[packages/syslog-blacklist] add geoip patch

glen glen at pld-linux.org
Fri Oct 10 12:14:54 CEST 2014 

commit ce90dcae8f71c7a0b2849ea159bdeeeb1998b55b
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Fri Oct 10 13:14:51 2014 +0300

    add geoip patch

 geoip.patch           | 100 ++++++++++++++++++++++++++++++++++++++++++++++++++
 syslog-blacklist.spec |   5 ++-
 2 files changed, 104 insertions(+), 1 deletion(-)
---
diff --git a/syslog-blacklist.spec b/syslog-blacklist.spec
index 993cb42..e49546d 100644
--- a/syslog-blacklist.spec
+++ b/syslog-blacklist.spec
@@ -8,17 +8,19 @@ Summary:	Intrusion Blocking with Perl and Ipset
 Name:		syslog-blacklist
 # from debian/changelog
 Version:	1.5
-Release:	0.1
+Release:	0.3
 License:	GPL v2+
 Group:		Applications/Networking
 # git clone http://bogeskov.dk/git/syslog-blacklist.git
 # tar --exclude-vcs -czf syslog-blacklist.tar.gz syslog-blacklist
 Source0:	%{name}.tar.gz
 # Source0-md5:	51258b2c1225333feb181e2ee4117716
+Patch0:		geoip.patch
 URL:		http://bogeskov.dk/Ipset.html
 BuildRequires:	dpkg
 BuildRequires:	rpm-perlprov >= 4.1-13
 Requires:	ipset
+Suggests:	perl-Geo-IP
 BuildArch:	noarch
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
@@ -28,6 +30,7 @@ which pattermatches against loglines and then tracks ip using ipset.
 
 %prep
 %setup -q -n %{name}
+%patch0 -p1
 mv root/* .
 mv debian/copyright .
 
diff --git a/geoip.patch b/geoip.patch
new file mode 100644
index 0000000..43b2130
--- /dev/null
+++ b/geoip.patch
@@ -0,0 +1,100 @@
+From a5048b645e9ca3b98a4666e65a3d7fff664fea9c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Elan=20Ruusam=C3=A4e?= <glen at delfi.ee>
+Date: Wed, 8 Oct 2014 22:45:14 +0300
+Subject: [PATCH] add optional geoip support to whitelist countries not to
+ block
+
+---
+ root/usr/sbin/syslog-blacklist | 32 ++++++++++++++++++++++++++++++--
+ 1 file changed, 30 insertions(+), 2 deletions(-)
+
+diff --git a/root/usr/sbin/syslog-blacklist b/root/usr/sbin/syslog-blacklist
+index 3c8fbdc..e2f707c 100755
+--- a/root/usr/sbin/syslog-blacklist
++++ b/root/usr/sbin/syslog-blacklist
+@@ -13,12 +13,19 @@ use IO::Socket::INET;
+ use IO::Select;
+ use Sys::Syslog;
+ 
++my $geoip;
++if (eval { require Geo::IP }) {
++    Geo::IP->import;
++    $geoip = Geo::IP->new(GEOIP_MEMORY_CACHE());
++}
++
+ my %opt = (
+     progname => "syslog-blacklist",
+     listen => "127.0.0.1:2222",
+     pidfile => "/var/run/syslog-blacklist.pid",
+     blacklist => "blacklist", # name of ipset table
+     blocked => "1h",
++    skipcountry => "",
+     config => "/etc/syslog-blacklist.conf",
+     logfile => undef,
+     );
+@@ -35,11 +42,11 @@ my $reload = 0;
+ my %blocks;
+ 
+ my @rules;
+-
++my @skipCountries;
+ 
+ while(@ARGV) {
+     my $arg = shift(@ARGV);
+-    if($arg =~ m/^--(progname|listen|pidfile|blacklist|blocked|config|logfile)=(.*)$/) {
++    if($arg =~ m/^--(progname|listen|pidfile|blacklist|blocked|config|logfile|skipcountry)=(.*)$/) {
+ 	$opt{$1} = $2;
+     } elsif($arg =~ m/^--no-(pidfile)$/) {
+ 	undef $opt{$1};
+@@ -54,6 +61,7 @@ Usage: $0 [--progname=] [--listen=127.0.0.1:2222] [--pidfile=] [--logfile=]
+  --pidfile=   where to store pid
+  --blacklist= name of ipset table to store blacklistings in
+  --blocked=   host log to be blacklisted for (in sec.)
++ --skipcountry=	list of GeoIP country codes to skip blocking of
+  --config=    rules file
+  --no-daemon  run in the foreground
+  --debug      print log to stderr
+@@ -79,6 +87,10 @@ sub blocktime ( $ ) {
+ 
+ $opt{blocked} = blocktime $opt{blocked};
+ 
++if ($opt{skipcountry}) {
++	push (@skipCountries, split(/\s*,\s*/, $opt{skipcountry}));
++}
++
+ #
+ # Logfile
+ #
+@@ -125,6 +137,15 @@ sub read_config() {
+     @rules = @$rules;
+ }
+ 
++# return true if ip is in country whitelist
++# return false if geoip support is not present
++sub country_whitelist {
++    my ($ip) = @_;
++    return 0 unless $geoip;
++    my $country = $geoip->country_code_by_addr($ip);
++    return grep { $_ eq $country } @skipCountries;
++}
++
+ read_config();
+ 
+ use constant MONTH => qw( Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec );
+@@ -237,6 +258,13 @@ while($running) {
+ 	print STDERR "RULE:", $rule->{regex},"\n" if($flag{trace});
+ 	if(my @matches = $_ =~ $rule->{regex}) {
+ 	    my $ip = splice(@matches, $rule->{offset}, 1);
++            if (country_whitelist($ip)) {
++                printf(STDERR "%s: Not blacklisting %s for %s (%s) - ip belongs to whitelist country\n",
++                       timestamp(), $ip, $rule->{scope}, join(', ', @matches)) if($flag{debug} or defined $opt{logfile});
++                syslog("LOG_INFO", "Not blacklisting %s for %s (%s) - it belongs to whitelist country", $ip, $rule->{scope}, join(', ', @matches));
++                next;
++            }
++
+ 	    printf(STDERR "%s: blacklisting %s for %s (%s)\n",
+ 		   timestamp(), $ip, $rule->{scope}, join(', ', @matches)) if($flag{debug} or defined $opt{logfile});
+ 	    syslog("LOG_INFO", "blacklisting %s for %s (%s)", $ip, $rule->{scope}, join(', ', @matches));
+-- 
+2.1.2
+
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/syslog-blacklist.git/commitdiff/ce90dcae8f71c7a0b2849ea159bdeeeb1998b55b

More information about the pld-cvs-commit mailing list