my $ipv6_connect_scan_file = 'ipv6_tcp_connect_nmap_default_scan';
my $ignore_ipv4_auto_dl_file = "$conf_dir/auto_dl_ignore_192.168.10.55";
my $ignore_ipv4_subnet_auto_dl_file = "$conf_dir/auto_dl_ignore_192.168.10.0_24";
+my $ignore_ipv6_addr_auto_dl_file = "$conf_dir/auto_dl_ignore_ipv6_addr";
my $dl5_ipv4_auto_dl_file = "$conf_dir/auto_dl_5_192.168.10.55";
my $dl5_ipv4_subnet_auto_dl_file = "$conf_dir/auto_dl_5_192.168.10.0_24";
my $dl5_ipv4_subnet_auto_dl_file_tcp = "$conf_dir/auto_dl_5_192.168.10.0_24_tcp";
'detail' => 'config dump+validate',
'err_msg' => 'could not dump+validate config',
'function' => \&validate_config,
- 'cmdline' => "$psadCmd -D -c $default_conf",
+ 'cmdline' => "$psadCmd --test-mode -D -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
},
qr/\biptables\b/, qr/\bip6tables\b/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd --fw-dump -c $default_conf",
+ 'cmdline' => "$psadCmd --test-mode --fw-dump -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
},
'positive_output_matches' => [qr/Listing\schains\sfrom\sIPT_AUTO_CHAIN/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd --fw-list-auto -c $default_conf",
+ 'cmdline' => "$psadCmd --test-mode --fw-list-auto -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
},
'positive_output_matches' => [qr/Parsing.*iptables/, qr/Parsing.*ip6tables/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd --fw-analyze -c $default_conf",
+ 'cmdline' => "$psadCmd --test-mode --fw-analyze -c $default_conf",
'exec_err' => $IGNORE,
'fatal' => $NO
},
'detail' => '--Status',
'err_msg' => 'could not get psad status',
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -S -c $default_conf",
+ 'cmdline' => "$psadCmd --test-mode -S -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
},
'detail' => '--Status --status-summary',
'err_msg' => 'could not get psad status summary',
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -S --status-summary -c $default_conf",
+ 'cmdline' => "$psadCmd --test-mode -S --status-summary -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
},
'positive_output_matches' => [qr/Next\savailable.*\s\d+/i],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd --get-next-rule-id -c $default_conf",
+ 'cmdline' => "$psadCmd --test-mode --get-next-rule-id -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
},
'positive_output_matches' => [qr/Entering\sbenchmark\smode/, qr/processing\stime\:\s\d+/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd --Benchmark --packets 1000 -c $default_conf",
+ 'cmdline' => "$psadCmd --test-mode --Benchmark --packets 1000 -c $default_conf",
'exec_err' => $IGNORE,
'fatal' => $NO
},
qr/192\.168\.10\.55/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A -m $scans_dir/" .
+ 'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
&fw_type() . "/$syn_scan_file -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
qr/192\.168\.10\.55/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A -m $scans_dir/" .
+ 'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
&fw_type() . "/$fin_scan_file -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
qr/192\.168\.10\.55/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A -m $scans_dir/" .
+ 'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
&fw_type() . "/$xmas_scan_file -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
qr/192\.168\.10\.55/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A -m $scans_dir/" .
+ 'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
&fw_type() . "/$null_scan_file -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
qr/192\.168\.10\.55/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A -m $scans_dir/" .
+ 'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
&fw_type() . "/$ack_scan_file -c $enable_ack_detection_conf",
'exec_err' => $NO,
'fatal' => $NO
qr/192\.168\.10\.55/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A -m $scans_dir/" .
+ 'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
&fw_type() . "/$udp_scan_file -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
qr/192\.168\.10\.55,\sDL\:\s5/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A --auto-dl $dl5_ipv4_auto_dl_file " .
+ 'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_auto_dl_file " .
"-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
qr/192\.168\.10\.55,\sDL\:\s5/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A --auto-dl $dl5_ipv4_subnet_auto_dl_file " .
+ 'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_subnet_auto_dl_file " .
"-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
qr/192\.168\.10\.55,\sDL\:\s5/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A --auto-dl $dl5_ipv4_subnet_auto_dl_file_tcp " .
+ 'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_subnet_auto_dl_file_tcp " .
"-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
'negative_output_matches' => [qr/192\.168\.10\.55,\sDL\:\s5/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A --auto-dl $dl5_ipv4_subnet_auto_dl_file_udp " .
+ 'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_subnet_auto_dl_file_udp " .
"-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
qr/192\.168\.10\.55,\sDL\:\s5/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A --auto-dl $dl5_ipv4_auto_dl_file " .
+ 'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_auto_dl_file " .
"-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
qr/192\.168\.10\.55,\sDL\:\s5/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A --auto-dl $dl5_ipv4_subnet_auto_dl_file " .
+ 'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_subnet_auto_dl_file " .
"-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
qr/192\.168\.10\.55,\sDL\:\s5/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A --auto-dl $dl5_ipv4_subnet_auto_dl_file_udp " .
