#include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define CONFIG_FILE "/etc/fail2ban/jail.conf" #define DBCONFIG "/etc/asterisk/exten_gen.ini" #define NETCONFIG "/etc/rc.conf" #define WEBCONFIG "/usr/local/rest-server/config/application.properties" #define SIZE 256 #define SIZE_K 1024 /*该程序的功能是从数据库中读取fail2ban的配置信息然后写到fail2ban的配置文件中然后重启fail2ban服务使配置生效,界面配置fail2ban的时候调用,需要编译*/ char *getconfig(const char *file_path, const char *name) { char str[SIZE] = {0}; char *p = NULL, *value = NULL; int tmp = 0, len = 0; FILE *fp = fopen(file_path, "r"); while(fgets(str, SIZE, fp)){ if(strstr(str, name)){ p = strstr(str, "="); len = p - str; value = malloc(50); bzero(value, 50); while(str[len] != '\n'){ if(str[len] == ' ' || str[len] == '='){ len++; continue; }else value[tmp++] = str[len++]; } //printf("%s : %s\n",name, value); break; } } return value; } MYSQL *connect_mysql(MYSQL *conn) { char *dbserver = getconfig(DBCONFIG, "dbserverip"); char *dbuser = getconfig(DBCONFIG, "dbuser"); char *dbpasswd = getconfig(DBCONFIG, "dbpasswd"); char *dbname = getconfig(DBCONFIG, "dbname"); mysql_init(conn); if(!mysql_real_connect(conn, dbserver, dbuser, dbpasswd, dbname,0,"",0)){ printf("error:%s\n",mysql_error(conn)); return NULL; } if(dbserver)free(dbserver); if(dbuser)free(dbuser); if(dbpasswd)free(dbpasswd); if(dbname)free(dbname); int utf8; utf8=mysql_query(conn,"set names utf8"); return conn; } int netmask_str2len(char* mask) { int netmask = 0; unsigned int mask_tmp; mask_tmp = ntohl((int)inet_addr(mask)); while (mask_tmp & 0x80000000) { netmask++; mask_tmp = (mask_tmp << 1); } return netmask; } char * get_addr(char *addr, int flag, char *dev) { int sockfd = 0; struct sockaddr_in *sin; struct ifreq ifr; if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { perror("socket error!\n"); return NULL; } memset(&ifr, 0, sizeof(ifr)); snprintf(ifr.ifr_name, (sizeof(ifr.ifr_name) - 1), "%s", dev); if(ioctl(sockfd, flag, &ifr) < 0 ) { perror("ioctl error!\n"); close(sockfd); return NULL; } close(sockfd); sin = (struct sockaddr_in *)&ifr.ifr_addr; snprintf((char *)addr, 32, "%s", inet_ntoa(sin->sin_addr)); return addr; } char *get_fb_config(char *buf) { MYSQL conn; MYSQL_RES *res; MYSQL_ROW row; MYSQL conn1; MYSQL_RES *res1; MYSQL_ROW row1; char sql[SIZE] = {0}; char tmp[SIZE_K*2] = {0}; char ignored[SIZE_K*2] = {0}; int len1 = 16, len2 = 16, len3 = 16,len4 = 16; char wanip[32] = {0}; char lanip[32] = {0}; char virip[32] = {0}; char virip_lan[32] = {0}; char netmask_wan[32] = {0}; char netmask_lan[32] = {0}; char netmask_vir[32] = {0}; char netmask_vir_lan[32] = {0}; get_addr(wanip, SIOCGIFADDR,"eth0"); get_addr(lanip, SIOCGIFADDR,"eth1"); get_addr(virip, SIOCGIFADDR,"eth0:0"); get_addr(virip_lan, SIOCGIFADDR,"eth1:0"); #if 0 get_addr(netmask_wan, SIOCGIFNETMASK,"eth0"); get_addr(netmask_lan, SIOCGIFNETMASK,"eth1"); get_addr(netmask_vir, SIOCGIFNETMASK,"eth0:0"); get_addr(netmask_vir_lan, SIOCGIFNETMASK,"eth1:0"); if(strlen(netmask_wan)) len1 = netmask_str2len(netmask_wan); if(strlen(netmask_lan)) len2 = netmask_str2len(netmask_lan); if(strlen(netmask_vir)) len3 = netmask_str2len(netmask_vir); if(strlen(netmask_vir_lan)) len4 = netmask_str2len(netmask_vir_lan); #endif /*set default rules*/ strcat(buf,"[DEFAULT]\n"); strcat(buf,"ignoreip = 127.0.0.1/32\n"); strcat(buf,"bantime = 3600\n"); strcat(buf,"maxretry = 3\n"); strcat(buf,"backend = auto\n"); strcat(buf,"banaction = iptables-multiport\n"); strcat(buf,"mta = mail\n"); strcat(buf,"protocol = tcp\n"); strcat(buf,"chain = INPUT\n"); strcat(buf,"action_ = \%(banaction)s[name=\%(__name__)s, port=\"\%(port)s\", protocol=\"\%(protocol)s\", chain=\"\%(chain)s\"]\n"); strcat(buf,"action_mw = \%(banaction)s[name=\%(__name__)s, port=\"\%(port)s\", protocol=\"\%(protocol)s\", chain=\"\%(chain)s\"]\n"); strcat(buf,"action_mwl = \%(banaction)s[name=\%(__name__)s, port=\"\%(port)s\", protocol=\"\%(protocol)s\", chain=\"\%(chain)s\"]\n"); strcat(buf,"action = \%(action_)s\n\n"); MYSQL *conn_mysql = &conn; if(!connect_mysql(conn_mysql)) return 0; sprintf(sql, "select name,enable,max_retry,find_time,ban_time from t_fail2ban_basic"); if(mysql_real_query(conn_mysql, sql, strlen(sql))){ printf("select data from table t_fail2ban_basic faild !\n"); return 0; } res = mysql_store_result(conn_mysql); char in[10] = {0}; MYSQL *conn_mysql1 = &conn1; if(!connect_mysql(conn_mysql1)) return 0; while(row = mysql_fetch_row(res)) { bzero(in, 10); bzero(tmp,strlen(tmp)); bzero(ignored,strlen(ignored)); if(!strcmp((const char *)row[1], "1")) strcpy(in, "true"); else strcpy(in, "false"); if(strlen(virip) && strlen(virip_lan)) sprintf(ignored,"%s/%d %s/%d %s/%d %s/%d ",wanip,len1, lanip,len2,virip,len3,virip_lan,len4); else if(strlen(virip)) sprintf(ignored,"%s/%d %s/%d %s/%d ",wanip,len1, lanip,len2,virip,len3); else if(strlen(virip_lan)) sprintf(ignored,"%s/%d %s/%d %s/%d ",wanip,len1, lanip,len2,virip_lan,len4); else sprintf(ignored,"%s/%d %s/%d ",wanip,len1, lanip,len2); if(!strcmp((const char*)row[0], "sip")){ bzero(sql,strlen(sql)); sprintf(sql, "select ip,netmask_length from t_fail2ban_ignored where protocol_sip='1' and enable='1'"); if(mysql_real_query(conn_mysql1, sql, strlen(sql))){ printf("select data from table t_fail2ban_ignored faild !\n"); return 0; } res1 = mysql_store_result(conn_mysql1); while(row1 = mysql_fetch_row(res1)) { strcat(ignored,(char *)row1[0]); strcat(ignored,"/"); strcat(ignored,(char *)row1[1]); strcat(ignored," "); } sprintf(tmp,"[sip-iptables]\nenabled = %s\nignoreip = 127.0.0.1/32 %s \nfilter = sip\naction = iptables-allports[name=VOIP, protocol=all]\nlogpath = /var/log/asterisk/messages\nmaxretry = %s\nfindtime = %s\nbantime = %s\n\n", in, ignored, row[2], row[3], row[4]); mysql_free_result(res1); } else if(!strcmp((const char*)row[0], "ssh")){ bzero(sql,strlen(sql)); sprintf(sql, "select ip,netmask_length from t_fail2ban_ignored where protocol_ssh='1' and enable='1'"); if(mysql_real_query(conn_mysql1, sql, strlen(sql))){ printf("select data from table t_fail2ban_ignored faild !