asterisk_scripts/fail2ban_conf.c

/*
============================================================================
Name        : generate_paging_conf.sh
Author      : ssc
Version     : v1.0
Copyright   : ZYCOO copyright
Description : Generate paging info from mysql to paging conf file
============================================================================
*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <assert.h>
#include <time.h>
#include <ctype.h>
#include <mysql/mysql.h>

MYSQL *g_conn; // mysql 连接
MYSQL_RES *g_res; // mysql group记录集
MYSQL_ROW g_row; // 字符串数组，mysql 记录行
MYSQL_RES *d_res; // mysql device记录集
MYSQL_ROW d_row; // 字符串数组，mysql 记录行

#define NORMAL_SIZE 256
#define MAX_SIZE 2048
#define MIDLE_SIZE 512
#define MINI_SIZE 64
#define CONFIG_FILE "/etc/fail2ban/jail.conf"
#define KEYVALLEN 100
#define VERSION "V1.0.1"

#define FAIL2BAN_BASIC_SQL "select name,enable,max_retry,find_time,ban_time from t_pbx_fail2ban_basic"
#define FAIL2BAN_SIP_IGNORED_SQL "select ip,netmask_length from t_pbx_fail2ban_ignored where protocol_sip='1' and enable='1'"
#define FAIL2BAN_SSH_IGNORED_SQL "select ip,netmask_length from t_pbx_fail2ban_ignored where protocol_ssh='1' and enable='1'"

char g_host_name[MINI_SIZE];
char g_user_name[MINI_SIZE];
char g_password[MINI_SIZE];
char g_db_name[MINI_SIZE];
const unsigned int g_db_port = 3306;

char * mytime(){
        time_t my_time;
        time(&my_time);
        char *time_string = ctime(&my_time);
        if (time_string[strlen(time_string) - 1] == '\n')
        {
                time_string[strlen(time_string) - 1] = '\0';
        }
        return time_string;
}

void print_mysql_error(const char *msg) { // 打印最后一次错误
if (msg)
    printf("%s: %s\n", msg, mysql_error(g_conn));
else
    puts(mysql_error(g_conn));
}

int executesql(const char * sql) {
/*query the database according the sql*/
if (mysql_real_query(g_conn, sql, strlen(sql))) // 如果失败
    return -1; // 表示失败

return 0; // 成功执行
}


int init_mysql() { // 初始化连接
// init the database connection
g_conn = mysql_init(NULL);

/* connect the database */
if(!mysql_real_connect(g_conn, g_host_name, g_user_name, g_password, g_db_name, g_db_port, NULL, 0)) // 如果失败
    return -1;

// 是否连接已经可用
if (executesql("set names utf8")) // 如果失败
    return -1;

return 0; // 返回成功
}

int main(int argc, char **argv) {
    char in[8] = {0};
	char tmp[MIDLE_SIZE] = {0};
	char ignored[MIDLE_SIZE] = {0};
	char cmd[MIDLE_SIZE] = {0};

    strcpy(g_host_name,getenv("MYSQL"));
    strcpy(g_user_name,getenv("MYSQL_USER"));
    strcpy(g_password,getenv("MYSQL_PASSWORD"));
    strcpy(g_db_name,getenv("MYSQL_DATABASE"));

    if (init_mysql()){
        print_mysql_error(NULL);
        exit(1);
    }

    if (executesql(FAIL2BAN_BASIC_SQL)){
        print_mysql_error(NULL);
        exit(1);
    }

    g_res = mysql_store_result(g_conn); // 从服务器传送结果集至本地，mysql_use_result直接使用服务器上的记录集
    FILE *conf_fail2ban_fp = fopen(CONFIG_FILE, "w+");

    if (conf_fail2ban_fp == NULL){
        perror("Open paging conf file Error: ");
        exit(1);
    }

    fprintf(conf_fail2ban_fp, "[DEFAULT]\n\
ignoreip = 127.0.0.1/32\n\
bantime  = 3600\n\
maxretry = 3\n\
backend = auto\n\
banaction = iptables-multiport\n\
mta = mail\n\
protocol = tcp\n\
chain = INPUT\n\
action_ = %%(banaction)s[name=%%(__name__)s, port=\"%%(port)s\", protocol=\"%%(protocol)s\", chain=\"%%(chain)s\"]\n\
action_mw = %%(banaction)s[name=%%(__name__)s, port=\"%%(port)s\", protocol=\"%%(protocol)s\", chain=\"%%(chain)s\"]\n\
action_mwl = %%(banaction)s[name=%%(__name__)s, port=\"%%(port)s\", protocol=\"%%(protocol)s\", chain=\"%%(chain)s\"]\n\
action = %%(action_)s\n\n\
"\
);

    while ((g_row=mysql_fetch_row(g_res)))
    { // 打印结果集
        if (g_row[0] == NULL || g_row[1] == NULL || g_row[2] == NULL || g_row[3] == NULL || g_row[4] == NULL)
        {
            printf("some feild is empty!\n");
            continue;
        }

        if(strcmp((const char *)g_row[1], "1") == 0)
            strcpy(in, "true");
        else
            strcpy(in, "false");

        if(strcmp((const char*)g_row[0], "sip") == 0){
            if (executesql(FAIL2BAN_SIP_IGNORED_SQL)){
                print_mysql_error(NULL);
                exit(1);
            }
            d_res = mysql_store_result(g_conn);
            memset(ignored,0,sizeof(ignored));
            while(d_row = mysql_fetch_row(d_res))
            {
                strcat(ignored,(char *)d_row[0]);
                strcat(ignored,"/");
                strcat(ignored,(char *)d_row[1]);
                strcat(ignored," ");
            }
            fprintf(conf_fail2ban_fp, "[sip-iptables]\n\
enabled = %s\n\
ignoreip = 127.0.0.1/32 %s \n\
filter = sip\n\
action = iptables-allports[name=VOIP, protocol=all]\n\
logpath = /var/log/asterisk/messages\n\
maxretry = %s\n\
findtime = %s\n\
bantime = %s\n\n\
",\
in, ignored, g_row[2], g_row[3], g_row[4]
);
            mysql_free_result(d_res);
        }
        else if(strcmp((const char*)g_row[0], "ssh") == 0)
        {
            if (executesql(FAIL2BAN_SSH_IGNORED_SQL)){
                print_mysql_error(NULL);
                exit(1);
            }
            d_res = mysql_store_result(g_conn);
            memset(ignored,0,sizeof(ignored));
            while(d_row = mysql_fetch_row(d_res))
            {
                strcat(ignored,(char *)d_row[0]);
                strcat(ignored,"/");
                strcat(ignored,(char *)d_row[1]);
                strcat(ignored," ");
            }
            fprintf(conf_fail2ban_fp, "[SSH]\n\
enabled = %s\n\
ignoreip = 127.0.0.1/32 %s \n\
port = 22\n\
filter = sshd\n\
logpath = /init/logs/auth.log\n\
maxretry = %s\n\
findtime = %s\n\
bantime = %s\n\n\
",\
in, ignored, g_row[2], g_row[3], g_row[4]
);
            mysql_free_result(d_res);
        }
    }
    fclose(conf_fail2ban_fp);
    mysql_free_result(g_res); // 释放结果集
    mysql_close(g_conn); // 关闭链接
    	
	sprintf(cmd,"echo \"\" > /init/logs/auth.log;echo \"\" > /var/log/fail2ban.log ;echo \"\" > /var/log/asterisk/messages;asterisk -rx \"logger reload\";service fail2ban restart");

	system(cmd);
}