From f0e797b6c462fe04ae251ad169f6e386309cc640 Mon Sep 17 00:00:00 2001 From: Sefinek Date: Tue, 18 Mar 2025 22:22:15 +0100 Subject: [PATCH] Fixes again --- config.default.js | 4 ++-- index.js | 45 ++++++++++++++++++++++++++------------------- scripts | 2 +- 3 files changed, 29 insertions(+), 22 deletions(-) diff --git a/config.default.js b/config.default.js index d37a4c2..6ea7f90 100644 --- a/config.default.js +++ b/config.default.js @@ -23,7 +23,7 @@ exports.MAIN = { * Generates a report submission to AbuseIPDB. * @returns {string} A formatted string report. */ -exports.REPORT_COMMENT = ({ timestamp, srcIp, dstIp, proto, spt, dpt, In, Out, mac, len, ttl, id, tos, prec, res, window, urgp, syn }, fullLog, serverName) => +exports.REPORT_COMMENT = ({ date, srcIp, dstIp, proto, spt, dpt, In, Out, mac, len, ttl, id, tos, prec, res, window, urgp, syn }, fullLog, serverName) => `Blocked by UFW ${serverName ? `on ${serverName} ` : ''}[${dpt || 'N/A'}/${proto?.toLowerCase() || 'N/A'}] Source port: ${spt || 'N/A'} TTL: ${ttl || 'N/A'} @@ -34,7 +34,7 @@ This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter`; // Please do not delete this URL. I would be very grateful, thank you! 💙 // Alternative version: -// exports.REPORT_COMMENT = ({ timestamp, In, Out, srcIp, dstIp, res, tos, prec, ttl, id, proto, spt, dpt, len, urgp, mac, window, syn }, fullLog, serverName) => +// exports.REPORT_COMMENT = ({ date, In, Out, srcIp, dstIp, res, tos, prec, ttl, id, proto, spt, dpt, len, urgp, mac, window, syn }, fullLog, serverName) => // `Blocked by UFW ${serverName ? `on ${serverName} ` : ''}[${dpt}/${proto?.toLowerCase()}]. Generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter`; diff --git a/index.js b/index.js index dca517f..53626f0 100644 --- a/index.js +++ b/index.js @@ -9,7 +9,7 @@ const parseTimestamp = require('./scripts/utils/parseTimestamp.js'); const { reportedIPs, loadReportedIPs, saveReportedIPs, isIPReportedRecently, markIPAsReported } = require('./scripts/services/cache.js'); const log = require('./scripts/utils/log.js'); const axios = require('./scripts/services/axios.js'); -const serverAddress = require('./scripts/services/fetchServerIP.js'); +const { refreshServerIPs, getServerIPs } = require('./scripts/services/ipFetcher.js'); const discordWebhooks = require('./scripts/services/discord.js'); const config = require('./config.js'); const { version } = require('./package.json'); @@ -33,56 +33,60 @@ const reportToAbuseIPDb = async (logData, categories, comment) => { } }; -const processLogLine = async line => { +const toNumber = (str, regex) => { + const parsed = str.match(regex)?.[1]; + return parsed ? Number(parsed) : parsed; +}; + +const processLogLine = async (line, test = false) => { if (!line.includes('[UFW BLOCK]')) return log(0, `Ignoring invalid line: ${line}`); const logData = { - timestamp: parseTimestamp(line), // Log timestamp + date: parseTimestamp(line), // Log timestamp srcIp: line.match(/SRC=([\d.]+)/)?.[1] || null, // Source IP address dstIp: line.match(/DST=([\d.]+)/)?.[1] || null, // Destination IP address proto: line.match(/PROTO=(\S+)/)?.[1] || null, // Protocol (TCP, UDP, ICMP, etc.) - spt: line.match(/SPT=(\d+)/)?.