Commit d6195222 authored by Rob Swindell's avatar Rob Swindell 💬
Browse files

Publish hack-attempts, SPAM-attempts, and errors to MQTT

<host>/error
.../spam
.../hack
parent e4bfafb6
Pipeline #3467 failed with stage
in 5 minutes and 31 seconds
......@@ -143,7 +143,7 @@ static int lprintf(int level, const char *fmt, ...)
if(level <= LOG_ERR) {
char errmsg[sizeof(sbuf)+16];
SAFEPRINTF2(errmsg, "%s %s", server_abbrev, sbuf);
errorlog(&scfg, level, startup==NULL ? NULL:startup->host_name, errmsg);
errorlog(&scfg, &startup->mqtt, level, startup==NULL ? NULL:startup->host_name, errmsg);
if(startup!=NULL && startup->errormsg!=NULL)
startup->errormsg(startup->cbdata,level,errmsg);
}
......@@ -1723,7 +1723,7 @@ static BOOL ftp_hacklog(char* prot, char* user, char* text, char* host, union xp
PlaySound(startup->sound.hack, NULL, SND_ASYNC|SND_FILENAME);
#endif
return hacklog(&scfg, prot, user, text, host, addr);
return hacklog(&scfg, &startup->mqtt, prot, user, text, host, addr);
}
/****************************************************************************/
......
......@@ -1258,7 +1258,7 @@ js_spamlog(JSContext *cx, uintN argc, jsval *arglist)
from=p;
}
rc=JS_SUSPENDREQUEST(cx);
ret=spamlog(sys->cfg,prot,action,reason,host,ip_addr,to,from);
ret=spamlog(sys->cfg,/* mqtt: */NULL,prot,action,reason,host,ip_addr,to,from);
free(prot);
free(action);
free(reason);
......@@ -1325,7 +1325,7 @@ js_hacklog(JSContext *cx, uintN argc, jsval *arglist)
}
}
rc=JS_SUSPENDREQUEST(cx);
ret=hacklog(sys->cfg,prot,user,text,host,&addr);
ret=hacklog(sys->cfg,/* MQTT: */NULL,prot,user,text,host,&addr);
free(prot);
free(user);
free(text);
......
......@@ -25,7 +25,7 @@
const char* log_line_ending = "\r\n";
extern "C" BOOL hacklog(scfg_t* cfg, const char* prot, const char* user, const char* text, const char* host, union xp_sockaddr* addr)
extern "C" BOOL hacklog(scfg_t* cfg, struct mqtt* mqtt, const char* prot, const char* user, const char* text, const char* host, union xp_sockaddr* addr)
{
char tstr[64];
char fname[MAX_PATH+1];
......@@ -54,15 +54,23 @@ extern "C" BOOL hacklog(scfg_t* cfg, const char* prot, const char* user, const c
fputs(log_line_ending, fp);
fcloselog(fp);
if(mqtt != NULL) {
char str[1024];
if(text == NULL)
text= "";
snprintf(str, sizeof(str), "%s\t%s\t%u\t%s\t%s\t%s", prot, user, inet_addrport(addr), host, ip, text);
mqtt_pub_strval(mqtt, TOPIC_HOST, "hack", str);
}
return true;
}
BOOL sbbs_t::hacklog(const char* prot, const char* text)
{
return ::hacklog(&cfg, prot, useron.alias, text, client_name, &client_addr);
return ::hacklog(&cfg, &startup->mqtt, prot, useron.alias, text, client_name, &client_addr);
}
extern "C" BOOL spamlog(scfg_t* cfg, char* prot, char* action
extern "C" BOOL spamlog(scfg_t* cfg, struct mqtt* mqtt, char* prot, char* action
,char* reason, char* host, char* ip_addr
,char* to, char* from)
{
......@@ -102,16 +110,27 @@ extern "C" BOOL spamlog(scfg_t* cfg, char* prot, char* action
fputs(log_line_ending, fp);
fcloselog(fp);
if(mqtt != NULL) {
char str[1024];
if(reason == NULL)
reason= "";
snprintf(str, sizeof(str), "%s\t%s\t%s\t%s\t%s\t%s\t%s", prot, action, host, ip_addr, from, to_user, reason);
mqtt_pub_strval(mqtt, TOPIC_HOST, "spam", str);
}
return true;
}
extern "C" int errorlog(scfg_t* cfg, int level, const char* host, const char* text)
extern "C" int errorlog(scfg_t* cfg, struct mqtt* mqtt, int level, const char* host, const char* text)
{
FILE* fp;
char buf[128];
char path[MAX_PATH+1];
time_t now = time(NULL);
if(host == NULL)
host = "";
SAFEPRINTF(path, "%serror.log", cfg->logs_dir);
if((fp = fopenlog(cfg, path))==NULL)
return -1;
......@@ -119,7 +138,7 @@ extern "C" int errorlog(scfg_t* cfg, int level, const char* host, const char* te
,ctime_r(&now, buf)
,GIT_BRANCH
,GIT_HASH
,host==NULL ? "":host
,host
,log_line_ending
,text
,log_line_ending
......@@ -128,9 +147,13 @@ extern "C" int errorlog(scfg_t* cfg, int level, const char* host, const char* te
fcloselog(fp);
if(cfg->node_erruser && level <= cfg->node_errlevel) {
char subject[128];
SAFEPRINTF2(subject, "%s %sERROR occurred", host == NULL ? "" : host, level <= LOG_CRIT ? "CRITICAL " : "");
SAFEPRINTF2(subject, "%s %sERROR occurred", host, level <= LOG_CRIT ? "CRITICAL " : "");
notify(cfg, cfg->node_erruser, subject, text);
}
if(mqtt != NULL) {
mqtt_pub_strval(mqtt, TOPIC_HOST, "error", text);
}
return 0;
}
......
......@@ -157,7 +157,7 @@ void sbbs_t::badlogin(char* user, char* passwd, const char* protocol, xp_sockadd
count=loginFailure(startup->login_attempt_list, addr, protocol, user, passwd);
if(user!=NULL && startup->login_attempt.hack_threshold && count>=startup->login_attempt.hack_threshold) {
getnameinfo(&addr->addr, addr_len, host_name, sizeof(host_name), NULL, 0, NI_NAMEREQD);
::hacklog(&cfg, reason, user, passwd, host_name, addr);
::hacklog(&cfg, &startup->mqtt, reason, user, passwd, host_name, addr);
#ifdef _WIN32
if(startup->sound.hack[0] && !sound_muted(&cfg))
PlaySound(startup->sound.hack, NULL, SND_ASYNC|SND_FILENAME);
......
......@@ -192,7 +192,7 @@ static int lprintf(int level, const char *fmt, ...)
if(level <= LOG_ERR) {
char errmsg[sizeof(sbuf)+16];
SAFEPRINTF2(errmsg, "%s %s", server_abbrev, sbuf);
errorlog(&scfg, level, startup==NULL ? NULL:startup->host_name,errmsg), stats.errors++;
errorlog(&scfg, &startup->mqtt, level, startup==NULL ? NULL:startup->host_name,errmsg), stats.errors++;
if(startup!=NULL && startup->errormsg!=NULL)
startup->errormsg(startup->cbdata,level,errmsg);
}
......@@ -978,7 +978,7 @@ static void badlogin(SOCKET sock, CRYPT_SESSION sess, const char* prot, const ch
SAFEPRINTF(reason,"%s LOGIN", prot);
count=loginFailure(startup->login_attempt_list, addr, prot, user, passwd);
if(startup->login_attempt.hack_threshold && count>=startup->login_attempt.hack_threshold) {
hacklog(&scfg, reason, user, passwd, host, addr);
hacklog(&scfg, &startup->mqtt, reason, user, passwd, host, addr);
#ifdef _WIN32
if(startup->sound.hack[0] && !sound_muted(&scfg))
PlaySound(startup->sound.hack, NULL, SND_ASYNC|SND_FILENAME);
......@@ -1913,7 +1913,7 @@ static BOOL chk_email_addr(SOCKET socket, const char* prot, char* p, char* host_
lprintf(LOG_NOTICE,"%04d %s [%s] !BLOCKED %s e-mail address: %s"
,socket, prot, host_ip, source, addr);
SAFEPRINTF2(tmp,"Blocked %s e-mail address: %s", source, addr);
spamlog(&scfg, (char*)prot, "REFUSED", tmp, host_name, host_ip, to, from);
spamlog(&scfg, &startup->mqtt, (char*)prot, "REFUSED", tmp, host_name, host_ip, to, from);
return(FALSE);
}
