#!/bin/sh -e

# This script creates a daily report of firewall activity with wflogs

#This script was written by Jean-Michel Kelbert <kelbert@debian.org>, for
#the Debian project (but  may  be used by others)

export LC_ALL="C"

WFLOGS=/usr/bin/wflogs
CONFIG=/etc/default/wflogs

test -x $WFLOGS || exit 0
test -r $CONFIG || exit 0

. $CONFIG

test $REPORT_GENERATE || exit 0
test -r $INPUT_FILE || exit 0

mymkdir() {
  if [ ! -d "$1" ]; then
    mkdir -p "$1"
    if  [ "$REPORT_PERMISSIONS" = "true" -a "$REPORT_DIRECTORY" = "/var/www/wflogs" ]; then
      chown root:www-data "$1"
    else
      chown root:adm "$1"
    fi
    chmod 750 "$1"
  fi
}

if [ -z "$INPUT_TYPE" ]; then
  INPUT_TYPE="netfilter"
fi

INPUT_TYPE=`echo $INPUT_TYPE | tr -d " "`


# Here we create the directory where reports should be put.
# I choose /var/www/ for xml report according to an answer on a Debian
# mailing-list. 
if [ "$REPORT_DIRECTORY" = "" ]; then
  if  [ "$REPORT_OUTPUT_TYPE" = "html" -o "$REPORT_OUTPUT_TYPE" = "xml" ]; then
    if [ -f "/etc/apache-ssl/httpd.conf" ]; then
      REPORT_DIRECTORY="`grep -m1 ^\b*DocumentRoot /etc/apache-ssl/httpd.conf | cut -f2 -d\ `/wflogs"
    elif [ -f "/etc/apache/httpd.conf" ]; then
      REPORT_DIRECTORY="`grep -m1 ^\b*DocumentRoot /etc/apache/httpd.conf | cut -f2 -d\ `/wflogs"
    else
      REPORT_DIRECTORY=/var/www/wflogs
    fi
  else
    REPORT_DIRECTORY=/var/log/wflogs
  fi
fi 

mymkdir "$REPORT_DIRECTORY"

# wflogs options.
case "$REPORT_SORT" in
 "Yes default order")
  OPTIONS="--sort"
  ;;
 "Yes custom order")
  OPTIONS="--sort=$REPORT_SORT_OPTIONS"
  ;;
esac

OPTIONS="$OPTIONS --strict-parsing=loose \
-i $INPUT_TYPE -o $REPORT_OUTPUT_TYPE --summary=$REPORT_OUTPUT_SUMMARY"

if [ "$REPORT_OBFUSCATE" != "nothing" ]; then
  OPTIONS="--obfuscate=$REPORT_OBFUSCATE $OPTIONS"
fi

case "$REPORT_OUTPUT_WHOIS" in
 "no whois lookups")
  REPORT_OUTPUT_WHOIS=0
  ;;
 "always do whois lookups")
  REPORT_OUTPUT_WHOIS=1
  ;;
 "do whois lookups only if no DNS name could be found")
  REPORT_OUTPUT_WHOIS=2
  ;;
esac

case "$REPORT_OUTPUT_TYPE" in
 html|text|human|xml)
  OPTIONS="$OPTIONS --whois_lookup=$REPORT_OUTPUT_WHOIS --mac_vendor=$REPORT_OUTPUT_MAC_VENDOR"
  if [ "$OUTPUT_TYPE" != "xml" ]; then
    OPTIONS="$OPTIONS --src_mac=$REPORT_OUTPUT_MAC --dst_mac=$REPORT_OUTPUT_MAC --duration=$REPORT_OUTPUT_DURATION"
  fi
  ;;
esac

# Here we determine the date when log begin.
DATE_BEGIN_LOG=`head -n 1 $INPUT_FILE | awk '{print $1,$2}'`
DATE_TODAY=`date +"%b %d"`
DATE_TODAY_UNIX=`date +%s`

while [ `date -d "$DATE_BEGIN_LOG" +%s` -gt $DATE_TODAY_UNIX ]; do
  DATE_BEGIN_LOG=`date -d "$DATE_BEGIN_LOG 1 year ago"`
done

DATE_TMP="$DATE_BEGIN_LOG"

#Now we generate reports for each day since the beginning of the logs
# Reports are placed in such a structure
#DIRECTORY
#`--YEAR
#    `-- MONTH
#        `-- wflogs_DATE.EXTENSION

while [ `date -d "$DATE_TMP" +%s` -le $DATE_TODAY_UNIX ]; do
  YEAR=`date -d "$DATE_TMP" +"%Y"`
  MONTH=`date -d "$DATE_TMP"  +"%Y/%m"`
  for DIRECTORY in $YEAR $MONTH ; do
    mymkdir "$REPORT_DIRECTORY/$DIRECTORY"
  done
	
  FINAL_REPORT_DIRECTORY="$REPORT_DIRECTORY/$MONTH"
  
  OUTPUT_FILE=$FINAL_REPORT_DIRECTORY/wflogs_`date -d "$DATE_TMP" +%F`.$REPORT_OUTPUT_TYPE

  if [ ! -r $OUTPUT_FILE ]; then
    FILTER="\$start_time >= [$DATE_TMP] && \$start_time < [$DATE_TMP 1 day]"
    COMMAND="$WFLOGS -f '$FILTER' $OPTIONS -- $INPUT_FILE"
    eval $COMMAND > $OUTPUT_FILE
    if  [ "$REPORT_PERMISSIONS" = "true" -a "$REPORT_DIRECTORY" = "/var/www/wflogs" ]; then
      chown root:www-data $OUTPUT_FILE 
    else
      chown root:adm $OUTPUT_FILE 
    fi
    chmod 640 $OUTPUT_FILE 
  fi
  DATE_TMP=`date -d "$DATE_TMP 1 day"`
done