\n"); return 0; } res1 = mysql_store_result(conn_mysql1); while(row1 = mysql_fetch_row(res1)) { strcat(ignored,(char *)row1[0]); strcat(ignored,"/"); strcat(ignored,(char *)row1[1]); strcat(ignored," "); } char *sshport = getconfig("/etc/asterisk/service.conf","ssh_port"); sprintf(tmp,"[SSH]\nenabled = %s\nignoreip = 127.0.0.1/32 %s \nport = %s\nfilter = sshd\nlogpath = /var/log/auth.log\nmaxretry = %s\nfindtime = %s\nbantime = %s\n\n",in, ignored, sshport, row[2], row[3], row[4]); free(sshport); mysql_free_result(res1); } else if(!strcmp((const char*)row[0], "https")){ #if 1 bzero(sql,strlen(sql)); sprintf(sql, "select ip,netmask_length from t_fail2ban_ignored where protocol_https='1' and enable='1'"); if(mysql_real_query(conn_mysql1, sql, strlen(sql))){ printf("select data from table t_fail2ban_ignored faild !\n"); return 0; } res1 = mysql_store_result(conn_mysql1); while(row1 = mysql_fetch_row(res1)) { strcat(ignored,(char *)row1[0]); strcat(ignored,"/"); strcat(ignored,(char *)row1[1]); strcat(ignored," "); } char *web_port=getconfig(WEBCONFIG, "server.port"); sprintf(tmp,"[HTTPS]\nenabled = %s\nignoreip = 127.0.0.1/32 %s \nport = %s\nfilter = https\nlogpath = /var/log/invalid_web_visit.log\nmaxretry = %s\nfindtime = %s\nbantime = %s\n\n",in, ignored, web_port, row[2], row[3], row[4]); free(web_port); mysql_free_result(res1); #endif } else if(!strcmp((const char*)row[0], "iax")){ bzero(sql,strlen(sql)); sprintf(sql, "select ip,netmask_length from t_fail2ban_ignored where protocol_iax='1' and enable='1'"); if(mysql_real_query(conn_mysql1, sql, strlen(sql))){ printf("select data from table t_fail2ban_ignored faild !\n"); return 0; } res1 = mysql_store_result(conn_mysql1); while(row1 = mysql_fetch_row(res1)) { strcat(ignored,(char *)row1[0]); strcat(ignored,"/"); strcat(ignored,(char *)row1[1]); strcat(ignored," "); } sprintf(tmp, "[iax-iptables]\nenabled = %s\nignoreip = 127.0.0.1/32 %s\nfilter = iax2\naction = iptables-allports[name=VOIP, protocol=all]\nlogpath = /var/log/asterisk/messages\nmaxretry = %s\nfindtime = %s\nbantime = %s\n\n", in, ignored, row[2], row[3], row[4]); mysql_free_result(res1); } strcat(buf,tmp); } mysql_free_result(res); mysql_close(conn_mysql); mysql_close(conn_mysql1); return buf; } int main(int argc, char *argv[]) { char buf[SIZE_K*8]={0}; char cmd[SIZE] = {0}; FILE *fp = NULL; #if 1 get_fb_config(buf); printf("%s",buf); fp = fopen(CONFIG_FILE, "w"); if(strlen(buf)) fputs(buf, fp); fclose(fp); sprintf(cmd,"echo \"\" > /var/log/auth.log;echo \"\" > /var/log/fail2ban.log ;echo \"\" >/var/log/invalid_web_visit.log;echo \"\" > /var/log/asterisk/messages;asterisk -rx \"logger reload\";service fail2ban restart"); system(cmd); #endif return 0; }