autodrop 0.1.0 → 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 04e54913693a2775c30c1b7fa6e234553f8b4ead
+  data.tar.gz: bd7c79f00d1dba1c50be7ce0530d937acd303be0
+SHA512:
+  metadata.gz: 38f7d6bafa9419be5c0d214aa7737074454e1e4019f3549d6982d5ff153ac8f5a4dce6a84cb875e968350192c742d1ba6c56910c8343e598630e7d17008a3180
+  data.tar.gz: 146af191bda48a1c4e2b654623ba44ce4390d80b109072e77f24882f4d2362654be92c4b60e98ba2a136877fd3ca8f0c93bea9924580ab71536c32ab75b55b2e

data/ChangeLog

@@ -0,0 +1,13 @@
+2017-03-21  noz
+
+	* heavily refactored
+
+Thu May 14 20:31:36 2009  noz  <noz@delta>
+
+	* .gitignore: add 'pkg'
+	* bin/.gitignore: added
+
+Wed May 13 06:32:32 2009  noz  <noz@delta>
+
+	* Rakefile: disable gem tasks when rubygems is not present
+

data/LICENSE

@@ -0,0 +1,24 @@
+Copyright (c) 2009, NOZAWA Hiromasa. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+  1. Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+  2. Redistributions in binary form must reproduce the above copyright
+     notice, this list of conditions and the following disclaimer in
+     the documentation and/or other materials provided with the
+     distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/Rakefile

@@ -1,75 +1,40 @@
-# -*-ruby-*-
+require "rake/clean"
+require "rubygems/package_task"
 
-FILES = [
-         'ChangeLog',
-         'Rakefile',
-         'bin/autodrop',
-         'bin/autodrop.rb',
-         'conf/autodrop.conf.default',
-         'doc/README.jp.txt',
-         'doc/README.txt',
-         'misc/autodrop.sh',
-        ]
+task :default => :gem
 
-desc "Same as 'rake bin/autodrop'"
-task :default => [ "bin/autodrop" ]
-
-desc "Make bin/autodrop"
-file "bin/autodrop" do
-  sh "cp -f bin/autodrop.rb bin/autodrop"
-  sh "chmod 755 bin/autodrop"
-end
-
-desc "Do distclean"
-task :distclean => [ :clobber_package ] do
-  sh "rm -f bin/autodrop"
+file "autodrop" do
+  sh "cp -f autodrop.rb autodrop"
+  sh "chmod 755 autodrop"
 end
 
-task :gem => [ "bin/autodrop" ]
-require 'rubygems'
-require 'rake/gempackagetask'
-spec = Gem::Specification.new do |s|
+task :gem => [ "autodrop" ]
+spec = Gem::Specification.new { |s|
   s.name = "autodrop"
-  s.version = "0.1.0"
+  s.version = "1.0.0"
   s.author = "NOZAWA Hiromasa"
   s.summary = "Automatic iptables DROP daemon"
-  s.homepage = 'http://rubyforge.org/projects/autodrop'
-  s.rubyforge_project = 'autodrop'
-  s.files = FILES
-  s.bindir = 'bin'
-  s.executables = 'autodrop'
-  s.require_path = []
-end
-Rake::GemPackageTask.new(spec) do |pkg|
+  s.license = "BSD-2-Clause"
+  s.homepage = "https://github.com/noz/autodrop"
+  s.add_runtime_dependency "trad-getopt"
+  s.files = FileList[
+    "ChangeLog",
+    "LICENSE",
+    "Rakefile",
+    "autodrop",
+    "autodrop.conf.default",
+    "autodrop.rb",
+    "autodrop.sh",
+    "autodrop.txt",
+  ]
+  s.bindir = "."
+  s.executables = "autodrop"
+  s.require_path = "."
+}
+Gem::PackageTask.new(spec) {|pkg|
+  pkg.need_tar_gz = true
+  pkg.need_tar_bz2 = true
   pkg.need_zip = true
-  pkg.need_tar = true
-end
+}
 
-#
-# for manual installation (without rubygem)
-#
-
-DEFAULT_BIN_INSTALL_DIR = '/usr/local/sbin'
-DEFAULT_CONF_INSTALL_DIR = '/etc'
-
-desc "Install (without rubygem)"
-task :install => "bin/autodrop" do
-  bin_install_dir = ENV['BIN_INSTALL_DIR']
-  bin_install_dir ||= DEFAULT_BIN_INSTALL_DIR
-  conf_install_dir = ENV['CONF_INSTALL_DIR']
-  conf_install_dir ||= DEFAULT_CONF_INSTALL_DIR
-  directory bin_install_dir
-  directory conf_install_dir
-  sh "cp -f bin/autodrop #{bin_install_dir}/autodrop"
-  sh "cp -f conf/autodrop.conf.default #{conf_install_dir}/autodrop.conf.default"
-end
-
-desc "Uninstall (without rubygem)"
-task :uninstall do
-  bin_install_dir = ENV['BIN_INSTALL_DIR']
-  bin_install_dir ||= DEFAULT_BIN_INSTALL_DIR
-  conf_install_dir = ENV['CONF_INSTALL_DIR']
-  conf_install_dir ||= DEFAULT_CONF_INSTALL_DIR
-  sh "rm -f #{bin_install_dir}/autodrop"
-  sh "rm -f #{conf_install_dir}/autodrop.conf.default"
-end
+CLOBBER << [ "autodrop" ]

