Benjamin Jeeves wrote:
>
> Hi all
Hello,
> This is what I have been work on over the weekend and a bit more and now it
> works so here it is. Please comment on it. As you might see I my develop a
> simple Intrusion Detection System I will be adding more signatures in time
> and there is a sensor for it that collects packets of the wire by using
> TCPDUMP Develop in Linux Mandrake and is for my dissertation for my degree in
> Computer Sceince from Brunel Uni.
>
> #!/usr/bin/perl
The code does not compile cleanly with "use warnings" and "use strict" enabled.
> use POSIX qw(strftime);
> use Time::Local;
It doesn't look like you are using this module.
> use Term::ANSIColor;
> use DBI;
> use Benchmark;
It doesn't look like you are using this module.
> use IO::Seekable;
> use Fcntl':seek';
>
> my $filein = $ARGV[0];
> open FILEIN, $filein or die $!;
>
> @T = gmtime(time);
my @T = gmtime;
> $TZ = "LOC";
You are not using this variable anywhere.
> my ($dsn) = "DBI:mysql:connections:localhost";
> my $host = 'localhost';
> my $db = 'connections';
> my $db_user = 'root';
> my $db_password = "";
> my ($dbh, $sth);
> my ( @createcode ) = ();
> my ( $dc ) = '';
> my ( @icmpalert ) = ();
The parenthesis are not required unless you have more than one variable for the my
function. On some assignments you use single quotes and on others you use double
quotes. The double quotes are only required if you want perl to interpolate the
string. Is there any reason that you are declaring these variables again in two
subroutines?
> $date = strftime("%Y%m%d%H", @T);
> @date = $date;
Why the assignment of $date to $date[0]?
> table();
Why the subroutine? This is the only place where table() is called.
> sub table
> {
> # Connect to the database
> $dbh = DBI->connect ($dsn, $db_user, $db_password, { RaiseError => 1 });
>
> $createcode[0] =
> "CREATE TABLE connect (" .
> "date VARCHAR(20) NOT NULL," .
> "recordtime VARCHAR(20) NOT NULL," .
> "srcip VARCHAR(20) NOT NULL," .
> "srcport VARCHAR(20) NOT NULL," .
> "dstip VARCHAR(20) NOT NULL," .
> "dstport VARCHAR(20) NOT NULL);";
>
> $createcode[1] =
> "CREATE TABLE icmpalert (" .
> "date VARCHAR(20) NOT NULL," .
> "recordtime VARCHAR(20) NOT NULL," .
> "srcip VARCHAR(30) NOT NULL," .
> "dstip VARCHAR(30) NOT NULL," .
> "icmpalert VARCHAR(70) NOT NULL);";
>
> doStatements( @createcode );
> }
>
> sub doStatements()
^^
You are telling perl that this sub takes NO arguments which appears to be incorrect.
perldoc perlsub
> {
> my ( @Code ) = @_;
> foreach $dc ( @Code )
> {
> $statement = $dbh->prepare( $dc );
> $statement->execute();
> if ( $statement->errstr )
> {
> print "error=>";
> %theerr = $statement->errstr;
> while (($key,$value) = each %theerr)
> {
> print "$key=>$value\n";
> }
> }
> }
> }
>
> &main_prog;
Why the subroutine? This is the only place where main_prog() is called.
> sub main_prog
> {
>
> my $counter = 0;
> my $counter1 = 0;
>
> #$filepos = tell FILEIN;
>
> for(;;)
> {
> $filepos = tell FILEIN;
> build_db();
> $counter++;
> icmp_alert();
> $counter1++;
>
> print "$counter..$counter1\n";
> sleep 50;
> seek FILEIN, 0, SEEK_CUR;
> }
> }
>
> sub build_db()
> {
>
> my @traffic;
> my @recordtime;
> my @srcip;
> my @srcport;
> my @dstip;
> my @dstport;
> my @dstport1;
> my @temp;
> my @temp1;
> my @date;
> my $counter = 0;
> #my $filepos = tell FILEIN;
>
> seek FILEIN, $filepos, SEEK_SET;
>
> while ( <FILEIN> )
> {
> @traffic = $_;
> @traffic = split(/ /, $traffic[0]);
^^^
Do you REALLY want to split on a single space character? Just use the default split.
while ( <FILEIN> )
{
my @traffic = split;
> foreach ($traffic[0] =~ m/(\d{2}:\d{2}:\d{2}\.\d{6})/)
> {
>
> @recordtime = $traffic[0];
^^^^^^^^^^^
Why are you using an array here?
