asterisk_scripts/fail2ban_rule.bak.c

#include<stdio.h>
#include<stdlib.h>
#include<strings.h>
#include<string.h>
#include<mysql/mysql.h>
#include<mysql/mysqld_error.h>
#include<stdarg.h>
#include<ctype.h>
#include<sys/types.h>  
#include<ifaddrs.h>  
#include<netinet/in.h>   
#include<arpa/inet.h>  
#include<net/if.h> 
#include <sys/ioctl.h> 
#include <sys/socket.h>
#include <fcntl.h>

#define CONFIG_FILE "/etc/fail2ban/jail.conf"
#define DBCONFIG "/etc/asterisk/exten_gen.ini"
#define NETCONFIG "/etc/rc.conf"
#define WEBCONFIG "/usr/local/rest-server/config/application.properties"
#define SIZE 256
#define SIZE_K 1024
/*该程序的功能是从数据库中读取fail2ban的配置信息然后写到fail2ban的配置文件中然后重启fail2ban服务使配置生效，界面配置fail2ban的时候调用，需要编译*/

char *getconfig(const char *file_path, const char *name)
{
	char str[SIZE] = {0};
	char *p = NULL, *value = NULL;
	int tmp = 0, len = 0;

	FILE *fp = fopen(file_path, "r");
	while(fgets(str, SIZE, fp)){
		if(strstr(str, name)){
			p = strstr(str, "=");
			len = p - str;
			value = malloc(50);
			bzero(value, 50);
			while(str[len] != '\n'){
				if(str[len] == ' ' || str[len] == '='){
					len++;
					continue;
				}else
					value[tmp++] = str[len++];
			}
			//printf("%s : %s\n",name, value);
			break;
		}
		
	}
	return value;
}

MYSQL *connect_mysql(MYSQL *conn)
{
	char *dbserver = getconfig(DBCONFIG, "dbserverip");
	char *dbuser = getconfig(DBCONFIG, "dbuser");
	char *dbpasswd = getconfig(DBCONFIG, "dbpasswd");
	char *dbname = getconfig(DBCONFIG, "dbname");
	mysql_init(conn);
	if(!mysql_real_connect(conn, dbserver, dbuser, dbpasswd, dbname,0,"",0)){
		printf("error:%s\n",mysql_error(conn));	
		return NULL;
	}
	if(dbserver)free(dbserver);
	if(dbuser)free(dbuser);
	if(dbpasswd)free(dbpasswd);
	if(dbname)free(dbname);
	int utf8;  
	utf8=mysql_query(conn,"set names utf8");  	
	return conn;
}

int netmask_str2len(char* mask)
{
    int netmask = 0;
    unsigned int mask_tmp;

    mask_tmp = ntohl((int)inet_addr(mask));
    while (mask_tmp & 0x80000000)
    {
        netmask++;
        mask_tmp = (mask_tmp << 1);
    }

    return netmask;    
}

char * get_addr(char *addr, int flag, char *dev)
{
    int sockfd = 0;  
    struct sockaddr_in *sin;
    struct ifreq ifr;

    if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
    {
        perror("socket error!\n");
        return NULL;
    }

    memset(&ifr, 0, sizeof(ifr));
    snprintf(ifr.ifr_name, (sizeof(ifr.ifr_name) - 1), "%s", dev);

    if(ioctl(sockfd, flag, &ifr) < 0 )
    {
        perror("ioctl error!\n");
        close(sockfd);
        return NULL;
    }
    close(sockfd);

    sin = (struct sockaddr_in *)&ifr.ifr_addr;
    snprintf((char *)addr, 32, "%s", inet_ntoa(sin->sin_addr));        

    return addr;
}

char *get_fb_config(char *buf)
{
	MYSQL conn;
	MYSQL_RES *res;
	MYSQL_ROW row;
	MYSQL conn1;
	MYSQL_RES *res1;
	MYSQL_ROW row1;
	char sql[SIZE] = {0};
	char tmp[SIZE_K*2] = {0};
	char ignored[SIZE_K*2] = {0};
	int len1 = 16, len2 = 16, len3 = 16,len4 = 16;
	char wanip[32] = {0};
	char lanip[32] = {0};
	char virip[32] = {0};
	char virip_lan[32] = {0};
	char netmask_wan[32] = {0};
	char netmask_lan[32] = {0};
	char netmask_vir[32] = {0};
	char netmask_vir_lan[32] = {0};
	
	get_addr(wanip, SIOCGIFADDR,"eth0");
	get_addr(lanip, SIOCGIFADDR,"eth1");
	get_addr(virip, SIOCGIFADDR,"eth0:0");
	get_addr(virip_lan, SIOCGIFADDR,"eth1:0");
#if 0	
	get_addr(netmask_wan, SIOCGIFNETMASK,"eth0");
	get_addr(netmask_lan, SIOCGIFNETMASK,"eth1");
	get_addr(netmask_vir, SIOCGIFNETMASK,"eth0:0");
	get_addr(netmask_vir_lan, SIOCGIFNETMASK,"eth1:0");
	
	if(strlen(netmask_wan))
		len1 = netmask_str2len(netmask_wan);
	
	if(strlen(netmask_lan))
		len2 = netmask_str2len(netmask_lan);
	
	if(strlen(netmask_vir))
		len3 = netmask_str2len(netmask_vir);
	if(strlen(netmask_vir_lan))
		len4 = netmask_str2len(netmask_vir_lan);
#endif	
	/*set default rules*/
	strcat(buf,"[DEFAULT]\n");
	strcat(buf,"ignoreip = 127.0.0.1/32\n");
	strcat(buf,"bantime  = 3600\n");
	strcat(buf,"maxretry = 3\n");
	strcat(buf,"backend = auto\n");
	strcat(buf,"banaction = iptables-multiport\n");
	strcat(buf,"mta = mail\n");
	strcat(buf,"protocol = tcp\n");
	strcat(buf,"chain = INPUT\n");
	strcat(buf,"action_ = \%(banaction)s[name=\%(__name__)s, port=\"\%(port)s\", protocol=\"\%(protocol)s\", chain=\"\%(chain)s\"]\n");
	strcat(buf,"action_mw = \%(banaction)s[name=\%(__name__)s, port=\"\%(port)s\", protocol=\"\%(protocol)s\", chain=\"\%(chain)s\"]\n");
	strcat(buf,"action_mwl = \%(banaction)s[name=\%(__name__)s, port=\"\%(port)s\", protocol=\"\%(protocol)s\", chain=\"\%(chain)s\"]\n");
	strcat(buf,"action = \%(action_)s\n\n");

	MYSQL *conn_mysql = &conn;
	if(!connect_mysql(conn_mysql))
		return 0;

	sprintf(sql, "select name,enable,max_retry,find_time,ban_time from t_fail2ban_basic");
	if(mysql_real_query(conn_mysql, sql, strlen(sql))){
		printf("select  data from table t_fail2ban_basic faild !\n");
		return 0;
	}
	res = mysql_store_result(conn_mysql);

	char in[10] = {0};

	MYSQL *conn_mysql1 = &conn1;
	if(!connect_mysql(conn_mysql1))
		return 0;

	while(row = mysql_fetch_row(res))
	{
		bzero(in, 10);
		bzero(tmp,strlen(tmp));
		bzero(ignored,strlen(ignored));
		if(!strcmp((const char *)row[1], "1"))
			strcpy(in, "true");
		else
			strcpy(in, "false");
		
		if(strlen(virip) && strlen(virip_lan))
			sprintf(ignored,"%s/%d %s/%d %s/%d %s/%d ",wanip,len1, lanip,len2,virip,len3,virip_lan,len4);
		else if(strlen(virip))
			sprintf(ignored,"%s/%d %s/%d %s/%d ",wanip,len1, lanip,len2,virip,len3);
		else if(strlen(virip_lan))
			sprintf(ignored,"%s/%d %s/%d %s/%d ",wanip,len1, lanip,len2,virip_lan,len4);
		else
			sprintf(ignored,"%s/%d %s/%d ",wanip,len1, lanip,len2);
		
		if(!strcmp((const char*)row[0], "sip")){
			bzero(sql,strlen(sql));
			sprintf(sql, "select ip,netmask_length from t_fail2ban_ignored where protocol_sip='1' and enable='1'");
			if(mysql_real_query(conn_mysql1, sql, strlen(sql))){
				printf("select  data from table t_fail2ban_ignored faild !\n");
				return 0;
			}
			res1 = mysql_store_result(conn_mysql1);
			while(row1 = mysql_fetch_row(res1))
			{
				strcat(ignored,(char *)row1[0]);
				strcat(ignored,"/");
				strcat(ignored,(char *)row1[1]);
				strcat(ignored," ");
			}
			
