#include "conf.h" #include "rhost.h" #include "libiptc.h" // 存储公网IP char public_ip[BUFFER]; // 检测系统 int check_system() { if (0 == access("/etc/debian_version", F_OK)) { return DEBISN_SYSTEM; } else if (0 == access("/etc/centos-release", F_OK)) { return CENTOS_SYSTEM; } return UNKNOWN_SYSTEM; } // 获取公网IP char *get_public_ip(char *ip) { FILE *fp; char buff[BUFFER]; memset(buff, 0, BUFFER); if (NULL == (fp = popen("curl members.3322.org/dyndns/getip --silent", "r"))) { perror("popen curl"); } while (fgets(buff, BUFFER, fp) != NULL) { buff[strlen(buff) - 1] = '\0'; } if (NULL != fp) pclose(fp); return strcpy(ip, buff); } // 替换字符串 int strReplaceAll(char *str, char *sub, char *replace) { if (NULL == str || NULL == sub || NULL == replace) { printf("strReplaceAll\n"); return 1; } char *p = NULL; char *t = NULL; char *q = NULL; char *dst = NULL; char *src = NULL; int str_len = strlen(str); int sub_len = strlen(sub); int replace_len = strlen(replace); p = str; while ('\0' != *p) { t = str + str_len; q = strstr(str, sub); if (NULL == q) // 没有子串了直接返回 break; src = q + sub_len; // 源头, 原有sub后的一个字符 dst = q + replace_len; // 目的,放完replace后的一个字符 memcpy(dst, src, t - src); // 原有字符串后移,放出空间 memcpy(q, replace, replace_len); // 将replace字符拷贝进来 str_len = str_len + replace_len - sub_len; p = q + replace_len; // p 下一轮replace后的一个字符 } str[str_len] = '\0'; // 通过'\0'表示结尾 return 0; } // 钉钉告警 int dingding_warning(char *illegal_ip, char *public_ip, conf *conf) { FILE *fp; if ((fp = fopen("libcurl_ding.log", "wt+")) == NULL){ return 1; } CURL *curl; CURLcode res; curl_global_init(CURL_GLOBAL_ALL); curl = curl_easy_init(); if (curl == NULL) { return 1; } char jsonObj[BUFFER] = "{ \ \"msgtype\": \"text\", \ \"text\": { \ \"content\": \"Alert @PHONE 主机PUBLIC 非法主机IP被封禁! Warning!\" \ }, \ \"at\": { \ \"atMobiles\": [\"PHONE\"], \ \"isAtAll\": false \ } \ }"; strReplaceAll(jsonObj, "IP", illegal_ip); strReplaceAll(jsonObj, "PHONE", conf->PHONE); strReplaceAll(jsonObj, "PUBLIC", public_ip); //printf("%s\n", jsonObj); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "Accept: application/json"); headers = curl_slist_append(headers, "Content-Type: application/json"); headers = curl_slist_append(headers, "charset: utf-8"); curl_easy_setopt(curl, CURLOPT_URL, conf->DING_WEBHOOK); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0); curl_easy_setopt(curl, CURLOPT_POST, 1); curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(curl, CURLOPT_POSTFIELDS, jsonObj); curl_easy_setopt(curl, CURLOPT_USERAGENT, "libcurl/0.1"); curl_easy_setopt(curl, CURLOPT_WRITEDATA, fp); res = curl_easy_perform(curl); curl_easy_cleanup(curl); curl_global_cleanup(); fclose(fp); return res; } // 邮件告警 int mail_warning(char *illegal_ip, char *public_ip) { FILE *fp = NULL; char buff[BUFFER]; char text[BUFFER] = "echo \"主机:HOST, 禁止IP访问!\" |"; memset(buff, 0, BUFFER); strReplaceAll(text, "IP", illegal_ip); strReplaceAll(text, "HOST", public_ip); strcat(text, " mail -s \"System ban IP\" 1605227279@qq.com"); if (NULL == (fp = popen(text, "r"))) { perror("popen text"); } while (fgets(buff, BUFFER, fp) != NULL) { buff[strlen(buff) - 1] = '\0'; } if (NULL != fp) pclose(fp); return 0; } // 第三方邮箱告警 int QQ_mail_warning(char *illegal_ip, char *public_ip, conf *conf) { char string[BUFFER+(sizeof(QQMAIL))]; char text[BUFFER] = "主机:HOST, 禁止IP访问"; strReplaceAll(text, "IP", illegal_ip); strReplaceAll(text, "HOST", public_ip); memset(string, 