root/psad/tags/psad-2.0.2-pre4/chainmgr_test.pl

Revision 1823, 3.1 kB (checked in by mbr, 2 years ago)

(Philip Lawrence) bugfix for perl module path not spliced correctly into @INC (some paths were being removed from @INC)

  • Property svn:eol-style set to native
  • Property svn:executable set to *
  • Property svn:keywords set to Author Date Id Revision
Line 
1 #!/usr/bin/perl -w
2
3 use strict;
4
5 ### path to default psad library directory for psad perl modules
6 my $psad_lib_dir = '/usr/lib/psad';
7
8 ### import psad perl modules
9 &import_psad_perl_modules();
10
11 my $ipt = new IPTables::ChainMgr(
12     'iptables' => '/sbin/iptables',
13     'verbose'  => 1
14 );
15 my $total_rules = 0;
16
17 my ($rv, $out_aref, $err_aref) = $ipt->create_chain('filter', 'PSAD');
18 print "create_chain() rv: $rv\n";
19 print "$_\n" for @$out_aref;
20 print "$_\n" for @$err_aref;
21
22 ($rv, $out_aref, $err_aref) = $ipt->add_jump_rule('filter', 'INPUT', 'PSAD');
23 print "add_jump_rule() rv: $rv\n";
24 print "$_\n" for @$out_aref;
25 print "$_\n" for @$err_aref;
26
27 ($rv, $out_aref, $err_aref) = $ipt->add_ip_rule('1.1.1.1',
28     '0.0.0.0/0', 10, 'filter', 'PSAD', 'DROP');
29 print "add_ip_rule() rv: $rv\n";
30 print "$_\n" for @$out_aref;
31 print "$_\n" for @$err_aref;
32
33 ($rv, $total_rules) = $ipt->find_ip_rule('1.1.1.1', '0.0.0.0/0', 'filter', 'PSAD', 'DROP');
34 print "find ip: $rv, total chain rules: $total_rules\n";
35
36 ($rv, $out_aref, $err_aref) = $ipt->add_ip_rule('2.2.1.1', '0.0.0.0/0', 10,
37     'filter', 'PSAD', 'DROP');
38 print "add_ip_rule() rv: $rv\n";
39 print "$_\n" for @$out_aref;
40 print "$_\n" for @$err_aref;
41
42 ($rv, $out_aref, $err_aref) = $ipt->add_ip_rule('2.2.4.1', '0.0.0.0/0', 10,
43     'filter', 'PSAD', 'DROP');
44 print "add_ip_rule() rv: $rv\n";
45 print "$_\n" for @$out_aref;
46 print "$_\n" for @$err_aref;
47
48 ($rv, $out_aref, $err_aref) = $ipt->delete_ip_rule('1.1.1.1', '0.0.0.0/0',
49     'filter', 'PSAD', 'DROP');
50 print "delete_ip_rule() rv: $rv\n";
51 print "$_\n" for @$out_aref;
52 print "$_\n" for @$err_aref;
53
54 ($rv, $out_aref, $err_aref) = $ipt->delete_chain('filter', 'INPUT', 'PSAD');
55 print "delete_chain() rv: $rv\n";
56 print "$_\n" for @$out_aref;
57 print "$_\n" for @$err_aref;
58
59 ($rv, $out_aref, $err_aref) = $ipt->run_ipt_cmd('/sbin/iptables -nL INPUT');
60 print "list on 'INPUT' chain rv: $rv\n";
61 print for @$out_aref;
62 print for @$err_aref;
63
64 ($rv, $out_aref, $err_aref) = $ipt->run_ipt_cmd('/sbin/iptables -nL INPU');
65 print "bogus list on 'INPU' chain rv: $rv (this is expected).\n";
66 print for @$out_aref;
67 print for @$err_aref;
68
69 exit 0;
70
71 sub import_psad_perl_modules() {
72
73     my $mod_paths_ar = &get_psad_mod_paths();
74
75     push @$mod_paths_ar, @INC;
76     splice @INC, 0, $#$mod_paths_ar+1, @$mod_paths_ar;
77
78     require IPTables::Parse;
79     require IPTables::ChainMgr;
80
81     return;
82 }
83
84 sub get_psad_mod_paths() {
85
86     my @paths = ();
87
88     unless (-d $psad_lib_dir) {
89         my $dir_tmp = $psad_lib_dir;
90         $dir_tmp =~ s|lib/|lib64/|;
91         if (-d $dir_tmp) {
92             $psad_lib_dir = $dir_tmp;
93         } else {
94             die "[*] psad lib directory: $psad_lib_dir does not exist, ",
95                 "use --Lib-dir <dir>";
96         }
97     }
98
99     opendir D, $psad_lib_dir or die "[*] Could not open $psad_lib_dir: $!";
100     my @dirs = readdir D;
101     closedir D;
102     shift @dirs; shift @dirs;
103
104     push @paths, $psad_lib_dir;
105
106     for my $dir (@dirs) {
107         ### get directories like "/usr/lib/psad/x86_64-linux"
108         next unless -d "$psad_lib_dir/$dir";
109         push @paths, "$psad_lib_dir/$dir"
110             if $dir =~ m|linux| or $dir =~ m|thread|;
111     }
112     return \@paths;
113 }
114
Note: See TracBrowser for help on using the browser.