From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tim FitzGeorge To: development@lists.ipfire.org Subject: [PATCH 09/12] statusmail: Other plugins Date: Fri, 05 Apr 2019 18:29:37 +0100 Message-ID: <20190405172940.13168-10-ipfr@tfitzgeorge.me.uk> In-Reply-To: <20190405172940.13168-1-ipfr@tfitzgeorge.me.uk> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5926332648270262312==" List-Id: --===============5926332648270262312== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Note that the graphs plugin requires a change to the existing graphs.pl to allow for arbitary time periods. Signed-off-by: Tim FitzGeorge --- src/statusmail/plugins/graphs.pm | 697 +++++++++++++++++++++++= ++ src/statusmail/plugins/hardware_media_space.pm | 154 ++++++ src/statusmail/plugins/network_firewall.pm | 357 +++++++++++++ 3 files changed, 1208 insertions(+) create mode 100644 src/statusmail/plugins/graphs.pm create mode 100644 src/statusmail/plugins/hardware_media_space.pm create mode 100644 src/statusmail/plugins/network_firewall.pm diff --git a/src/statusmail/plugins/graphs.pm b/src/statusmail/plugins/graphs= .pm new file mode 100644 index 000000000..5b72c6e1a --- /dev/null +++ b/src/statusmail/plugins/graphs.pm @@ -0,0 +1,697 @@ +#!/usr/bin/perl + +############################################################################ +# # +# Send log and status emails for IPFire # +# # +# This is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# This is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2018 - 2019 The IPFire Team # +# # +############################################################################ + +use strict; +use warnings; + +require "${General::swroot}/lang.pl"; +require "${General::swroot}/graphs.pl"; + +package Graphs; + +############################################################################ +# Function prototypes +############################################################################ + +sub add_graph( $$$$@ ); + +############################################################################ +# BEGIN Block +# +# Register the graphs available in this file. +# +# Note that some graphs are only available under certain circumstances, so +# it's necessary to check the circumstances apply. +############################################################################ + +sub BEGIN +{ + my %netsettings; + my %mainsettings; + + &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); + &General::readhash("${General::swroot}/main/settings", \%mainsettings); + + my $config_type =3D $netsettings{'CONFIG_TYPE'}; + + my %common_options =3D ( 'section' =3D> $Lang::tr{'graph'}, + 'format' =3D> 'html' ); + + #-------------------------------------------------------------------------= --- + # Network + + if ($netsettings{'RED_TYPE'} ne 'PPPOE') + { + if ($netsettings{'RED_DEV'} ne $netsettings{'GREEN_DEV'}) + { + if ($netsettings{'RED_DEV'} eq 'red0') + { + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-network-red0', + 'subsection' =3D> $Lang::tr{'interfaces'}, + 'item' =3D> 'red0', + 'function' =3D> \&red0 ); + } + else + { + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-network-ppp0', + 'subsection' =3D> $Lang::tr{'interfaces'}, + 'item' =3D> 'ppp0', + 'function' =3D> \&ppp0 ); + } + } + } + else + { + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-network-ppp0', + 'subsection' =3D> $Lang::tr{'interfaces'}, + 'item' =3D> 'ppp0', + 'function' =3D> \&ppp0 ); + } + + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-network-green0', + 'subsection' =3D> $Lang::tr{'interfaces'}, + 'item' =3D> 'green0', + 'function' =3D> \&green0 ); + + if ($config_type =3D=3D 3 or $config_type =3D=3D 4) + { + # BLUE + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-network-blue0', + 'subsection' =3D> $Lang::tr{'interfaces'}, + 'item' =3D> 