notification.java

sifi-0.1.6.tar.gz 出自http://www.ifi.unizh.ch/ikm/SINUS/firewall/ 一个linux的防火墙工具。

    n = new Notification();
    n.levelName = "";
    n.levelText = "";
    staticLevels.addElement(n);
*/

  static { // default levels for templates
    Notification n;

    n = new Notification(STATIC_SOURCEROUTE);
    n.levelName = "SRCRTE";
    n.levelText = "report;\n"+
                  "message \"Suspicious IP packet has source route option set\";\n"+
                  "call "+STATIC_LOGATTACK+"; /* LOGATTACK: subroutine which checks for an attack */";
    staticLevels.addElement(n);

    n = new Notification(STATIC_SERVER);
    n.levelName = "SERVER";
    n.levelText = "message \"Incoming server connection\";\n"+
                  "call "+STATIC_OVERLOAD+"; /* OVERLOAD */";
    staticLevels.addElement(n);

    n = new Notification(STATIC_IDENT);
    n.levelName = "IDENT";
    n.levelText = "message \"Incoming ident request - connection closed\";";
    staticLevels.addElement(n);

    n = new Notification(STATIC_TRACEROUTE);
    n.levelName = "TRACERTE";
    n.levelText = "message \"Incoming traceroute\";\n"+
                  "report;\n"+
                  "reject with icmp_port_unreachable\n"+
                  "  udp from sourcehost to port 33434..33524\n"+
                  "  notification_level 0 timeout 60;";
    staticLevels.addElement(n);

    n = new Notification(STATIC_OUTGOING);
    n.levelName = "OUTGOING";
    n.levelText = "message \"Outgoing connection\";";
    staticLevels.addElement(n);

    n = new Notification(STATIC_PING);
    n.levelName = "PING";
    n.levelText = "message \"We have been pinged\";\n"+
                  "let satanping:sourcehost := satanping:sourcehost + 1 timeout 240;\n"+
                  "call "+STATIC_CHECKSATAN+"; /* CHKSATAN */ ";
    staticLevels.addElement(n);

    n = new Notification(STATIC_ICMP);
    n.levelName = "ICMP";
    n.levelText = "report;\n"+
                  "message \"Received suspicious ICMP packet\";\n"+
                  "call "+STATIC_LOGATTACK+"; /* LOGATTACK */";
    staticLevels.addElement(n);


    // Subroutines
    // -----------
    n = new Notification(STATIC_OVERLOAD);
    n.levelName = "OVERLOAD";
    n.levelText = "/* Check for attempt to overload the host */\n"+
                  "let connections:sourcehost := connections:sourcehost + 1 timeout 15;\n"+
                  "if connections:sourcehost > 50 then\n"+
                  "  spy;\n"+
                  "  report;\n"+
                  "  message \"Someone is trying to establish more than 50 connections\"\n"+
                  "          \"Blocking access for 30 seconds.\";\n"+
                  "  block all from sourcehost notification_level 0 timeout 30;\n"+
                  "  call "+STATIC_CHECKATTACK+"; /* CHKATTACK */\n"+
                  "endif;";
    staticLevels.addElement(n);

    n = new Notification(STATIC_CHKPORTSCAN);
    n.levelName = "CHKPRTSCN";
    n.levelText = "/* Check for port scanner */\n"+
                  "let oldattackport:sourcehost := attackport:sourcehost timeout 20;\n"+
                  "let attackport:sourcehost := destport timeout 600;\n"+
                  "if oldattackport:sourcehost != 0 then\n"+
                  "  if attackport:sourcehost != oldattackport:sourcehost then\n"+
                  "    let scan:sourcehost := scan:sourcehost + 1 timeout 600;\n"+
                  "    if scan:sourcehost > 2 then\n"+
                  "      message \"Someone is scanning ports\";\n"+
                  "      spy;\n"+
                  "      report;\n"+
                  "      let attack:sourcehost := attack:sourcehost + 12 timeout 600;\n"+
                  "      call "+STATIC_CHECKATTACK+"; /* CHKATTACK */\n"+
                  "    endif;\n"+
                  "  endif;\n"+
                  "endif;";
    staticLevels.addElement(n);

    n = new Notification(STATIC_CHECKSATAN);
    n.levelName = "CHKSATAN";
    n.levelText = "/* Check for SATAN */\n"+
                  "if satanping:sourcehost > 0 then\n"+
                  "  if satanrpc:sourcehost > 0 then\n"+
                  "    message \"SATAN attack - blocking access for 10 minutes\";\n"+
                  "    block all from sourcehost notification_level 0 timeout 600;\n"+
                  "    spy;\n"+
                  "    report;\n"+
                  "  endif;\n"+
                  "endif;";
    staticLevels.addElement(n);

