aixiao/denyhosts
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

增加Nginx规则

Browse Source
This commit is contained in:
aixiao 2024-05-21 15:28:20 +08:00
parent b5bd70ec71
commit 778c9d5fff
10 changed files with 135 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,10 @@
{
"files.associations": {
"assert.h": "c",
"ip2region.h": "c",
"conf.h": "c",
"ccronexpr.h": "c",
"clamscan.h": "c",
"libiptc.h": "c"
}
}

4
Makefile
View File

@ -36,7 +36,7 @@ LIBCOMMON__CFLAGS += -DHAVE_CONFIG_H -I./clamav/common -I./clamav/libclamav -I./
LIBCOMMON_LIB += ./clamav/common/cert_util.c.o ./clamav/common/actions.c.o ./clamav/common/clamdcom.c.o ./clamav/common/getopt.c.o ./clamav/common/hostid.c.o ./clamav/common/idmef_logging.c.o ./clamav/common/misc.c.o ./clamav/common/optparser.c.o ./clamav/common/output.c.o ./clamav/common/tar.c.o ./clamav/common/linux/cert_util_linux.c.o LIBCOMMON_LIB += ./clamav/common/cert_util.c.o ./clamav/common/actions.c.o ./clamav/common/clamdcom.c.o ./clamav/common/getopt.c.o ./clamav/common/hostid.c.o ./clamav/common/idmef_logging.c.o ./clamav/common/misc.c.o ./clamav/common/optparser.c.o ./clamav/common/output.c.o ./clamav/common/tar.c.o ./clamav/common/linux/cert_util_linux.c.o
all: libclamav_rust libclamav rhost all: libclamav_rust libclamav rhost nginx.o
rhost: conf.o rhost.o libiptc.o ccronexpr.o nginx.o rhost: conf.o rhost.o libiptc.o ccronexpr.o nginx.o
$(CC) $(ip2region_CFLAGS) ip2region/ip2region.c $(CC) $(ip2region_CFLAGS) ip2region/ip2region.c
@ -69,7 +69,7 @@ libclamav:
test: test:
echo $(CMAKE) $(ARCH) echo $(CMAKE) $(ARCH) $(CFLAGS)
static: conf.o rhost.o libiptc.o static: conf.o rhost.o libiptc.o
$(CC) $(IPTC_CFLAGS) -c libiptc/libip4tc.c -o libiptc/libip4tc.o $(CC) $(IPTC_CFLAGS) -c libiptc/libip4tc.c -o libiptc/libip4tc.o