'blue0', + 'function' =3D> \&blue0 ); + } + + if ($config_type =3D=3D 2 or $config_type =3D=3D 4) + { + # ORANGE + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-network-orange0', + 'subsection' =3D> $Lang::tr{'interfaces'}, + 'item' =3D> 'orange0', + 'function' =3D> \&orange0 ); + } + + + if (-e "/var/log/rrd/collectd/localhost/interface/if_octets-ipsec0.rrd") + { + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-network-ipsec0', + 'subsection' =3D> $Lang::tr{'network'}, + 'item' =3D> 'ipsec0', + 'function' =3D> \&ipsec0 ); + } + + if (-e "/var/log/rrd/collectd/localhost/interface/if_octets-tun0.rrd") + { + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-network-tun0', + 'subsection' =3D> $Lang::tr{'network'}, + 'item' =3D> 'tun0', + 'function' =3D> \&tun0 ); + } + + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-network-fwhits', + 'subsection' =3D> $Lang::tr{'network'}, + 'item' =3D> $Lang::tr{'firewallhits'}, + 'function' =3D> \&fw_hits ); + + #-------------------------------------------------------------------------= --- + # System + + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-system-cpu-usage', + 'subsection' =3D> $Lang::tr{'system'}, + 'item' =3D> "CPU $Lang::tr{'graph'}", + 'function' =3D> \&cpu_usage ); + + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-system-cpu-load', + 'subsection' =3D> $Lang::tr{'system'}, + 'item' =3D> "Load $Lang::tr{'graph'}", + 'function' =3D> \&cpu_load ); + + if ( -e "$mainsettings{'RRDLOG'}/collectd/localhost/cpufreq/cpufreq-0.rrd") + { + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-system-cpu-frequency', + 'subsection' =3D> $Lang::tr{'system'}, + 'item' =3D> "CPU $Lang::tr{'frequency'}", + 'function' =3D> \&cpu_freq ); + } + + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-system-entropy', + 'subsection' =3D> $Lang::tr{'system'}, + 'item' =3D> $Lang::tr{'entropy'}, + 'function' =3D> \&entropy ); + + #-------------------------------------------------------------------------= --- + # Hardware + + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-hardware-cpu-load', + 'subsection' =3D> $Lang::tr{'hardware graphs'}, + 'item' =3D> "Load $Lang::tr{'graph'}", + 'function' =3D> \&cpu_load ); + + if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/thermal-thermal_zone* = 2>/dev/null` ) + { + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-hardware-acpi-zone-temp', + 'subsection' =3D> $Lang::tr{'hardware graphs'}, + 'item' =3D> "ACPI Thermal-Zone Temp", + 'function' =3D> \&therm ); + } + + if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/temperature-= * 2>/dev/null` ) + { + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-hardware-temp', + 'subsection' =3D> $Lang::tr{'hardware graphs'}, + 'item' =3D> "hwtemp", + 'function' =3D> \&hwtemp ); + } + + if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/fanspeed-* 2= >/dev/null` ) + { + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-hardware-fan', + 'subsection' =3D> $Lang::tr{'hardware graphs'}, + 'item' =3D> "hwfan", + 'function' =3D> \&hwfan ); + } + + if ( `ls $mainsettings{'RRDLOG'}/collectd/localhost/sensors-*/voltage-* 2>= /dev/null` ) + { + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-hardware-volt', + 'subsection' =3D> $Lang::tr{'hardware graphs'}, + 'item' =3D> "hwvolt", + 'function' =3D> \&hwvolt ); + } + + #-------------------------------------------------------------------------= --- + # Memory + + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-memory-memory', + 'subsection' =3D> $Lang::tr{'memory'}, + 'item' =3D> $Lang::tr{'memory'}, + 'function' =3D> \&memory ); + + main::add_mail_item( %common_options, + 'ident' =3D> 'graph-memory-swap', + 'subsection' =3D> $Lang::tr{'memory'}, + 'item' =3D> $Lang::tr{'swap'}, + 'function' =3D> \&swap ); + + #-------------------------------------------------------------------------= --- + # Disks + + foreach my $path (glob '/var/log/rrd/collectd/localhost/disk*') + { + my ($name) =3D $path =3D~ m/disk\-(\w+)/; + + main::add_mail_item( %common_options, + 'ident' =3D> "graph-disk-access-$name", + 'subsection' =3D> $Lang::tr{'statusmail disk acces= s'}, + 'item' =3D> $name, + 'function' =3D> sub { my ($this) =3D @_; diskacc= ess( $this, $name ); } ); + + main::add_mail_item( %common_options, + 'ident' =3D> "graph-disk-temp-$name", + 'subsection' =3D> $Lang::tr{'statusmail disk tempe= rature'}, + 'item' =3D> $name, + 'function' =3D> sub { my ($this) =3D @_; disktem= p( $this, $name ); } ); + } + +# Other graphs that aren't available. +# updatepinggraph( host, period ) : net= other.cgi +# updateprocessescpugraph( period ) +# updateprocessesmemorygraph( period ) +# updateqosgraph( device, period ) red0 | ppp0 | imq0 : qos= .cgi +# updatevpngraph( interface, period ) : net= ovpnrw.cgi +# updatevpnn2ngraph( interface, period ) : net= ovpnsrv.cgi +# updatewirelessgraph( interface, period ) +} + +############################################################################ +# Code +############################################################################ + +#---------------------------------------------------------------------------= --- +# sub add_graph( object, function, name, alternate[, params...] ) +# +# Adds a graph to the mail message. This runs a sub-process to capture the +# output from running the standard WUI's graphing function, which is sent to +# stdout. +# +# Parameters: +# this message object +# function function producing graph +# name name of graph file +# alternate alternate text for image +# params parameters to be passed to graph function +#---------------------------------------------------------------------------= --- + +sub add_graph( $$$$@ ) +{ + my ($this, $function, $name, $alternate, @params) =3D @_; + + my $from_child; + + my $pid =3D open( $from_child, "-|" ); + + if ($pid) + { # parent + binmode $from_child; + + $this->add_image( fh =3D> $from_child, + alt =3D> $alternate, + type =3D> 'image/png', + name =3D> $name ); + + waitpid( $pid, 0 ); + close $from_child; + } + else + { # child + binmode( STDOUT ); + + my $period =3D $this->get_period(); + + &$function( @params, $period ); + + exit; + } +} + + +#---------------------------------------------------------------------------= --- +# sub ppp0( this ) +# +# Adds a graph of the ppp0 interface throughput +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + +sub ppp0( $ ) +{ + my ($this) =3D @_; + + add_graph( $this, \&Graphs::updateifgraph, 'ppp0_if.png', 'ppp0 interface = throughput', 'ppp0' ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub red0( this ) +# +# Adds a graph of the red0 interface throughput +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + +sub red0( $ ) +{ + my ($this) =3D @_; + + add_graph( $this, \&Graphs::updateifgraph, 'red0_if.png', 'red0 interface = throughput', 'red0' ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub green0( this ) +# +# Adds a graph of the green0 interface throughput +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + +sub green0( $ ) +{ + my ($this) =3D @_; + + add_graph( $this, \&Graphs::updateifgraph, 'green0_if.png', 'green0 interf= ace throughput', 'green0' ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub blue0( this ) +# +# Adds a graph of the blue0 interface throughput +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + +sub blue0( $ ) +{ + my ($this) =3D @_; + + add_graph( $this, \&Graphs::updateifgraph, 'blue0_if.png', 'blue0 interfac= e throughput', 'blue0' ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub orange0( this ) +# +# Adds a graph of the orange0 interface throughput +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + +sub orange0( $ ) +{ + my ($this) =3D @_; + + add_graph( $this, \&Graphs::updateifgraph, 'orange0_if.png', 'orange0 inte= rface throughput', 'orange0' ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub ipsec0( this ) +# +# Adds a graph of the ipsec0 interface +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + +sub ipsec0( $ ) +{ + my ($this) =3D @_; + + add_graph( $this, \&Graphs::updateifgraph, 'ipsec0_if.png', 'ipsec0 interf= ace throughput', 'ipsec0' ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub tun0( this ) +# +# Adds a graph of the tun0 interface +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + +sub tun0( $ ) +{ + my ($this) =3D @_; + + add_graph( $this, \&Graphs::updateifgraph, 'tun0_if.png', 'tun0 interface = throughput', 'tun0' ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub cpu_usage( this ) +# +# Adds a graph of the CPU usage +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + +sub cpu_usage( $ ) +{ + my ($this) =3D @_; + + add_graph( $this, \&Graphs::updatecpugraph, 'cpu_usage.png', "CPU $Lang::t= r{'graph'}" ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub cpu_freq( this ) +# +# Adds a graph of the CPU frequency +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + +sub cpu_freq( $ ) +{ + my ($this) =3D @_; + + add_graph( $this, \&Graphs::updatecpufreqgraph, 'cpu_freq.png', "CPU $Lang= ::tr{'frequency'}" ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub cpu_load( this ) +# +# Adds a graph of the CPU load +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + +sub cpu_load( $$ ) +{ + my ($this) =3D @_; + + add_graph( $this, \&Graphs::updateloadgraph,, 'cpu_load.png', "Load $Lang:= :tr{'graph'}" ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub fw_hits( this ) +# +# Adds a graph of the Firewall hits +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + +sub fw_hits( $ ) +{ + my ($this) =3D @_; + + add_graph( $this, \&Graphs::updatefwhitsgraph, 'fw_hits.png', $Lang::tr{'f= irewallhits'} ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub therm( this ) +# +# Adds a graph of the ACPI Thermal zone temperatures +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + +sub therm( $ ) +{ + my ($this) =3D @_; + + add_graph( $this, \&Graphs::updatethermaltempgraph, 'therm.png', "ACPI The= rmal-Zone Temp" ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub hwtemp( this ) +# +# Adds a graph of the Hardware Temperatures +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + +sub hwtemp( $ ) +{ + my ($this) =3D @_; + + add_graph( $this, \&Graphs::updatehwtempgraph, 'hw_temp.png', 'hwtemp' ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub hwfan( this ) +# +# Adds a graph of the Fan Speeds +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + +sub hwfan( $ ) +{ + my ($this) =3D @_; + + add_graph( $this, \&Graphs::updatehwfangraph, 'hw_fan.png', 'hwfan' ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub hwvolt( this ) +# +# Adds a graph of the Hardware voltages +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + +sub hwvolt( $ ) +{ + my ($this) =3D @_; + + add_graph( $this, \&Graphs::updatehwvoltgraph, 'hw_volt.png', 'hw volt' ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub entropy( this ) +# +# Adds a graph of the Entropy +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + +sub entropy( $ ) +{ + my ($this) =3D @_; + + add_graph( $this, \&Graphs::updateentropygraph, 'entropy.png', $Lang::tr{'= entropy'} ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub memory( this ) +# +# Adds a graph of the memory usage +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + +sub memory( $ ) +{ + my ($this) =3D @_; + + add_graph( $this, \&Graphs::updatememorygraph, 'memory.png', $Lang::tr{'me= mory'} ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub swap( this ) +# +# Adds a graph of the swapfile usage +# +# Parameters: +# this message object +#---------------------------------------------------------------------------= --- + +sub swap( $ ) +{ + my ($this) =3D @_; + + add_graph( $this, \&Graphs::updateswapgraph, 'swap.png', $Lang::tr{'swap'}= ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub diskaccess( this, name ) +# +# Adds a graph of the disk access rate +# +# Parameters: +# this message object +# name disk name +#---------------------------------------------------------------------------= --- + +sub diskaccess( $$ ) +{ + my ($this, $name) =3D @_; + + add_graph( $this, \&Graphs::updatediskgraph, "disk_access_$name.png", $nam= e, $name ); + + return 1; +} + + +#---------------------------------------------------------------------------= --- +# sub updatehddgraph( this, name ) +# +# Adds a graph of the disk temperature +# +# Parameters: +# this message object +# name disk name +#---------------------------------------------------------------------------= --- + +sub disktemp( $$ ) +{ + my ($this, $name) =3D @_; + + add_graph( $this, \&Graphs::updatehddgraph, "disk_temp_$name.png", $name, = $name ); + + return 1; +} diff --git a/src/statusmail/plugins/hardware_media_space.pm b/src/statusmail/= plugins/hardware_media_space.pm new file mode 100644 index 000000000..ce3db2def --- /dev/null +++ b/src/statusmail/plugins/hardware_media_space.pm @@ -0,0 +1,154 @@ +#!/usr/bin/perl + +############################################################################ +# # +# Send log and status emails for IPFire # +# # +# This is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# This is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2018 - 2019 The IPFire Team # +# # +############################################################################ + +use strict; +use warnings; + +require "${General::swroot}/lang.pl"; + +package Hardware_Media_Space; + +############################################################################ +# Function prototypes +############################################################################ + +sub space( $$ ); +sub inodes( $$ ); + +############################################################################ +# BEGIN Block +# +# Register the log items available in this file +############################################################################ + +sub BEGIN +{ + main::add_mail_item( 'ident' =3D> 'hardware-media-space', + 'section' =3D> $Lang::tr{'statusmail hardware'}, + 'subsection' =3D> $Lang::tr{'media'}, + 'item' =3D> $Lang::tr{'disk usage'}, + 'function' =3D> \&space, + 'option' =3D> { 'type' =3D> 'integer', + 'name' =3D> $Lang::tr{'statusmail= max free percent'}, + 'min' =3D> 0, + 'max' =3D> 100 } ); + + main::add_mail_item( 'ident' =3D> 'hardware-media-inodes', + 'section' =3D> $Lang::tr{'statusmail hardware'}, + 'subsection' =3D> $Lang::tr{'media'}, + 'item' =3D> 'inodes', + 'function' =3D> \&inodes, + 'option' =3D> { 'type' =3D> 'integer', + 'name' =3D> $Lang::tr{'statusmail= max free percent'}, + 'min' =3D> 0, + 'max' =3D> 100 } ); +} + +############################################################################ +# Code +############################################################################ + +#---------------------------------------------------------------------------= --- +# sub space( this, min_percent ) +# +# Adds the disk usage in terms of space used. +# +# Parameters: +# this message object +# min_percent Only display information if this amount of space or less is +# free +#---------------------------------------------------------------------------= --- + +sub space( $$ ) +{ + my $message =3D shift; + my $min_percent =3D 100 - shift; + my @lines; + + # Get the process information + + foreach my $line (`df -BM`) + { + my @fields =3D split /\s+/, $line, 6; + if ($fields[4] =3D~ m/\d+\%/) + { + my ($percent) =3D $fields[4] =3D~ m/(\d+)\%/; + next if ($percent <=3D $min_percent); + } + push @lines, [ @fields ]; + } + + if (@lines > 1) + { + $message->add_table( @lines ); + + return 1; + } + + return 0; +} + + +#---------------------------------------------------------------------------= --- +# sub inodes( this, min_percent ) +# +# Adds the disk usage in terms of inodes used. +# +# Parameters: +# this message object +# min_percent Only display information if this number of inodes or less is +# free +#---------------------------------------------------------------------------= --- + +sub inodes( $$ ) +{ + my $message =3D shift; + my $min_percent =3D 100 - shift; + my @lines; + + # Get the process information + + foreach my $line (`df -i`) + { + my @fields =3D split /\s+/, $line, 6; + next if ($fields[1] =3D=3D 0); + if ($fields[4] =3D~ m/\d+\%/) + { + my ($percent) =3D $fields[4] =3D~ m/(\d+)\%/; + next if ($percent <=3D $min_percent); + } + push @lines, [ @fields ]; + } + + if (@lines > 1) + { + $message->add_table( @lines ); + + return 1; + } + + return 0; +} + +1; diff --git a/src/statusmail/plugins/network_firewall.pm b/src/statusmail/plug= ins/network_firewall.pm new file mode 100644 index 000000000..1abe4e482 --- /dev/null +++ b/src/statusmail/plugins/network_firewall.pm @@ -0,0 +1,357 @@ +#!/usr/bin/perl + +############################################################################ +# # +# Send log and status emails for IPFire # +# # +# This is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# This is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2018 - 2019 The IPFire Team # +# # +############################################################################ + +require "${General::swroot}/lang.pl"; + +use strict; +use warnings; + +package Network_Firewall; + +use Time::Local; + +require "${General::swroot}/geoip-functions.pl"; + +############################################################################ +# BEGIN Block +# +# Register the log items available in this file +############################################################################ + +sub BEGIN +{ + main::add_mail_item( 'ident' =3D> 'network-firewall-ipaddresses', + 'section' =3D> $Lang::tr{'network'}, + 'subsection' =3D> $Lang::tr{'firewall'}, + 'item' =3D> $Lang::tr{'ip address'}, + 'function' =3D> \&addresses, + 'option' =3D> { 'type' =3D> 'integer', + 'name' =3D> $Lang::tr{'statusmail= firewall min count'}, + 'min' =3D> 1, + 'max' =3D> 1000 } ); + + main::add_mail_item( 'ident' =3D> 'network-firewall-ports', + 'section' =3D> $Lang::tr{'network'}, + 'subsection' =3D> $Lang::tr{'firewall'}, + 'item' =3D> $Lang::tr{port}, + 'function' =3D> \&ports, + 'option' =3D> { 'type' =3D> 'integer', + 'name' =3D> $Lang::tr{'statusmail= firewall min count'}, + 'min' =3D> 1, + 'max' =3D> 1000 } ); + + main::add_mail_item( 'ident' =3D> 'network-firewall-countries', + 'section' =3D> $Lang::tr{'network'}, + 'subsection' =3D> $Lang::tr{'firewall'}, + 'item' =3D> $Lang::tr{country}, + 'function' =3D> \&countries, + 'option' =3D> { 'type' =3D> 'integer', + 'name' =3D> $Lang::tr{'statusmail= firewall min count'}, + 'min' =3D> 1, + 'max' =3D> 1000 } ); + + main::add_mail_item( 'ident' =3D> 'network-firewall-reason', + 'section' =3D> $Lang::tr{'network'}, + 'subsection' =3D> $Lang::tr{'firewall'}, + 'item' =3D> $Lang::tr{'statusmail firewall reas= on'}, + 'function' =3D> \&reasons, + 'option' =3D> { 'type' =3D> 'integer', + 'name' =3D> $Lang::tr{'statusmail= firewall min count'}, + 'min' =3D> 1, + 'max' =3D> 1000 } ); +} + + +############################################################################ +# Functions +############################################################################ + +sub get_log( $ ); +sub