日志格式输出
This commit is contained in:
parent
bc6e6b253c
commit
ce349a46a6
@ -8,7 +8,7 @@ char *ip2region(char *xdb_file, char *ip)
|
|||||||
xdb_vector_index_t *v_index;
|
xdb_vector_index_t *v_index;
|
||||||
xdb_searcher_t searcher;
|
xdb_searcher_t searcher;
|
||||||
char region_buffer[256];
|
char region_buffer[256];
|
||||||
long s_time;
|
//long s_time;
|
||||||
|
|
||||||
// 1、从 db_path 加载 VectorIndex 索引。
|
// 1、从 db_path 加载 VectorIndex 索引。
|
||||||
// 得到 v_index 做成全局缓存,便于后续反复使用。
|
// 得到 v_index 做成全局缓存,便于后续反复使用。
|
||||||
@ -28,7 +28,7 @@ char *ip2region(char *xdb_file, char *ip)
|
|||||||
|
|
||||||
// 3、调用 search API 查询
|
// 3、调用 search API 查询
|
||||||
// 得到的 region 信息会存储到 region_buffer 里面,如果你自定义了数据,请确保给足 buffer 的空间。
|
// 得到的 region 信息会存储到 region_buffer 里面,如果你自定义了数据,请确保给足 buffer 的空间。
|
||||||
s_time = xdb_now();
|
//s_time = xdb_now();
|
||||||
err = xdb_search_by_string(&searcher, ip, region_buffer, sizeof(region_buffer));
|
err = xdb_search_by_string(&searcher, ip, region_buffer, sizeof(region_buffer));
|
||||||
if (err != 0) {
|
if (err != 0) {
|
||||||
printf("failed search(%s) with errno=%d\n", ip, err);
|
printf("failed search(%s) with errno=%d\n", ip, err);
|
||||||
|
94
rhost.c
94
rhost.c
@ -15,6 +15,23 @@ struct MemoryStruct
|
|||||||
size_t size;
|
size_t size;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// 计算字符串长度
|
||||||
|
int _strlen(char *str)
|
||||||
|
{
|
||||||
|
char *_p = NULL;
|
||||||
|
|
||||||
|
|
||||||
|
if (str == NULL)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
_p = strchr(str, '\0');
|
||||||
|
|
||||||
|
if (_p == NULL)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
return _p-str;
|
||||||
|
}
|
||||||
|
|
||||||
static size_t WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp)
|
static size_t WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp)
|
||||||
{
|
{
|
||||||
size_t realsize = size * nmemb;
|
size_t realsize = size * nmemb;
|
||||||
@ -131,7 +148,7 @@ char *process_json(char *buff, char *api)
|
|||||||
for (i = 0; i < cJSON_GetArraySize(data); i++) {
|
for (i = 0; i < cJSON_GetArraySize(data); i++) {
|
||||||
cJSON *svalue = cJSON_GetArrayItem(data, i);
|
cJSON *svalue = cJSON_GetArrayItem(data, i);
|
||||||
cJSON *location = cJSON_GetObjectItem(svalue, "location");
|
cJSON *location = cJSON_GetObjectItem(svalue, "location");
|
||||||
area_len = strlen(location->valuestring);
|
area_len = _strlen(location->valuestring);
|
||||||
|
|
||||||
area = (char *)alloca(area_len + 1);
|
area = (char *)alloca(area_len + 1);
|
||||||
if (area == NULL)
|
if (area == NULL)
|
||||||
@ -180,7 +197,7 @@ int dingding_warning(char *illegal_ip, char *public_ip, char *ip, conf * conf)
|
|||||||
memset(jsonObj, 0, BUFFER);
|
memset(jsonObj, 0, BUFFER);
|
||||||
memset(temp, 0, 64);
|
memset(temp, 0, 64);
|
||||||
strcpy(temp, public_ip);
|