2
clamav/libclamav_rust/.rustc_info.json
View File

@ -1 +1 @@
{"rustc_fingerprint":537842707314038760,"outputs":{"10376369925670944939":{"success":true,"status":"","code":0,"stdout":"___\nlib___.rlib\nlib___.so\nlib___.so\nlib___.a\nlib___.so\n/usr\ndebug_assertions\npanic=\"unwind\"\nproc_macro\ntarget_arch=\"x86_64\"\ntarget_endian=\"little\"\ntarget_env=\"gnu\"\ntarget_family=\"unix\"\ntarget_feature=\"fxsr\"\ntarget_feature=\"sse\"\ntarget_feature=\"sse2\"\ntarget_has_atomic=\"16\"\ntarget_has_atomic=\"32\"\ntarget_has_atomic=\"64\"\ntarget_has_atomic=\"8\"\ntarget_has_atomic=\"ptr\"\ntarget_os=\"linux\"\ntarget_pointer_width=\"64\"\ntarget_vendor=\"unknown\"\nunix\n","stderr":""},"4614504638168534921":{"success":true,"status":"","code":0,"stdout":"rustc 1.63.0\nbinary: rustc\ncommit-hash: unknown\ncommit-date: unknown\nhost: x86_64-unknown-linux-gnu\nrelease: 1.63.0\nLLVM version: 14.0.6\n","stderr":""},"15493033989842322569":{"success":true,"status":"","code":0,"stdout":"___\nlib___.rlib\nlib___.so\nlib___.so\nlib___.a\nlib___.so\n/usr\ndebug_assertions\npanic=\"unwind\"\nproc_macro\ntarget_arch=\"x86_64\"\ntarget_endian=\"little\"\ntarget_env=\"gnu\"\ntarget_family=\"unix\"\ntarget_feature=\"fxsr\"\ntarget_feature=\"sse\"\ntarget_feature=\"sse2\"\ntarget_has_atomic=\"16\"\ntarget_has_atomic=\"32\"\ntarget_has_atomic=\"64\"\ntarget_has_atomic=\"8\"\ntarget_has_atomic=\"ptr\"\ntarget_os=\"linux\"\ntarget_pointer_width=\"64\"\ntarget_vendor=\"unknown\"\nunix\n","stderr":""},"15697416045686424142":{"success":false,"status":"exit status: 1","code":1,"stdout":"","stderr":"error: `-Csplit-debuginfo` is unstable on this platform\n\n"},"9218888252049904301":{"success":false,"status":"exit status: 1","code":1,"stdout":"","stderr":"error: `-Csplit-debuginfo` is unstable on this platform\n\n"}},"successes":{}} {"rustc_fingerprint":5376818386984183904,"outputs":{"14371922958718593042":{"success":true,"status":"","code":0,"stdout":"___\nlib___.rlib\nlib___.so\nlib___.so\nlib___.a\nlib___.so\n/usr\noff\npacked\nunpacked\n___\ndebug_assertions\npanic=\"unwind\"\nproc_macro\ntarget_arch=\"x86_64\"\ntarget_endian=\"little\"\ntarget_env=\"gnu\"\ntarget_family=\"unix\"\ntarget_feature=\"fxsr\"\ntarget_feature=\"sse\"\ntarget_feature=\"sse2\"\ntarget_has_atomic=\"16\"\ntarget_has_atomic=\"32\"\ntarget_has_atomic=\"64\"\ntarget_has_atomic=\"8\"\ntarget_has_atomic=\"ptr\"\ntarget_os=\"linux\"\ntarget_pointer_width=\"64\"\ntarget_vendor=\"unknown\"\nunix\n","stderr":""},"4614504638168534921":{"success":true,"status":"","code":0,"stdout":"rustc 1.71.1\nbinary: rustc\ncommit-hash: unknown\ncommit-date: unknown\nhost: x86_64-unknown-linux-gnu\nrelease: 1.71.1\nLLVM version: 16.0.6\n","stderr":""},"15729799797837862367":{"success":true,"status":"","code":0,"stdout":"___\nlib___.rlib\nlib___.so\nlib___.so\nlib___.a\nlib___.so\n/usr\noff\npacked\nunpacked\n___\ndebug_assertions\npanic=\"unwind\"\nproc_macro\ntarget_arch=\"x86_64\"\ntarget_endian=\"little\"\ntarget_env=\"gnu\"\ntarget_family=\"unix\"\ntarget_feature=\"fxsr\"\ntarget_feature=\"sse\"\ntarget_feature=\"sse2\"\ntarget_has_atomic=\"16\"\ntarget_has_atomic=\"32\"\ntarget_has_atomic=\"64\"\ntarget_has_atomic=\"8\"\ntarget_has_atomic=\"ptr\"\ntarget_os=\"linux\"\ntarget_pointer_width=\"64\"\ntarget_vendor=\"unknown\"\nunix\n","stderr":""}},"successes":{}}

29
conf.c
View File

@ -219,6 +219,24 @@ static void parse_global_module(char *content, conf * conf)
conf->DISK_USE = atoi(val_begin); conf->DISK_USE = atoi(val_begin);
} }
// NGINX
if (strcasecmp(var, "NGINX") == 0) {
val_begin_len = val_end - val_begin;
conf->NGINX = atoi(val_begin);
}
if (strcasecmp(var, "NGINX_LOG_FILE") == 0) {
val_begin_len = val_end - val_begin;
conf->NGINX_LOG_FILE_LEN = val_begin_len;
if (copy_new_mem(val_begin, val_begin_len, &conf->NGINX_LOG_FILE) != 0)
return;
}
if (strcasecmp(var, "NGINX_REGION_LIST") == 0) {
val_begin_len = val_end - val_begin;
conf->NGINX_REGION_LIST_LEN = val_begin_len;
if (copy_new_mem(val_begin, val_begin_len, &conf->NGINX_REGION_LIST) != 0)
return;
}
content = strchr(lineEnd + 1, '\n'); content = strchr(lineEnd + 1, '\n');
} }
} }
@ -313,6 +331,11 @@ void free_conf(conf * conf)
if (conf->CLAMAV_ARG) if (conf->CLAMAV_ARG)
free(conf->CLAMAV_ARG); free(conf->CLAMAV_ARG);
// NGINX
if (conf->NGINX_LOG_FILE)
free(conf->NGINX_LOG_FILE);
if (conf->NGINX_REGION_LIST)
free(conf->NGINX_REGION_LIST);
return; return;
} }
@ -351,6 +374,12 @@ void ptintf_conf(conf * conf)
if (conf->CLAMAV_ARG) if (conf->CLAMAV_ARG)
printf("CLAMAV_ARG %s %d\n", conf->CLAMAV_ARG, conf->CLAMAV_ARG_LEN); printf("CLAMAV_ARG %s %d\n", conf->CLAMAV_ARG, conf->CLAMAV_ARG_LEN);
// Nginx
if (conf->NGINX_LOG_FILE)
printf("CLAMAV_ARG %s %d\n", conf->NGINX_LOG_FILE, conf->NGINX_LOG_FILE_LEN);
if (conf->NGINX_REGION_LIST)
printf("CLAMAV_ARG %s %d\n", conf->NGINX_REGION_LIST, conf->NGINX_REGION_LIST_LEN);
} }
void split_string(char string[], char delims[], char (*whitelist_ip)[WHITELIST_IP_NUM]) void split_string(char string[], char delims[], char (*whitelist_ip)[WHITELIST_IP_NUM])

