增加Nginx规则
This commit is contained in:
parent
b5bd70ec71
commit
778c9d5fff
10
.vscode/settings.json
vendored
Normal file
10
.vscode/settings.json
vendored
Normal file
@ -0,0 +1,10 @@
|
||||
{
|
||||
"files.associations": {
|
||||
"assert.h": "c",
|
||||
"ip2region.h": "c",
|
||||
"conf.h": "c",
|
||||
"ccronexpr.h": "c",
|
||||
"clamscan.h": "c",
|
||||
"libiptc.h": "c"
|
||||
}
|
||||
}
|
4
Makefile
4
Makefile
@ -36,7 +36,7 @@ LIBCOMMON__CFLAGS += -DHAVE_CONFIG_H -I./clamav/common -I./clamav/libclamav -I./
|
||||
LIBCOMMON_LIB += ./clamav/common/cert_util.c.o ./clamav/common/actions.c.o ./clamav/common/clamdcom.c.o ./clamav/common/getopt.c.o ./clamav/common/hostid.c.o ./clamav/common/idmef_logging.c.o ./clamav/common/misc.c.o ./clamav/common/optparser.c.o ./clamav/common/output.c.o ./clamav/common/tar.c.o ./clamav/common/linux/cert_util_linux.c.o
|
||||
|
||||
|
||||
all: libclamav_rust libclamav rhost
|
||||
all: libclamav_rust libclamav rhost nginx.o
|
||||
|
||||
rhost: conf.o rhost.o libiptc.o ccronexpr.o nginx.o
|
||||
$(CC) $(ip2region_CFLAGS) ip2region/ip2region.c
|
||||
@ -69,7 +69,7 @@ libclamav:
|
||||
|
||||
|
||||
test:
|
||||
echo $(CMAKE) $(ARCH)
|
||||
echo $(CMAKE) $(ARCH) $(CFLAGS)
|
||||
|
||||
static: conf.o rhost.o libiptc.o
|
||||
$(CC) $(IPTC_CFLAGS) -c libiptc/libip4tc.c -o libiptc/libip4tc.o
|
||||
|
@ -1 +1 @@
|
||||
{"rustc_fingerprint":537842707314038760,"outputs":{"10376369925670944939":{"success":true,"status":"","code":0,"stdout":"___\nlib___.rlib\nlib___.so\nlib___.so\nlib___.a\nlib___.so\n/usr\ndebug_assertions\npanic=\"unwind\"\nproc_macro\ntarget_arch=\"x86_64\"\ntarget_endian=\"little\"\ntarget_env=\"gnu\"\ntarget_family=\"unix\"\ntarget_feature=\"fxsr\"\ntarget_feature=\"sse\"\ntarget_feature=\"sse2\"\ntarget_has_atomic=\"16\"\ntarget_has_atomic=\"32\"\ntarget_has_atomic=\"64\"\ntarget_has_atomic=\"8\"\ntarget_has_atomic=\"ptr\"\ntarget_os=\"linux\"\ntarget_pointer_width=\"64\"\ntarget_vendor=\"unknown\"\nunix\n","stderr":""},"4614504638168534921":{"success":true,"status":"","code":0,"stdout":"rustc 1.63.0\nbinary: rustc\ncommit-hash: unknown\ncommit-date: unknown\nhost: x86_64-unknown-linux-gnu\nrelease: 1.63.0\nLLVM version: 14.0.6\n","stderr":""},"15493033989842322569":{"success":true,"status":"","code":0,"stdout":"___\nlib___.rlib\nlib___.so\nlib___.so\nlib___.a\nlib___.so\n/usr\ndebug_assertions\npanic=\"unwind\"\nproc_macro\ntarget_arch=\"x86_64\"\ntarget_endian=\"little\"\ntarget_env=\"gnu\"\ntarget_family=\"unix\"\ntarget_feature=\"fxsr\"\ntarget_feature=\"sse\"\ntarget_feature=\"sse2\"\ntarget_has_atomic=\"16\"\ntarget_has_atomic=\"32\"\ntarget_has_atomic=\"64\"\ntarget_has_atomic=\"8\"\ntarget_has_atomic=\"ptr\"\ntarget_os=\"linux\"\ntarget_pointer_width=\"64\"\ntarget_vendor=\"unknown\"\nunix\n","stderr":""},"15697416045686424142":{"success":false,"status":"exit status: 1","code":1,"stdout":"","stderr":"error: `-Csplit-debuginfo` is unstable on this platform\n\n"},"9218888252049904301":{"success":false,"status":"exit status: 1","code":1,"stdout":"","stderr":"error: `-Csplit-debuginfo` is unstable on this platform\n\n"}},"successes":{}}
|
||||
{"rustc_fingerprint":5376818386984183904,"outputs":{"14371922958718593042":{"success":true,"status":"","code":0,"stdout":"___\nlib___.rlib\nlib___.so\nlib___.so\nlib___.a\nlib___.so\n/usr\noff\npacked\nunpacked\n___\ndebug_assertions\npanic=\"unwind\"\nproc_macro\ntarget_arch=\"x86_64\"\ntarget_endian=\"little\"\ntarget_env=\"gnu\"\ntarget_family=\"unix\"\ntarget_feature=\"fxsr\"\ntarget_feature=\"sse\"\ntarget_feature=\"sse2\"\ntarget_has_atomic=\"16\"\ntarget_has_atomic=\"32\"\ntarget_has_atomic=\"64\"\ntarget_has_atomic=\"8\"\ntarget_has_atomic=\"ptr\"\ntarget_os=\"linux\"\ntarget_pointer_width=\"64\"\ntarget_vendor=\"unknown\"\nunix\n","stderr":""},"4614504638168534921":{"success":true,"status":"","code":0,"stdout":"rustc 1.71.1\nbinary: rustc\ncommit-hash: unknown\ncommit-date: unknown\nhost: x86_64-unknown-linux-gnu\nrelease: 1.71.1\nLLVM version: 16.0.6\n","stderr":""},"15729799797837862367":{"success":true,"status":"","code":0,"stdout":"___\nlib___.rlib\nlib___.so\nlib___.so\nlib___.a\nlib___.so\n/usr\noff\npacked\nunpacked\n___\ndebug_assertions\npanic=\"unwind\"\nproc_macro\ntarget_arch=\"x86_64\"\ntarget_endian=\"little\"\ntarget_env=\"gnu\"\ntarget_family=\"unix\"\ntarget_feature=\"fxsr\"\ntarget_feature=\"sse\"\ntarget_feature=\"sse2\"\ntarget_has_atomic=\"16\"\ntarget_has_atomic=\"32\"\ntarget_has_atomic=\"64\"\ntarget_has_atomic=\"8\"\ntarget_has_atomic=\"ptr\"\ntarget_os=\"linux\"\ntarget_pointer_width=\"64\"\ntarget_vendor=\"unknown\"\nunix\n","stderr":""}},"successes":{}}
|
29
conf.c
29
conf.c
@ -218,6 +218,24 @@ static void parse_global_module(char *content, conf * conf)
|
||||
val_begin_len = val_end - val_begin;
|
||||
conf->DISK_USE = atoi(val_begin);
|
||||
}
|
||||
|
||||
// NGINX
|
||||
if (strcasecmp(var, "NGINX") == 0) {
|
||||
val_begin_len = val_end - val_begin;
|
||||
conf->NGINX = atoi(val_begin);
|
||||
}
|
||||
if (strcasecmp(var, "NGINX_LOG_FILE") == 0) {
|
||||
val_begin_len = val_end - val_begin;
|
||||
conf->NGINX_LOG_FILE_LEN = val_begin_len;
|
||||
if (copy_new_mem(val_begin, val_begin_len, &conf->NGINX_LOG_FILE) != 0)
|
||||
return;
|
||||
}
|
||||
if (strcasecmp(var, "NGINX_REGION_LIST") == 0) {
|
||||
val_begin_len = val_end - val_begin;
|
||||
conf->NGINX_REGION_LIST_LEN = val_begin_len;
|
||||
if (copy_new_mem(val_begin, val_begin_len, &conf->NGINX_REGION_LIST) != 0)
|
||||
return;
|
||||
}
|
||||
|
||||
content = strchr(lineEnd + 1, '\n');
|
||||
}
|
||||
@ -313,6 +331,11 @@ void free_conf(conf * conf)
|
||||
if (conf->CLAMAV_ARG)
|
||||
free(conf->CLAMAV_ARG);
|
||||
|
||||
// NGINX
|
||||
if (conf->NGINX_LOG_FILE)
|
||||
free(conf->NGINX_LOG_FILE);
|
||||
if (conf->NGINX_REGION_LIST)
|
||||
free(conf->NGINX_REGION_LIST);
|
||||
|
||||
return;
|
||||
}
|
||||
@ -351,6 +374,12 @@ void ptintf_conf(conf * conf)
|
||||
|
||||
if (conf->CLAMAV_ARG)
|
||||
printf("CLAMAV_ARG %s %d\n", conf->CLAMAV_ARG, conf->CLAMAV_ARG_LEN);
|
||||
|
||||
// Nginx
|
||||
if (conf->NGINX_LOG_FILE)