strcpy(temp, public_ip);
|
||||||
temp[strlen(public_ip) - 1] = '\0';
|
temp[_strlen(public_ip) - 1] = '\0';
|
||||||
|
|
||||||
if ((fp = fopen("libcurl.log", "wt+")) == NULL)
|
if ((fp = fopen("libcurl.log", "wt+")) == NULL)
|
||||||
{
|
{
|
||||||
@ -247,7 +264,7 @@ int mail_warning(char *illegal_ip, char *public_ip, char *ip, conf * conf)
|
|||||||
memset(temp, 0, 64);
|
memset(temp, 0, 64);
|
||||||
|
|
||||||
strcpy(temp, public_ip);
|
strcpy(temp, public_ip);
|
||||||
temp[strlen(public_ip) - 1] = '\0';
|
temp[_strlen(public_ip) - 1] = '\0';
|
||||||
snprintf(text, BUFFER, "echo \"主机:%s, 禁止(%s%s)访问\" | mail -s \"System ban IP\" %s", temp, ip, illegal_ip, conf->RECV_MAIL);
|
snprintf(text, BUFFER, "echo \"主机:%s, 禁止(%s%s)访问\" | mail -s \"System ban IP\" %s", temp, ip, illegal_ip, conf->RECV_MAIL);
|
||||||
|
|
||||||
if (NULL == (fp = popen(text, "r")))
|
if (NULL == (fp = popen(text, "r")))
|
||||||
@ -257,7 +274,7 @@ int mail_warning(char *illegal_ip, char *public_ip, char *ip, conf * conf)
|
|||||||
|
|
||||||
while (fgets(buff, BUFFER, fp) != NULL)
|
while (fgets(buff, BUFFER, fp) != NULL)
|
||||||
{
|
{
|
||||||
buff[strlen(buff) - 1] = '\0';
|
buff[_strlen(buff) - 1] = '\0';
|
||||||
}
|
}
|
||||||
|
|
||||||
if (NULL != fp)
|
if (NULL != fp)
|
||||||
@ -278,7 +295,7 @@ int QQ_mail_warning(char *illegal_ip, char *public_ip, char *ip, conf * conf)
|
|||||||
memset(temp, 0, 32);
|
memset(temp, 0, 32);
|
||||||
|
|
||||||
strcpy(temp, public_ip);
|
strcpy(temp, public_ip);
|
||||||
temp[strlen(public_ip) - 1] = '\0';
|
temp[_strlen(public_ip) - 1] = '\0';
|
||||||
|
|
||||||
snprintf(text, BUFFER, "主机:%s, 禁止(%s%s)访问!", temp, ip, illegal_ip);
|
snprintf(text, BUFFER, "主机:%s, 禁止(%s%s)访问!", temp, ip, illegal_ip);
|
||||||
snprintf(string, BUFFER + (sizeof(QQMAIL)) + 1, QQMAIL, conf->RECV_MAIL, text);
|
snprintf(string, BUFFER + (sizeof(QQMAIL)) + 1, QQMAIL, conf->RECV_MAIL, text);
|
||||||
@ -302,7 +319,7 @@ int QQ_mail_warning_Virus_files(char *local_ip, int Virus_number, conf * conf)
|
|||||||
memset(temp, 0, 32);
|
memset(temp, 0, 32);
|
||||||
|
|
||||||
strcpy(temp, local_ip);
|
strcpy(temp, local_ip);
|
||||||
temp[strlen(local_ip) - 1] = '\0';
|
temp[_strlen(local_ip) - 1] = '\0';
|
||||||
|
|
||||||
snprintf(text, BUFFER, "Host:%s, Infected files: %d, Please handle!", temp, Virus_number);
|
snprintf(text, BUFFER, "Host:%s, Infected files: %d, Please handle!", temp, Virus_number);
|
||||||
snprintf(command, BUFFER+BUFFER + (sizeof(QQMAIL)) + 1, QQMAIL_Virus, conf->RECV_MAIL, text);
|
snprintf(command, BUFFER+BUFFER + (sizeof(QQMAIL)) + 1, QQMAIL_Virus, conf->RECV_MAIL, text);
|
||||||
@ -326,7 +343,7 @@ int QQ_mail_warning_Disk_Use(char *local_ip, int disk_use, conf * conf)
|
|||||||
memset(temp, 0, 32);
|
memset(temp, 0, 32);
|
||||||
|
|
||||||
strcpy(temp, local_ip);
|
strcpy(temp, local_ip);
|
||||||
temp[strlen(local_ip) - 1] = '\0';
|
temp[_strlen(local_ip) - 1] = '\0';
|
||||||
|
|
||||||
snprintf(text, BUFFER, "Host:%s, Disk usage reaches threshold!, Please handle!", temp);
|
snprintf(text, BUFFER, "Host:%s, Disk usage reaches threshold!, Please handle!", temp);
|
||||||
snprintf(command, BUFFER, QQMAIL_DISK_USE, conf->RECV_MAIL, text);
|
snprintf(command, BUFFER, QQMAIL_DISK_USE, conf->RECV_MAIL, text);
|
||||||
@ -345,7 +362,7 @@ int whitelist(char *client_ip, char (*whitelist_ip)[WHITELIST_IP_NUM])
|
|||||||
{
|
{
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if ((strncmp(client_ip, whitelist_ip[i], strlen(whitelist_ip[i]))) == 0) // 对比client_ip长度,
|
if ((strncmp(client_ip, whitelist_ip[i], _strlen(whitelist_ip[i]))) == 0) // 对比client_ip长度,
|
||||||
{
|
{
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@ -380,10 +397,10 @@ int isregion(char *str, char (*region_list)[WHITELIST_IP_NUM])
|
|||||||
}
|
}
|
||||||
|
|
||||||
// 去除空格
|
// 去除空格
|
||||||
char *remove_space(const char *str)
|
char *remove_space(char *str)
|
||||||
{
|
{
|
||||||
unsigned int i = 0, j = 0;
|
unsigned int i = 0, j = 0;
|
||||||
unsigned int uLen = strlen(str);
|
unsigned int uLen = _strlen(str);
|
||||||
char *strRet;
|
char *strRet;
|
||||||
|
|
||||||
if (0 == uLen)
|
if (0 == uLen)
|
||||||
@ -436,6 +453,21 @@ int disk_waring(int threshold)
|
|||||||
return is;
|
return is;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
char *_time()
|
||||||
|
{
|
||||||
|
char temp[BUFFER];
|
||||||
|
char *wday[] = {"0", "1", "2", "3", "4", "5", "6"};
|
||||||
|
time_t t;
|
||||||
|
struct tm *p;
|
||||||
|
time(&t);
|
||||||
|
p = localtime(&t); // 取得当地时间
|
||||||
|
|
||||||
|
memset(temp, 0, BUFFER);
|
||||||
|
snprintf(temp, BUFFER, "[%d/%02d/%02d %s %02d:%02d:%02d] ", (1900+p->tm_year), (1+p->tm_mon), p->tm_mday, wday[p->tm_wday], p->tm_hour, p->tm_min, p->tm_sec);
|
||||||
|
|
||||||
|
return strdup(temp);
|
||||||
|
}
|
||||||
|
|
||||||
// 封禁非法IP
|
// 封禁非法IP
|
||||||
int rule(conf * conf)
|
int rule(conf * conf)
|
||||||
{
|
{
|
||||||
@ -460,6 +492,11 @@ int rule(conf * conf)
|
|||||||
memset(buffer, 0, BUFFER);
|
memset(buffer, 0, BUFFER);
|
||||||
memset(awk, 0, BUFFER);
|
memset(awk, 0, BUFFER);
|
||||||
memset(p_two, 0, 2);
|
memset(p_two, 0, 2);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
char *t = NULL;
|
||||||
|
t = _time();
|
||||||
|
|
||||||
|
|
||||||
if (DEBISN_SYSTEM == check_system()) // Debian 系统规则
|
if (DEBISN_SYSTEM == check_system()) // Debian 系统规则
|
||||||
@ -514,16 +551,21 @@ int rule(conf * conf)
|
|||||||
}
|
}
|
||||||
memset(splice_command, 0, ip_length);
|
memset(splice_command, 0, ip_length);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
while (fgets(buffer, BUFFER, fp) != NULL)
|
while (fgets(buffer, BUFFER, fp) != NULL)
|
||||||
{
|
{
|
||||||
char *new_splice_command;