7
conf.h
View File

@ -44,6 +44,13 @@ typedef struct CONF
char *IPV4_WHITE_LIST; char *IPV4_WHITE_LIST;
int IPV4_WHITE_LIST_LEN; int IPV4_WHITE_LIST_LEN;
// NGINX
int NGINX;
char *NGINX_LOG_FILE;
int NGINX_LOG_FILE_LEN;
char *NGINX_REGION_LIST;
int NGINX_REGION_LIST_LEN;
int IS_MAIL; int IS_MAIL;
// 钉钉 // 钉钉

39
nginx.c
View File

@ -1,11 +1,19 @@
#include "nginx.h" #include "nginx.h"
#include "ip2region/ip2region.h"
#define EVENT_SIZE (sizeof(struct inotify_event)) #define EVENT_SIZE (sizeof(struct inotify_event))
#define EVENT_BUF_LEN (1024 * (EVENT_SIZE + 16)) #define EVENT_BUF_LEN (1024 * (EVENT_SIZE + 16))
#define INITIAL_BUFFER_SIZE 8192 #define INITIAL_BUFFER_SIZE 8192
int IP_location(char *string) { void nginx_iptc(char *ip)
{
unsigned int srcIp;
inet_pton(AF_INET, ip, &srcIp);
iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, srcIp, 0, NULL, NULL, "DROP", NULL, 1);
}
int IP_location(char *string, conf *config) {
char *area = NULL; char *area = NULL;
char *xdb_path = "ip2region.xdb"; char *xdb_path = "ip2region.xdb";
char *p = strchr(string, ' '); char *p = strchr(string, ' ');
@ -34,37 +42,40 @@ int IP_location(char *string) {
} }
printf("IP地址:%s, %s\n", IP, area); printf("IP地址:%s, %s\n", IP, area);
printf("%s, %s\n", config->NGINX_LOG_FILE, config->NGINX_REGION_LIST);
return 0; return 0;
} }
void nginx_read_log(const char *filename) { int nginx_read_log(const char *filename, conf *p) {
int fd = open(filename, O_RDONLY); int fd = open(p->NGINX_LOG_FILE, O_RDONLY);
if (fd == -1) { if (fd == -1) {
perror("open"); perror("open");
exit(EXIT_FAILURE);
return -1;
} }
// Move to the end of the file // Move to the end of the file
if (lseek(fd, 0, SEEK_END) == -1) { if (lseek(fd, 0, SEEK_END) == -1) {
perror("lseek"); perror("lseek");
close(fd); close(fd);
exit(EXIT_FAILURE); return -1;
} }
int inotify_fd = inotify_init(); int inotify_fd = inotify_init();
if (inotify_fd < 0) { if (inotify_fd < 0) {
perror("inotify_init"); perror("inotify_init");
close(fd); close(fd);
exit(EXIT_FAILURE); return -1;
} }
int wd = inotify_add_watch(inotify_fd, filename, IN_MODIFY); int wd = inotify_add_watch(inotify_fd, p->NGINX_LOG_FILE, IN_MODIFY);
if (wd == -1) { if (wd == -1) {
perror("inotify_add_watch"); perror("inotify_add_watch");
close(inotify_fd); close(inotify_fd);
close(fd); close(fd);
exit(EXIT_FAILURE); return -1;
} }
char buffer[EVENT_BUF_LEN]; char buffer[EVENT_BUF_LEN];
@ -76,14 +87,14 @@ void nginx_read_log(const char *filename) {
inotify_rm_watch(inotify_fd, wd); inotify_rm_watch(inotify_fd, wd);
close(inotify_fd); close(inotify_fd);
close(fd); close(fd);
exit(EXIT_FAILURE); return -1;
} }
if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) { if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) {
perror("fcntl F_SETFL"); perror("fcntl F_SETFL");
inotify_rm_watch(inotify_fd, wd); inotify_rm_watch(inotify_fd, wd);
close(inotify_fd); close(inotify_fd);
close(fd); close(fd);
exit(EXIT_FAILURE); return -1;
} }
// Initial dynamic buffer allocation // Initial dynamic buffer allocation
@ -94,7 +105,7 @@ void nginx_read_log(const char *filename) {
inotify_rm_watch(inotify_fd, wd); inotify_rm_watch(inotify_fd, wd);
close(inotify_fd); close(inotify_fd);
close(fd); close(fd);
exit(EXIT_FAILURE); return -1;
} }
while (1) { while (1) {
@ -110,7 +121,7 @@ void nginx_read_log(const char *filename) {
int bytes_read; int bytes_read;
while ((bytes_read = read(fd, read_buf, buffer_size - 1)) > 0) { while ((bytes_read = read(fd, read_buf, buffer_size - 1)) > 0) {
read_buf[bytes_read] = '\0'; read_buf[bytes_read] = '\0';
IP_location(read_buf); IP_location(read_buf, p);
} }
if (bytes_read == -1 && errno != EAGAIN) { if (bytes_read == -1 && errno != EAGAIN) {
perror("read"); perror("read");
@ -124,4 +135,6 @@ void nginx_read_log(const char *filename) {
inotify_rm_watch(inotify_fd, wd); inotify_rm_watch(inotify_fd, wd);
close(inotify_fd); close(inotify_fd);
close(fd); close(fd);
return 0;
} }