data/autodrop

@@ -0,0 +1,321 @@
+#!/usr/bin/env ruby
+require "syslog"
+require "trad-getopt"
+require "yaml"
+
+class Autodrop
+
+  VERSION = "1.0.0"
+
+  class SyslogLogger
+    def initialize
+      Syslog.open "autodrop", Syslog::LOG_PID|Syslog::LOG_CONS, Syslog::LOG_AUTH
+    end
+    def log msg
+      Syslog.info msg
+    end
+  end
+
+  class StdoutLogger
+    def log msg
+      puts "#{Time.now}: #{msg}"
+    end
+  end
+
+  class FileLogger
+    def initialize file
+      @file = open file, "a+"
+    end
+    def log msg
+      @file.puts "#{Time.now}: #{msg}"
+      @file.flush
+    end
+  end
+
+  CONF_KEYS = [
+    KW_COUNT = "count",
+    KW_DAEMON = "daemon",
+    KW_DROP_COMMAND = "drop-command",
+    KW_DURATION = "duration",
+    KW_INPUT = "input",
+    KW_LOG = "log",
+    KW_PATTERNS = "patterns",
+    KW_PIDFILE = "pidfile",
+    KW_VERBOSE = "verbose",
+  ]
+
+  CONF_DEFAULTS = {
+    KW_COUNT => 3,
+    KW_DAEMON => true,
+    KW_DROP_COMMAND => [
+      "/sbin/iptables", "-I", "INPUT", "-s", "%remote_address%", "-j", "DROP" ],
+    KW_DURATION => 10,
+    KW_INPUT => "/var/log/authfifo",
+    KW_LOG => "syslog",
+    KW_PATTERNS => [],
+    KW_PIDFILE => "/var/run/autodrop.pid",
+    KW_VERBOSE => false,
+  }
+
+  def self.loadconf file
+    conf = YAML.load File.read file
+    raise "wrong format" unless conf.is_a? Hash
+    conf = CONF_DEFAULTS.merge conf
+
+    badkw = conf.keys - CONF_KEYS
+    raise "unknown keywords - #{badkw.join ","}" unless badkw.empty?
+
+    [ KW_COUNT, KW_DURATION ].each { |k|
+      unless conf[k].is_a? Integer
+        raise "integer required - #{k}: #{conf[k].inspect}"
+      end
+    }
+    [ KW_DROP_COMMAND, KW_INPUT, KW_LOG, KW_PIDFILE ].each { |k|
+      unless conf[k].is_a? String
+        raise "string required - #{k}: #{conf[k].inspect}"
+      end
+    }
+    conf[KW_DROP_COMMAND] = conf[KW_DROP_COMMAND].split
+
+    conf[KW_PATTERNS].map! { |item|
+      unless [ String, Regexp ].include? item.class
+        raise "string or regexp required - #{item.inspect}"
+      end
+      Regexp.new item
+    }
+
+    conf
+  end
+
+  def terminate whymsg, status = 0
+    @logger.log "terminate (#{whymsg})"
+    exit status
+  end
+  private :terminate
+
+  class Dog
+    def initialize addr, config
+      @addr = addr
+      @duration = config[KW_DURATION]
+      @expire = Time.now + config[KW_DURATION]
+      @count_max = config[KW_COUNT]
+      @count = 1
+      @drop_command = config[KW_DROP_COMMAND].map { |e|
+        e == "%remote_address%" ? addr : e
+      }
+    end
+    attr_reader :addr, :count_max, :drop_command, :duration
+    attr_accessor :count, :expire
+  end
+
+  def run config
+    @logger = nil
+    case config[KW_LOG]
+    when "syslog"
+      @logger = SyslogLogger.new
+    when "stdout"
+      @logger = StdoutLogger.new
+    else
+      begin
+        @logger = FileLogger.new config[KW_LOG]
+      rescue
+        warn "autodrop: can not open - #{config[KW_LOG]}"
+        exit 1
+      end
+    end
+
+    if config[KW_DAEMON]
+      if Process.respond_to? :daemon
+        Process.daemon
+      else
+        exit if fork
+        Process.setsid
+        exit if fork
+        Dir.chdir "/"
+        STDIN.reopen "/dev/null"
+        STDOUT.reopen "/dev/null"
+        STDERR.reopen "/dev/null"
+      end
+      File.write config[KW_PIDFILE], Process.pid
+    end
+
+    trap("SIGINT") { terminate "SIGINT" }
+    trap("SIGTERM") { terminate "SIGTERM" }
+    trap("SIGHUP") { terminate "SIGHUP" }
+
+    @logger.log "start watching - #{config[KW_INPUT]}"
+    unless File.ftype(config[KW_INPUT]) == "fifo"
+      raise "not a named pipe - #{config[KW_INPUT]}"
+    end
+    fifofp = File.open config[KW_INPUT], File::RDWR
+
+    @dogs = {}
+    loop {
+      ready = select [fifofp]
+      next unless ready
+
+      addr = nil
+      line = ready[0][0].gets
+      config[KW_PATTERNS].each { |pat|
+        if line =~ pat
+          addr = $1
