From cc407f7d3c396373e42d204b2dce20abfbc8a84e Mon Sep 17 00:00:00 2001
From: Michal Kostenec <kostenec@civ.zcu.cz>
Date: Thu, 18 Apr 2013 17:56:43 +0200
Subject: [PATCH] Obnova interaktivni verze IPset Uprava README

---
 src/contrib/warden-app/Modules/IPset.pm | 8 ++++----
 src/contrib/warden-app/doc/WApp.README  | 9 +++++++--
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/contrib/warden-app/Modules/IPset.pm b/src/contrib/warden-app/Modules/IPset.pm
index 0c5ae92..0d06504 100644
--- a/src/contrib/warden-app/Modules/IPset.pm
+++ b/src/contrib/warden-app/Modules/IPset.pm
@@ -9,7 +9,7 @@ my %CONSTANTS =    (
                         threshold  =>  250,
                         excludedip =>  [],
                         eventtype  =>  [],
-                        setname    =>  "BLOCK",
+                        setname  =>  "BLOCK",
                         maxage     =>  "1D",
                      );
 
@@ -30,9 +30,9 @@ sub run {
 
     my @rows = Utils::fetchall_array_hashref($dbh, $query);
 
-    sub header { my $v = shift; return "/usr/sbin/ipset --create $v->{'setname'}_tmp iphash\n"; };
-    sub record { my ($r, $v) = @_; return "/usr/sbin/ipset --add $v->{'setname'}_tmp $r->{'source'}\n" if ($r->{'source'}=~ /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/); };
-    sub footer { my ($v) = @_; return "/usr/sbin/ipset --swap $v->{'setname'}_tmp $v->{'setname'}\n/usr/sbin/ipset --destroy $v->{'setname'}_tmp\n"; };
+    sub header { my $v = shift; return "create $v->{'setname'}_tmp hash:ip\n"; };
+    sub record { my ($r, $v) = @_; return "add $v->{'setname'}_tmp $r->{'source'}\n" if ($r->{'source'}=~/\d+\.\d+\.\d+\.\d+/); };
+    sub footer { my ($v) = @_; return "swap $v->{'setname'}_tmp $v->{'setname'}\ndestroy $v->{'setname'}_tmp\nquit\n"; };
 
     my $ret = Utils::generateOutput($v->{'outputfile'}, \@rows, \&header, \&record, \&footer, $v);
     return $ret;
diff --git a/src/contrib/warden-app/doc/WApp.README b/src/contrib/warden-app/doc/WApp.README
index 203b23e..494afa9 100644
--- a/src/contrib/warden-app/doc/WApp.README
+++ b/src/contrib/warden-app/doc/WApp.README
@@ -195,12 +195,17 @@ H. The requirements of modules
    2. IPset
 
    Initialize the new set and create a blocking rule in iptables.   
-   If the 'setname="BLOCK"' option is used and and you are interested in SSH attackers (tcp/22)
-   it's necessary use these commands:
+   If the 'setname="BLOCK"' and 'outputfile="rules.txt"' options are used and and you are 
+   interested in SSH attackers (tcp/22) it's necessary use these commands:
 
    ipset --create BLOCK iphash
    iptables -I INPUT 1 --protocol tcp --dport 22 -m set --match-set BLOCK src --jump DROP
 
+   Change of the rules using script consume a lot of CPU resources, so it is necessary 
+   to use a pipe:
+
+   ipset - < rules.txt 
+
 --------------------------------------------------------------------------------       
 X. Tutorial: Running of the WApp along with the database backend
 
-- 
GitLab