- Bug fix for Decode_Month() call in DShield processing code to ensure

proper month handling for iptables log message time stamps. git-svn-id: file:///home/mbr/svn/psad_repos/psad/trunk@2281 91a0a83b-1414-0410-bf9a-c3dbc33e90b6
mrash · Jul 2, 2010 · ca3b4bf · ca3b4bf
1 parent 3fb137d
commit ca3b4bf
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 3 deletions.
diff --git a/CREDITS b/CREDITS
@@ -427,3 +427,8 @@ Miroslav Grepl
     - Contributed policy files to make psad compatible with SELinux.  The
       files are located in a new "selinux" directory in the
       psad sources.
+
+Stephen Nims
+    - Reported 'Date::Calc::Decode_Month(): argument is not a string at
+      /usr/sbin/psad line 1103' bug.  This affected DShield processing and a
+      few other areas.
diff --git a/ChangeLog b/ChangeLog
@@ -1,4 +1,6 @@
 psad-2.1.6 (04//2009):
+    - Bug fix for Decode_Month() call in DShield processing code to ensure
+      proper month handling for iptables log message time stamps.
     - (Franck Joncourt) Added --Override-config feature so that alternate
       configuration files can be specified on the command line to override
       configuration variables in the standard /etc/psad/psad.conf file.

diff --git a/psad b/psad
@@ -1117,7 +1117,8 @@ sub check_scan() {
                 and not $analyze_mode
                 and $pkt{'dshield_str'}) {
             if ($pkt{'timestamp'} =~ /^\s*(\w+)\s+(\d+)\s+(\S+)/) {
-                my $month   = Decode_Month($1);
+                my $m_tmp = $1;  ### kludge for Decode_Month() call
+                my $month   = Decode_Month($m_tmp);
                 my $day     = sprintf("%.2d", $2);
                 my $time_24 = $3;
                 push @dshield_data, "$year-$month-$day $time_24 " .
@@ -7386,7 +7387,8 @@ sub gnuplot_set_start_year() {
     my $prev_month = 0;
     for (my $i=$#gnuplot_data; $i >= 0; $i--) {
         if ($gnuplot_data[$i]->[$timestamp_field] =~ /^\s*(\w+)\s+(\d+)\s+(\S+)/) {
-            my $mon  = Decode_Month($1);
+            my $m_tmp = $1;  ### kludge for Decode_Month() call
+            my $mon  = Decode_Month($m_tmp);
             my $day  = $2;
             my $time = $3;
             if ($gnuplot_year) {
@@ -7422,7 +7424,8 @@ sub gnuplot_value() {
         ### reformat timestamp (e.g. "Feb  1 00:00:27"
         ### becomes 02/02/04:03:00:17)
         if ($packet_val =~ /^\s*(\w+)\s+(\d+)\s+(\S+)/) {
-            my $mon  = Decode_Month($1);
+            my $m_tmp = $1;  ### kludge for Decode_Month() call
+            my $mon  = Decode_Month($m_tmp);
             my $day  = $2;
             my $time = $3;
             my $hour = 0;