4
commit 9739dd895c

View File

@ -40,7 +40,6 @@ pub struct SetMap {
#[derive(Debug, Clone)]
pub struct Flags {
pub debug: bool,
pub interval: usize,
pub server: String,
}
@ -59,7 +58,6 @@ impl Context {
flags: Flags {
debug: debug,
server: server,
interval: 60,
},
hostname: gethostname(true),
discovery: Discovery {
@ -147,20 +145,25 @@ impl Context {
}
pub async fn gc_blocklist(&mut self) -> Vec<IpData> {
let now: DateTime<Local> = Local::now().trunc_subsecs(0);
let delta: Duration = Duration::minutes(self.flags.interval as i64);
let mindate = now - delta;
let mut toremove: Vec<IpData> = vec![];
let mut removed: Vec<IpData> = vec![];
// nightly, future use
//let drained: HashMap<String,IpData> = ctx.blocklist.drain_filter(|k,v| v.parse_date() < mindate)
for (k, v) in self.blocklist.clone().iter() {
if v.parse_date() < mindate {
self.blocklist.remove(&k.to_string()).unwrap();
toremove.push(v.clone());
for (id, blocked) in self.blocklist.clone().iter() {
for set in self.cfg.sets.clone() {
if blocked.src == set.t {
let now: DateTime<Local> = Local::now().trunc_subsecs(0);
let mindate = now - Duration::minutes(set.blocktime);
if blocked.parse_date() < mindate {
self.blocklist.remove(&id.to_string()).unwrap();
removed.push(blocked.clone());
}
}
toremove
break;
}
}
removed
}
pub async fn update_blocklist(&mut self, ip: &IpData) {
@ -228,24 +231,28 @@ impl Config {
filename: "mail.log".to_string(),
regex: "(SASL LOGIN authentication failed)".to_string(),
path: "/var/log".to_string(),
blocktime: 60,
},
Set {
t: "ssh".to_string(),
filename: "auth.log".to_string(),
regex: "(Invalid user|BREAK|not allowed because|no matching key exchange method found)".to_string(),
path: "/var/log".to_string(),
blocktime: 60,
},
Set {
t: "http".to_string(),
filename: "".to_string(),
regex: "(anonymousfox.co)".to_string(),
path: "/var/log/nginx".to_string(),
blocktime: 60,
}
,Set {
t: "openvpn".to_string(),
filename: "status".to_string(),
regex: "(UNDEF)".to_string(),
path: "/var/run/openvpn".to_string(),
blocktime: 60,
},
],
trustnets: vec![
@ -346,6 +353,7 @@ pub struct Set {
pub filename: String,
pub regex: String,
pub path: String,
pub blocktime: i64,
}
#[derive(Debug, Deserialize, Serialize, Clone)]