[1] || null, // Source port - dpt: line.match(/DPT=(\d+)/)?.[1] || null, // Destination port + spt: toNumber(line, /SPT=(\d+)/), // Source port + dpt: toNumber(line, /DPT=(\d+)/), // Destination port in: line.match(/IN=(\w+)/)?.[1] || null, // Input interface out: line.match(/OUT=(\w+)/)?.[1] || null, // Output interface mac: line.match(/MAC=([\w:]+)/)?.[1] || null, // MAC address - len: line.match(/LEN=(\d+)/)?.[1] || null, // Packet length - ttl: line.match(/TTL=(\d+)/)?.[1] || null, // Time to live - id: line.match(/ID=(\d+)/)?.[1] || null, // Packet ID + len: toNumber(line, /LEN=(\d+)/), // Packet length + ttl: toNumber(line, /TTL=(\d+)/), // Time to live + id: toNumber(line, /ID=(\d+)/), // Packet ID tos: line.match(/TOS=(\S+)/)?.[1] || null, // Type of service prec: line.match(/PREC=(\S+)/)?.[1] || null, // Precedence res: line.match(/RES=(\S+)/)?.[1] || null, // Reserved bits - window: line.match(/WINDOW=(\d+)/)?.[1] || null, // TCP Window size - urgp: line.match(/URGP=(\d+)/)?.[1] || null, // Urgent pointer + window: toNumber(line, /WINDOW=(\d+)/), // TCP Window size + urgp: toNumber(line, /URGP=(\d+)/), // Urgent pointer ack: !!line.includes('ACK'), // ACK flag syn: !!line.includes('SYN'), // SYN flag }; const { srcIp, proto, dpt } = logData; if (!srcIp) { - return log(1, `Missing SRC in log line: ${line}`); + return log(1, `Missing SRC in the log line: ${line}`); } - if (serverAddress().includes(srcIp)) { - return log(0, `Ignoring own IP address: ${srcIp}`); - } - - const ips = serverAddress(); + const ips = getServerIPs(); if (!Array.isArray(ips)) { return log(1, 'For some reason, \'ips\' is not an array'); } if (ips.includes(srcIp)) { - return log(0, `Ignoring own IP address: ${srcIp}`); + return log(1, `Ignoring own IP address! PROTO=${proto?.toLowerCase()} SRC=${srcIp} DPT=${dpt} ID=${logData.id}`); } // Report MUST NOT be of an attack where the source address is likely spoofed i.e. SYN floods and UDP floods. // TCP connections can only be reported if they complete the three-way handshake. UDP connections cannot be reported. - // More: https://www.abuseipdb.com/reporting-policy + // Read more: https://www.abuseipdb.com/reporting-policy if (proto === 'UDP') { return log(0, `Skipping UDP traffic: SRC=${srcIp} DPT=${dpt}`); } + // Testing + if (test) return logData; + if (isIPReportedRecently(srcIp)) { const lastReportedTime = reportedIPs.get(srcIp); const elapsedTime = Math.floor(Date.now() / 1000 - lastReportedTime); @@ -116,6 +120,7 @@ const processLogLine = async line => { log(0, `v${version} (https://github.com/sefinek/UFW-AbuseIPDB-Reporter)`); loadReportedIPs(); + await refreshServerIPs(); if (!fs.existsSync(UFW_LOG_FILE)) { log(2, `Log file ${UFW_LOG_FILE} does not exist.`); @@ -152,4 +157,6 @@ const processLogLine = async line => { log(0, '====================================================================='); process.send && process.send('ready'); -})(); \ No newline at end of file +})(); + +module.exports = processLogLine; \ No newline at end of file diff --git a/scripts b/scripts index d3be07c..c550075 160000 --- a/scripts +++ b/scripts @@ -1 +1 @@ -Subproject commit d3be07cbc6e21f2420473bf97719e572fc6f9f38 +Subproject commit c550075d2dd7b115bc2ee9f19fdf89e23eec997f