#!/usr/bin/perl

use Time::Local;

# Linux DSHield Client for PortSentry v 0.0.1
# This script will extract relevant lines from the portsentry
# log file and send them to 'report at dshield.org'
#
# It should run from the cron to regularily look for new entries.
#

$userid = "0"; 			#replace with your userid
$email = 'youremail at yourdomain'; 	# email you resgistered at DSHield with
$to = 'report at dshield.org';     	#send reports to dshield
#$to = 'test at dshield.org';		#test reports
$subject = "FORMAT DSHIELD USERID $userid";
$target_ip = "255.255.255.255"; 	# your ip goes here
$source_port = 0; 			#portsentry does not record the source port, use 0  

$state = "/var/tmp/dshield";    	#stores timestamp of logfile
$logfile = "/var/log/portsentry/portsentry.history"; #the portsentry history 
file

#setup a scratch file

srand(time);
$tmp = "/tmp/dshield".$$.rand(1000);
#$tmp ="test";

# get the last timestamp from the stat file
$last_date = 0;
if ( -e $state )
{
        $last_date = `cat $state`;
}

#get current date for logfile

$curr_date = 0;
($dum, $dum, $dum, $dum, $dum, $dum, $dum, $dum, $dum, $curr_date, $dum) = 
stat($logfile);

#if the curr_date older than last_date checked, exit, something's weird

if ($curr_date <= $last_date)
{
        exit(1);
}

#parse the log file to create the $tmp file to mail

open LOGFILE, "<$logfile" or die "Cannot open file $logfile!";
open TMP, ">$tmp" or die "Cannot open file $tmp!";
while ($line = <LOGFILE>)            
{
        #parse the date of this event...
        $line =~ /([0-9]+) -/;
        $line_date = $1;

        if ($line_date > $last_date)
        {
                #this line was written after the last time the
                #log was checked
                #parse all the values, then write line in $tmp
                #parse the year
                $line =~ /- [0-9]{2}\/[0-9]{2}\/([0-9]{4})/;
                $year = $1;

                #parse the month
                $line =~ /- ([0-9]{2})\//;
                $month = $1;      

                #parse the day
                $line =~ /- [0-9]{2}\/([0-9]{2})\//;
                $day = $1;

                #parse the source IP
                $line =~ /Host: .*\/(.*) Port/;
                $source_ip = $1;

                #parse the source port
                $line =~ /Port: ([0-9]+)/;
                $target_port = $1;

                #parse the protocol
                $line =~ /Port: [0-9]+ ([A-Z]{3})/;
                $protocol = $1;       

                #write the line to the $tmp file
                print TMP 
"$year-$month-$day\t$userid\t1\t$source_ip\t$source_port\t$target_ip\t$target_p
ort\t$protocol\n";      
        }
}
close LOGFILE;
close TMP;

#send file if something to report

if ( -s $tmp )
{
        open(MAIL, "| /usr/sbin/sendmail -t -oi");
        print MAIL "To: $to\n";
        print MAIL "From: $email\n";
        print MAIL "Reply-to: $email\n";
        print MAIL "Subject: $subject\n\n";
        print MAIL `cat $tmp`;
        close MAIL;
}


# cleanup and record state

system ("rm $tmp");
system ("echo $curr_date > $state");