addresses( $$ ); + +#---------------------------------------------------------------------------= --- +# sub get_log( this ) +# +# Gets information on blocked packets from the system log and caches it. +# +# Parameters: +# this message object +# +# Returns: +# reference to hash of information +#---------------------------------------------------------------------------= --- + +sub get_log( $ ) +{ + my ($this, $name) =3D @_; + + my $data =3D $this->cache( 'network-firewall' ); + + return $data if (defined $data); + + my %info; + my $line; + + while ($line =3D $this->get_message_log_line) + { + next unless ($line); + next unless ($line =3D~ m/kernel: DROP/); + + my ($time, $rule, $interface, $src_addrs, $dst_port) =3D + $line =3D~ m/(\w+\s+\d+\s+\d+:\d+:\d+).*DROP_(\w+?)\s*IN=3D(\w+).*SR= C=3D(\d+\.\d+\.\d+\.\d+).*(?:DPT=3D(\d*))/; +# mmm dd hh:mm:dd ipfire kernel: DROP_SPAMHAUS_EDROPIN=3Dppp0 OUT=3D MAC=3D = SRC=3D999.999.999.999 DST=3D888.888.888.888 LEN=3D40 TOS=3D0x00 PREC=3D0x00 T= TL=3D248 ID=3D35549 PROTO=3DTCP SPT=3D47851 DPT=3D28672 WINDOW=3D1024 RES=3D0= x00 SYN URGP=3D0 MARK=3D0xd2 + + next unless ($src_addrs); + + my $country =3D GeoIP::lookup( $src_addrs ) || $src_addrs; + + $info{'by_address'}{$src_addrs}{'count'}++; + $info{'by_address'}{$src_addrs}{'first'} =3D $time unless ($info{'by_add= ress'}{$src_addrs}{'first'}); + $info{'by_address'}{$src_addrs}{'last'} =3D $time; + + if ($dst_port) + { + $info{'by_port'}{$dst_port}{'count'}++ ; + $info{'by_port'}{$dst_port}{'first'} =3D $time unless ($info{'by_port'= }{$dst_port}{'first'}); + $info{'by_port'}{$dst_port}{'last'} =3D $time; + } + + if ($country) + { + $info{'by_country'}{$country}{'count'}++; + $info{'by_country'}{$country}{'first'} =3D $time unless ($info{'by_cou= ntry'}{$country}{'first'}); + $info{'by_country'}{$country}{'last'} =3D $time; + } + + $info{'by_rule'}{$rule}{'count'}++; + $info{'by_rule'}{$rule}{'first'} =3D $time unless ($info{'by_rule'}{$rul= e}{'first'}); + $info{'by_rule'}{$rule}{'last'} =3D $time; + + $info{'total'}++; + }; + + $this->cache( 'network-firewall', \%info ); + + return \%info; +} + + +#---------------------------------------------------------------------------= --- +# sub addresses( this, min_count ) +# +# Output information on blocked addresses. +# +# Parameters: +# this message object +# min_count only output blocked addresses occurring at least this number = of +# times +#---------------------------------------------------------------------------= --- + +sub addresses( $$ ) +{ + my ($self, $min_count) =3D @_; + my @table; + + use Sort::Naturally; + + push @table, ['|', '|', '|', '|', '|', '|']; + push @table, [ $Lang::tr{'ip address'}, $Lang::tr{'country'}, $Lang::tr{'c= ount'}, $Lang::tr{'percentage'}, $Lang::tr{'first'}, $Lang::tr{'last'} ]; + + my $stats =3D get_log( $self ); + + foreach my $address (sort { $$stats{'by_address'}{$b}{'count'} <=3D> $$sta= ts{'by_address'}{$a}{'count'} || + ncmp( $b, $a ) } keys %{ $$stats{'by_address'}= } ) + { + my $count =3D $$stats{'by_address'}{$address}{'count'}; + my $country =3D GeoIP::lookup( $address ); + my $first =3D $$stats{'by_address'}{$address}{'first'}; + my $last =3D $$stats{'by_address'}{$address}{'last'}; + my $percent =3D int( 100 * $count / $$stats{'total'} + 0.5); + + last if ($count < $min_count); + + my $name =3D $self->lookup_ip_address( $address ); + + $address =3D "$address\n$name" if ($name); + + if ($country) + { + $country =3D GeoIP::get_full_country_name( $country) || $address; + } + else + { + $country =3D $Lang::tr{'unknown'}; + } + + push @table, [ $address, $country, $count, $percent, $first, $last ]; + + last if (@table > $self->get_max_lines_per_item + 2) + } + + if (@table > 2) + { + $self->add_table( @table ); + + return 1; + } + + return 