    n = new Notification(STATIC_LOGATTACK);
    n.levelName = "LOGATTACK";
    n.levelText = "/* Log severe policy violation */\n"+
                  "let attack:sourcehost := attack:sourcehost + 1 timeout 600;\n"+
                  "call "+STATIC_CHECKATTACK+"; /* CHKATTACK */";
    staticLevels.addElement(n);

    n = new Notification(STATIC_CHECKATTACK);
    n.levelName = "CHKATTACK";
    n.levelText =  "/* Check if there is an attack and send e-mail */\n"+
                   "if attack:sourcehost > 12 then\n"+
                   "  report;\n"+
                   "  message \"Someone is trying to attack the network\";\n"+
                   "endif;\n"+
                   "if attack:sourcehost > 36 then\n"+
                   "  report;\n"+
                   "  message \"Someone is trying HARD to attack the network!\"\n"+
                   "          \"Blocking access for 10 minutes\";\n"+
                   "  block all from sourcehost notification_level 0 timeout 600;\n"+
                   "endif;";
    staticLevels.addElement(n);

  }

} // Notification

// Dialog box to edit a notification level
class NotificationDialog
	extends Dialog
	implements ActionListener {

  /**
   * @param co calling object, refresh() will be called after "OK"
   * @param p parent window
   * @param n notification level to be edited
   * @param md manage domain holding notification levels
   * @param nw if true, notification level will be removed from vector
   * in md when "Cancel" has been selected
   */   
  public NotificationDialog(Refreshable co, Frame p, Notification n, ManageDomain md, boolean nw) {
    super(p, "Notification Level", true);

    callingObject = co;
    parent = p;
    noti = n;
    mgDomain = md;
    newNoti = nw;

    GridBagLayout gbl = new GridBagLayout();
    GridBagConstraints gbc = new GridBagConstraints();
    gbc.fill = GridBagConstraints.BOTH;
    gbc.insets = new Insets(3,3,3,3);
    setLayout(gbl);

    lName = new TextField(n.levelName, 10);
    Utils.add_component(this, new Label("Name:"), gbl, gbc, 0, 0, 1, 1, 0, 0);
    Utils.add_component(this, lName, gbl, gbc, 1, 0, 1, 1, 0, 0);

    lText = new TextArea(n.levelText, 20, 80);
    lText.setFont(new Font("Courier", Font.PLAIN, 12));
    Utils.add_component(this, lText, gbl, gbc, 0, 1, 8, 20, 100, 100);

    gbc.fill = GridBagConstraints.NONE;
    gbc.anchor = GridBagConstraints.WEST;
    Panel pa = new Panel();
    OKbutton = new Button("OK");
		OKbutton.addActionListener(this);
    pa.add(OKbutton);
    Cancelbutton = new Button("Cancel");
		Cancelbutton.addActionListener(this);
    pa.add(Cancelbutton);
    Utils.add_component(this, pa, gbl, gbc, 0, 21, 8, 1, 0, 0);

    pack();
		addWindowListener(new NLAdapter());
  }

class NLAdapter extends WindowAdapter {

	public void WindowClosing(WindowEvent we) {
      if (isEnabled())
        dispose();
      return;
  }
} // class NLAdapter


  public void actionPerformed(ActionEvent ae) {
	Object source = ae.getSource();

		// Process OKbutton
    if (source == OKbutton) {
      // don't save changes in static notification levels
      if (noti.levelNumber < Notification.firstDynamic) {
        dispose();
        return;
      }

      String str = lName.getText().trim().toUpperCase();
      Enumeration en = mgDomain.NLevels.elements();
      Notification n;
      while (en.hasMoreElements()) {
        n = (Notification)en.nextElement();
        if (n != noti && n.levelName.equals(str)) {
          UserDialog.ErrorBox("Level "+str+" already exists!");
          return;
        }
      }
      noti.levelName = str;
      noti.levelText = lText.getText();
      if (callingObject != null)
        callingObject.refresh();
      dispose();
      return;
    }

		//Process Cancelbutton
    else if (source == Cancelbutton) {
      if (newNoti)
        mgDomain.NLevels.removeElement(noti);
      dispose();
      return;
    }
  } // actionPerformed

  private Refreshable callingObject;
  private Frame parent;
  private Notification noti;
  private ManageDomain mgDomain;
  private boolean newNoti;

  private TextField lName;
  private TextArea lText;
  private Button OKbutton;
  private Button Cancelbutton;
} // NotificationDialog