+          break
+        end
+      }
+      next unless addr
+
+      dog = @dogs[addr]
+      if dog
+        dog.count += 1
+        dog.expire = Time.now + dog.duration
+        @logger.log "#{dog.addr} bark! (#{dog.count})" if config[KW_VERBOSE]
+        next
+      end
+
+      dog = Dog.new addr, config
+      Thread.new(dog) { |dog|
+        begin
+          @dogs[dog.addr] = dog
+
+          @logger.log "#{dog.addr} bark! (#{dog.count})" if config[KW_VERBOSE]
+
+          loop {
+            break if Time.now >= dog.expire
+
+            if dog.count >= dog.count_max
+              @logger.log "#{dog.addr} DROP"
+              out = IO.popen(dog.drop_command, "r+", :err => [ :child, :out ]) { |io|
+                buf = []
+                while l = io.gets
+                  buf.push l.chomp
+                end
+                buf
+              }
+              st = $?.exitstatus
+              if st != 0
+                @logger.log "DROP fail. command exit status #{st}"
+                out.each { |l| @logger.log "|#{l}" }
+              end
+              break
+            end
+
+            # @logger.log "#{dog.addr} grrr" if config[KW_VERBOSE]
+            sleep 1
+          }
+        rescue => ex
+          @logger.log "error in worker"
+          @logger.log "|#{ex}"
+          ex.backtrace.each { |l| @logger.log "|#{l}" }
+        ensure
+          @dogs.delete dog.addr
+          @logger.log "#{dog.addr} leave" if config[KW_VERBOSE]
+        end
+      }
+    }
+  rescue => ex
+    @logger.log ex.message
+    ex.backtrace.each { |l| @logger.log "|#{l}" }
+    terminate "error", 1
+  ensure
+    File.unlink config[KW_PIDFILE] rescue nil
+  end
+end
+
+### main
+
+DEFAULT_CONFFILE = "/etc/autodrop.conf"
+
+def usage
+  puts <<EOD
+usage: autodrop [options]
+  -c, --config=FILE     specify config file
+  -h, --help            print this
+  -i, --input=FILE      specify input source
+  -l, --log=FILE        specify log file or `syslog'
+  -n, --no-daemon       run as no daemon
+  -p, --pidfile=FILE    specify PID file
+  -V, --version         print version
+EOD
+end
+
+conffile = nil
+opts = "c:i:hl:np:V"
+longopts = {
+  "config" => :required_argument,
+  "help" => :no_argument,
+  "input" => :required_argument,
+  "log" => :required_argument,
+  "no-daemon" => :no_argument,
+  "pidfile" => :required_argument,
+  "version" => :no_argument,
+}
+
+av = ARGV.dup
+while (op, optarg = getopt(av, opts, longopts,
+                           allow_empty_optarg:false, permute:true))
+  case op
+  when "c", "config"
+    if optarg[0] == "/"
+      conffile = optarg
+    else
+      conffile = File.join Dir.pwd, optarg
+    end
+  when "h", "help"
+    usage
+    exit
+  when "V", "version"
+    puts Autodrop::VERSION
+    exit
+  else
+    exit 1 if op.is_a? Symbol
+  end
+end
+
+conffile ||= DEFAULT_CONFFILE
+begin
+  conf = Autodrop.loadconf conffile
+rescue => ex
+  warn "autodrop: #{conffile} - #{ex}"
+  exit 1
+end
+
+while (op, optarg = getopt ARGV, opts, longopts, allow_empty_optarg:false)
+  case op
+  when "c", "config", "h", "help", "V", "version"
+    ;
+  when "i", "input"
+    if optarg[0] == "/"
+      conf[Autodrop::KW_INPUT] = optarg
+    else
+      conf[Autodrop::KW_INPUT] = File.join Dir.pwd, optarg
+    end
+  when "l", "log"
+    case optarg
+    when "syslog"
+      conf[Autodrop::KW_LOG] = "syslog"
+    else
+      if optarg[0] == "/"
+        conf[Autodrop::KW_LOG] = optarg
+      else
+        conf[Autodrop::KW_LOG] = File.join Dir.pwd, optarg
+      end
+    end
+  when "n", "no-daemon"
+    conf[Autodrop::KW_DAEMON] = false
+    conf[Autodrop::KW_LOG] = "stdout"
+  when "p", "pidfile"
+    if optarg[0] == "/"
+      conf[Autodrop::KW_PIDFILE] = optarg
+    else
+      conf[Autodrop::KW_PIDFILE] = File.join Dir.pwd, optarg
+    end
+  else
+    exit 1
+  end
+end
+unless ARGV.empty?
+  warn "autodrop: no arguments required - #{ARGV.join " "}"
+  exit 1
+end
+
+Autodrop.new.run conf