Skip to content
Snippets Groups Projects
Select Git revision
  • 33fc0b3fe820bc1a557f080cc1bd80f6ba56c21e
  • main default protected
2 results

README.md

Blame
    • MailReport.pm 3.16 KiB 
    package MailReport;
use strict;
use warnings;

my %CONSTANTS =      (
                       tool        => "sendmail",
                       sender      => "",
                       recipients  => [],
                       subject     => "",
                       subnets     => ["147."],
                       signature   => "XXX",
                       threshold   => 0,
                       excludedsensor => [],
                       excludedip  => [],
                       eventtype   => [],
                       maxage      => "1D",
                       summary     => "yes",
                     );

my %FORMAT   =      (   maxage     => qr/\d+[hdmHDM]/, 
                        tool       => qr/(ssmtp|sendmail)/,
                    );

sub run {
    my (undef, $modprefix, $cfg, $dbh, $db_engine) = @_;

    my $v = Constants::mergeConfigs($cfg, $modprefix, \%CONSTANTS, \%FORMAT);

    my $eventtype_query = DB::joinIN("type", \@{$v->{'eventtype'}});
    my $excluded_query  = DB::joinNotIN("source", \@{$v->{'excludedip'}});
    my $excludedsensor_query  = DB::joinNotIN("service", \@{$v->{'excludedsensor'}});
    my $subnets_query  = DB::joinLIKE("source", \@{$v->{'subnets'}});

    my $condition = substr($excluded_query . $eventtype_query . $excludedsensor_query . $subnets_query, 0, -5);
    my @columns= ("source", "hostname", "service", "type", "detected", "target_proto", "target_port", "attack_scale");
    my @params = ($condition, DB::getOldDataDB($db_engine, "NEWER", $v->{'maxage'}));
    my $query = DB::getQueryCondThreshold($db_engine, "events", \@columns, \@params, $v->{'threshold'});

    my @rows = Utils::fetchall_array_hashref($dbh, $query);

    if($v->{'subject'} eq "") {
        my $hostname = `hostname -f`;
        $v->{'subject'} = "$modprefix (Warden-app) on $hostname";
    }
    
    $v->{'modprefix'} = $modprefix;
   
    sub header { 
        my $v = shift; 
        my $header; 

        $header = "$v->{'modprefix'} noticed following events during $v->{'maxage'} timeframe:\n\n";
        $header   .= sprintf("+-------------------------------+---------------------+------------+-----------------+-------+----------+--------+\n"); 
        $header   .= sprintf("|       Detector/Service        |       Detected      |    Type    |      Source     | Dport |   Proto  | Volume |\n"); 
        $header   .= sprintf("+-------------------------------+---------------------+------------+-----------------+-------+----------+--------+\n"); 

        return $header
    };

    sub record { my $r = shift; return sprintf("|%30s | %19s | %10s | %15s | %5s | %8s | %6s |\n", "$r->{'hostname'}/$r->{'service'}", $r->{'detected'}, $r->{'type'}, $r->{'source'}, $r->{'target_port'}, $r->{'target_proto'}, $r->{'attack_scale'}); };

    sub footer { 
        my $v = shift; 
        my $footer = sprintf("+-------------------------------+---------------------+------------+-----------------+-------+----------+--------+\n\n");
        $footer    .= $v->{'signature'};
   
        return $footer; 
    };

    Utils::generateEmails($v->{'tool'}, \@{$v->{'recipients'}}, $v->{'sender'}, $v->{'subject'}, \@rows, \&header, \&record, \&footer, $v, $v->{'summary'});