......@@ -3109,7 +3109,7 @@ static void smtp_thread(void* arg)
,socket, client.protocol, dnsbl_ip, dnsbl, host_name, inet_ntoa(dnsbl_result));
if(startup->options&MAIL_OPT_DNSBL_REFUSE) {
SAFEPRINTF2(str,"Listed on %s as %s", dnsbl, inet_ntoa(dnsbl_result));
spamlog(&scfg, (char*)client.protocol, "SESSION REFUSED", str, host_name, dnsbl_ip, NULL, NULL);
spamlog(&scfg, &startup->mqtt, (char*)client.protocol, "SESSION REFUSED", str, host_name, dnsbl_ip, NULL, NULL);
sockprintf(socket,client.protocol,session
,"550 Mail from %s refused due to listing at %s"
,dnsbl_ip, dnsbl);
......@@ -3235,7 +3235,7 @@ static void smtp_thread(void* arg)
lprintf(LOG_NOTICE,"%04d %s %s !FILTERING TWIT-LISTED SENDER: '%s' <%s> (%lu total)"
,socket, client.protocol, client_id, sender, sender_addr, ++stats.msgs_refused);
SAFEPRINTF2(tmp,"Twit-listed sender: '%s' <%s>", sender, sender_addr);
spamlog(&scfg, (char*)client.protocol, "REFUSED", tmp, host_name, host_ip, rcpt_addr, reverse_path);
spamlog(&scfg, &startup->mqtt, (char*)client.protocol, "REFUSED", tmp, host_name, host_ip, rcpt_addr, reverse_path);
sockprintf(socket,client.protocol,session, "554 Sender not allowed.");
continue;
}
......@@ -3509,7 +3509,7 @@ static void smtp_thread(void* arg)
,socket, client.protocol, client_id, p, reverse_path, ++stats.msgs_refused);
SAFEPRINTF2(tmp,"Blocked subject (%s) from: %s"
,p, reverse_path);
spamlog(&scfg, (char*)client.protocol, "REFUSED"
spamlog(&scfg, &startup->mqtt, (char*)client.protocol, "REFUSED"
,tmp, host_name, host_ip, rcpt_addr, reverse_path);
errmsg="554 Subject not allowed.";
smb_error=SMB_FAILURE;
......@@ -3612,7 +3612,7 @@ static void smtp_thread(void* arg)
}
if(startup->dnsbl_hdr[0] || startup->dnsbl_tag[0]) {
SAFEPRINTF2(str,"Listed on %s as %s", dnsbl, inet_ntoa(dnsbl_result));
spamlog(&scfg, (char*)client.protocol, "TAGGED", str, host_name, dnsbl_ip, rcpt_addr, reverse_path);
spamlog(&scfg, &startup->mqtt, (char*)client.protocol, "TAGGED", str, host_name, dnsbl_ip, rcpt_addr, reverse_path);
}
}
if(dnsbl_recvhdr) /* DNSBL-listed IP found in Received header? */
......@@ -3801,7 +3801,7 @@ static void smtp_thread(void* arg)
);
lprintf(LOG_NOTICE,"%04d %s %s Message from %s %s", socket, client.protocol, client_id, sender_info, str);
if(!is_spam) {
spamlog(&scfg, (char*)client.protocol, "IGNORED"
spamlog(&scfg, &startup->mqtt, (char*)client.protocol, "IGNORED"
,str, host_name, host_ip, rcpt_addr, reverse_path);
is_spam=TRUE;
}
......@@ -3846,7 +3846,7 @@ static void smtp_thread(void* arg)
SAFEPRINTF2(str,"Listed on %s as %s", dnsbl, inet_ntoa(dnsbl_result));
lprintf(LOG_NOTICE,"%04d %s %s !IGNORED MAIL from %s to <%s> from server: %s (%lu total)"
,socket, client.protocol, client_id, sender_info, rcpt_addr, str, ++stats.msgs_ignored);
spamlog(&scfg, (char*)client.protocol, "IGNORED"
spamlog(&scfg, &startup->mqtt, (char*)client.protocol, "IGNORED"
,str, host_name, dnsbl_ip, rcpt_addr, reverse_path);
}
/* pretend we received it */
......@@ -4505,7 +4505,7 @@ static void smtp_thread(void* arg)
lprintf(LOG_NOTICE,"%04d %s %s !MAXIMUM RECIPIENTS (%d) REACHED"
,socket, client.protocol, client_id, startup->max_recipients);
SAFEPRINTF(tmp,"Maximum recipient count (%d)",startup->max_recipients);
spamlog(&scfg, (char*)client.protocol, "REFUSED", tmp
