void LockDownIp(Lock lockItem, LockType lockType, SecurityAgent reportingAgent)
{
int locksForToday = Locks.Today();
LimitMailSent = false;
try
{
// TO DO: Hard Lock overrides Soft Lock!
if (FirewallPolicyManager.Instance.IsLocked(lockItem.IpAddress))
{
WindowsLogManager.Instance.WriteEntry("Received another request to lock IP address " + lockItem.IpAddress +
". This IP address is already locked.", EventLogEntryType.Information, Globals.CYBERARMS_EVENT_ID_INFORMATION,
Globals.CYBERARMS_LOG_CATEGORY_RUNTIME);
return;
}
}
catch (Exception ex)
{
WindowsLogManager.Instance.WriteEntry("Intrusion Detection Service had an error:" + ex.Message, EventLogEntryType.Error,
Globals.CYBERARMS_EVENT_ID_CONFIGURATION_ERROR, Globals.CYBERARMS_LOG_CATEGORY_RUNTIME);
}
WindowsLogManager.Instance.WriteEntry(String.Format("{0} lock: Unsuccessful login attempts from ip address {1} exceeded threshold. Firewall rule is being created to block the address specified.",
lockType == LockType.HardLock ? "Hard" : "Soft", lockItem.IpAddress), EventLogEntryType.FailureAudit, Globals.CYBERARMS_EVENT_ID_FIREWALL_RULE_CREATED,
Globals.CYBERARMS_LOG_CATEGORY_SECURITY);
// lockItem.Id = Locks.CreateLock(lockItem);
try
{
FirewallPolicyManager.Instance.Block(lockItem.IpAddress);
switch (lockType)
{
case LockType.SoftLock:
lockItem.Status = Lock.LOCK_STATUS_SOFTLOCK;
Statistics.Instance.IncreaseSoftLockStatistics(reportingAgent);
break;
case LockType.HardLock:
lockItem.Status = Lock.LOCK_STATUS_HARDLOCK;
Statistics.Instance.IncreaseHardLockStatistics(reportingAgent);
break;
}
}
catch
{
lockItem.Status = Lock.LOCK_STATUS_LOCK_ERROR;
}
switch (lockType)
{
case LockType.SoftLock:
OnClientIpAddressSoftLocked(lockItem, null, reportingAgent.Id);
break;
case LockType.HardLock:
OnClientIpAddressHardLocked(lockItem, null, reportingAgent.Id);
break;
}
lockItem.Save();
}