			sprintf(tmp,"[sip-iptables]\nenabled = %s\nignoreip = 127.0.0.1/32 %s \nfilter = sip\naction = iptables-allports[name=VOIP, protocol=all]\nlogpath = /var/log/asterisk/messages\nmaxretry = %s\nfindtime = %s\nbantime = %s\n\n", in, ignored, row[2], row[3], row[4]);
			mysql_free_result(res1);
		}
		else if(!strcmp((const char*)row[0], "ssh")){
			bzero(sql,strlen(sql));
			sprintf(sql, "select ip,netmask_length from t_fail2ban_ignored where protocol_ssh='1' and enable='1'");
			if(mysql_real_query(conn_mysql1, sql, strlen(sql))){
				printf("select  data from table t_fail2ban_ignored faild !\n");
				return 0;
			}
			res1 = mysql_store_result(conn_mysql1);
			while(row1 = mysql_fetch_row(res1))
			{
				strcat(ignored,(char *)row1[0]);
				strcat(ignored,"/");
				strcat(ignored,(char *)row1[1]);
				strcat(ignored," ");
			}
			char *sshport = getconfig("/etc/asterisk/service.conf","ssh_port");
			sprintf(tmp,"[SSH]\nenabled = %s\nignoreip = 127.0.0.1/32 %s \nport = %s\nfilter = sshd\nlogpath = /var/log/auth.log\nmaxretry = %s\nfindtime = %s\nbantime = %s\n\n",in, ignored, sshport, row[2], row[3], row[4]);
			free(sshport);
			mysql_free_result(res1);
		}
		else if(!strcmp((const char*)row[0], "https")){
		#if 1
			bzero(sql,strlen(sql));
			sprintf(sql, "select ip,netmask_length from t_fail2ban_ignored where protocol_https='1' and enable='1'");
			if(mysql_real_query(conn_mysql1, sql, strlen(sql))){
				printf("select  data from table t_fail2ban_ignored faild !\n");
				return 0;
			}
			res1 = mysql_store_result(conn_mysql1);
			while(row1 = mysql_fetch_row(res1))
			{
				strcat(ignored,(char *)row1[0]);
				strcat(ignored,"/");
				strcat(ignored,(char *)row1[1]);
				strcat(ignored," ");
			}
			char *web_port=getconfig(WEBCONFIG, "server.port");
			sprintf(tmp,"[HTTPS]\nenabled = %s\nignoreip = 127.0.0.1/32 %s \nport = %s\nfilter = https\nlogpath = /var/log/invalid_web_visit.log\nmaxretry = %s\nfindtime = %s\nbantime = %s\n\n",in, ignored, web_port, row[2], row[3], row[4]);
			free(web_port);
			mysql_free_result(res1);
		#endif
		}
		else if(!strcmp((const char*)row[0], "iax")){
			bzero(sql,strlen(sql));
			sprintf(sql, "select ip,netmask_length from t_fail2ban_ignored where protocol_iax='1' and enable='1'");
			if(mysql_real_query(conn_mysql1, sql, strlen(sql))){
				printf("select  data from table t_fail2ban_ignored faild !\n");
				return 0;
			}
			res1 = mysql_store_result(conn_mysql1);
			while(row1 = mysql_fetch_row(res1))
			{
				strcat(ignored,(char *)row1[0]);
				strcat(ignored,"/");
				strcat(ignored,(char *)row1[1]);
				strcat(ignored," ");
			}
			sprintf(tmp, "[iax-iptables]\nenabled = %s\nignoreip = 127.0.0.1/32 %s\nfilter = iax2\naction = iptables-allports[name=VOIP, protocol=all]\nlogpath = /var/log/asterisk/messages\nmaxretry = %s\nfindtime = %s\nbantime = %s\n\n", in, ignored, row[2], row[3], row[4]);
			mysql_free_result(res1);
		}
		strcat(buf,tmp);
	}
	
	mysql_free_result(res);
	mysql_close(conn_mysql);
	mysql_close(conn_mysql1);

	return buf;
}


int main(int argc, char *argv[])
{
	char buf[SIZE_K*8]={0};
	char cmd[SIZE] = {0};
	FILE *fp = NULL;

#if 1	
	get_fb_config(buf);
	printf("%s",buf);
	fp = fopen(CONFIG_FILE, "w");
	if(strlen(buf))
		fputs(buf, fp);
	fclose(fp);
	
	sprintf(cmd,"echo \"\" > /var/log/auth.log;echo \"\" > /var/log/fail2ban.log ;echo \"\" >/var/log/invalid_web_visit.log;echo \"\" > /var/log/asterisk/messages;asterisk -rx \"logger reload\";service fail2ban restart");

	system(cmd);
#endif
	return 0;
}