6
nginx.h
View File

@ -9,7 +9,11 @@
#include <errno.h> #include <errno.h>
#include <fcntl.h> #include <fcntl.h>
#include "rhost.h"
#include "libiptc.h"
#include "ip2region/ip2region.h"
extern void nginx_read_log(const char *filename);
extern int nginx_read_log(const char *filename, conf * conf);
#endif #endif

49
rhost.c
View File

@ -1,11 +1,51 @@
#include "conf.h"
#include "rhost.h" #include "rhost.h"
#include "libiptc.h" #include "libiptc.h"
#include "libclamav.h" #include "libclamav.h"
#include "clamscan.h" #include "clamscan.h"
#include "ccronexpr.h" #include "ccronexpr.h"
#include "nginx.h" #include "nginx.h"
#include "./cJSON/cJSON.h"
#include "ip2region/ip2region.h"
// CRON
#define MAX_SECONDS 60
#define CRON_MAX_MINUTES 60
#define CRON_MAX_HOURS 24
#define CRON_MAX_DAYS_OF_WEEK 8
#define CRON_MAX_DAYS_OF_MONTH 32
#define CRON_MAX_MONTHS 12
#define INVALID_INSTANT ((time_t) -1)
#define DATE_FORMAT "%Y-%m-%d_%H:%M:%S"
#ifndef ARRAY_LEN
#define ARRAY_LEN(x) sizeof(x)/sizeof(x[0])
#endif
#ifdef CRON_TEST_MALLOC
static int cronAllocations = 0;
static int cronTotalAllocations = 0;
static int maxAlloc = 0;
void* cron_malloc(size_t n)
{
cronAllocations++;
cronTotalAllocations++;
if (cronAllocations > maxAlloc)
{
maxAlloc = cronAllocations;
}
return malloc(n);
}
void cron_free(void* p)
{
cronAllocations--;
free(p);
}
#endif
// CRON END
// 存储公网IP // 存储公网IP
char *public_ip; char *public_ip;
@ -1131,10 +1171,10 @@ goto_daemon:
} }
} else { } else {
// 父进程 // 父进程
printf("The parent process processes Nginx logs!!!");
while(1) while(1)
{ {
nginx_read_log("/usr/local/nginx/logs/access.log"); nginx_read_log(conf->NGINX_LOG_FILE, conf);
sleep(1); sleep(1);
} }
@ -1150,7 +1190,6 @@ goto_daemon:
for (i = 1; i < head_argc; i++) { for (i = 1; i < head_argc; i++) {
if (head_argvs[i]) if (head_argvs[i])
free(head_argvs[i]); free(head_argvs[i]);
} }
return 0; return 0;

