Skip to content
Snippets Groups Projects
Select Git revision
  • 394817e247ef17d67d0b068fd6bd89f262aa28b5
  • master default protected
  • rednatco-v2
  • rednatco
  • test
  • ntc-tube-uniform-color
  • ntc-tube-missing-atoms
  • restore-vertex-array-per-program
  • watlas2
  • dnatco_new
  • cleanup-old-nodejs
  • webmmb
  • fix_auth_seq_id
  • update_deps
  • ext_dev
  • ntc_balls
  • nci-2
  • plugin
  • bugfix-0.4.5
  • nci
  • servers
  • v0.5.0-dev.1
  • v0.4.5
  • v0.4.4
  • v0.4.3
  • v0.4.2
  • v0.4.1
  • v0.4.0
  • v0.3.12
  • v0.3.11
  • v0.3.10
  • v0.3.9
  • v0.3.8
  • v0.3.7
  • v0.3.6
  • v0.3.5
  • v0.3.4
  • v0.3.3
  • v0.3.2
  • v0.3.1
  • v0.3.0
41 results

state.ts

Blame
    • MailReport.pm 3.16 KiB 
    package MailReport;
use strict;
use warnings;

my %CONSTANTS =      (
                       tool        => "sendmail",
                       sender      => "",
                       recipients  => [],
                       subject     => "",
                       subnets     => ["147."],
                       signature   => "XXX",
                       threshold   => 0,
                       excludedsensor => [],
                       excludedip  => [],
                       eventtype   => [],
                       maxage      => "1D",
                       summary     => "yes",
                     );

my %FORMAT   =      (   maxage     => qr/\d+[hdmHDM]/, 
                        tool       => qr/(ssmtp|sendmail)/,
                    );

sub run {
    my (undef, $modprefix, $cfg, $dbh, $db_engine) = @_;

    my $v = Constants::mergeConfigs($cfg, $modprefix, \%CONSTANTS, \%FORMAT);

    my $eventtype_query = DB::joinIN("type", \@{$v->{'eventtype'}});
    my $excluded_query  = DB::joinNotIN("source", \@{$v->{'excludedip'}});
    my $excludedsensor_query  = DB::joinNotIN("service", \@{$v->{'excludedsensor'}});
    my $subnets_query  = DB::joinLIKE("source", \@{$v->{'subnets'}});

    my $condition = substr($excluded_query . $eventtype_query . $excludedsensor_query . $subnets_query, 0, -5);
    my @columns= ("source", "hostname", "service", "type", "detected", "target_proto", "target_port", "attack_scale");
    my @params = ($condition, DB::getOldDataDB($db_engine, "NEWER", $v->{'maxage'}));
    my $query = DB::getQueryCondThreshold($db_engine, "events", \@columns, \@params, $v->{'threshold'});

    my @rows = Utils::fetchall_array_hashref($dbh, $query);

    if($v->{'subject'} eq "") {
        my $hostname = `hostname -f`;
        $v->{'subject'} = "$modprefix (Warden-app) on $hostname";
    }
    
    $v->{'modprefix'} = $modprefix;
   
    sub header { 
        my $v = shift; 
        my $header; 

        $header = "$v->{'modprefix'} noticed following events during $v->{'maxage'} timeframe:\n\n";
        $header   .= sprintf("+-------------------------------+---------------------+------------+-----------------+-------+----------+--------+\n"); 
        $header   .= sprintf("|       Detector/Service        |       Detected      |    Type    |      Source     | Dport |   Proto  | Volume |\n"); 
        $header   .= sprintf("+-------------------------------+---------------------+------------+-----------------+-------+----------+--------+\n"); 

        return $header
    };

    sub record { my $r = shift; return sprintf("|%30s | %19s | %10s | %15s | %5s | %8s | %6s |\n", "$r->{'hostname'}/$r->{'service'}", $r->{'detected'}, $r->{'type'}, $r->{'source'}, $r->{'target_port'}, $r->{'target_proto'}, $r->{'attack_scale'}); };

    sub footer { 
        my $v = shift; 
        my $footer = sprintf("+-------------------------------+---------------------+------------+-----------------+-------+----------+--------+\n\n");
        $footer    .= $v->{'signature'};
   
        return $footer; 
    };

    Utils::generateEmails($v->{'tool'}, \@{$v->{'recipients'}}, $v->{'sender'}, $v->{'subject'}, \@rows, \&header, \&record, \&footer, $v, $v->{'summary'});