/** * @PROJECT ForbidHosts * @COPYRIGHT See COPYING in the top level directory * @FILE forbidhosts.h * @PURPOSE Tool for checking IPv4 & IPv6 failed connections * @DEVELOPERS Pierre Schweitzer * Rafal Kupiec */ #define MAXATTEMPTS 5 #define HOSTEXPIRE 10 #define FAILUREPENALTY 1 #define DENYFILE "/etc/hosts.deny" #define LOGFILE "/var/log/auth.log" #define PIDFILE "/var/run/forbidhosts.pid" #define FHVERSION "1.6" #define assertHard(e) if (!(e)) assertException(__FILE__, __LINE__, #e, true) #define assertSoft(e) if (!(e)) assertException(__FILE__, __LINE__, #e, false) using namespace std; struct hf_t { unsigned int max_attempts; unsigned int host_expire; unsigned int failure_penalty; string banned_names; string debug; string deny_file; string log_file; string pid_file; string protocol; }; hf_t global; struct banned_t { string ipaddr; time_t expires; banned_t(time_t date, const string &address) { ipaddr = address; expires = date + 12 * 60 * 60; } }; struct host_t { string ipaddr; unsigned int attempts; time_t first_seen; time_t expires; host_t(time_t date, const string &address) { attempts = 1; ipaddr = address; first_seen = date; expires = date + global.host_expire * 60; } }; int logfile; void assertException(const char *file, unsigned int line, const char *assert, bool critical); void assignGlobalVars(); bool compare(const host_t &lhs, const host_t &rhs); void daemonize(string workdir); void debug(const char *msg, ...); void denyHost(string host); void printVersion(); unsigned int readLine(int file, vector &hosts, vector &banned); void shutdown(int code); void signalHandler(int signal); bool updateHost(const string &host, vector &hosts, vector &banned, unsigned int repeated, bool loggedin); bool validateEntry(char *entry, char **address, unsigned int *length, bool *loggedin); unsigned int validateRepeated(char *line);