8
rhost.conf
View File

@ -3,8 +3,10 @@ global {
DAEMON = "off"; // on开启后台运行,off不开启(弃用) DAEMON = "off"; // on开启后台运行,off不开启(弃用)
TIME = "10"; // 睡眠时间(大于等于1,单位秒) TIME = "10"; // 睡眠时间(大于等于1,单位秒)
PUBLIC_IP = "http://inet-ip.info"; // 获取公网IP PUBLIC_IP = "http://inet-ip.info"; // 获取公网IP
IS_DISK = 1; // 磁盘使用率(1开启,非1关闭) IS_DISK = 1; // 磁盘使用率(1开启,非1关闭)
DISK_USE = 95; // 任意某块磁盘使用率告警(大于等于1) DISK_USE = 95; // 任意某块磁盘使用率告警(大于等于1)
@ -12,6 +14,7 @@ global {
IS_BLOCKED = 1; // 是否封禁攻击IP(1开启,非1关闭) IS_BLOCKED = 1; // 是否封禁攻击IP(1开启,非1关闭)
REFUSE_NUMBER = 3; // 拒绝攻击次数 REFUSE_NUMBER = 3; // 拒绝攻击次数
CLAMAV = 1; // clamav 是否扫描病毒(1开启,非1关闭) CLAMAV = 1; // clamav 是否扫描病毒(1开启,非1关闭)
CLAMAV_ARG = "-r / --exclude-dir=^/sys|^/dev|^/proc|^/opt/infected|^/root|^/home|^/mnt|^/usr|^/var --move=/opt/infected --max-filesize 1024M -l clamscan.log"; CLAMAV_ARG = "-r / --exclude-dir=^/sys|^/dev|^/proc|^/opt/infected|^/root|^/home|^/mnt|^/usr|^/var --move=/opt/infected --max-filesize 1024M -l clamscan.log";
CLAMAV_TIME = "* 7 23 * * *"; // clamav 扫描时间(Cron格式, 秒 分 时 天 月 周) CLAMAV_TIME = "* 7 23 * * *"; // clamav 扫描时间(Cron格式, 秒 分 时 天 月 周)
@ -26,6 +29,11 @@ global {
REGION_LIST = "河南 郑州 上海"; // 地域列表(空格隔开) REGION_LIST = "河南 郑州 上海"; // 地域列表(空格隔开)
NGINX = 1; // 是否启用Nginx白名单
NGINX_LOG_FILE= "/usr/local/nginx/logs/access.log"; // Nginx 日志文件
NGINX_REGION_LIST = "中国 河南 郑州 上海"; // 地域列表(空格隔开)
IS_MAIL = 0; // 开启邮件告警(1开启,非1关闭) IS_MAIL = 0; // 开启邮件告警(1开启,非1关闭)

53
rhost.h
View File

@ -12,14 +12,11 @@
#include <curl/curl.h> #include <curl/curl.h>
#include <sys/types.h> #include <sys/types.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#include <time.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <assert.h> #include <assert.h>
#include <limits.h>
#include "./cJSON/cJSON.h"
#include "ip2region/ip2region.h"
#include "conf.h"
typedef struct now_next_time typedef struct now_next_time
{ {
@ -42,51 +39,6 @@ typedef struct now_next_time
#include <assert.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <limits.h>
#include "ccronexpr.h"
#define MAX_SECONDS 60
#define CRON_MAX_MINUTES 60
#define CRON_MAX_HOURS 24
#define CRON_MAX_DAYS_OF_WEEK 8
#define CRON_MAX_DAYS_OF_MONTH 32
#define CRON_MAX_MONTHS 12
#define INVALID_INSTANT ((time_t) -1)
#define DATE_FORMAT "%Y-%m-%d_%H:%M:%S"
#ifndef ARRAY_LEN
#define ARRAY_LEN(x) sizeof(x)/sizeof(x[0])
#endif
#ifdef CRON_TEST_MALLOC
static int cronAllocations = 0;
static int cronTotalAllocations = 0;
static int maxAlloc = 0;
void* cron_malloc(size_t n)
{
cronAllocations++;
cronTotalAllocations++;
if (cronAllocations > maxAlloc)
{
maxAlloc = cronAllocations;
}
return malloc(n);
}
void cron_free(void* p)
{
cronAllocations--;
free(p);
}
#endif
#define COLOR_NONE "\033[0m" //表示清除前面设置的格式 #define COLOR_NONE "\033[0m" //表示清除前面设置的格式
@ -123,5 +75,6 @@ void cron_free(void* p)
extern void read_conf(char *filename, conf * configure); extern void read_conf(char *filename, conf * configure);
extern void free_conf(conf * conf); extern void free_conf(conf * conf);
extern void ptintf_conf(conf * conf); extern void ptintf_conf(conf * conf);
extern int isregion(char *str, char (*region_list)[WHITELIST_IP_NUM]);
#endif #endif