|
char *new_splice_command;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
temp = strstr(buffer, "rhost");
|
temp = strstr(buffer, "rhost");
|
||||||
sscanf(temp, "rhost=%64s", temp);
|
sscanf(temp, "rhost=%64s", temp);
|
||||||
if (atoi(strncpy(p_two, temp, 1)) > 0)
|
if (atoi(strncpy(p_two, temp, 1)) > 0)
|
||||||
{
|
{
|
||||||
ip_length += strlen(temp)+1;
|
ip_length += _strlen(temp)+1;
|
||||||
|
|
||||||
new_splice_command = (char *)realloc(splice_command, ip_length + 32);
|
new_splice_command = (char *)realloc(splice_command, ip_length + 32);
|
||||||
if (new_splice_command == NULL) {
|
if (new_splice_command == NULL) {
|
||||||
@ -532,13 +574,18 @@ int rule(conf * conf)
|
|||||||
}
|
}
|
||||||
splice_command = new_splice_command;
|
splice_command = new_splice_command;
|
||||||
|
|
||||||
|
//printf(RED"Hello World\n"COLOR_NONE);
|
||||||
|
printf(RED"%s Illegal IP: %s\n"COLOR_NONE, t, temp);
|
||||||
strcat(splice_command, temp);
|
strcat(splice_command, temp);
|
||||||
strcat(splice_command, "\n");
|
strcat(splice_command, "\n");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
printf("%s", splice_command); // 打印所有非法IP
|
|
||||||
|
//printf("%s", splice_command); // 打印所有非法IP
|
||||||
//printf("%ld\n", ip_length);
|
//printf("%ld\n", ip_length);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
command = (char *)malloc(ip_length + BUFFER);
|
command = (char *)malloc(ip_length + BUFFER);
|
||||||
if (command == NULL) {
|
if (command == NULL) {
|
||||||
@ -571,7 +618,7 @@ int rule(conf * conf)
|
|||||||
|
|
||||||
while (fgets(buffer, BUFFER, fc) != NULL) // 执行命令后, 为空时就不会
|
while (fgets(buffer, BUFFER, fc) != NULL) // 执行命令后, 为空时就不会
|
||||||
{
|
{
|
||||||
buffer[strlen(buffer) - 1] = '\0'; // 去除回车
|
buffer[_strlen(buffer) - 1] = '\0'; // 去除回车
|
||||||
|
|
||||||
memset(REGION_LIST_COPY, 0, conf->REGION_LIST_LEN+1);
|
memset(REGION_LIST_COPY, 0, conf->REGION_LIST_LEN+1);
|
||||||
memset(IPV4_WHITE_LIST_COPY, 0, conf->IPV4_WHITE_LIST_LEN+1);
|
memset(IPV4_WHITE_LIST_COPY, 0, conf->IPV4_WHITE_LIST_LEN+1);
|
||||||
@ -587,7 +634,7 @@ int rule(conf * conf)
|
|||||||
{
|
{
|
||||||
if (whitelist(buffer, whitelist_ip) == 1)
|
if (whitelist(buffer, whitelist_ip) == 1)
|
||||||
{
|
{
|
||||||
printf("白名单IPV4:%s\n", buffer);
|
printf("%s 白名单IPV4:%s\n", t, buffer);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -608,48 +655,48 @@ int rule(conf * conf)
|
|||||||
|
|
||||||
|
|
||||||
if (conf->IP2REGION == 1) { // ip2region 地址定位库
|
if (conf->IP2REGION == 1) { // ip2region 地址定位库
|
||||||
printf("Use ip2region !!!\n");
|
printf("%s Use ip2region !!!\n", t);
|
||||||
|
|
||||||
if (-1 == access(xdb_path, F_OK)) // 判断 ip2region 地址定位库是否存在
|
if (-1 == access(xdb_path, F_OK)) // 判断 ip2region 地址定位库是否存在
|
||||||
{
|
{
|
||||||
xdb_path = "ip2region/ip2region.xdb";
|
xdb_path = "ip2region/ip2region.xdb";