0; +} + + +#---------------------------------------------------------------------------= --- +# sub ports( this, min_count ) +# +# Output information on blocked ports. +# +# Parameters: +# this message object +# min_count only output blocked ports occurring at least this number of +# times +#---------------------------------------------------------------------------= --- + +sub ports( $$ ) +{ + my ($self, $min_count) =3D @_; + my @table; + + push @table, ['|', '|', '|', '|', '|']; + push @table, [ $Lang::tr{'port'}, $Lang::tr{'count'}, $Lang::tr{'percentag= e'}, $Lang::tr{'first'}, $Lang::tr{'last'} ]; + + my $stats =3D get_log( $self ); + + foreach my $port (sort { $$stats{'by_port'}{$b}{'count'} <=3D> $$stats{'by= _port'}{$a}{'count'} || + ncmp( $b, $a ) } keys %{ $$stats{'by_port'} } ) + { + my $count =3D $$stats{'by_port'}{$port}{'count'}; + my $first =3D $$stats{'by_port'}{$port}{'first'}; + my $last =3D $$stats{'by_port'}{$port}{'last'}; + my $percent =3D int( 100 * $count / $$stats{'total'} + 0.5); + + last if ($count < $min_count); + + push @table, [ $port, $count, $percent, $first, $last ]; + } + + if (@table > 2) + { + $self->add_table( @table ); + + return 1; + } + + return 0; +} + + +#---------------------------------------------------------------------------= --- +# sub countries( this, min_count ) +# +# Output information on blocked countries. +# +# Parameters: +# this message object +# min_count only output blocked countries occurring at least this number = of +# times +#---------------------------------------------------------------------------= --- + +sub countries( $$ ) +{ + my ($self, $min_count) =3D @_; + my @table; + + push @table, ['<', '|', '|', '|', '|']; + push @table, [ $Lang::tr{'country'}, $Lang::tr{'count'}, $Lang::tr{'percen= tage'}, $Lang::tr{'first'}, $Lang::tr{'last'} ]; + + my $stats =3D get_log( $self ); + + foreach my $country (sort { $$stats{'by_country'}{$b}{'count'} <=3D> $$sta= ts{'by_country'}{$a}{'count'} } keys %{ $$stats{'by_country'} } ) + { + my $count =3D $$stats{'by_country'}{$country}{'count'}; + my $first =3D $$stats{'by_country'}{$country}{'first'}; + my $last =3D $$stats{'by_country'}{$country}{'last'}; + my $percent =3D int( 100 * $count / $$stats{'total'} + 0.5); + + last if ($count < $min_count); + + my $full_country =3D GeoIP::get_full_country_name( $country) || $country; + + push @table, [ $full_country, $count, $percent, $first, $last ]; + } + + if (@table > 2) + { + $self->add_table( @table ); + + return 1; + } + + return 0; +} + + +#---------------------------------------------------------------------------= --- +# sub reasons( this, min_count ) +# +# Output information on blocked reasons (the IPtable blocking the packet). +# +# Parameters: +# this message object +# min_count only output blocked reasons occurring at least this number of +# times +#---------------------------------------------------------------------------= --- + +sub reasons( $$ ) +{ + my ($self, $min_count) =3D @_; + my @table; + + push @table, ['<', '|', '|', '|', '|']; + push @table, [ $Lang::tr{'statusmail firewall reason'}, $Lang::tr{'count'}= , $Lang::tr{'percentage'}, $Lang::tr{'first'}, $Lang::tr{'last'} ]; + + my $stats =3D get_log( $self ); + + foreach my $reason (sort { $$stats{'by_rule'}{$b}{'count'} <=3D> $$stats{'= by_rule'}{$a}{'count'} } keys %{ $$stats{'by_rule'} } ) + { + my $count =3D $$stats{'by_rule'}{$reason}{'count'}; + my $first =3D $$stats{'by_rule'}{$reason}{'first'}; + my $last =3D $$stats{'by_rule'}{$reason}{'last'}; + my $percent =3D int( 100 * $count / $$stats{'total'} + 0.5); + + last if ($count < $min_count); + + push @table, [ $reason, $count, $percent, $first, $last ]; + } + + if (@table > 2) + { + $self->add_table( @table ); + + return 1; + } + + return 0; +} + +1; --=20 2.16.4 --===============5926332648270262312==--