/* ============================================================================ Name : generate_paging_conf.sh Author : ssc Version : v1.0 Copyright : ZYCOO copyright Description : Generate paging info from mysql to paging conf file ============================================================================ */ #include #include #include #include #include #include #include #include MYSQL *g_conn; // mysql 连接 MYSQL_RES *g_res; // mysql group记录集 MYSQL_ROW g_row; // 字符串数组,mysql 记录行 MYSQL_RES *d_res; // mysql device记录集 MYSQL_ROW d_row; // 字符串数组,mysql 记录行 #define NORMAL_SIZE 256 #define MAX_SIZE 2048 #define MIDLE_SIZE 512 #define MINI_SIZE 64 #define CONFIG_FILE "/etc/fail2ban/jail.conf" #define KEYVALLEN 100 #define VERSION "V1.0.1" #define FAIL2BAN_BASIC_SQL "select name,enable,max_retry,find_time,ban_time from t_pbx_fail2ban_basic" #define FAIL2BAN_SIP_IGNORED_SQL "select ip,netmask_length from t_pbx_fail2ban_ignored where protocol_sip='1' and enable='1'" #define FAIL2BAN_SSH_IGNORED_SQL "select ip,netmask_length from t_pbx_fail2ban_ignored where protocol_ssh='1' and enable='1'" char g_host_name[MINI_SIZE]; char g_user_name[MINI_SIZE]; char g_password[MINI_SIZE]; char g_db_name[MINI_SIZE]; const unsigned int g_db_port = 3306; //读取配置文件函数----功能:删除左边空格 char *l_trim(char *szOutput, const char *szInput) { assert(szInput != NULL); assert(szOutput != NULL); assert(szOutput != szInput); for (NULL; *szInput != '\0' && isspace(*szInput); ++szInput) { ; } return strcpy(szOutput, szInput); } // 删除右边的空格 char *r_trim(char *szOutput, const char *szInput) { char *p = NULL; assert(szInput != NULL); assert(szOutput != NULL); assert(szOutput != szInput); strcpy(szOutput, szInput); for(p = szOutput + strlen(szOutput) - 1; p >= szOutput && isspace(*p); --p) { ; } *(++p) = '\0'; return szOutput; } // 删除两边的空格 char *a_trim(char *szOutput, const char *szInput) { char *p = NULL; assert(szInput != NULL); assert(szOutput != NULL); l_trim(szOutput, szInput); for (p = szOutput + strlen(szOutput) - 1; p >= szOutput && isspace(*p); --p) { ; } *(++p) = '\0'; return szOutput; } //main函数接口 参数1:配置文件路径 参数2:配置文件的那一部分,如general 参数3:键名 参数4:键值 int GetProfileString(char *profile, char *AppName, char *KeyName, char *KeyVal ) { char appname[32], keyname[32]; char *buf, *c; char buf_i[KEYVALLEN], buf_o[KEYVALLEN]; FILE *fp; int found = 0; /* 1 AppName 2 KeyName */ if( (fp = fopen( profile, "r" )) == NULL ) { printf( "openfile [%s] error [%s]\n", profile, strerror(errno) ); return(-1); } fseek( fp, 0, SEEK_SET ); memset( appname, 0, sizeof(appname) ); sprintf( appname, "[%s]", AppName ); while( !feof(fp) && fgets( buf_i, KEYVALLEN, fp ) != NULL ) { l_trim(buf_o, buf_i); if( strlen(buf_o) <= 0 ) continue; buf = NULL; buf = buf_o; if( found == 0 ) { if( buf[0] != '[' ) { continue; } else if ( strncmp(buf, appname, strlen(appname)) == 0 ) { found = 1; continue; } } else if( found == 1 ) { if( buf[0] == '#' ) { continue; } else if ( buf[0] == '[' ) { break; } else { if( (c = (char *)strchr(buf, '=')) == NULL ) continue; memset( keyname, 0, sizeof(keyname) ); sscanf( buf, "%[^=|^ |^\t]", keyname ); if( strcmp(keyname, KeyName) == 0 ) { sscanf( ++c, "%[^\n]", KeyVal ); char *KeyVal_o = (char *)malloc(strlen(KeyVal) + 1); if(KeyVal_o != NULL) { memset(KeyVal_o, 0, sizeof(KeyVal_o)); a_trim(KeyVal_o, KeyVal); if(KeyVal_o && strlen(KeyVal_o) > 0) strcpy(KeyVal, KeyVal_o); free(KeyVal_o); KeyVal_o = NULL; } found = 2; break; } else { continue; } } } } fclose( fp ); if( found == 2 ) return(0); else return(-1); } char * mytime(){ time_t my_time; time(&my_time); char *time_string = ctime(&my_time); if (time_string[strlen(time_string) - 