All the files

2024-03-09 15:36:42 +01:00
parent 58e88da2d8
commit 08b6b503a6
22 changed files with 1721 additions and 0 deletions
--- a/bin/parserfilter
+++ b/bin/parserfilter
@@ -0,0 +1,51 @@
+#!/usr/bin/env perl
+use strict;
+use warnings;
+use diagnostics;
+use sigtrap qw/handler signal_handler normal-signals/;
+use Tie::Syslog;
+use My::Savepid qw(savepid);
+use My::parser::parser;
+use Glib;
+
+my $config_file = '/usr/local/etc/parserfilter.conf';
+my $pidfile	= '/var/run/parserfilter.pid';
+my $program	= $0;
+
+unless(-f $config_file) {
+	die "Configuration file $config_file does not exist";
+}
+
+my $x;
+my $loop	= Glib::MainLoop->new;
+my $parser	= My::parser::parser->new($config_file);
+my $time	= Glib::Timeout->add(1000, \&loopsie);
+
+if(my $tp = fork) {
+	exit 0;
+} else {
+	my $pid		= $$;
+	$x		= tie *STDERR, 'Tie::Syslog', 'local0.err',$program,'pid','unix';
+	$x->ExtendedSTDERR();
+	&savepid($pid,$pidfile);
+	close STDIN;
+	$parser->load_parsers;
+	$loop->run;
+}
+
+sub loopsie {
+	my $result = $parser->parse_all;
+	return 1 if($result);
+	return 0;
+}
+
+sub signal_handler {
+	my $signal = shift;
+	if($signal eq 'HUP') {
+		$parser->{'config'}->{'logger'}->reload_log;
+		$parser->{'config'}->{'logger'}->log('Log reloaded');
+	} else {
+		$loop->quit;
+		$parser->{'config'}->{'logger'}->log("$program stopped");
+	}
+}
--- a/bin/parserfilter-tester
+++ b/bin/parserfilter-tester
@@ -0,0 +1,46 @@
+#!/usr/bin/env perl
+use strict;
+use warnings;
+use Getopt::Long;
+use My::parser::stats;
+my $module;
+my @modules	= ('ssh','dovecot','exim','apache','gitea_ssh');
+my $program	= $0;
+GetOptions	("module=s"	=> \$module);	#Only test one module
+unless($module) {
+	print 'No module specified, use argument --module=(ssh|dovecot|exim|apache|gitea_ssh)'."\n";
+	exit;
+}
+my @matches = grep { /$module/ } @modules;
+unless(@matches) {
+	print 'Unsupported module '.$module.' specified, use argument --module=(ssh|dovecot|exim|apache|gitea_ssh)'."\n";
+	exit;
+}
+print "Please paste a line to parse here:\n";
+my $frompipe	= <STDIN>;
+chomp($frompipe);				#One line is fine for us, user may fuck up, but we're good..
+my $parser	= &load($module);
+my $result	= $parser->parser($frompipe);
+if($result->{'retval'}) {
+	print 'Parser said: '.$result->{'retmsg'}."\n";
+	print 'Regarded as a hostile action'."\n" if($result->{'hostile'});
+	print 'Host: '.$result->{'host'}."\n";
+} else {
+	print 'Parser found no match'."\n";
+}
+
+sub load {
+	my $parser      = shift;
+	my $filename    = 'My/parser/'.$parser.'_parser.pm';
+	my $newclass;
+	eval {
+		require $filename;
+		my $classname   = 'My::parser::'.$parser.'_parser';
+		$newclass       = $classname->new || die "Failed to load parser for $parser";
+	} or do {
+		my $e = $@;
+		print 'Could not load parser '.$module.' from file '.$filename.': '.$e."\n";
+		exit;
+	};
+	return $newclass;
+}