#include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define CONFIG_FILE "/etc/fail2ban/jail.conf" #define DBCONFIG "/etc/asterisk/exten_gen.ini" #define NETCONFIG "/etc/rc.conf" #define WEBCONFIG "/usr/local/rest-server/config/application.properties" #define SIZE 256 #define SIZE_K 1024 /*该程序的功能是从数据库中读取fail2ban的配置信息然后写到fail2ban的配置文件中然后重启fail2ban服务使配置生效,界面配置fail2ban的时候调用,需要编译*/ char *getconfig(const char *file_path, const char *name) { char str[SIZE] = {0}; char *p = NULL, *value = NULL; int tmp = 0, len = 0; FILE *fp = fopen(file_path, "r"); while(fgets(str, SIZE, fp)){ if(strstr(str, name)){ p = strstr(str, "="); len = p - str; value = malloc(50); bzero(value, 50); while(str[len] != '\n'){ if(str[len] == ' ' || str[len] == '='){ len++; continue; }else value[tmp++] = str[len++]; } //printf("%s : %s\n",name, value); break; } } return value; } int connect_mysql(MYSQL *conn) { //char *dbserver = getconfig(DBCONFIG, "dbserverip"); //char *dbuser = getconfig(DBCONFIG, "dbuser"); //char *dbpasswd = getconfig(DBCONFIG, "dbpasswd"); //char *dbname = getconfig(DBCONFIG, "dbname"); char dbserver[64]; char dbuser[64]; char dbpasswd[64]; char dbname[64]; unsigned int dbport = 3306; strcpy(dbserver,getenv("MYSQL")); strcpy(dbuser,getenv("MYSQL_USER")); strcpy(dbpasswd,getenv("MYSQL_PASSWORD")); strcpy(dbname,getenv("MYSQL_DATABASE")); printf("connect---1\n"); conn = mysql_init(NULL); printf("connect---2\n"); if(!mysql_real_connect(conn, dbserver, dbuser, dbpasswd, dbname,dbport,NULL,0)){ printf("error:%s\n",mysql_error(conn)); return -1; } // 是否连接已经可用 if (mysql_query(conn,"set names utf8")) // 如果失败 return -1; printf("connect---3\n"); return 0; } int netmask_str2len(char* mask) { int netmask = 0; unsigned int mask_tmp; mask_tmp = ntohl((int)inet_addr(mask)); while (mask_tmp & 0x80000000) { netmask++; mask_tmp = (mask_tmp << 1); } return netmask; } char * get_addr(char *addr, int flag, char *dev) { int sockfd = 0; struct sockaddr_in *sin; struct ifreq ifr; if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { perror("socket error!\n"); return NULL; } memset(&ifr, 0, sizeof(ifr)); snprintf(ifr.ifr_name, (sizeof(ifr.ifr_name) - 1), "%s", dev); if(ioctl(sockfd, flag, &ifr) < 0 ) { perror("ioctl error!\n"); close(sockfd); return NULL; } close(sockfd); sin = (struct sockaddr_in *)&ifr.ifr_addr; snprintf((char *)addr, 32, "%s", inet_ntoa(sin->sin_addr)); return addr; } char *get_fb_config(char *buf) { MYSQL *conn; MYSQL_RES *res; MYSQL_ROW row; MYSQL_RES *res1; MYSQL_ROW row1; char sql[SIZE] = {0}; char tmp[SIZE_K*3] = {0}; char ignored[SIZE_K*2] = {0}; int len1 = 16, len2 = 16, len3 = 16,len4 = 16; /* char wanip[32] = {0}; char lanip[32] = {0}; char virip[32] = {0}; char virip_lan[32] = {0}; char netmask_wan[32] = {0}; char netmask_lan[32] = {0}; char netmask_vir[32] = {0}; char netmask_vir_lan[32] = {0}; get_addr(wanip, SIOCGIFADDR,"eth0"); get_addr(lanip, SIOCGIFADDR,"eth1"); get_addr(virip, SIOCGIFADDR,"eth0:0"); get_addr(virip_lan, SIOCGIFADDR,"eth1:0"); get_addr(netmask_wan, SIOCGIFNETMASK,"eth0"); get_addr(netmask_lan, SIOCGIFNETMASK,"eth1"); get_addr(netmask_vir, SIOCGIFNETMASK,"eth0:0"); get_addr(netmask_vir_lan, SIOCGIFNETMASK,"eth1:0"); if(strlen(netmask_wan)) len1 = netmask_str2len(netmask_wan); if(strlen(netmask_lan)) len2 = netmask_str2len(netmask_lan); if(strlen(netmask_vir)) len3 = netmask_str2len(netmask_vir); if(strlen(netmask_vir_lan)) len4 = netmask_str2len(netmask_vir_lan); */ /*set default rules strcat(buf,"[DEFAULT]\n"); strcat(buf,"ignoreip = 127.0.0.1/32\n"); strcat(buf,"bantime = 3600\n"); strcat(buf,"maxretry = 3\n"); strcat(buf,"backend = auto\n"); strcat(buf,"banaction = iptables-multiport\n"); strcat(buf,"mta = mail\n"); strcat(buf,"protocol = tcp\n"); strcat(buf,"chain = INPUT\n"); strcat(buf,"action_ = \%(banaction)s[name=\%(__name__)s, port=\"\%(port)s\", protocol=\"\%(protocol)s\", chain=\"\%(chain)s\"]\n"); strcat(buf,"action_mw = \%(banaction)s[name=\%(__name__)s, port=\"\%(port)s\", protocol=\"\%(protocol)s\", chain=\"\%(chain)s\"]\n"); strcat(buf,"action_mwl = \%(banaction)s[name=\%(__name__)s, port=\"\%(port)s\", protocol=\"\%(protocol)s\", chain=\"\%(chain)s\"]\n"); strcat(buf,"action = \%(action_)s\n\n"); */ printf("connect mysql!\n"); if(connect_mysql(conn)) return 0; sprintf(sql, "select name,enable,max_retry,find_time,ban_time from t_pbx_fail2ban_basic"); if(mysql_real_query(conn, sql, strlen(sql))){ printf("select data from table t_pbx_fail2ban_basic faild !\n"); return 0; } printf("sql result for '%s'!\n", sql); res = mysql_store_result(conn); char in[10] = {0}; while(row = mysql_fetch_row(res)) { printf("datainfo %s,%s,%s,%s,%s !\n", row[0], row[1], row[2], row[3], row[4]); bzero(in, 10); bzero(tmp,strlen(tmp)); bzero(ignored,strlen(ignored)); if(!strcmp((const char *)row[1], "1")) strcpy(in, "true"); else strcpy(in, "false"); /* if(strlen(virip) && strlen(virip_lan)) sprintf(ignored,"%s/%d %s/%d %s/%d %s/%d ",wanip,len1, lanip,len2,virip,len3,virip_lan,len4); else if(strlen(virip)) sprintf(ignored,"%s/%d %s/%d %s/%d ",wanip,len1, lanip,len2,virip,len3); else if(strlen(virip_lan)) sprintf(ignored,"%s/%d %s/%d %s/%d ",wanip,len1, lanip,len2,virip_lan,len4); else sprintf(ignored,"%s/%d %s/%d ",wanip,len1, lanip,len2); */ if(!strcmp((const char*)row[0], "sip")){ bzero(sql,strlen(sql)); sprintf(sql, "select ip,netmask_length from t_pbx_fail2ban_ignored where protocol_sip='1' and enable='1'"); if(mysql_real_query(conn, sql, strlen(sql))){ printf("select data from table t_pbx_fail2ban_ignored faild !\n"); return 0; } printf("sql result for '%s'!\n", sql); res1 = mysql_store_result(conn); while(row1 = mysql_fetch_row(res1)) { strcat(ignored,(char *)row1[0]); strcat(ignored,"/"); strcat(ignored,(char *)row1[1]); strcat(ignored," "); } sprintf(tmp,"[sip-iptables]\nenabled = %s\nignoreip = 127.0.0.1/32 %s \nfilter = sip\naction = iptables-allports[name=VOIP, protocol=all]\nlogpath = /var/log/asterisk/messages\nmaxretry = %s\nfindtime = %s\nbantime = %s\n\n", in, ignored, row[2], row[3], row[4]); mysql_free_result(res1); } else if(!strcmp((const char*)row[0], "ssh")){ bzero(sql,strlen(sql)); sprintf(sql, "select ip,netmask_length from t_fail2ban_ignored where protocol_ssh='1' and enable='1'"); if(mysql_real_query(conn, sql, strlen(sql))){ printf("select data from table t_fail2ban_ignored faild !\n"); return 0; } res1 = mysql_store_result(conn); while(row1 = mysql_fetch_row(res1)) { strcat(ignored,(char *)row1[0]); strcat(ignored,"/"); strcat(ignored,(char *)row1[1]); strcat(ignored," "); } //char *sshport = getconfig("/etc/asterisk/service.conf","ssh_port"); sprintf(tmp,"[SSH]\nenabled = %s\nignoreip = 127.0.0.1/32 %s \nport = 22\nfilter = sshd\nlogpath = /var/log/auth.log\nmaxretry = %s\nfindtime = %s\nbantime = %s\n\n",in, ignored, row[2], row[3], row[4]); //sprintf(tmp,"[SSH]\nenabled = %s\nignoreip = 127.0.0.1/32 %s \nport = %s\nfilter = sshd\nlogpath = /var/log/auth.log\nmaxretry = %s\nfindtime = %s\nbantime = %s\n\n",in, ignored, sshport, row[2], row[3], row[4]); //free(sshport); mysql_free_result(res1); } strcat(buf,tmp); } mysql_free_result(res); mysql_close(conn); return buf; } int main(int argc, char *argv[]) { char buf[SIZE_K*8]={0}; char cmd[SIZE] = {0}; FILE *fp = NULL; #if 1 get_fb_config(buf); printf("%s",buf); fp = fopen(CONFIG_FILE, "w"); if(strlen(buf)) fputs(buf, fp); fclose(fp); sprintf(cmd,"echo \"\" > /var/log/auth.log;echo \"\" > /var/log/fail2ban.log ;echo \"\" >/var/log/invalid_web_visit.log;echo \"\" > /var/log/asterisk/messages;asterisk -rx \"logger reload\";service fail2ban restart"); system(cmd); #endif return 0; }