Created
October 16, 2016 15:44
-
-
Save seebz/2a11e0e4fba9d6a5797cc3b7b5101740 to your computer and use it in GitHub Desktop.
Uncomplicated Firewall notifications
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Uncomplicated Firewall notifications | |
| # | |
| notify() { | |
| notify-send --expire-time=5000 --app-name=gufw --icon=gufw "$@" | |
| } | |
| MSG= | |
| filter() { | |
| while read MSG; do | |
| if [[ $MSG =~ (UFW) ]]; then | |
| set_msg_vars | |
| if [[ $MSG =~ (UFW ALLOW) ]]; then | |
| allow_msg | |
| elif [[ $MSG =~ (UFW AUDIT) ]]; then | |
| audit_msg | |
| elif [[ $MSG =~ (UFW BLOCK) ]]; then | |
| block_msg | |
| fi | |
| fi | |
| done | |
| } | |
| MSG_IN= | |
| MSG_OUT= | |
| MSG_SRC= | |
| MSG_DST= | |
| MSG_ID= | |
| MSG_PROTO= | |
| MSG_SPT= | |
| MSG_DPT= | |
| set_msg_vars() { | |
| MSG_IN=`msg_var IN` | |
| MSG_OUT=`msg_var OUT` | |
| MSG_SRC=`msg_var SRC` | |
| MSG_DST=`msg_var DST` | |
| MSG_ID=`msg_var ID` | |
| MSG_PROTO=`msg_var PROTO` | |
| MSG_SPT=`msg_var SPT` | |
| MSG_DPT=`msg_var DPT` | |
| } | |
| # msg_var IN | |
| msg_var() { | |
| echo "$MSG" | grep -o "$1=[^ ]*" | cut -d '=' -f 2 | |
| } | |
| # msg_date +'%x %X' | |
| msg_date() { | |
| d=$( echo "$MSG" | awk -F"`hostname`" '{print $1}' ) | |
| date --date="$d" "$@" | |
| } | |
| allow_msg() { | |
| if [ ! -z $MSG_IN ]; then | |
| category=x-gufw.allowed.incoming | |
| title="Incoming connection allowed" | |
| title="$title ($MSG_IN)" | |
| elif [ ! -z $MSG_OUT ]; then | |
| category=x-gufw.allowed.outgoing | |
| title="Outgoing connection allowed" | |
| title="$title ($MSG_OUT)" | |
| else | |
| category=x-gufw.allowed.unknown | |
| title="Connection allowed" | |
| fi | |
| body="From: $MSG_SRC ($MSG_SPT) | |
| To: $MSG_DST ($MSG_DPT)" | |
| notify --category=$category "$title" "$body" | |
| } | |
| audit_msg() { | |
| # todo | |
| : | |
| } | |
| block_msg() { | |
| if [ ! -z $MSG_IN ]; then | |
| category=x-gufw.blocked.incoming | |
| title="Incoming connection blocked" | |
| title="$title ($MSG_IN)" | |
| elif [ ! -z $MSG_OUT ]; then | |
| category=x-gufw.blocked.outgoing | |
| title="Outgoing connection blocked" | |
| title="$title ($MSG_OUT)" | |
| else | |
| category=x-gufw.blocked.unknown | |
| title="Connection blocked" | |
| fi | |
| body="From: $MSG_SRC ($MSG_SPT) | |
| To: $MSG_DST ($MSG_DPT)" | |
| notify --category=$category "$title" "$body" | |
| } | |
| tail --follow --lines=0 /var/log/syslog | filter |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment