diff --git a/Makefile b/Makefile index d0b9a01..d49ab05 100644 --- a/Makefile +++ b/Makefile @@ -36,8 +36,9 @@ LIBCOMMON__CFLAGS += -DHAVE_CONFIG_H -I./clamav/common -I./clamav/libclamav -I./ LIBCOMMON_LIB += ./clamav/common/cert_util.c.o ./clamav/common/actions.c.o ./clamav/common/clamdcom.c.o ./clamav/common/getopt.c.o ./clamav/common/hostid.c.o ./clamav/common/idmef_logging.c.o ./clamav/common/misc.c.o ./clamav/common/optparser.c.o ./clamav/common/output.c.o ./clamav/common/tar.c.o ./clamav/common/linux/cert_util_linux.c.o +all: libclamav_rust libclamav rhost -all: conf.o rhost.o libiptc.o ccronexpr.o +rhost: conf.o rhost.o libiptc.o ccronexpr.o $(CC) $(ip2region_CFLAGS) ip2region/ip2region.c $(CC) $(ip2region_CFLAGS) ip2region/xdb_searcher.c $(CC) $(cJSON_CFLAGS) cJSON/cJSON.c @@ -53,7 +54,6 @@ all: conf.o rhost.o libiptc.o ccronexpr.o chmod +x $(OBG) - libclamav_rust: cd clamav/libclamav_rust && $(CMAKE) -E env CARGO_CMD=build CARGO_TARGET_DIR=./ MAINTAINER_MODE=OFF RUSTFLAGS="" \ cargo build --target $(ARCH) --target-dir ./ diff --git a/README.md b/README.md index 15ba527..07d19c8 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ ```text 适用系统: - Debian 11 + Debian 11、12 Centos 7 支持系统病毒扫描 支持一次运行检测、后台运行检测 @@ -52,8 +52,6 @@ cd /root git clone https://git.aixiao.me/aixiao/denyhosts cd denyhosts make clean -make libclamav_rust -make libclamav make all 或 bash build.sh diff --git a/rhost.c b/rhost.c index c20353e..13b2cc9 100644 --- a/rhost.c +++ b/rhost.c @@ -468,6 +468,36 @@ char *_time() return strdup(temp); } +int system_version() { + FILE *fp = fopen("/etc/debian_version", "r"); + + if (fp == NULL) { + perror("Failed to open file"); + return 0; + } + + char buff[256]; + if (fgets(buff, sizeof(buff), fp) == NULL) { + fclose(fp); + perror("Failed to read file"); + return 0; + } + + fclose(fp); + + size_t len = strlen(buff); + if (len <= 0) { + return 0; + } + + // Remove trailing newline character, if present + if (buff[len - 1] == '\n') { + buff[len - 1] = '\0'; + } + + return atoi(buff); +} + // 封禁非法IP int rule(conf * conf) { @@ -501,20 +531,32 @@ int rule(conf * conf) if (DEBISN_SYSTEM == check_system()) // Debian 系统规则 { - if (tp->tm_mday >= 10) + if (system_version() >= 12) { - if ((fp = popen(GE_10, "r")) == NULL) + if ((fp = popen(GE_12, "r")) == NULL) { - perror("GE_10"); + perror("GE_12"); return -1; } } else { - if ((fp = popen(LE_10, "r")) == NULL) + if (tp->tm_mday >= 10) { - perror("LE_10"); - return -1; + if ((fp = popen(GE_10, "r")) == NULL) + { + perror("GE_10"); + return -1; + } + + } + else + { + if ((fp = popen(LE_10, "r")) == NULL) + { + perror("LE_10"); + return -1; + } } } } @@ -936,8 +978,8 @@ static char help_information(void) "Options:", " -d : Background running", " -? -h --help : help information", - " The configuration file needs to be in the same directory as the executable file!", - " 配置文件需要与可执行文件位于同一目录中!", + " The configuration file needs to be in the same directory as the executable file!(default rhost.conf)", + " 配置文件需要与可执行文件位于同一目录中!(默认 rhost.conf)", "", "", 0 diff --git a/rhost.h b/rhost.h index 950dee2..393db05 100644 --- a/rhost.h +++ b/rhost.h @@ -107,7 +107,9 @@ void cron_free(void* p) #define BUILD(fmt...) do { fprintf(stderr,"%s %s ",__DATE__,__TIME__); fprintf(stderr, ##fmt); } while(0) #define AWK " | awk -v num=%d '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}' " + #define GE_10 "grep -E \"^$(LC_ALL=\"C\" date \"+%h\").$(LC_ALL=\"C\" date \"+%d\")\" /var/log/auth.log | grep failure | grep rhost" +#define GE_12 "grep -E \"^$(LC_ALL=\"C\" date +\"%Y-%m-%d\")\" /var/log/auth.log | grep failure | grep rhost" #define LE_10 "grep -E \"^$(LC_ALL=\"C\" date \"+%h\")..$(LC_ALL=\"C\" date | awk '{print $3}')\" /var/log/auth.log | grep failure | grep rhost" #define CENTOS_GE_10 "grep -E \"^$(LC_ALL=\"C\" date \"+%h\").$(LC_ALL=\"C\" date \"+%d\")\" /var/log/secure | grep failure | grep rhost"