|
||||
printf("CLAMAV_ARG %s %d\n", conf->NGINX_LOG_FILE, conf->NGINX_LOG_FILE_LEN);
|
||||
if (conf->NGINX_REGION_LIST)
|
||||
printf("CLAMAV_ARG %s %d\n", conf->NGINX_REGION_LIST, conf->NGINX_REGION_LIST_LEN);
|
||||
}
|
||||
|
||||
void split_string(char string[], char delims[], char (*whitelist_ip)[WHITELIST_IP_NUM])
|
||||
|
7
conf.h
7
conf.h
@ -43,6 +43,13 @@ typedef struct CONF
|
||||
int IPV4_RESTRICTION;
|
||||
char *IPV4_WHITE_LIST;
|
||||
int IPV4_WHITE_LIST_LEN;
|
||||
|
||||
// NGINX
|
||||
int NGINX;
|
||||
char *NGINX_LOG_FILE;
|
||||
int NGINX_LOG_FILE_LEN;
|
||||
char *NGINX_REGION_LIST;
|
||||
int NGINX_REGION_LIST_LEN;
|
||||
|
||||
int IS_MAIL;
|
||||
|
||||
|
39
nginx.c
39
nginx.c
@ -1,11 +1,19 @@
|
||||
|
||||
#include "nginx.h"
|
||||
#include "ip2region/ip2region.h"
|
||||
|
||||
|
||||
#define EVENT_SIZE (sizeof(struct inotify_event))
|
||||
#define EVENT_BUF_LEN (1024 * (EVENT_SIZE + 16))
|
||||
#define INITIAL_BUFFER_SIZE 8192
|
||||
|
||||
int IP_location(char *string) {
|
||||
void nginx_iptc(char *ip)
|
||||
{
|
||||
unsigned int srcIp;
|
||||
inet_pton(AF_INET, ip, &srcIp);
|
||||
iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, srcIp, 0, NULL, NULL, "DROP", NULL, 1);
|
||||
}
|
||||
|
||||
int IP_location(char *string, conf *config) {
|
||||
char *area = NULL;
|
||||
char *xdb_path = "ip2region.xdb";
|
||||
char *p = strchr(string, ' ');
|
||||
@ -34,37 +42,40 @@ int IP_location(char *string) {
|
||||
}
|
||||
|
||||
printf("IP地址:%s, %s\n", IP, area);
|
||||
printf("%s, %s\n", config->NGINX_LOG_FILE, config->NGINX_REGION_LIST);
|
||||
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
void nginx_read_log(const char *filename) {
|
||||
int fd = open(filename, O_RDONLY);
|
||||
int nginx_read_log(const char *filename, conf *p) {
|
||||
int fd = open(p->NGINX_LOG_FILE, O_RDONLY);
|
||||
if (fd == -1) {
|
||||
perror("open");
|
||||
exit(EXIT_FAILURE);
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
// Move to the end of the file
|
||||
if (lseek(fd, 0, SEEK_END) == -1) {
|
||||
perror("lseek");
|
||||
close(fd);
|
||||
exit(EXIT_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
int inotify_fd = inotify_init();
|
||||
if (inotify_fd < 0) {
|
||||
perror("inotify_init");
|
||||
close(fd);
|
||||
exit(EXIT_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
int wd = inotify_add_watch(inotify_fd, filename, IN_MODIFY);
|
||||
int wd = inotify_add_watch(inotify_fd, p->NGINX_LOG_FILE, IN_MODIFY);
|
||||
if (wd == -1) {
|
||||
perror("inotify_add_watch");
|
||||
close(inotify_fd);
|
||||
close(fd);
|
||||
exit(EXIT_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
char buffer[EVENT_BUF_LEN];
|
||||
@ -76,14 +87,14 @@ void nginx_read_log(const char *filename) {
|
||||
inotify_rm_watch(inotify_fd, wd);
|
||||
close(inotify_fd);
|
||||
close(fd);
|
||||
exit(EXIT_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) {
|
||||
perror("fcntl F_SETFL");
|
||||
inotify_rm_watch(inotify_fd, wd);
|
||||
close(inotify_fd);
|
||||
close(fd);
|
||||
exit(EXIT_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
// Initial dynamic buffer allocation
|
||||
@ -94,7 +105,7 @@ void nginx_read_log(const char *filename) {
|
||||
inotify_rm_watch(inotify_fd, wd);
|
||||
close(inotify_fd);
|
||||
close(fd);
|
||||
exit(EXIT_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
while (1) {
|
||||
@ -110,7 +121,7 @@ void nginx_read_log(const char *filename) {
|
||||
int bytes_read;
|
||||
while ((bytes_read = read(fd, read_buf, buffer_size - 1)) > 0) {
|
||||
read_buf[bytes_read] = '\0';
|
||||
IP_location(read_buf);
|
||||
IP_location(read_buf, p);
|
||||
}
|
||||
if (bytes_read == -1 && errno != EAGAIN) {
|
||||
perror("read");
|
||||
@ -124,4 +135,6 @@ void nginx_read_log(const char *filename) {
|
||||
inotify_rm_watch(inotify_fd, wd);
|
||||
close(inotify_fd);
|
||||
close(fd);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
6
nginx.h
6
nginx.h
@ -9,7 +9,11 @@
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
|
||||
#include "rhost.h"
|
||||
#include "libiptc.h"
|
||||
#include "ip2region/ip2region.h"
|
||||
|
||||
extern void nginx_read_log(const char *filename);
|
||||
|
||||
extern int nginx_read_log(const char *filename, conf * conf);
|
||||
|
||||
#endif
|
||||
|
49
rhost.c
49
rhost.c
@ -1,11 +1,51 @@
|
||||
#include "conf.h"
|
||||
#include "rhost.h"
|
||||
|
||||
#include "libiptc.h"
|
||||
#include "libclamav.h"
|
||||
#include "clamscan.h"
|
||||
|
||||
#include "ccronexpr.h"
|
||||
#include "nginx.h"
|
||||
#include "./cJSON/cJSON.h"
|
||||
#include "ip2region/ip2region.h"
|
||||
|
||||
// CRON
|
||||
#define MAX_SECONDS 60
|
||||
#define CRON_MAX_MINUTES 60
|
||||
#define CRON_MAX_HOURS 24
|
||||
#define CRON_MAX_DAYS_OF_WEEK 8
|
||||
#define CRON_MAX_DAYS_OF_MONTH 32
|
||||
#define CRON_MAX_MONTHS 12
|
||||
|
||||
#define INVALID_INSTANT ((time_t) -1)
|
||||
|
||||
#define DATE_FORMAT "%Y-%m-%d_%H:%M:%S"
|
||||
|
||||
#ifndef ARRAY_LEN
|
||||
#define ARRAY_LEN(x) sizeof(x)/sizeof(x[0])
|
||||
#endif
|
||||
|
||||
#ifdef CRON_TEST_MALLOC
|
||||
static int cronAllocations = 0;
|
||||
static int cronTotalAllocations = 0;
|
||||
static int maxAlloc = 0;
|
||||
void* cron_malloc(size_t n)
|
||||
{
|
||||
cronAllocations++;
|
||||
cronTotalAllocations++;
|
||||
if (cronAllocations > maxAlloc)
|
||||
{
|
||||
maxAlloc = cronAllocations;
|
||||
}
|
||||
return malloc(n);
|
||||
}
|
||||
|
||||
void cron_free(void* p)
|
||||
{
|
||||
cronAllocations--;
|
||||
free(p);
|
||||
}
|
||||
#endif
|
||||
// CRON END
|
||||
|
||||
// 存储公网IP
|
||||
char *public_ip;
|
||||
@ -1131,10 +1171,10 @@ goto_daemon:
|
||||
}
|
||||
} else {
|
||||
// 父进程
|
||||
|
||||
printf("The parent process processes Nginx logs!!!");
|
||||
while(1)
|
||||
{
|
||||
nginx_read_log("/usr/local/nginx/logs/access.log");
|
||||
nginx_read_log(conf->NGINX_LOG_FILE, conf);
|
||||
|
||||
sleep(1);
|
||||
}
|
||||
@ -1150,7 +1190,6 @@ goto_daemon:
|
||||
for (i = 1; i < head_argc; i++) {
|
||||
if (head_argvs[i])
|
||||
free(head_argvs[i]);
|
||||
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