spamlog(&scfg, &startup->mqtt, (char*)client.protocol, "REFUSED", tmp
,host_name, host_ip, rcpt_addr, reverse_path);
sockprintf(socket,client.protocol,session, "452 Too many recipients");
stats.msgs_refused++;
......@@ -4527,7 +4527,7 @@ static void smtp_thread(void* arg)
,socket, client.protocol, client_id, scfg.level_emailperday[relay_user.level], relay_user.number, relay_user.alias);
SAFEPRINTF2(tmp,"Maximum emails per day (%u) for %s"
,scfg.level_emailperday[relay_user.level], relay_user.alias);
spamlog(&scfg, (char*)client.protocol, "REFUSED", tmp
spamlog(&scfg, &startup->mqtt, (char*)client.protocol, "REFUSED", tmp
,host_name, host_ip, rcpt_addr, reverse_path);
sockprintf(socket,client.protocol,session, "452 Too many emails today");
stats.msgs_refused++;
......@@ -4548,7 +4548,7 @@ static void smtp_thread(void* arg)
filter_ip(&scfg, client.protocol, reason, host_name, host_ip, reverse_path, spam_block);
strcat(tmp," and BLOCKED");
}
spamlog(&scfg, (char*)client.protocol, tmp, "Attempted recipient in SPAM BAIT list"
spamlog(&scfg, &startup->mqtt, (char*)client.protocol, tmp, "Attempted recipient in SPAM BAIT list"
,host_name, host_ip, rcpt_addr, reverse_path);
dnsbl_result.s_addr=0;
}
......@@ -4569,7 +4569,7 @@ static void smtp_thread(void* arg)
lprintf(LOG_NOTICE,"%04d %s %s !REFUSED MAIL from blacklisted server (%lu total)"
,socket, client.protocol, client_id, ++stats.sessions_refused);
SAFEPRINTF2(str,"Listed on %s as %s", dnsbl, inet_ntoa(dnsbl_result));
spamlog(&scfg, (char*)client.protocol, "REFUSED", str, host_name, host_ip, rcpt_addr, reverse_path);
spamlog(&scfg, &startup->mqtt, (char*)client.protocol, "REFUSED", str, host_name, host_ip, rcpt_addr, reverse_path);
sockprintf(socket,client.protocol,session
,"550 Mail from %s refused due to listing at %s"
,host_ip, dnsbl);
......@@ -4663,7 +4663,7 @@ static void smtp_thread(void* arg)
lprintf(LOG_WARNING,"%04d %s %s !ILLEGAL RELAY ATTEMPT from %s [%s] to %s"
,socket, client.protocol, client_id, reverse_path, host_ip, p);
SAFEPRINTF(tmp,"Relay attempt to: %s", p);
spamlog(&scfg, (char*)client.protocol, "REFUSED", tmp, host_name, host_ip, rcpt_addr, reverse_path);
spamlog(&scfg, &startup->mqtt, (char*)client.protocol, "REFUSED", tmp, host_name, host_ip, rcpt_addr, reverse_path);
if(startup->options&MAIL_OPT_ALLOW_RELAY)
sockprintf(socket,client.protocol,session, "553 Relaying through this server "
"requires authentication. "
......
......@@ -206,7 +206,7 @@ int lputs(int level, const char* str)
if(level <= LOG_ERR) {
char errmsg[1024];
SAFEPRINTF2(errmsg, "%s %s", server_abbrev, str);
errorlog(&scfg, level, startup==NULL ? NULL:startup->host_name, errmsg);
errorlog(&scfg, &startup->mqtt, level, startup==NULL ? NULL:startup->host_name, errmsg);
if(startup!=NULL && startup->errormsg!=NULL)
startup->errormsg(startup->cbdata,level,errmsg);
}
......@@ -233,7 +233,7 @@ int eputs(int level, const char *str)
if(level <= LOG_ERR) {
char errmsg[1024];
SAFEPRINTF(errmsg, "evnt %s", str);
errorlog(&scfg, level, startup==NULL ? NULL:startup->host_name, errmsg);
errorlog(&scfg, &startup->mqtt, level, startup==NULL ? NULL:startup->host_name, errmsg);
if(startup!=NULL && startup->errormsg!=NULL)
startup->errormsg(startup->cbdata, level, errmsg);
}
......