> foreach ($traffic[1] =~ m/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/)
> {
> @temp = $traffic[1];
^^^^^
Why are you using an array here?
> @temp = split (/\./, $temp[0]);
my @temp = split /\./, $traffic[1];
> @srcip = join '.', ($temp[0],$temp[1],$temp[2],$temp[3]);
^^^^^^
Why are you using an array here?
> @srcport = $temp[4];
^^^^^^^^
Why are you using an array here?
> foreach ($traffic[3] =~ m/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/)
> {
> @temp1 = $traffic[3];
^^^^^^
Why are you using an array here?
> @temp1 = split (/\./, $temp1[0]);
> @dstip = join '.', ($temp1[0],$temp1[1],$temp1[2],$temp1[3]);
^^^^^^^
Why are you using an array here?
> @dstip = split (/:/, $dstip[0]);
> @dstport1 = $temp1[4];
^^^^^^^^^
Why are you using an array here?
> @dstport1 = split (/:/, $dstport1[0]);
> @dstport = $dstport1[0];
^^^^^^^^
Why are you using an array here?
> $counter++;
>
> # Connects to the databases and loads all the data
> # in to the databases with the date and hour.
>
> my ($dsn) = "DBI:mysql:connections:localhost";
> my $host = 'localhost';
> my $db = 'connections';
> my $db_user = 'root';
> my $db_password = "";
> my ($dbh, $sth);
> my ( @createcode ) = ();
> my ( $dc ) = '';
>
> $date = strftime("%Y%m%d%H", @T);
> @date = $date;
^^^^^
Why are you using an array here?
> # Connect to the database
> $dbh = DBI->connect ($dsn, $db_user, $db_password, { RaiseError
>=> 1 });
>
> # Add the records to the databases
> $query = $dbh->do (qq{
> insert into connect (date, recordtime, srcip, srcport,
>dstip, dstport)
> values
>('@date','@recordtime','@srcip','@srcport','@dstip','@dstport')
> });
> print "Running in DB: $counter\n";
> }
> }
> }
> }
> }
>
> sub icmp_alert
> {
>
> my @traffic;
> my @temp;
> my @temp1;
> my @recordtime;
> my @srcip;
> my @dstip;
> my @icmpalert;
> my @date;
> my $counter = 0;
>
> seek FILEIN, $filepos, SEEK_SET;
>
> while ( <FILEIN> )
> {
> $counter++;
> @traffic = $_;
^^^^^^^^
Why are you using an array here?
> @traffic = split (/\n/, $traffic[0]);
> if ($traffic[0] =~ m/icmp: echo request$/g)
> {
> @temp = $traffic[0];
^^^^^
Why are you using an array here?
> @temp = split (/\s+/, $temp[0]);
> @recordtime = $temp[0];
^^^^^^^^^^^
Why are you using an array here?
> @srcip = $temp[1];
^^^^^^
Why are you using an array here?
> @temp1 = $temp[3];
^^^^^^
Why are you using an array here?
> @temp1 = split (/:/, $temp1[0]);
> @dstip = $temp1[0];
^^^^^^
Why are you using an array here?
> @icmpalert = join ' ', ($temp[4],$temp[5],$temp[6]);
^^^^^^^^^^
Why are you using an array here?
> $counter++;
>
> my ($dsn) = "DBI:mysql:connections:localhost";
> my $host = 'localhost';
> my $db = 'connections';
> my $db_user = 'root';
> my $db_password = "";
> my ($dbh, $sth);
> my ( @createcode ) = ();
> my ( $dc ) = '';
>
> $date = strftime("%Y%m%d%H", @T);
> @date = $date;
^^^^^
Why are you using an array here?
> # Connect to the database
> $dbh = DBI->connect ($dsn, $db_user, $db_password, { RaiseError => 1 });
>
> # Add the records to the databases
> $query = $dbh->do (qq{
> insert into icmpalert (date, recordtime, srcip, dstip, icmpalert)
> values ('@date','@recordtime','@srcip','@dstip','@icmpalert')
> });
> }
> else
> {
> print "Not found\n"; # For testing that these signature works
> }
> }
> }
John
--
use Perl;
program
fulfillment
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
