From 78ffb8d0175c7e3ab002668c9a1506b3c8de4edb Mon Sep 17 00:00:00 2001 From: aixiao Date: Thu, 29 Sep 2022 14:45:29 +0800 Subject: [PATCH] =?UTF-8?q?=E6=A0=BC=E5=BC=8F=E5=8C=96=E9=A3=8E=E6=A0=BC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- conf.c | 32 +++++++-------- conf.h | 14 +++---- libiptc.c | 30 ++++++-------- libiptc.h | 5 +-- rhost.c | 118 +++++++++++++++++++++++------------------------------- rhost.h | 9 ++--- 6 files changed, 90 insertions(+), 118 deletions(-) diff --git a/conf.c b/conf.c index eda3da1..3ea1af8 100644 --- a/conf.c +++ b/conf.c @@ -81,7 +81,7 @@ static void parse_global_module(char *content, conf * conf) while ((lineEnd = set_var_val_lineEnd(content, &var, &val_begin, &val_end)) != NULL) { if (strcasecmp(var, "DAEMON") == 0) { val_begin_len = val_end - val_begin; - + if (copy_new_mem(val_begin, val_begin_len, &conf->DAEMON) != 0) return; } @@ -89,56 +89,56 @@ static void parse_global_module(char *content, conf * conf) if (strcasecmp(var, "TIME") == 0) { val_begin_len = val_end - val_begin; conf->TIME = atoi(val_begin); - + } - + if (strcasecmp(var, "REFUSE_NUMBER") == 0) { val_begin_len = val_end - val_begin; conf->REFUSE_NUMBER = atoi(val_begin); - + } - + if (strcasecmp(var, "IS_MAIL") == 0) { val_begin_len = val_end - val_begin; conf->IS_MAIL = atoi(val_begin); - + } - + if (strcasecmp(var, "IS_DING_WEBHOOK") == 0) { val_begin_len = val_end - val_begin; conf->IS_DING_WEBHOOK = atoi(val_begin); - + } - + if (strcasecmp(var, "PHONE") == 0) { val_begin_len = val_end - val_begin; if (copy_new_mem(val_begin, val_begin_len, &conf->PHONE) != 0) return; } - + if (strcasecmp(var, "DING_WEBHOOK") == 0) { val_begin_len = val_end - val_begin; if (copy_new_mem(val_begin, val_begin_len, &conf->DING_WEBHOOK) != 0) return; } - + if (strcasecmp(var, "IS_QQMAIL") == 0) { val_begin_len = val_end - val_begin; conf->IS_QQMAIL = atoi(val_begin); } - + if (strcasecmp(var, "SEND_QQ") == 0) { val_begin_len = val_end - val_begin; if (copy_new_mem(val_begin, val_begin_len, &conf->SEND_QQ) != 0) return; } - + if (strcasecmp(var, "QQMAIL_KEY") == 0) { val_begin_len = val_end - val_begin; if (copy_new_mem(val_begin, val_begin_len, &conf->QQMAIL_KEY) != 0) return; } - + if (strcasecmp(var, "RECV_MAIL") == 0) { val_begin_len = val_end - val_begin; if (copy_new_mem(val_begin, val_begin_len, &conf->RECV_MAIL) != 0) @@ -212,11 +212,11 @@ void free_conf(conf * conf) free(conf->SEND_QQ); free(conf->QQMAIL_KEY); free(conf->RECV_MAIL); - + return; } -void ptintf_conf(conf *conf) +void ptintf_conf(conf * conf) { printf("%s\n", conf->DAEMON); printf("%d\n", conf->TIME); diff --git a/conf.h b/conf.h index 75ba8be..c32a0db 100644 --- a/conf.h +++ b/conf.h @@ -10,23 +10,23 @@ typedef struct CONF { char *DAEMON; int TIME; - + int REFUSE_NUMBER; - + int IS_MAIL; - + int IS_DING_WEBHOOK; char *PHONE; char *DING_WEBHOOK; - + int IS_QQMAIL; char *SEND_QQ; char *QQMAIL_KEY; char *RECV_MAIL; } conf; -void read_conf(char *filename, conf *configure); +void read_conf(char *filename, conf * configure); void free_conf(conf * conf); -void ptintf_conf(conf *conf); +void ptintf_conf(conf * conf); -#endif \ No newline at end of file +#endif diff --git a/libiptc.c b/libiptc.c index 48ba643..1ef5b16 100644 --- a/libiptc.c +++ b/libiptc.c @@ -2,7 +2,7 @@ int x_get_rule(const char *chain, struct xtc_handle *handle, char *ipv4) { - int r=1; + int r = 1; const struct ipt_entry *entry; struct ipt_entry_match *entry_match; @@ -15,9 +15,8 @@ int x_get_rule(const char *chain, struct xtc_handle *handle, char *ipv4) inet_ntop(AF_INET, &(entry->ip.dst), addr, sizeof(addr)); //printf("%s\n", addr); //printf("%s\n", t); - if (0 == strcmp(ipv4, addr) && 0 == strcmp(t, "DROP") && 0 == strcmp(entry_match->u.user.name, "tcp")) - { - r=0; + if (0 == strcmp(ipv4, addr) && 0 == strcmp(t, "DROP") && 0 == strcmp(entry_match->u.user.name, "tcp")) { + r = 0; break; } } @@ -28,25 +27,24 @@ int x_get_rule(const char *chain, struct xtc_handle *handle, char *ipv4) int show_all_rule(char *ipv4) { - int r=0; + int r = 0; struct xtc_handle *handle; const char *chain = NULL; struct ipt_counters counter; - + handle = iptc_init("filter"); - for (chain = iptc_first_chain(handle); chain; chain = iptc_next_chain(handle)) - { + for (chain = iptc_first_chain(handle); chain; chain = iptc_next_chain(handle)) { if (chain != NULL && handle != NULL) { iptc_get_policy(chain, &counter, handle); } r = x_get_rule(chain, handle, ipv4); - if (r==0){ + if (r == 0) { break; } } - + return r; } @@ -82,7 +80,7 @@ struct ipt_entry_match *get_match(const char *sports, const char *dports, unsign size = IPT_ALIGN(sizeof(*match)) + IPT_ALIGN(sizeof(*udpinfo)); match = (struct ipt_entry_match *)calloc(1, size); match->u.match_size = size; - strncpy(match->u.user.name, protocol, IPT_FUNCTION_MAXNAMELEN-2); + strncpy(match->u.user.name, protocol, IPT_FUNCTION_MAXNAMELEN - 2); udpinfo = (struct ipt_udp *)match->data; udpinfo->spts[1] = udpinfo->dpts[1] = 0xFFFF; @@ -99,8 +97,7 @@ struct ipt_entry_match *get_match(const char *sports, const char *dports, unsign return match; } -int iptc_add_rule(const char *table, const char *chain, int protocol, const char *iniface, const char *outiface, unsigned int src, - unsigned int dest, const char *srcports, const char *destports, const char *target, const char *dnat_to, const int append) +int iptc_add_rule(const char *table, const char *chain, int protocol, const char *iniface, const char *outiface, unsigned int src, unsigned int dest, const char *srcports, const char *destports, const char *target, const char *dnat_to, const int append) { struct xtc_handle *handle; struct ipt_entry *chain_entry; @@ -149,14 +146,14 @@ int iptc_add_rule(const char *table, const char *chain, int protocol, const char if (chain_entry == NULL) { free(tmp_ipt); } - + memcpy(chain_entry->elems + match_size, entry_target, entry_target->u.target_size); chain_entry->target_offset = sizeof(*chain_entry) + match_size; chain_entry->next_offset = sizeof(*chain_entry) + match_size + entry_target->u.target_size; if (entry_match) { memcpy(chain_entry->elems, entry_match, match_size); } - + handle = iptc_init(table); if (!handle) { printf("libiptc error: Can't initialize table %s, %s\n", table, iptc_strerror(errno)); @@ -200,11 +197,10 @@ int iptc_add_rule(const char *table, const char *chain, int protocol, const char return 1; } - if (entry_match) free(entry_match); free(entry_target); free(chain_entry); - + return 0; } diff --git a/libiptc.h b/libiptc.h index 3d56ab3..749a83f 100644 --- a/libiptc.h +++ b/libiptc.h @@ -18,7 +18,6 @@ /* Dest port. */ #define NFC_IP_DST_PT 0x0400 - #ifndef IPT_MIN_ALIGN #define IPT_MIN_ALIGN (__alignof__(struct ipt_entry)) #endif @@ -30,9 +29,7 @@ #define IPTC_TARGET_SIZE XT_ALIGN(sizeof(struct ipt_entry_target)) #define IPTC_FULL_SIZE IPTC_ENTRY_SIZE + IPTC_MATCH_SIZE + IPTC_TARGET_SIZE - int show_all_rule(char *ipv4); -int iptc_add_rule(const char *table, const char *chain, int protocol, const char *iniface, const char *outiface, unsigned int src, - unsigned int dest, const char *srcports, const char *destports, const char *target, const char *dnat_to, const int append); +int iptc_add_rule(const char *table, const char *chain, int protocol, const char *iniface, const char *outiface, unsigned int src, unsigned int dest, const char *srcports, const char *destports, const char *target, const char *dnat_to, const int append); #endif diff --git a/rhost.c b/rhost.c index c59b472..8ed7dd6 100644 --- a/rhost.c +++ b/rhost.c @@ -58,7 +58,6 @@ static char *GET_PUBLIC_IP(char *URL) //对于同一次阻塞的curl_easy_perform而言,在写完获取的数据之前,会多次调用 WriteMemoryCallback res = curl_easy_perform(curl_handle); - if (res != CURLE_OK) { fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res)); } else { @@ -85,34 +84,31 @@ int check_system() } // 钉钉告警 -int dingding_warning(char *illegal_ip, char *public_ip, conf *conf) +int dingding_warning(char *illegal_ip, char *public_ip, conf * conf) { FILE *fp; char temp[64]; char jsonObj[BUFFER]; - - + memset(jsonObj, 0, BUFFER); memset(temp, 0, 64); strcpy(temp, public_ip); - temp[strlen(public_ip)-1] = '\0'; - - if ((fp = fopen("libcurl_ding.log", "wt+")) == NULL) - { + temp[strlen(public_ip) - 1] = '\0'; + + if ((fp = fopen("libcurl_ding.log", "wt+")) == NULL) { return 1; } - + CURL *curl; CURLcode res; curl_global_init(CURL_GLOBAL_ALL); curl = curl_easy_init(); - if (curl == NULL) - { + if (curl == NULL) { return 1; } - #define JSIN "{ \ + #define JSIN "{ \ \"msgtype\": \"text\", \ \"text\": { \ \"content\": \"Alert @%s 服务器地址:%s,封禁非法入侵主机:%s\" \ @@ -139,40 +135,37 @@ int dingding_warning(char *illegal_ip, char *public_ip, conf *conf) curl_easy_setopt(curl, CURLOPT_POSTFIELDS, jsonObj); curl_easy_setopt(curl, CURLOPT_USERAGENT, "libcurl/0.1"); curl_easy_setopt(curl, CURLOPT_WRITEDATA, fp); - + res = curl_easy_perform(curl); curl_easy_cleanup(curl); curl_global_cleanup(); fclose(fp); - + return res; } // 邮件告警 -int mail_warning(char *illegal_ip, char *public_ip, conf *conf) +int mail_warning(char *illegal_ip, char *public_ip, conf * conf) { FILE *fp = NULL; char buff[BUFFER]; char text[BUFFER]; char temp[64]; - - + memset(buff, 0, BUFFER); memset(text, 0, BUFFER); memset(temp, 0, 64); - + strcpy(temp, public_ip); - temp[strlen(public_ip)-1] = '\0'; + temp[strlen(public_ip) - 1] = '\0'; sprintf(text, "echo \"主机:%s, 禁止%s访问\" | mail -s \"System ban IP\" %s", temp, illegal_ip, conf->RECV_MAIL); - if (NULL == (fp = popen(text, "r"))) - { + if (NULL == (fp = popen(text, "r"))) { perror("popen text"); } - while (fgets(buff, BUFFER, fp) != NULL) - { + while (fgets(buff, BUFFER, fp) != NULL) { buff[strlen(buff) - 1] = '\0'; } @@ -183,32 +176,30 @@ int mail_warning(char *illegal_ip, char *public_ip, conf *conf) } // 第三方邮箱告警 -int QQ_mail_warning(char *illegal_ip, char *public_ip, conf *conf) +int QQ_mail_warning(char *illegal_ip, char *public_ip, conf * conf) { - char string[BUFFER+(sizeof(QQMAIL))]; + char string[BUFFER + (sizeof(QQMAIL))]; char text[BUFFER]; char temp[32]; - memset(string, 0, BUFFER+(sizeof(QQMAIL))); + memset(string, 0, BUFFER + (sizeof(QQMAIL))); memset(text, 0, BUFFER); memset(temp, 0, 32); - - + strcpy(temp, public_ip); - temp[strlen(public_ip)-1] = '\0'; - + temp[strlen(public_ip) - 1] = '\0'; + sprintf(text, "主机:%s, 禁止%s访问", temp, illegal_ip); sprintf(string, QQMAIL, conf->RECV_MAIL, text); - return system(string); } // 封禁非法IP -int rule(conf *conf) +int rule(conf * conf) { FILE *fp, *fc; - + //char p[2], splice_command[LONG_BUFFER], command[LONG_BUFFER], *temp, buffer[BUFFER], awk[BUFFER], iptables[BUFFER + (sizeof(IPTABLES))], iptables_check[BUFFER + (sizeof(IPTABLES_CHECK))]; char p[2], splice_command[LONG_BUFFER], command[LONG_BUFFER], *temp, buffer[BUFFER], awk[BUFFER]; @@ -264,7 +255,7 @@ int rule(conf *conf) strcat(splice_command, "\n"); } } - printf("%s", splice_command); // 打印所有非法IP + printf("%s", splice_command); // 打印所有非法IP // 拼接命令 sprintf(awk, AWK, conf->REFUSE_NUMBER); @@ -273,54 +264,53 @@ int rule(conf *conf) strcat(command, "\""); strcat(command, awk); - - if ((fp = popen(command, "r")) == NULL) // 执行命令 + if ((fp = popen(command, "r")) == NULL) // 执行命令 { perror("popen command"); return 1; } - while (fgets(buffer, BUFFER, fp) != NULL) // 执行命令后, 为空时就不会 + while (fgets(buffer, BUFFER, fp) != NULL) // 执行命令后, 为空时就不会 { - buffer[strlen(buffer) - 1] = '\0'; // 去除回车 + buffer[strlen(buffer) - 1] = '\0'; // 去除回车 //sprintf(iptables, IPTABLES, buffer); //sprintf(iptables_check, IPTABLES_CHECK, buffer); //if (0 != system(iptables_check)) // 调用iptables命令判断是否存在规则, 不存在时再添加规则 - if (0 != show_all_rule(buffer)) // libiptc库判断 + if (0 != show_all_rule(buffer)) // libiptc库判断 { - if (conf->IS_DING_WEBHOOK == 1) // 钉钉告警 + if (conf->IS_DING_WEBHOOK == 1) // 钉钉告警 { dingding_warning(buffer, public_ip, conf); sleep(3); } - - if (conf->IS_MAIL == 1) // 邮件告警 + + if (conf->IS_MAIL == 1) // 邮件告警 { mail_warning(buffer, public_ip, conf); sleep(3); } - - if (conf->IS_QQMAIL == 1) // 邮件告警 + + if (conf->IS_QQMAIL == 1) // 邮件告警 { QQ_mail_warning(buffer, public_ip, conf); sleep(3); } - + /* - // 调用命令下发规则 - if ((fc = popen(iptables, "r")) == NULL) { - perror("popen iptables"); - return 1; - } - */ - + // 调用命令下发规则 + if ((fc = popen(iptables, "r")) == NULL) { + perror("popen iptables"); + return 1; + } + */ + // libiptc 库插入规则 iptables -t filter -A INPUT -p tcp -s xxxx -j DROP unsigned int destIp; inet_pton(AF_INET, buffer, &destIp); iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, 0, destIp, NULL, NULL, "DROP", NULL, 1); - + } } @@ -340,7 +330,7 @@ static void sig_child(int signo) int stat; // 处理僵尸进程 while ((pid = waitpid(-1, &stat, WNOHANG)) > 0) ; - + return; } @@ -349,23 +339,19 @@ int main(int argc, char *argv[], char **env) conf *conf = (struct CONF *)malloc(sizeof(struct CONF)); read_conf("rhost.conf", conf); //ptintf_conf(conf); - - + // 新版本获取公网IP public_ip = GET_PUBLIC_IP("http://ip.sb"); - + //printf("%s", public_ip); - signal(SIGCHLD, sig_child); // 创建捕捉子进程退出信号 - if (0 == strcmp(conf->DAEMON, "on")) - { + if (0 == strcmp(conf->DAEMON, "on")) { goto goto_daemon; } - if (argv[1] != NULL && 0 == strcmp(argv[1], "-d")) - { + if (argv[1] != NULL && 0 == strcmp(argv[1], "-d")) { goto_daemon: if (daemon(1, 1)) // 守护进程 { @@ -378,17 +364,13 @@ goto_daemon: sleep(conf->TIME); } - } - else - { + } else { rule(conf); } - free_conf(conf); free(conf); free(public_ip); - + return 0; } - diff --git a/rhost.h b/rhost.h index ed63421..83c863a 100644 --- a/rhost.h +++ b/rhost.h @@ -13,7 +13,6 @@ #include #include - #define CENTOS_SYSTEM 1 #define DEBISN_SYSTEM 2 #define UNKNOWN_SYSTEM 3 @@ -33,10 +32,8 @@ #define QQMAIL "email -r %s -s \"System ban IP\" -t \"%s\"" - -extern void read_conf(char *filename, conf *configure); +extern void read_conf(char *filename, conf * configure); extern void free_conf(conf * conf); -extern void ptintf_conf(conf *conf); +extern void ptintf_conf(conf * conf); - -#endif \ No newline at end of file +#endif