......@@ -1246,11 +1246,11 @@ extern "C" {
DLLEXPORT int notify(scfg_t*, uint usernumber, const char* subject, const char* msg);
/* logfile.cpp */
DLLEXPORT int errorlog(scfg_t* cfg, int level, const char* host, const char* text);
DLLEXPORT int errorlog(scfg_t* cfg, struct mqtt*, int level, const char* host, const char* text);
DLLEXPORT BOOL hacklog(scfg_t* cfg, const char* prot, const char* user, const char* text
DLLEXPORT BOOL hacklog(scfg_t* cfg, struct mqtt*, const char* prot, const char* user, const char* text
,const char* host, union xp_sockaddr* addr);
DLLEXPORT BOOL spamlog(scfg_t* cfg, char* prot, char* action, char* reason
DLLEXPORT BOOL spamlog(scfg_t* cfg, struct mqtt*, char* prot, char* action, char* reason
,char* host, char* ip_addr, char* to, char* from);
/* data.cpp */
......
......@@ -126,7 +126,7 @@ static int lprintf(int level, const char *fmt, ...)
if(level <= LOG_ERR) {
char errmsg[sizeof(sbuf)+16];
SAFEPRINTF2(errmsg, "%s %s", server_abbrev, sbuf);
errorlog(&scfg, level, startup==NULL ? NULL:startup->host_name, errmsg);
errorlog(&scfg, &startup->mqtt, level, startup==NULL ? NULL:startup->host_name, errmsg);
if(startup!=NULL && startup->errormsg!=NULL)
startup->errormsg(startup->cbdata,level,errmsg);
}
......@@ -333,7 +333,7 @@ static void badlogin(SOCKET sock, char* prot, char* user, char* passwd, char* ho
SAFEPRINTF(reason,"%s LOGIN", prot);
count=loginFailure(startup->login_attempt_list, addr, prot, user, passwd);
if(startup->login_attempt.hack_threshold && count>=startup->login_attempt.hack_threshold) {
hacklog(&scfg, reason, user, passwd, host, addr);
hacklog(&scfg, &startup->mqtt, reason, user, passwd, host, addr);
#ifdef _WIN32
if(startup->sound.hack[0] && !sound_muted(&scfg))
PlaySound(startup->sound.hack, NULL, SND_ASYNC|SND_FILENAME);
......
......@@ -551,7 +551,7 @@ static int lprintf(int level, const char *fmt, ...)
if(level <= LOG_ERR) {
char errmsg[sizeof(sbuf)+16];
SAFEPRINTF2(errmsg, "%s %s", server_abbrev, sbuf);
errorlog(&scfg, level, startup==NULL ? NULL:startup->host_name, errmsg);
errorlog(&scfg, &startup->mqtt, level, startup==NULL ? NULL:startup->host_name, errmsg);
if(startup!=NULL && startup->errormsg!=NULL)
startup->errormsg(startup->cbdata,level,errmsg);
}
......@@ -1863,7 +1863,7 @@ static void badlogin(SOCKET sock, const char* prot, const char* user, const char
SAFEPRINTF(reason,"%s LOGIN", prot);
count=loginFailure(startup->login_attempt_list, addr, prot, user, passwd);
if(startup->login_attempt.hack_threshold && count>=startup->login_attempt.hack_threshold) {
hacklog(&scfg, reason, user, passwd, host, addr);
hacklog(&scfg, &startup->mqtt, reason, user, passwd, host, addr);
#ifdef _WIN32
if(startup->sound.hack[0] && !sound_muted(&scfg))
PlaySound(startup->sound.hack, NULL, SND_ASYNC|SND_FILENAME);
......@@ -3680,7 +3680,7 @@ static BOOL check_request(http_session_t * session)
send_error(session,__LINE__,"400 Bad Request");
SAFEPRINTF2(str, "Request for '%s' is outside of web root: %s", path, root_dir);
lprintf(LOG_NOTICE,"%04d %s [%s] !ERROR %s", session->socket, session->client.protocol, session->host_ip, str);
hacklog(&scfg, session->client.protocol, session->username, str, session->client.host, &session->addr);
hacklog(&scfg, &startup->mqtt, session->client.protocol, session->username, str, session->client.host, &session->addr);
#ifdef _WIN32
if(startup->sound.hack[0] && !sound_muted(&scfg))
PlaySound(startup->sound.hack, NULL, SND_ASYNC|SND_FILENAME);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment