diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..91a46bb --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,10 @@ +{ + "files.associations": { + "assert.h": "c", + "ip2region.h": "c", + "conf.h": "c", + "ccronexpr.h": "c", + "clamscan.h": "c", + "libiptc.h": "c" + } +} \ No newline at end of file diff --git a/Makefile b/Makefile index 1aaca5f..bdf67b6 100644 --- a/Makefile +++ b/Makefile @@ -36,7 +36,7 @@ LIBCOMMON__CFLAGS += -DHAVE_CONFIG_H -I./clamav/common -I./clamav/libclamav -I./ LIBCOMMON_LIB += ./clamav/common/cert_util.c.o ./clamav/common/actions.c.o ./clamav/common/clamdcom.c.o ./clamav/common/getopt.c.o ./clamav/common/hostid.c.o ./clamav/common/idmef_logging.c.o ./clamav/common/misc.c.o ./clamav/common/optparser.c.o ./clamav/common/output.c.o ./clamav/common/tar.c.o ./clamav/common/linux/cert_util_linux.c.o -all: libclamav_rust libclamav rhost +all: libclamav_rust libclamav rhost nginx.o rhost: conf.o rhost.o libiptc.o ccronexpr.o nginx.o $(CC) $(ip2region_CFLAGS) ip2region/ip2region.c @@ -69,7 +69,7 @@ libclamav: test: - echo $(CMAKE) $(ARCH) + echo $(CMAKE) $(ARCH) $(CFLAGS) static: conf.o rhost.o libiptc.o $(CC) $(IPTC_CFLAGS) -c libiptc/libip4tc.c -o libiptc/libip4tc.o diff --git a/clamav/libclamav_rust/.rustc_info.json b/clamav/libclamav_rust/.rustc_info.json index c486876..cc7f143 100644 --- a/clamav/libclamav_rust/.rustc_info.json +++ b/clamav/libclamav_rust/.rustc_info.json @@ -1 +1 @@ -{"rustc_fingerprint":537842707314038760,"outputs":{"10376369925670944939":{"success":true,"status":"","code":0,"stdout":"___\nlib___.rlib\nlib___.so\nlib___.so\nlib___.a\nlib___.so\n/usr\ndebug_assertions\npanic=\"unwind\"\nproc_macro\ntarget_arch=\"x86_64\"\ntarget_endian=\"little\"\ntarget_env=\"gnu\"\ntarget_family=\"unix\"\ntarget_feature=\"fxsr\"\ntarget_feature=\"sse\"\ntarget_feature=\"sse2\"\ntarget_has_atomic=\"16\"\ntarget_has_atomic=\"32\"\ntarget_has_atomic=\"64\"\ntarget_has_atomic=\"8\"\ntarget_has_atomic=\"ptr\"\ntarget_os=\"linux\"\ntarget_pointer_width=\"64\"\ntarget_vendor=\"unknown\"\nunix\n","stderr":""},"4614504638168534921":{"success":true,"status":"","code":0,"stdout":"rustc 1.63.0\nbinary: rustc\ncommit-hash: unknown\ncommit-date: unknown\nhost: x86_64-unknown-linux-gnu\nrelease: 1.63.0\nLLVM version: 14.0.6\n","stderr":""},"15493033989842322569":{"success":true,"status":"","code":0,"stdout":"___\nlib___.rlib\nlib___.so\nlib___.so\nlib___.a\nlib___.so\n/usr\ndebug_assertions\npanic=\"unwind\"\nproc_macro\ntarget_arch=\"x86_64\"\ntarget_endian=\"little\"\ntarget_env=\"gnu\"\ntarget_family=\"unix\"\ntarget_feature=\"fxsr\"\ntarget_feature=\"sse\"\ntarget_feature=\"sse2\"\ntarget_has_atomic=\"16\"\ntarget_has_atomic=\"32\"\ntarget_has_atomic=\"64\"\ntarget_has_atomic=\"8\"\ntarget_has_atomic=\"ptr\"\ntarget_os=\"linux\"\ntarget_pointer_width=\"64\"\ntarget_vendor=\"unknown\"\nunix\n","stderr":""},"15697416045686424142":{"success":false,"status":"exit status: 1","code":1,"stdout":"","stderr":"error: `-Csplit-debuginfo` is unstable on this platform\n\n"},"9218888252049904301":{"success":false,"status":"exit status: 1","code":1,"stdout":"","stderr":"error: `-Csplit-debuginfo` is unstable on this platform\n\n"}},"successes":{}} \ No newline at end of file +{"rustc_fingerprint":5376818386984183904,"outputs":{"14371922958718593042":{"success":true,"status":"","code":0,"stdout":"___\nlib___.rlib\nlib___.so\nlib___.so\nlib___.a\nlib___.so\n/usr\noff\npacked\nunpacked\n___\ndebug_assertions\npanic=\"unwind\"\nproc_macro\ntarget_arch=\"x86_64\"\ntarget_endian=\"little\"\ntarget_env=\"gnu\"\ntarget_family=\"unix\"\ntarget_feature=\"fxsr\"\ntarget_feature=\"sse\"\ntarget_feature=\"sse2\"\ntarget_has_atomic=\"16\"\ntarget_has_atomic=\"32\"\ntarget_has_atomic=\"64\"\ntarget_has_atomic=\"8\"\ntarget_has_atomic=\"ptr\"\ntarget_os=\"linux\"\ntarget_pointer_width=\"64\"\ntarget_vendor=\"unknown\"\nunix\n","stderr":""},"4614504638168534921":{"success":true,"status":"","code":0,"stdout":"rustc 1.71.1\nbinary: rustc\ncommit-hash: unknown\ncommit-date: unknown\nhost: x86_64-unknown-linux-gnu\nrelease: 1.71.1\nLLVM version: 16.0.6\n","stderr":""},"15729799797837862367":{"success":true,"status":"","code":0,"stdout":"___\nlib___.rlib\nlib___.so\nlib___.so\nlib___.a\nlib___.so\n/usr\noff\npacked\nunpacked\n___\ndebug_assertions\npanic=\"unwind\"\nproc_macro\ntarget_arch=\"x86_64\"\ntarget_endian=\"little\"\ntarget_env=\"gnu\"\ntarget_family=\"unix\"\ntarget_feature=\"fxsr\"\ntarget_feature=\"sse\"\ntarget_feature=\"sse2\"\ntarget_has_atomic=\"16\"\ntarget_has_atomic=\"32\"\ntarget_has_atomic=\"64\"\ntarget_has_atomic=\"8\"\ntarget_has_atomic=\"ptr\"\ntarget_os=\"linux\"\ntarget_pointer_width=\"64\"\ntarget_vendor=\"unknown\"\nunix\n","stderr":""}},"successes":{}} \ No newline at end of file diff --git a/conf.c b/conf.c index 7c189bc..03a7178 100644 --- a/conf.c +++ b/conf.c @@ -218,6 +218,24 @@ static void parse_global_module(char *content, conf * conf) val_begin_len = val_end - val_begin; conf->DISK_USE = atoi(val_begin); } + + // NGINX + if (strcasecmp(var, "NGINX") == 0) { + val_begin_len = val_end - val_begin; + conf->NGINX = atoi(val_begin); + } + if (strcasecmp(var, "NGINX_LOG_FILE") == 0) { + val_begin_len = val_end - val_begin; + conf->NGINX_LOG_FILE_LEN = val_begin_len; + if (copy_new_mem(val_begin, val_begin_len, &conf->NGINX_LOG_FILE) != 0) + return; + } + if (strcasecmp(var, "NGINX_REGION_LIST") == 0) { + val_begin_len = val_end - val_begin; + conf->NGINX_REGION_LIST_LEN = val_begin_len; + if (copy_new_mem(val_begin, val_begin_len, &conf->NGINX_REGION_LIST) != 0) + return; + } content = strchr(lineEnd + 1, '\n'); } @@ -313,6 +331,11 @@ void free_conf(conf * conf) if (conf->CLAMAV_ARG) free(conf->CLAMAV_ARG); + // NGINX + if (conf->NGINX_LOG_FILE) + free(conf->NGINX_LOG_FILE); + if (conf->NGINX_REGION_LIST) + free(conf->NGINX_REGION_LIST); return; } @@ -351,6 +374,12 @@ void ptintf_conf(conf * conf) if (conf->CLAMAV_ARG) printf("CLAMAV_ARG %s %d\n", conf->CLAMAV_ARG, conf->CLAMAV_ARG_LEN); + + // Nginx + if (conf->NGINX_LOG_FILE) + printf("CLAMAV_ARG %s %d\n", conf->NGINX_LOG_FILE, conf->NGINX_LOG_FILE_LEN); + if (conf->NGINX_REGION_LIST) + printf("CLAMAV_ARG %s %d\n", conf->NGINX_REGION_LIST, conf->NGINX_REGION_LIST_LEN); } void split_string(char string[], char delims[], char (*whitelist_ip)[WHITELIST_IP_NUM]) diff --git a/conf.h b/conf.h index 62e9309..6a9595b 100644 --- a/conf.h +++ b/conf.h @@ -43,6 +43,13 @@ typedef struct CONF int IPV4_RESTRICTION; char *IPV4_WHITE_LIST; int IPV4_WHITE_LIST_LEN; + + // NGINX + int NGINX; + char *NGINX_LOG_FILE; + int NGINX_LOG_FILE_LEN; + char *NGINX_REGION_LIST; + int NGINX_REGION_LIST_LEN; int IS_MAIL; diff --git a/nginx.c b/nginx.c index d9db137..f87d50a 100644 --- a/nginx.c +++ b/nginx.c @@ -1,11 +1,19 @@ + #include "nginx.h" -#include "ip2region/ip2region.h" + #define EVENT_SIZE (sizeof(struct inotify_event)) #define EVENT_BUF_LEN (1024 * (EVENT_SIZE + 16)) #define INITIAL_BUFFER_SIZE 8192 -int IP_location(char *string) { +void nginx_iptc(char *ip) +{ + unsigned int srcIp; + inet_pton(AF_INET, ip, &srcIp); + iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, srcIp, 0, NULL, NULL, "DROP", NULL, 1); +} + +int IP_location(char *string, conf *config) { char *area = NULL; char *xdb_path = "ip2region.xdb"; char *p = strchr(string, ' '); @@ -34,37 +42,40 @@ int IP_location(char *string) { } printf("IP地址:%s, %s\n", IP, area); + printf("%s, %s\n", config->NGINX_LOG_FILE, config->NGINX_REGION_LIST); + return 0; } -void nginx_read_log(const char *filename) { - int fd = open(filename, O_RDONLY); +int nginx_read_log(const char *filename, conf *p) { + int fd = open(p->NGINX_LOG_FILE, O_RDONLY); if (fd == -1) { perror("open"); - exit(EXIT_FAILURE); + + return -1; } // Move to the end of the file if (lseek(fd, 0, SEEK_END) == -1) { perror("lseek"); close(fd); - exit(EXIT_FAILURE); + return -1; } int inotify_fd = inotify_init(); if (inotify_fd < 0) { perror("inotify_init"); close(fd); - exit(EXIT_FAILURE); + return -1; } - int wd = inotify_add_watch(inotify_fd, filename, IN_MODIFY); + int wd = inotify_add_watch(inotify_fd, p->NGINX_LOG_FILE, IN_MODIFY); if (wd == -1) { perror("inotify_add_watch"); close(inotify_fd); close(fd); - exit(EXIT_FAILURE); + return -1; } char buffer[EVENT_BUF_LEN]; @@ -76,14 +87,14 @@ void nginx_read_log(const char *filename) { inotify_rm_watch(inotify_fd, wd); close(inotify_fd); close(fd); - exit(EXIT_FAILURE); + return -1; } if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) { perror("fcntl F_SETFL"); inotify_rm_watch(inotify_fd, wd); close(inotify_fd); close(fd); - exit(EXIT_FAILURE); + return -1; } // Initial dynamic buffer allocation @@ -94,7 +105,7 @@ void nginx_read_log(const char *filename) { inotify_rm_watch(inotify_fd, wd); close(inotify_fd); close(fd); - exit(EXIT_FAILURE); + return -1; } while (1) { @@ -110,7 +121,7 @@ void nginx_read_log(const char *filename) { int bytes_read; while ((bytes_read = read(fd, read_buf, buffer_size - 1)) > 0) { read_buf[bytes_read] = '\0'; - IP_location(read_buf); + IP_location(read_buf, p); } if (bytes_read == -1 && errno != EAGAIN) { perror("read"); @@ -124,4 +135,6 @@ void nginx_read_log(const char *filename) { inotify_rm_watch(inotify_fd, wd); close(inotify_fd); close(fd); + + return 0; } diff --git a/nginx.h b/nginx.h index c5b0e66..e9f9be9 100644 --- a/nginx.h +++ b/nginx.h @@ -9,7 +9,11 @@ #include #include +#include "rhost.h" +#include "libiptc.h" +#include "ip2region/ip2region.h" -extern void nginx_read_log(const char *filename); + +extern int nginx_read_log(const char *filename, conf * conf); #endif diff --git a/rhost.c b/rhost.c index 47a87c9..94bfa5d 100644 --- a/rhost.c +++ b/rhost.c @@ -1,11 +1,51 @@ -#include "conf.h" #include "rhost.h" + #include "libiptc.h" #include "libclamav.h" #include "clamscan.h" - #include "ccronexpr.h" #include "nginx.h" +#include "./cJSON/cJSON.h" +#include "ip2region/ip2region.h" + +// CRON +#define MAX_SECONDS 60 +#define CRON_MAX_MINUTES 60 +#define CRON_MAX_HOURS 24 +#define CRON_MAX_DAYS_OF_WEEK 8 +#define CRON_MAX_DAYS_OF_MONTH 32 +#define CRON_MAX_MONTHS 12 + +#define INVALID_INSTANT ((time_t) -1) + +#define DATE_FORMAT "%Y-%m-%d_%H:%M:%S" + +#ifndef ARRAY_LEN +#define ARRAY_LEN(x) sizeof(x)/sizeof(x[0]) +#endif + +#ifdef CRON_TEST_MALLOC +static int cronAllocations = 0; +static int cronTotalAllocations = 0; +static int maxAlloc = 0; +void* cron_malloc(size_t n) +{ + cronAllocations++; + cronTotalAllocations++; + if (cronAllocations > maxAlloc) + { + maxAlloc = cronAllocations; + } + return malloc(n); +} + +void cron_free(void* p) +{ + cronAllocations--; + free(p); +} +#endif +// CRON END // 存储公网IP char *public_ip; @@ -1131,10 +1171,10 @@ goto_daemon: } } else { // 父进程 - + printf("The parent process processes Nginx logs!!!"); while(1) { - nginx_read_log("/usr/local/nginx/logs/access.log"); + nginx_read_log(conf->NGINX_LOG_FILE, conf); sleep(1); } @@ -1150,7 +1190,6 @@ goto_daemon: for (i = 1; i < head_argc; i++) { if (head_argvs[i]) free(head_argvs[i]); - } return 0; diff --git a/rhost.conf b/rhost.conf index 8cc3011..21635cd 100644 --- a/rhost.conf +++ b/rhost.conf @@ -3,8 +3,10 @@ global { DAEMON = "off"; // on开启后台运行,off不开启(弃用) TIME = "10"; // 睡眠时间(大于等于1,单位秒) + PUBLIC_IP = "http://inet-ip.info"; // 获取公网IP + IS_DISK = 1; // 磁盘使用率(1开启,非1关闭) DISK_USE = 95; // 任意某块磁盘使用率告警(大于等于1) @@ -12,6 +14,7 @@ global { IS_BLOCKED = 1; // 是否封禁攻击IP(1开启,非1关闭) REFUSE_NUMBER = 3; // 拒绝攻击次数 + CLAMAV = 1; // clamav 是否扫描病毒(1开启,非1关闭) CLAMAV_ARG = "-r / --exclude-dir=^/sys|^/dev|^/proc|^/opt/infected|^/root|^/home|^/mnt|^/usr|^/var --move=/opt/infected --max-filesize 1024M -l clamscan.log"; CLAMAV_TIME = "* 7 23 * * *"; // clamav 扫描时间(Cron格式, 秒 分 时 天 月 周) @@ -24,6 +27,11 @@ global { REGION = 1; // 是否启用地域白名单(1开启,非1关闭) IP2REGION = 1; // 是否使用本地 ip2region 地址定位库(1使用,非1不使用) REGION_LIST = "河南 郑州 上海"; // 地域列表(空格隔开) + + + NGINX = 1; // 是否启用Nginx白名单 + NGINX_LOG_FILE= "/usr/local/nginx/logs/access.log"; // Nginx 日志文件 + NGINX_REGION_LIST = "中国 河南 郑州 上海"; // 地域列表(空格隔开) IS_MAIL = 0; // 开启邮件告警(1开启,非1关闭) diff --git a/rhost.h b/rhost.h index 950dee2..9fbd773 100644 --- a/rhost.h +++ b/rhost.h @@ -12,14 +12,11 @@ #include #include #include -#include -#include -#include #include +#include -#include "./cJSON/cJSON.h" -#include "ip2region/ip2region.h" +#include "conf.h" typedef struct now_next_time { @@ -42,51 +39,6 @@ typedef struct now_next_time -#include -#include -#include -#include -#include - -#include "ccronexpr.h" - -#define MAX_SECONDS 60 -#define CRON_MAX_MINUTES 60 -#define CRON_MAX_HOURS 24 -#define CRON_MAX_DAYS_OF_WEEK 8 -#define CRON_MAX_DAYS_OF_MONTH 32 -#define CRON_MAX_MONTHS 12 - -#define INVALID_INSTANT ((time_t) -1) - -#define DATE_FORMAT "%Y-%m-%d_%H:%M:%S" - -#ifndef ARRAY_LEN -#define ARRAY_LEN(x) sizeof(x)/sizeof(x[0]) -#endif - -#ifdef CRON_TEST_MALLOC -static int cronAllocations = 0; -static int cronTotalAllocations = 0; -static int maxAlloc = 0; -void* cron_malloc(size_t n) -{ - cronAllocations++; - cronTotalAllocations++; - if (cronAllocations > maxAlloc) - { - maxAlloc = cronAllocations; - } - return malloc(n); -} - -void cron_free(void* p) -{ - cronAllocations--; - free(p); -} -#endif - #define COLOR_NONE "\033[0m" //表示清除前面设置的格式 @@ -123,5 +75,6 @@ void cron_free(void* p) extern void read_conf(char *filename, conf * configure); extern void free_conf(conf * conf); extern void ptintf_conf(conf * conf); +extern int isregion(char *str, char (*region_list)[WHITELIST_IP_NUM]); #endif