1] == '\n') { time_string[strlen(time_string) - 1] = '\0'; } return time_string; } void print_mysql_error(const char *msg) { // 打印最后一次错误 if (msg) printf("%s: %s\n", msg, mysql_error(g_conn)); else puts(mysql_error(g_conn)); } int executesql(const char * sql) { /*query the database according the sql*/ if (mysql_real_query(g_conn, sql, strlen(sql))) // 如果失败 return -1; // 表示失败 return 0; // 成功执行 } int init_mysql() { // 初始化连接 // init the database connection g_conn = mysql_init(NULL); /* connect the database */ if(!mysql_real_connect(g_conn, g_host_name, g_user_name, g_password, g_db_name, g_db_port, NULL, 0)) // 如果失败 return -1; // 是否连接已经可用 if (executesql("set names utf8")) // 如果失败 return -1; return 0; // 返回成功 } int main(int argc, char **argv) { char in[8] = {0}; char tmp[MIDLE_SIZE] = {0}; char ignored[MIDLE_SIZE] = {0}; char cmd[MIDLE_SIZE] = {0}; strcpy(g_host_name,getenv("MYSQL")); strcpy(g_user_name,getenv("MYSQL_USER")); strcpy(g_password,getenv("MYSQL_PASSWORD")); strcpy(g_db_name,getenv("MYSQL_DATABASE")); if (init_mysql()){ print_mysql_error(NULL); exit(1); } if (executesql(FAIL2BAN_BASIC_SQL)){ print_mysql_error(NULL); exit(1); } g_res = mysql_store_result(g_conn); // 从服务器传送结果集至本地,mysql_use_result直接使用服务器上的记录集 FILE *conf_fail2ban_fp = fopen(CONFIG_FILE, "w+"); if (conf_fail2ban_fp == NULL){ perror("Open paging conf file Error: "); exit(1); } fprintf(conf_fail2ban_fp, "[DEFAULT]\n\ ignoreip = 127.0.0.1/32\n\ bantime = 3600\n\ maxretry = 3\n\ backend = auto\n\ banaction = iptables-multiport\n\ mta = mail\n\ protocol = tcp\n\ chain = INPUT\n\ action_ = %%(banaction)s[name=%%(__name__)s, port=\"%%(port)s\", protocol=\"%%(protocol)s\", chain=\"%%(chain)s\"]\n\ action_mw = %%(banaction)s[name=%%(__name__)s, port=\"%%(port)s\", protocol=\"%%(protocol)s\", chain=\"%%(chain)s\"]\n\ action_mwl = %%(banaction)s[name=%%(__name__)s, port=\"%%(port)s\", protocol=\"%%(protocol)s\", chain=\"%%(chain)s\"]\n\ action = %%(action_)s\n\n\ "\ ); while ((g_row=mysql_fetch_row(g_res))) { // 打印结果集 if (g_row[0] == NULL || g_row[1] == NULL || g_row[2] == NULL || g_row[3] == NULL || g_row[4] == NULL) { printf("some feild is empty!\n"); continue; } if(strcmp((const char *)g_row[1], "1") == 0) strcpy(in, "true"); else strcpy(in, "false"); if(strcmp((const char*)g_row[0], "sip") == 0){ if (executesql(FAIL2BAN_SIP_IGNORED_SQL)){ print_mysql_error(NULL); exit(1); } d_res = mysql_store_result(g_conn); memset(ignored,0,sizeof(ignored)); while(d_row = mysql_fetch_row(d_res)) { strcat(ignored,(char *)d_row[0]); strcat(ignored,"/"); strcat(ignored,(char *)d_row[1]); strcat(ignored," "); } fprintf(conf_fail2ban_fp, "[sip-iptables]\n\ enabled = %s\n\ ignoreip = 127.0.0.1/32 %s \n\ filter = sip\n\ action = iptables-allports[name=VOIP, protocol=all]\n\ logpath = /var/log/asterisk/messages\n\ maxretry = %s\n\ findtime = %s\n\ bantime = %s\n\n\ ",\ in, ignored, g_row[2], g_row[3], g_row[4] ); mysql_free_result(d_res); } else if(strcmp((const char*)g_row[0], "ssh") == 0) { if (executesql(FAIL2BAN_SSH_IGNORED_SQL)){ print_mysql_error(NULL); exit(1); } d_res = mysql_store_result(g_conn); memset(ignored,0,sizeof(ignored)); while(d_row = mysql_fetch_row(d_res)) { strcat(ignored,(char *)d_row[0]); strcat(ignored,"/"); strcat(ignored,(char *)d_row[1]); strcat(ignored," "); } fprintf(conf_fail2ban_fp, "[SSH]\n\ enabled = %s\n\ ignoreip = 127.0.0.1/32 %s \n\ port = 22\n\ filter = sshd\n\ logpath = /init/logs/auth.log\n\ maxretry = %s\n\ findtime = %s\n\ bantime = %s\n\n\ ",\ in, ignored, g_row[2], g_row[3], g_row[4] ); mysql_free_result(d_res); } } fclose(conf_fail2ban_fp); mysql_free_result(g_res); // 释放结果集 mysql_close(g_conn); // 关闭链接 }