/* ============================================================================ Name : generate_paging_conf.sh Author : ssc Version : v1.0 Copyright : ZYCOO copyright Description : Generate paging info from mysql to paging conf file ============================================================================ */ #include #include #include #include #include #include #include #include MYSQL *g_conn; // mysql 连接 MYSQL_RES *g_res; // mysql group记录集 MYSQL_ROW g_row; // 字符串数组,mysql 记录行 MYSQL_RES *d_res; // mysql device记录集 MYSQL_ROW d_row; // 字符串数组,mysql 记录行 #define NORMAL_SIZE 256 #define MAX_SIZE 2048 #define MIDLE_SIZE 512 #define MINI_SIZE 64 #define CONFIG_FILE "/etc/fail2ban/jail.conf" #define KEYVALLEN 100 #define VERSION "V1.0.1" #define FAIL2BAN_BASIC_SQL "select name,enable,max_retry,find_time,ban_time from t_pbx_fail2ban_basic" #define FAIL2BAN_SIP_IGNORED_SQL "select ip,netmask_length from t_pbx_fail2ban_ignored where protocol_sip='1' and enable='1'" #define FAIL2BAN_SSH_IGNORED_SQL "select ip,netmask_length from t_pbx_fail2ban_ignored where protocol_ssh='1' and enable='1'" char g_host_name[MINI_SIZE]; char g_user_name[MINI_SIZE]; char g_password[MINI_SIZE]; char g_db_name[MINI_SIZE]; const unsigned int g_db_port = 3306; char * mytime(){ time_t my_time; time(&my_time); char *time_string = ctime(&my_time); if (time_string[strlen(time_string) - 1] == '\n') { time_string[strlen(time_string) - 1] = '\0'; } return time_string; } void print_mysql_error(const char *msg) { // 打印最后一次错误 if (msg) printf("%s: %s\n", msg, mysql_error(g_conn)); else puts(mysql_error(g_conn)); } int executesql(const char * sql) { /*query the database according the sql*/ if (mysql_real_query(g_conn, sql, strlen(sql))) // 如果失败 return -1; // 表示失败 return 0; // 成功执行 } int init_mysql() { // 初始化连接 // init the database connection g_conn = mysql_init(NULL); /* connect the database */ if(!mysql_real_connect(g_conn, g_host_name, g_user_name, g_password, g_db_name, g_db_port, NULL, 0)) // 如果失败 return -1; // 是否连接已经可用 if (executesql("set names utf8")) // 如果失败 return -1; return 0; // 返回成功 } int main(int argc, char **argv) { char in[8] = {0}; char tmp[MIDLE_SIZE] = {0}; char ignored[MIDLE_SIZE] = {0}; char cmd[MIDLE_SIZE] = {0}; strcpy(g_host_name,getenv("MYSQL")); strcpy(g_user_name,getenv("MYSQL_USER")); strcpy(g_password,getenv("MYSQL_PASSWORD")); strcpy(g_db_name,getenv("MYSQL_DATABASE")); if (init_mysql()){ print_mysql_error(NULL); exit(1); } if (executesql(FAIL2BAN_BASIC_SQL)){ print_mysql_error(NULL); exit(1); } g_res = mysql_store_result(g_conn); // 从服务器传送结果集至本地,mysql_use_result直接使用服务器上的记录集 FILE *conf_fail2ban_fp = fopen(CONFIG_FILE, "w+"); if (conf_fail2ban_fp == NULL){ perror("Open paging conf file Error: "); exit(1); } fprintf(conf_fail2ban_fp, "[DEFAULT]\n\ ignoreip = 127.0.0.1/32\n\ bantime = 3600\n\ maxretry = 3\n\ backend = auto\n\ banaction = iptables-multiport\n\ mta = mail\n\ protocol = tcp\n\ chain = INPUT\n\ action_ = %%(banaction)s[name=%%(__name__)s, port=\"%%(port)s\", protocol=\"%%(protocol)s\", chain=\"%%(chain)s\"]\n\ action_mw = %%(banaction)s[name=%%(__name__)s, port=\"%%(port)s\", protocol=\"%%(protocol)s\", chain=\"%%(chain)s\"]\n\ action_mwl = %%(banaction)s[name=%%(__name__)s, port=\"%%(port)s\", protocol=\"%%(protocol)s\", chain=\"%%(chain)s\"]\n\ action = %%(action_)s\n\n\ "\ ); while ((g_row=mysql_fetch_row(g_res))) { // 打印结果集 if (g_row[0] == NULL || g_row[1] == NULL || g_row[2] == NULL || g_row[3] == NULL || g_row[4] == NULL) { printf("some feild is empty!\n"); continue; } if(strcmp((const char *)g_row[1], "1") == 0) strcpy(in, "true"); else strcpy(in, "false"); if(strcmp((const char*)g_row[0], "sip") == 0){ if (executesql(FAIL2BAN_SIP_IGNORED_SQL)){ print_mysql_error(NULL); exit(1); } d_res = mysql_store_result(g_conn); memset(ignored,0,sizeof(ignored)); while(d_row = mysql_fetch_row(d_res)) { strcat(ignored,(char *)d_row[0]); strcat(ignored,"/"); strcat(ignored,(char *)d_row[1]); strcat(ignored," "); } fprintf(conf_fail2ban_fp, "[sip-iptables]\n\ enabled = %s\n\ ignoreip = 127.0.0.1/32 %s \n\ filter = sip\n\ action = iptables-allports[name=VOIP, protocol=all]\n\ logpath = /var/log/asterisk/messages\n\ maxretry = %s\n\ findtime = %s\n\ bantime = %s\n\n\ ",\ in, ignored, g_row[2], g_row[3], g_row[4] ); mysql_free_result(d_res); } else if(strcmp((const char*)g_row[0], "ssh") == 0) { if (executesql(FAIL2BAN_SSH_IGNORED_SQL)){ print_mysql_error(NULL); exit(1); } d_res = mysql_store_result(g_conn); memset(ignored,0,sizeof(ignored)); while(d_row = mysql_fetch_row(d_res)) { strcat(ignored,(char *)d_row[0]); strcat(ignored,"/"); strcat(ignored,(char *)d_row[1]); strcat(ignored," "); } fprintf(conf_fail2ban_fp, "[SSH]\n\ enabled = %s\n\ ignoreip = 127.0.0.1/32 %s \n\ port = 22\n\ filter = sshd\n\ logpath = /init/logs/auth.log\n\ maxretry = %s\n\ findtime = %s\n\ bantime = %s\n\n\ ",\ in, ignored, g_row[2], g_row[3], g_row[4] ); mysql_free_result(d_res); } } fclose(conf_fail2ban_fp); mysql_free_result(g_res); // 释放结果集 mysql_close(g_conn); // 关闭链接 sprintf(cmd,"echo \"\" > /init/logs/auth.log;echo \"\" > /var/log/fail2ban.log ;echo \"\" > /var/log/asterisk/messages;asterisk -rx \"logger reload\";service fail2ban restart"); system(cmd); }