@ -3,8 +3,10 @@ global {
|
||||
DAEMON = "off"; // on开启后台运行,off不开启(弃用)
|
||||
TIME = "10"; // 睡眠时间(大于等于1,单位秒)
|
||||
|
||||
|
||||
PUBLIC_IP = "http://inet-ip.info"; // 获取公网IP
|
||||
|
||||
|
||||
IS_DISK = 1; // 磁盘使用率(1开启,非1关闭)
|
||||
DISK_USE = 95; // 任意某块磁盘使用率告警(大于等于1)
|
||||
|
||||
@ -12,6 +14,7 @@ global {
|
||||
IS_BLOCKED = 1; // 是否封禁攻击IP(1开启,非1关闭)
|
||||
REFUSE_NUMBER = 3; // 拒绝攻击次数
|
||||
|
||||
|
||||
CLAMAV = 1; // clamav 是否扫描病毒(1开启,非1关闭)
|
||||
CLAMAV_ARG = "-r / --exclude-dir=^/sys|^/dev|^/proc|^/opt/infected|^/root|^/home|^/mnt|^/usr|^/var --move=/opt/infected --max-filesize 1024M -l clamscan.log";
|
||||
CLAMAV_TIME = "* 7 23 * * *"; // clamav 扫描时间(Cron格式, 秒 分 时 天 月 周)
|
||||
@ -24,6 +27,11 @@ global {
|
||||
REGION = 1; // 是否启用地域白名单(1开启,非1关闭)
|
||||
IP2REGION = 1; // 是否使用本地 ip2region 地址定位库(1使用,非1不使用)
|
||||
REGION_LIST = "河南 郑州 上海"; // 地域列表(空格隔开)
|
||||
|
||||
|
||||
NGINX = 1; // 是否启用Nginx白名单
|
||||
NGINX_LOG_FILE= "/usr/local/nginx/logs/access.log"; // Nginx 日志文件
|
||||
NGINX_REGION_LIST = "中国 河南 郑州 上海"; // 地域列表(空格隔开)
|
||||
|
||||
|
||||
IS_MAIL = 0; // 开启邮件告警(1开启,非1关闭)
|
||||
|
53
rhost.h
53
rhost.h
@ -12,14 +12,11 @@
|
||||
#include <curl/curl.h>
|
||||
#include <sys/types.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <time.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
#include <assert.h>
|
||||
#include <limits.h>
|
||||
|
||||
#include "./cJSON/cJSON.h"
|
||||
#include "ip2region/ip2region.h"
|
||||
|
||||
#include "conf.h"
|
||||
|
||||
typedef struct now_next_time
|
||||
{
|
||||
@ -42,51 +39,6 @@ typedef struct now_next_time
|
||||
|
||||
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <limits.h>
|
||||
|
||||
#include "ccronexpr.h"
|
||||
|
||||
#define MAX_SECONDS 60
|
||||
#define CRON_MAX_MINUTES 60
|
||||
#define CRON_MAX_HOURS 24
|
||||
#define CRON_MAX_DAYS_OF_WEEK 8
|
||||
#define CRON_MAX_DAYS_OF_MONTH 32
|
||||
#define CRON_MAX_MONTHS 12
|
||||
|
||||
#define INVALID_INSTANT ((time_t) -1)
|
||||
|
||||
#define DATE_FORMAT "%Y-%m-%d_%H:%M:%S"
|
||||
|
||||
#ifndef ARRAY_LEN
|
||||
#define ARRAY_LEN(x) sizeof(x)/sizeof(x[0])
|
||||
#endif
|
||||
|
||||
#ifdef CRON_TEST_MALLOC
|
||||
static int cronAllocations = 0;
|
||||
static int cronTotalAllocations = 0;
|
||||
static int maxAlloc = 0;
|
||||
void* cron_malloc(size_t n)
|
||||
{
|
||||
cronAllocations++;
|
||||
cronTotalAllocations++;
|
||||
if (cronAllocations > maxAlloc)
|
||||
{
|
||||
maxAlloc = cronAllocations;
|
||||
}
|
||||
return malloc(n);
|
||||
}
|
||||
|
||||
void cron_free(void* p)
|
||||
{
|
||||
cronAllocations--;
|
||||
free(p);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
#define COLOR_NONE "\033[0m" //表示清除前面设置的格式
|
||||
@ -123,5 +75,6 @@ void cron_free(void* p)
|
||||
extern void read_conf(char *filename, conf * configure);
|
||||
extern void free_conf(conf * conf);
|
||||
extern void ptintf_conf(conf * conf);
|
||||
extern int isregion(char *str, char (*region_list)[WHITELIST_IP_NUM]);
|
||||
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user