|
||||||
|
|
||||||
if (-1 == access(xdb_path, F_OK)) {
|
if (-1 == access(xdb_path, F_OK)) {
|
||||||
printf("ip2region.xdb DOESN'T EXISIT!\n");
|
printf("%s ip2region.xdb DOESN'T EXISIT!\n", t);
|
||||||
goto AREA;
|
goto AREA;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
area = ip2region(xdb_path, buffer);
|
area = ip2region(xdb_path, buffer);
|
||||||
if (area == NULL) {
|
if (area == NULL) {
|
||||||
printf("ip2region解析地域错误\n");
|
printf("%s ip2region解析地域错误\n", t);
|
||||||
goto BLOCKED;
|
goto BLOCKED;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
AREA:
|
AREA:
|
||||||
location_json = GET_PUBLIC_IP(URL);
|
location_json = GET_PUBLIC_IP(URL);
|
||||||
if (location_json == NULL) {
|
if (location_json == NULL) {
|
||||||
printf("获取地域错误\n");
|
printf("%s 获取地域错误\n", t);
|
||||||
goto BLOCKED;
|
goto BLOCKED;
|
||||||
}
|
}
|
||||||
|
|
||||||
area = process_json(location_json, conf->REGION_URL);
|
area = process_json(location_json, conf->REGION_URL);
|
||||||
if (area == NULL) {
|
if (area == NULL) {
|
||||||
printf("解析地域错误\n");
|
printf("%s 解析地域错误\n", t);
|
||||||
goto BLOCKED;
|
goto BLOCKED;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if (isregion(area, region_list) == 1) {
|
if (isregion(area, region_list) == 1) {
|
||||||
printf("Ip Address: %s, 地域白名单: %s\n", buffer, area);
|
printf(RED"%s Ip Address: %s, 地域白名单: %s\n"COLOR_NONE, t, buffer, area);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
printf("攻击者IP地址:%s, %s\n", buffer, area);
|
printf(RED"%s 攻击者IP地址:%s, %s\n"COLOR_NONE, t, buffer, area);
|
||||||
|
|
||||||
|
|
||||||
if (conf->IS_DING_WEBHOOK == 1) // 钉钉告警
|
if (conf->IS_DING_WEBHOOK == 1) // 钉钉告警
|
||||||
@ -695,7 +742,8 @@ BLOCKED:
|
|||||||
|
|
||||||
if (fc != NULL)
|
if (fc != NULL)
|
||||||
pclose(fc);
|
pclose(fc);
|
||||||
|
if (t)
|
||||||
|
free(t);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -990,7 +1038,7 @@ int main(int argc, char *argv[], char **env)
|
|||||||
strcpy(move, "mkdir -p ");
|
strcpy(move, "mkdir -p ");
|
||||||
strcat(move, p+1);
|
strcat(move, p+1);
|
||||||
|
|
||||||
//printf("%s %ld \n", move, strlen(move));
|
//printf("%s %ld \n", move, _strlen(move));
|
||||||
|
|
||||||
system(move);
|
system(move);
|
||||||
}
|
}
|
||||||
|
7
rhost.h
7
rhost.h
@ -89,6 +89,13 @@ void cron_free(void* p)
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#define COLOR_NONE "\033[0m" //表示清除前面设置的格式
|
||||||
|
#define RED "\033[1;31;40m" //40表示背景色为黑色, 1 表示高亮
|
||||||
|
#define BLUE "\033[1;34;40m"
|
||||||
|
#define GREEN "\033[1;32;40m"
|
||||||
|
#define YELLOW "\033[1;33;40m"
|
||||||
|
|
||||||
|
|
||||||
#define CENTOS_SYSTEM 1
|
#define CENTOS_SYSTEM 1
|
||||||
#define DEBISN_SYSTEM 2
|
#define DEBISN_SYSTEM 2
|
||||||
#define UNKNOWN_SYSTEM 3
|
#define UNKNOWN_SYSTEM 3
|
||||||
|
Loading…
Reference in New Issue
Block a user