From 05e6631762f032a217e09ce7ffd27af8e15317af Mon Sep 17 00:00:00 2001 From: Sefinek Date: Tue, 18 Mar 2025 21:46:14 +0100 Subject: [PATCH] Add missing `ACK`, other fixes --- config.default.js | 23 +---------------------- index.js | 39 ++++++++++++++++++++------------------- 2 files changed, 21 insertions(+), 41 deletions(-) diff --git a/config.default.js b/config.default.js index 71aa716..d37a4c2 100644 --- a/config.default.js +++ b/config.default.js @@ -21,30 +21,9 @@ exports.MAIN = { /** * Generates a report submission to AbuseIPDB. - * @param {Object} logData - * @param {string|null} logData.timestamp - * @param {string|null} logData.In - * @param {string|null} logData.Out - * @param {string|null} logData.srcIp - * @param {string|null} logData.dstIp - * @param {string|null} logData.res - * @param {string|null} logData.tos - * @param {string|null} logData.prec - * @param {string|null} logData.ttl - * @param {string|null} logData.id - * @param {string|null} logData.proto - * @param {string|null} logData.spt - * @param {string|null} logData.dpt - * @param {string|null} logData.len - * @param {string|null} logData.urgp - * @param {string|null} logData.mac - * @param {string|null} logData.window - * @param {boolean} logData.syn - * @param {string|null} fullLog - * @param {string|null} serverName * @returns {string} A formatted string report. */ -exports.REPORT_COMMENT = ({ timestamp, In, Out, srcIp, dstIp, res, tos, prec, ttl, id, proto, spt, dpt, len, urgp, mac, window, syn }, fullLog, serverName) => +exports.REPORT_COMMENT = ({ timestamp, srcIp, dstIp, proto, spt, dpt, In, Out, mac, len, ttl, id, tos, prec, res, window, urgp, syn }, fullLog, serverName) => `Blocked by UFW ${serverName ? `on ${serverName} ` : ''}[${dpt || 'N/A'}/${proto?.toLowerCase() || 'N/A'}] Source port: ${spt || 'N/A'} TTL: ${ttl || 'N/A'} diff --git a/index.js b/index.js index ca7204f..a09eb87 100644 --- a/index.js +++ b/index.js @@ -34,27 +34,28 @@ const reportToAbuseIPDb = async (logData, categories, comment) => { }; const processLogLine = async line => { - if (!line.includes('[UFW BLOCK]')) return log(0, `Ignoring line: ${line}`); + if (!line.includes('[UFW BLOCK]')) return log(0, `Ignoring invalid line: ${line}`); const logData = { - timestamp: parseTimestamp(line), - In: line.match(/IN=([\d.]+)/)?.[1] || null, - Out: line.match(/OUT=([\d.]+)/)?.[1] || null, - srcIp: line.match(/SRC=([\d.]+)/)?.[1] || null, - dstIp: line.match(/DST=([\d.]+)/)?.[1] || null, - res: line.match(/RES=(\S+)/)?.[1] || null, - tos: line.match(/TOS=(\S+)/)?.[1] || null, - prec: line.match(/PREC=(\S+)/)?.[1] || null, - ttl: line.match(/TTL=(\d+)/)?.[1] || null, - id: line.match(/ID=(\d+)/)?.[1] || null, - proto: line.match(/PROTO=(\S+)/)?.[1] || null, - spt: line.match(/SPT=(\d+)/)?.[1] || null, - dpt: line.match(/DPT=(\d+)/)?.[1] || null, - len: line.match(/LEN=(\d+)/)?.[1] || null, - urgp: line.match(/URGP=(\d+)/)?.[1] || null, - mac: line.match(/MAC=([\w:]+)/)?.[1] || null, - window: line.match(/WINDOW=(\d+)/)?.[1] || null, - syn: !!line.includes('SYN'), + timestamp: parseTimestamp(line), // Log timestamp + srcIp: line.match(/SRC=([\d.]+)/)?.[1] || null, // Source IP address + dstIp: line.match(/DST=([\d.]+)/)?.[1] || null, // Destination IP address + proto: line.match(/PROTO=(\S+)/)?.[1] || null, // Protocol (TCP, UDP, ICMP, etc.) + spt: line.match(/SPT=(\d+)/)?.[1] || null, // Source port + dpt: line.match(/DPT=(\d+)/)?.[1] || null, // Destination port + in: line.match(/IN=([\w]+)/)?.[1] || null, // Input interface + out: line.match(/OUT=([\w]+)/)?.[1] || null, // Output interface + mac: line.match(/MAC=([\w:]+)/)?.[1] || null, // MAC address + len: line.match(/LEN=(\d+)/)?.[1] || null, // Packet length + ttl: line.match(/TTL=(\d+)/)?.[1] || null, // Time to live + id: line.match(/ID=(\d+)/)?.[1] || null, // Packet ID + tos: line.match(/TOS=(\S+)/)?.[1] || null, // Type of service + prec: line.match(/PREC=(\S+)/)?.[1] || null, // Precedence + res: line.match(/RES=(\S+)/)?.[1] || null, // Reserved bits + window: line.match(/WINDOW=(\d+)/)?.[1] || null, // TCP Window size + urgp: line.match(/URGP=(\d+)/)?.[1] || null, // Urgent pointer + ack: !!line.includes('ACK'), // ACK flag + syn: !!line.includes('SYN'), // SYN flag }; const { srcIp, proto, dpt } = logData;