0, BUFFER+(sizeof(QQMAIL))); sprintf(string, QQMAIL, conf->SEND_QQ, conf->QQMAIL_KEY, conf->RECV_MAIL, text); system(string); return 0; } // 封禁非法IP int rule(conf *conf) { FILE *fp, *fc; //char p[2], splice_command[LONG_BUFFER], command[LONG_BUFFER], *temp, buffer[BUFFER], awk[BUFFER], iptables[BUFFER + (sizeof(IPTABLES))], iptables_check[BUFFER + (sizeof(IPTABLES_CHECK))]; char p[2], splice_command[LONG_BUFFER], command[LONG_BUFFER], *temp, buffer[BUFFER], awk[BUFFER]; time_t timep; struct tm *tp; time(&timep); tp = localtime(&timep); memset(splice_command, 0, LONG_BUFFER); memset(command, 0, LONG_BUFFER); memset(buffer, 0, BUFFER); memset(awk, 0, BUFFER); //memset(iptables, 0, BUFFER+(sizeof(IPTABLES))); //memset(iptables_check, 0, BUFFER+(sizeof(IPTABLES_CHECK))); fp = NULL; fc = NULL; if (DEBISN_SYSTEM == check_system()) // Debian 系统规则 { if (tp->tm_mday >= 10) { if ((fp = popen(GE_10, "r")) == NULL) { perror("GE_10"); return 1; } } else { if ((fp = popen(LE_10, "r")) == NULL) { perror("LE_10"); return 1; } } } else if (CENTOS_SYSTEM == check_system()) // Centos 7系统规则 { if (tp->tm_mday >= 10) { if ((fp = popen(CENTOS_GE_10, "r")) == NULL) { perror("CENTOS_GE_10"); return 1; } } else { if ((fp = popen(CENTOS_LE_10, "r")) == NULL) { perror("CENTOS_LE_10"); return 1; } } } else { return UNKNOWN_SYSTEM; } while (fgets(buffer, BUFFER, fp) != NULL) { temp = strstr(buffer, "rhost"); sscanf(temp, "rhost=%s", temp); if (atoi(strncpy(p, temp, 1)) > 0) { strcat(splice_command, temp); strcat(splice_command, "\n"); } } printf("%s", splice_command); // 打印所有非法IP // 拼接命令 sprintf(awk, AWK, conf->REFUSE_NUMBER); strcpy(command, "echo \""); strcat(command, splice_command); strcat(command, "\""); strcat(command, awk); if ((fp = popen(command, "r")) == NULL) // 执行命令 { perror("popen command"); return 1; } while (fgets(buffer, BUFFER, fp) != NULL) // 执行命令后, 为空时就不会 { buffer[strlen(buffer) - 1] = '\0'; // 去除回车 //sprintf(iptables, IPTABLES, buffer); //sprintf(iptables_check, IPTABLES_CHECK, buffer); //if (0 != system(iptables_check)) // 调用iptables命令判断是否存在规则, 不存在时再添加规则 if (0 != show_all_rule(buffer)) // libiptc库判断 { if (conf->IS_DING_WEBHOOK == 1) // 钉钉告警 { dingding_warning(buffer, public_ip, conf); sleep(3); } if (conf->IS_MAIL == 1) // 邮件告警 { mail_warning(buffer, public_ip); sleep(3); } if (conf->IS_QQMAIL == 1) // 邮件告警 { QQ_mail_warning(buffer, public_ip, conf); sleep(3); } /* // 调用命令下发规则 if ((fc = popen(iptables, "r")) == NULL) { perror("popen iptables"); return 1; } */ // libiptc 库插入规则 iptables -t filter -A INPUT -p tcp -s xxxx -j DROP unsigned int destIp; inet_pton(AF_INET, buffer, &destIp); iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, 0, destIp, NULL, NULL, "DROP", NULL, 1); } } if (fp != NULL) pclose(fp); if (fc != NULL) pclose(fc); return 0; } static void sig_child(int signo) { pid_t pid; int stat; // 处理僵尸进程 while ((pid = waitpid(-1, &stat, WNOHANG)) > 0) ; return; } int main(int argc, char *argv[], char **env) { conf *conf = (struct CONF *)malloc(sizeof(struct CONF)); read_conf("rhost.conf", conf); //ptintf_conf(conf); memset(public_ip, 0, BUFFER); get_public_ip(public_ip); signal(SIGCHLD, sig_child); // 创建捕捉子进程退出信号 if (0 == strcmp(conf->DAEMON, "on")) { goto goto_daemon; } if (argv[1] != NULL && 0 == strcmp(argv[1], "-d")) { goto_daemon: if (daemon(1, 1)) // 守护进程 { perror("daemon"); return -1; } while (1) { rule(conf); sleep(conf->TIME); } } else { rule(conf); } free_conf(conf); free(conf); return 0; }