+ 'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_subnet_auto_dl_file_udp " .
"-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
'negative_output_matches' => [qr/192\.168\.10\.55,\sDL\:\s5/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A --auto-dl $dl5_ipv4_subnet_auto_dl_file_tcp " .
+ 'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_subnet_auto_dl_file_tcp " .
"-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
'negative_output_matches' => [qr/SRC\:\s+192\.168\.10\.55/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A --auto-dl $ignore_ipv4_auto_dl_file " .
+ 'cmdline' => "$psadCmd --test-mode -A --auto-dl $ignore_ipv4_auto_dl_file " .
"-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
'negative_output_matches' => [qr/SRC\:\s+192\.168\.10\.55/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A --auto-dl $ignore_ipv4_subnet_auto_dl_file " .
+ 'cmdline' => "$psadCmd --test-mode -A --auto-dl $ignore_ipv4_subnet_auto_dl_file " .
"-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
'negative_output_matches' => [qr/SRC\:\s+192\.168\.10\.55/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A --auto-dl $dl5_ipv4_auto_dl_file " . ### psad.conf IGNORE_PROTOCOLS trumps auto_dl
+ 'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_auto_dl_file " . ### psad.conf IGNORE_PROTOCOLS trumps auto_dl
"-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $ignore_tcp_conf",
'exec_err' => $NO,
'fatal' => $NO
'positive_output_matches' => [qr/SRC\:\s+192\.168\.10\.55/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A --auto-dl $dl5_ipv4_auto_dl_file " . ### psad.conf FW_MSG_SEARCH trumps auto_dl
+ 'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_auto_dl_file " . ### psad.conf FW_MSG_SEARCH trumps auto_dl
"-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $require_prefix_conf",
'exec_err' => $NO,
'fatal' => $NO
'negative_output_matches' => [qr/SRC\:\s+192\.168\.10\.55/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A --auto-dl $dl5_ipv4_auto_dl_file " . ### psad.conf FW_MSG_SEARCH trumps auto_dl
+ 'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_auto_dl_file " . ### psad.conf FW_MSG_SEARCH trumps auto_dl
"-m $scans_dir/" . &fw_type() . "/$syn_scan_file -c $require_missing_prefix_conf",
'exec_err' => $NO,
'fatal' => $NO
'negative_output_matches' => [qr/SRC\:\s+192\.168\.10\.55/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A --auto-dl $ignore_ipv4_auto_dl_file " .
+ 'cmdline' => "$psadCmd --test-mode -A --auto-dl $ignore_ipv4_auto_dl_file " .
"-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
'negative_output_matches' => [qr/SRC\:\s+192\.168\.10\.55/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A --auto-dl $ignore_ipv4_subnet_auto_dl_file " .
+ 'cmdline' => "$psadCmd --test-mode -A --auto-dl $ignore_ipv4_subnet_auto_dl_file " .
"-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
'negative_output_matches' => [qr/SRC\:\s+192\.168\.10\.55/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A --auto-dl $dl5_ipv4_auto_dl_file " . ### psad.conf IGNORE_PROTOCOLS trumps auto_dl
+ 'cmdline' => "$psadCmd --test-mode -A --auto-dl $dl5_ipv4_auto_dl_file " . ### psad.conf IGNORE_PROTOCOLS trumps auto_dl
"-m $scans_dir/" . &fw_type() . "/$udp_scan_file -c $ignore_udp_conf",
'exec_err' => $NO,
'fatal' => $NO
qr/2001\:DB8\:0\:F101\:\:2/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A -m $scans_dir/" .
+ 'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
&fw_type() . "/$ipv6_connect_scan_file -c $default_conf",
'exec_err' => $NO,
'fatal' => $NO
'negative_output_matches' => [qr/2001\:DB8\:0\:F101\:\:2/],
'match_all' => $MATCH_ALL_RE,
'function' => \&generic_exec,
- 'cmdline' => "$psadCmd -A -m $scans_dir/" .
+ 'cmdline' => "$psadCmd --test-mode -A -m $scans_dir/" .
&fw_type() . "/$ipv6_connect_scan_file -c $disable_ipv6_conf",
'exec_err' => $NO,
'fatal' => $NO
},
+ {
+ 'category' => 'operations',
+ 'detail' => 'ignore IPv6 connect() scan source',
+ 'err_msg' => 'logged IPv6 traffic',
+ 'positive_output_matches' => [qr/\[NONE\]/],
+ 'negative_output_matches' => [qr/2001\:DB8\:0\:F101\:\:2/],
+ 'match_all' => $MATCH_ALL_RE,
+ 'function' => \&generic_exec,
+ 'cmdline' => "$psadCmd --test-mode -A --auto-dl $ignore_ipv6_addr_auto_dl_file " .
+ "-m $scans_dir/" . &fw_type() . "/$ipv6_connect_scan_file -c $default_conf",
+ 'exec_err' => $NO,
+ 'fatal' => $NO
+ },
);
projects / psad.git / commitdiff