Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

fix uninitilized scan danger level for IP block renewals when FLUSH_I…

…PT_AT_INIT=N, closes #6
  • Loading branch information...
commit d1a25b1d011d0d64716cd73e134c11c39020328c 1 parent 3b7d73b
@mrash authored
Showing with 22 additions and 1 deletion.
  1. +5 −0 CREDITS
  2. +17 −1 psad
View
5 CREDITS
@@ -498,3 +498,8 @@ Naji Mouawad
Nicholas Ritter
- Reported a bug in psad-2.2.1 where the protocols file is not bundled with
the psad RPM's or included in the psad RPM .spec files.
+
+Gusta-BH
+ - Reported a bug in the auto-blocking mode where the danger level for IP
+ block renewals was not being initialized properly for FLUSH_IPT_AT_INIT
+ set to N.
View
18 psad
@@ -673,7 +673,7 @@ unless ($no_daemon or $debug) {
### we're at it, start psadwatchd as well. Note that this is the best
### place to start the other daemons since we just wrote the psad pid
### to PID_FILE above.
-my $cmd;
+my $cmd = '';
unless ($config{'ENABLE_SYSLOG_FILE'} eq 'Y'
or $no_kmsgsd
or $config{'SYSLOG_DAEMON'} =~ /ulog/i
@@ -6043,6 +6043,10 @@ sub renew_auto_blocked_ips() {
my $orig_block_time = $2;
if ($config{'AUTO_BLOCK_TIMEOUT'} == 0) {
+
+ ### set the DL here to the minimum currently required
+ $scan_dl{$ip} = $config{'AUTO_IDS_DANGER_LEVEL'};
+
### block the IP address (note that checks are built
### into this function to not add a duplicate rule)
&ipt_block($ip, 'renew');
@@ -6059,6 +6063,10 @@ sub renew_auto_blocked_ips() {
&ipt_rm_block($ip);
} else {
+
+ ### set the DL here to the minimum currently required
+ $scan_dl{$ip} = $config{'AUTO_IDS_DANGER_LEVEL'};
+
### block the IP address (note that checks are built
### into this function to not add a duplicate rule)
&ipt_block($ip, 'renew');
@@ -6081,6 +6089,10 @@ sub renew_auto_blocked_ips() {
my $orig_block_time = $2;
if ($config{'AUTO_BLOCK_TIMEOUT'} == 0) {
+
+ ### set the DL here to the minimum currently required
+ $scan_dl{$ip} = $config{'AUTO_IDS_DANGER_LEVEL'};
+
### block the IP address (note that checks are built
### into this function to not add a duplicate rule)
if (&tcpwr_test_block($ip)) {
@@ -6105,6 +6117,10 @@ sub renew_auto_blocked_ips() {
&tcpwr_rm_block($ip);
} else {
+
+ ### set the DL here to the minimum currently required
+ $scan_dl{$ip} = $config{'AUTO_IDS_DANGER_LEVEL'};
+
### block the IP address (note that checks are built
### into this function to not add a duplicate rule)
if (&tcpwr_test_block($ip)) {
Please sign in to comment.
Something went wrong with that request. Please try again.