From f1260d478acae4a5fc34d7231530a6c6ba5ce0ba Mon Sep 17 00:00:00 2001 From: Peter Kozak Date: Thu, 30 May 2013 10:17:43 +0200 Subject: multi-pattern support added --- misc/freeswitch/scripts/common/perimeter.lua | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) (limited to 'misc/freeswitch/scripts/common/perimeter.lua') diff --git a/misc/freeswitch/scripts/common/perimeter.lua b/misc/freeswitch/scripts/common/perimeter.lua index d3b601c..8b06f1d 100644 --- a/misc/freeswitch/scripts/common/perimeter.lua +++ b/misc/freeswitch/scripts/common/perimeter.lua @@ -56,8 +56,14 @@ function Perimeter.setup(self, event) self.checks.register = config.checks_register or {}; self.checks.call = config.checks_call or {}; - self.bad_headers.register = config.bad_headers_register; - self.bad_headers.call = config.bad_headers_call; + + for header, patterns in pairs(config.bad_headers_register) do + self.bad_headers.register[header] = common.str.strip_to_a(patterns, ','); + end + + for header, patterns in pairs(config.bad_headers_call) do + self.bad_headers.call[header] = common.str.strip_to_a(patterns, ','); + end self.log:info('[perimeter] PERIMETER - setup perimeter defense'); end @@ -205,12 +211,14 @@ end function Perimeter.check_bad_headers(self, event) local points = nil; - for name, pattern in pairs(self.bad_headers[event.action]) do - pattern = common.array.expand_variables(pattern, event); - local success, result = pcall(string.find, event[name], pattern); - if success and result then - self.log:debug('[', event.key, '/', event.sequence, '] PERIMETER_BAD_HEADERS - ', name, '=', event[name], ' ~= ', pattern); - points = (points or 0) + 1; + for name, patterns in pairs(self.bad_headers[event.action]) do + for index, pattern in ipairs(patterns) do + pattern = common.array.expand_variables(pattern, event); + local success, result = pcall(string.find, event[name], pattern); + if success and result then + self.log:debug('[', event.key, '/', event.sequence, '] PERIMETER_BAD_HEADERS - ', name, '=', event[name], ' ~= ', pattern); + points = (points or 0) + 1; + end end end -- cgit v1.2.3 From 56ae31b855f0706441fbf69253364361bc743885 Mon Sep 17 00:00:00 2001 From: Peter Kozak Date: Fri, 7 Jun 2013 11:00:44 +0200 Subject: report attacks to URL --- misc/freeswitch/scripts/common/perimeter.lua | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'misc/freeswitch/scripts/common/perimeter.lua') diff --git a/misc/freeswitch/scripts/common/perimeter.lua b/misc/freeswitch/scripts/common/perimeter.lua index 8b06f1d..fcef97c 100644 --- a/misc/freeswitch/scripts/common/perimeter.lua +++ b/misc/freeswitch/scripts/common/perimeter.lua @@ -47,6 +47,7 @@ function Perimeter.setup(self, event) self.ban_tries = 1; self.checks = { register = {}, call = {} }; self.bad_headers = { register = {}, call = {} }; + self.serial = freeswitch.getGlobalVariable('switch_serial'); if config and config.general then for key, value in pairs(config.general) do @@ -99,6 +100,7 @@ function Perimeter.record_update(self, event) event.record.span_start = event.span_start or event.record.span_start; event.record.span_contact_count = (event.span_contact_count or event.record.span_contact_count) + 1; event.record.users = event.users or event.record.users; + event.record.updated = event.updated or event.record.updated; end @@ -150,6 +152,7 @@ function Perimeter.check(self, event) end self:execute_ban(event); event.ban_time = os.time(); + event.banned = true; end event.record.banned = event.record.banned + 1; @@ -255,6 +258,17 @@ end function Perimeter.update_intruder(self, event) require 'common.intruder'; local result = common.intruder.Intruder:new{ log = self.log, database = self.database }:update_blacklist(event); + + if not common.str.blank(self.report_url) and (not event.record.updated or event.banned) then + event.serial = common.fapi.FApi:new():execute('md5', self.serial); + event.blacklisted = tostring(common.str.to_b(event.banned)); + local command = 'http_request.lua perimeter ' .. common.array.expand_variables(self.report_url, event); + require 'common.fapi' + common.fapi.FApi:new():execute('luarun', command); + self.log:devel(command); + end + + event.updated = common.str.to_i(event.updated) + 1; end -- cgit v1.2.3