Code afférent au projet Kouglof 2 de l'E2L
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.

před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
před 6 měsíci
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111
  1. /*******************************************************************
  2. Copyright (C) 2011-2024 Patrick H. E. Foubet - S.E.R.I.A.N.E.
  3. This program is free software: you can redistribute it and/or modify
  4. it under the terms of the GNU General Public License as published by
  5. the Free Software Foundation, either version 3 of the License, or any
  6. later version.
  7. This program is distributed in the hope that it will be useful,
  8. but WITHOUT ANY WARRANTY; without even the implied warranty of
  9. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  10. See the GNU General Public License for more details.
  11. You should have received a copy of the GNU General Public License
  12. along with this program. If not, see <http://www.gnu.org/licenses/>
  13. *******************************************************************/
  14. /*
  15. ############################################################
  16. # Projet Kouglof 2 de l'Ecole du Logiciel Libre d'Ivry : #
  17. ############################################################
  18. octave.c : outil pour scanner l'interface reseau afin d'analyser les sites
  19. auxquels les applications veulent se connecter.
  20. A utiliser avec le fichier auth1.txt pour stopper les connexions non voulues
  21. Tous les details sur le site :
  22. https://e2li.org -> menu : Projet Prosecco.
  23. */
  24. #include <stdio.h>
  25. #include <stdlib.h>
  26. #include <sys/types.h>
  27. #include <unistd.h>
  28. #include <signal.h>
  29. #include <fcntl.h>
  30. #include <readline/readline.h>
  31. #include <readline/history.h>
  32. #include <sys/wait.h>
  33. #include <string.h>
  34. #include <syslog.h>
  35. #include <time.h>
  36. #include <arpa/inet.h>
  37. #include <pthread.h>
  38. #define Version "1.00"
  39. #define F_GETPIPE_SZ 1032
  40. #define F_SETPIPE_SZ 1031
  41. static int RUN=1, REQ=0, ENDT=0, REPR=0, p1[2],Trace=0;
  42. static pid_t pid;
  43. static char * NPROG, *IFACE=NULL;
  44. #define DELAYR 20 /* delai avant relance auto */
  45. void interup (int S)
  46. {
  47. if (S==SIGINT) {
  48. write(p1[1],"\n",1);
  49. REQ=1; return;
  50. }
  51. if (S==SIGCHLD) {
  52. if (waitpid(pid,NULL,WNOHANG) == pid) {
  53. ENDT=1;
  54. write(p1[1],"\n",1);
  55. }
  56. return;
  57. }
  58. fprintf(stderr,"Reçu signal %d !!??\n",S);
  59. }
  60. /* ### les niveaux de trace */
  61. #define TMIN 0
  62. #define TMAX 3
  63. #define T1 Trace > 0
  64. #define T2 Trace > 1
  65. #define T3 Trace > 2
  66. /* #### les fonctions adresses IPv4 */
  67. int isIPv4(char *a)
  68. {
  69. struct in_addr S;
  70. int r;
  71. if ((r = inet_pton(AF_INET,a, (void *)&S)) <= 0) return 0;
  72. return 1;
  73. }
  74. int isCidr(char*r)
  75. {
  76. char buf[20], *sn;
  77. int n;
  78. if (strlen(r)>18) return 0;
  79. strcpy(buf,r);
  80. if ((sn=strstr(buf,"/")) == NULL) return 0;
  81. *sn = '\0';
  82. if (!isIPv4(buf)) return 0;
  83. n = atoi(sn+1);
  84. if (n>32) return 0;
  85. return n;
  86. }
  87. int isSousRes(char*r, char *a)
  88. {
  89. struct in_addr Sa, Sr, Sm;
  90. int n, m1,m2,m3,m4, m;
  91. char buf[20],smasq[16],*sn;
  92. if (!isCidr(r)) return 0;
  93. if (!isIPv4(a)) return 0;
  94. strcpy(buf,r);
  95. if ((sn=strstr(buf,"/")) == NULL) return 0;
  96. *sn = '\0';
  97. n = atoi(sn+1);
  98. /* calcul du masq */
  99. m=n;
  100. if (m>7) { m1=255; m-=8;
  101. } else { m1=0;
  102. while (m>=0) m1 |= 0x80 >> --m;
  103. }
  104. if (m>7) { m2=255; m-=8;
  105. } else { m2=0;
  106. while (m>=0) m2 |= 0x80 >> --m;
  107. }
  108. if (m>7) { m3=255; m-=8;
  109. } else { m3=0;
  110. while (m>=0) m3 |= 0x80 >> --m;
  111. }
  112. if (m>7) { m4=255; m-=8;
  113. } else { m4=0;
  114. while (m>=0) m4 |= 0x80 >> --m;
  115. }
  116. sprintf(smasq,"%d.%d.%d.%d",m1,m2,m3,m4);
  117. inet_pton(AF_INET,smasq, (void *)&Sm);
  118. inet_pton(AF_INET,a, (void *)&Sa);
  119. inet_pton(AF_INET,buf, (void *)&Sr);
  120. if ((Sr.s_addr & Sm.s_addr) == (Sa.s_addr & Sm.s_addr)) return 1;
  121. return 0;
  122. }
  123. /* #### gestion dynamique des CIDR */
  124. #define NBC 100 /* nb de CIDR */
  125. char* Tcidr[NBC];
  126. int iC=0;
  127. int bloqueIP(char*);
  128. int addCidr(char * c)
  129. {
  130. int i=iC;
  131. if (i==NBC) return i;
  132. Tcidr[i] = (char*)malloc(strlen(c)+1);
  133. strcpy(Tcidr[i],c);
  134. iC++;
  135. bloqueIP(c);
  136. return i;
  137. }
  138. void delCidr(char * c)
  139. {
  140. int i;
  141. for (i=0; i<iC; i++)
  142. if (strcmp(c,Tcidr[i]) == 0) {
  143. iC--;
  144. if (iC == i) return;
  145. if (iC > 0) Tcidr[i] = Tcidr[iC];
  146. return;
  147. }
  148. }
  149. int isAddrInCidr(char * a, int M)
  150. {
  151. int i;
  152. for(i=0;i<iC;i++) {
  153. if (isSousRes(Tcidr[i],a)) {
  154. if (M) syslog(LOG_INFO,"CIDR %s contient %s !",Tcidr[i],a);
  155. return 1;
  156. }
  157. }
  158. return 0;
  159. }
  160. void validCidr(void)
  161. {
  162. int i,j;
  163. char a[20],*p, *g, *w;
  164. for(i=0;i<iC;i++)
  165. for (j=i+1;j<iC;j++) {
  166. if (isCidr(Tcidr[i]) < isCidr(Tcidr[j])) {
  167. p=Tcidr[i]; g=Tcidr[j];
  168. } else {
  169. p=Tcidr[j]; g=Tcidr[i];
  170. }
  171. strcpy(a,g);
  172. w = strstr(a,"/");
  173. *w = '\0';
  174. w++;
  175. if (isSousRes(p,a)) {
  176. if (T3) printf("T3: %s contient %s (%s)\n",p,a,w);
  177. delCidr(g);
  178. }
  179. }
  180. }
  181. void listCidr(void)
  182. {
  183. int i;
  184. printf("CIDR : %d\n",iC);
  185. for (i=0; i<iC; i++) printf("\t%s\n", Tcidr[i]);
  186. }
  187. /* ### gestion des listes */
  188. #define NBAll 500
  189. #define NBDen 300
  190. char * Allow[NBAll];
  191. char * Deny[NBDen];
  192. int iAll=0, iDen=0;
  193. int isDeny(char*u)
  194. {
  195. char *su;
  196. int i, tu, t;
  197. for (i=0;i<iDen;i++) {
  198. tu = strlen(u);
  199. t = strlen(Deny[i]);
  200. if (tu < t) continue;
  201. su = u + tu - t;;
  202. if (strcmp(su,Deny[i]) == 0) {
  203. if (su==u) return 1;
  204. if (*(su-1)=='.') return 1;
  205. }
  206. }
  207. for (i=0;i<iAll;i++) {
  208. tu = strlen(u);
  209. t = strlen(Allow[i]);
  210. if (tu < t) continue;
  211. su = u + tu - t;
  212. if (strcmp(su,Allow[i]) == 0) {
  213. if (*(Allow[i]) == '.') return 0;
  214. if (su==u) return 0;
  215. if (*(su-1)=='.') return 0;
  216. }
  217. }
  218. return 1; /* deny par defaut */
  219. }
  220. void listeAllow(void)
  221. {
  222. int i;
  223. printf("Allow : %d\n",iAll);
  224. for (i=0;i<iAll;i++) printf("\t%s\n",Allow[i]);
  225. }
  226. void listeDeny(void)
  227. {
  228. int i;
  229. printf("Deny : %d\n",iDen);
  230. for (i=0;i<iDen;i++) printf("\t%s\n",Deny[i]);
  231. }
  232. void dejaLa(char * e)
  233. {
  234. printf("%s est deja dans la liste !\n",e);
  235. }
  236. int dejaAllow(char *e)
  237. {
  238. int i;
  239. for (i=0;i<iAll;i++) {
  240. if (strlen(e) != strlen(Allow[i])) continue;
  241. if (strcmp(e,Allow[i])==0) {
  242. dejaLa(e); return 1;
  243. }
  244. }
  245. return 0;
  246. }
  247. int dejaDeny(char *e)
  248. {
  249. int i;
  250. for (i=0;i<iDen;i++) {
  251. if (strlen(e) != strlen(Deny[i])) continue;
  252. if (strcmp(e,Deny[i])==0) {
  253. dejaLa(e); return 1;
  254. }
  255. }
  256. return 0;
  257. }
  258. void recaplistes(void)
  259. {
  260. listeDeny();
  261. listeAllow();
  262. }
  263. int litligne(char * line)
  264. {
  265. char *w, **S;
  266. void * M;
  267. int t;
  268. if (*line == '#') return 1;
  269. if ((w=strstr(line, "\n")) != NULL) *w = '\0';
  270. w=line;
  271. if (*w == '-') w++;
  272. t=strlen(w);
  273. if (t==0) return 1;
  274. if (isCidr(w)) { /* test si CIDR */
  275. addCidr(w);
  276. return 1;
  277. }
  278. if (*line == '-') {
  279. if (iDen == NBDen) return 0;
  280. if (dejaDeny(w)) return 0;
  281. S = &Deny[iDen];
  282. iDen++;
  283. } else {
  284. if (iAll == NBAll) return 0;
  285. if (dejaAllow(w)) return 0;
  286. S = &Allow[iAll];
  287. iAll++;
  288. }
  289. if ((M = malloc(t+1)) == NULL) {
  290. perror("malloc"); return 0;
  291. }
  292. *S=(char*)M;
  293. strcpy(*S,w);
  294. return 1;
  295. }
  296. void lectliste(char *f)
  297. {
  298. FILE * fd;
  299. char *line = NULL;
  300. size_t ll = 0;
  301. int n;
  302. if ((fd = fopen(f,"r")) == NULL) {
  303. perror(f); return;
  304. }
  305. while ((n = getline(&line, &ll, fd)) > 0) {
  306. if (!litligne(line)) {
  307. if (T1) printf("T1: Erreur param. = %s\n",line);
  308. }
  309. }
  310. free(line);
  311. fclose(fd);
  312. validCidr();
  313. if (T1) listCidr();
  314. }
  315. /* ### gestion dynamique des elts */
  316. #define NBT 1000 /* nb d'elts */
  317. int Tno[NBT];
  318. int Trv[NBT];
  319. char* Turl[NBT];
  320. int iT=0, NbElt=0, MaxElt=0;
  321. int addElt(int n, char * u)
  322. {
  323. int i=iT;
  324. if (i == NBT) return i;
  325. Tno[i]=n;
  326. Trv[i]=0;
  327. Turl[i] = (char*)malloc(strlen(u)+1);
  328. strcpy(Turl[i],u);
  329. iT++;
  330. NbElt++;
  331. if (NbElt > MaxElt) MaxElt=NbElt;
  332. return i;
  333. }
  334. int isElt(int n)
  335. {
  336. int i;
  337. for (i=0; i<iT; i++) if (n==Tno[i]) return i;
  338. return -1;
  339. }
  340. void delIElt(int i)
  341. {
  342. if (i>=iT) return;
  343. if (T3) printf("T3: Del %d : %s \n",Tno[i],Turl[i]);
  344. iT--;
  345. if (iT == i) return;
  346. if (iT > 0) {
  347. Tno[i] = Tno[iT];
  348. Turl[i] = Turl[iT];
  349. Trv[i] = Trv[iT];
  350. }
  351. return;
  352. }
  353. void delElt(int n)
  354. {
  355. int i;
  356. for (i=0; i<iT; i++)
  357. if (n==Tno[i]) {
  358. delIElt(i);
  359. return;
  360. }
  361. }
  362. int markElt(int i, int v)
  363. {
  364. if (Trv[i] & v) return 0;
  365. Trv[i] |= v;
  366. return 1;
  367. }
  368. void listElt(char c)
  369. {
  370. int i,n=0;
  371. switch (c) {
  372. case '-':
  373. for (i=0; i<iT; i++)
  374. if (Tno[i]<0) { printf("%d : %s (%d)\n",Tno[i], Turl[i], Trv[i]);
  375. n++;
  376. }
  377. break;
  378. case '+':
  379. for (i=0; i<iT; i++)
  380. if (Tno[i]>0) { printf("%d : %s (%d)\n",Tno[i], Turl[i], Trv[i]);
  381. n++;
  382. }
  383. break;
  384. default:
  385. for (i=0; i<iT; i++) {
  386. printf("%d : %s (%d)\n",Tno[i], Turl[i], Trv[i]);
  387. n++;
  388. }
  389. break;
  390. }
  391. printf(" %d elements trouves.\n",n);
  392. }
  393. int comsh(char *com)
  394. {
  395. pid_t pid;
  396. int ret;
  397. if ((pid = fork()) < 0) {
  398. perror("fork2"); return 99;
  399. }
  400. if (pid == 0) {
  401. signal(SIGINT,SIG_IGN);
  402. execl("/bin/sh", "sh", "-c", com, (char *) 0);
  403. perror("execl2"); return 98;
  404. }
  405. waitpid(pid,&ret,0);
  406. return WEXITSTATUS(ret);
  407. }
  408. int exeCom(char * comm) /* on se reserve le droit de modifier */
  409. {
  410. char b[120];
  411. sprintf(b,"%s >/dev/null 2>&1",comm);
  412. return comsh(b);
  413. }
  414. /* ### fct de MAJ iptables */
  415. static char * IPT = "iptables";
  416. static char * IP6T = "ip6tables";
  417. static char * MYCH = "valide4";
  418. static char * OUTP = "OUTPUT";
  419. static char * MNO = "REJECT";
  420. static char * MOK = "ACCEPT";
  421. int initIPT(void)
  422. {
  423. int i=0;
  424. char b[90];
  425. if (REPR) return 0;
  426. sprintf(b,"%s -F",IPT);
  427. i += exeCom(b);
  428. sprintf(b,"%s -F",IP6T);
  429. i += exeCom(b);
  430. sprintf(b,"%s -L %s -n",IPT,MYCH);
  431. if (exeCom(b)) {
  432. sprintf(b,"%s -N %s",IPT,MYCH);
  433. i += exeCom(b);
  434. }
  435. sprintf(b,"%s -A %s -j %s",IPT,OUTP,MYCH);
  436. i += exeCom(b);
  437. return i;
  438. }
  439. int isPresentIP(char * comm, char * ip, char * chain)
  440. {
  441. char buf[100];
  442. sprintf(buf,"%s -L %s -n|grep %s",comm,chain,ip);
  443. if (exeCom(buf) == 0) return 1;
  444. return 0;
  445. }
  446. int retireChain(char * comm, char * ip, char * chain, char * jump)
  447. {
  448. char buf[100];
  449. sprintf(buf,"%s -D %s -d %s -j %s",comm,chain, ip, jump);
  450. return exeCom(buf);
  451. }
  452. int ajouteChain(char * comm, char * ip, char * chain, char * jump)
  453. {
  454. char buf[100];
  455. sprintf(buf,"%s -A %s -d %s -j %s",comm,chain, ip, jump);
  456. return exeCom(buf);
  457. }
  458. int bloqueIP(char* ip)
  459. {
  460. if (isAddrInCidr(ip,0)) return 0;
  461. if (isPresentIP(IPT,ip,OUTP)) return 0;
  462. return ajouteChain(IPT,ip,OUTP,MNO);
  463. }
  464. int debloqueIP(char* ip, char * url)
  465. {
  466. if (url != NULL) syslog(LOG_INFO,"%s=%s ACCEPT",url,ip);
  467. return ajouteChain(IPT,ip,MYCH,MOK);
  468. }
  469. int rebloqueIP(char* ip)
  470. {
  471. return retireChain(IPT,ip,MYCH,MOK);
  472. }
  473. void dropIP(char * l)
  474. {
  475. char *s,*d=l;
  476. while ((s=strstr(d, "A ")) != NULL) {
  477. s+=2;
  478. if ((d=strstr(s+2, ",")) == NULL) break;
  479. *d = '\0';
  480. d++;
  481. bloqueIP(s);
  482. }
  483. bloqueIP(s);
  484. }
  485. int verifIPOk(char * l, char * url)
  486. {
  487. char *s,*d=l;
  488. while ((s=strstr(d, "A ")) != NULL) {
  489. s+=2;
  490. if ((d=strstr(s+2, ",")) == NULL) break;
  491. *d = '\0';
  492. d++;
  493. if (isPresentIP(IPT,s,MYCH)) continue;
  494. if (isAddrInCidr(s,1)) debloqueIP(s,url);
  495. }
  496. if (isPresentIP(IPT,s,MYCH)) return 1;
  497. if (isAddrInCidr(s,1)) return(debloqueIP(s,url));
  498. return 1;
  499. }
  500. int dropIP6(char * l)
  501. {
  502. char *s,*d=l;
  503. while ((s=strstr(d, "A ")) != NULL) {
  504. s+=2;
  505. if ((d=strstr(s+2, ",")) == NULL) break;
  506. *d = '\0';
  507. d++;
  508. if (isPresentIP(IP6T,s,OUTP)) continue;
  509. ajouteChain(IP6T,s,OUTP,MNO);
  510. }
  511. if (isPresentIP(IP6T,s,OUTP)) return 1;
  512. ajouteChain(IP6T,s,OUTP,MNO);
  513. return 1;
  514. }
  515. /* tache de commande et periodiques */
  516. #define t0 (time_t)0
  517. time_t tim1=t0;
  518. void tachePer1(void) /* vide les elts toutes les 30 secondes */
  519. {
  520. static time_t tim0=t0, tw;
  521. int i, v;
  522. tw = time(NULL);
  523. if ((tw - tim0) < 30) {
  524. if (T3) printf ("T3: tache1 passe %s",ctime(&tw));
  525. return;
  526. }
  527. if (T3) printf ("T3: tache1 exec %s",ctime(&tw));
  528. tim1 = time(NULL);
  529. v = (tim1 - tim0) / 30;
  530. if (tim0 != t0) {
  531. for (i=iT-1; i>=0; i--) {
  532. if ((Trv[i]&0x6) == 6) delIElt(i); // IPv4 + IPV6
  533. else { Trv[i] += 8*v;
  534. if (Trv[i] > 80) delIElt(i); // On laisse 5 min.
  535. }
  536. }
  537. }
  538. tim0 = time(NULL);
  539. return;
  540. }
  541. void ajoutParam(char * ficp, char * param)
  542. {
  543. FILE * fw;
  544. fw = fopen(ficp,"a");
  545. fwrite(param,strlen(param),1,fw);
  546. fwrite("\n",1,1,fw);
  547. fclose(fw);
  548. }
  549. static int NBin=0, NBout=0;
  550. void prInOut(void)
  551. {
  552. printf(" %d messages DNS: %d requetes, %d reponses.\n",NBout+NBin,NBout,NBin);
  553. }
  554. int printQ(char * q)
  555. {
  556. char *rep=NULL;
  557. size_t lr = 0;
  558. int n;
  559. while (1) {
  560. printf("Voulez-vous %s ?\n Taper O (OUI) ou N (NON) :\n",q);
  561. if ((n = getline(&rep, &lr, stdin)) != 2) continue;
  562. if (*rep == 'O') return 1;
  563. if (*rep == 'N') return 0;
  564. }
  565. }
  566. void pr_encours(void)
  567. {
  568. printf(" ...\r"); fflush(stdout);
  569. }
  570. #define SUNIC "|sort|uniq"
  571. #define CHLOG "/var/log/user.log"
  572. #define CHLOGREP "/var/log/user.log|grep "
  573. #define CUT6 "|cut -d' ' -f6"
  574. #define CUTM45 "|cut -d' ' -f1-3,6-"
  575. #define CUT7S "|cut -d' ' -f7-"
  576. #define FHISTO ".octave_history"
  577. #define AWK5 "|awk '{ print $5}'"
  578. #define AWK4 "|awk '{ print $4}'"
  579. #define DREJ "^REJECT "
  580. void * fct_com(void * p)
  581. {
  582. int REQ=1;
  583. char *cmd = NULL, *fauth, com[100];
  584. int n2;
  585. pid_t pid;
  586. fauth = (char*)p;
  587. pid = getpid();
  588. read_history(FHISTO);
  589. if (REPR) comsh("reset");
  590. while (REQ) {
  591. if (kill(pid,SIGUSR1) < 0) { /* verif processus acquisition */
  592. ENDT=1;
  593. write(p1[1],"\n",1);
  594. }
  595. free(cmd);
  596. cmd = readline("O-> ");
  597. if ((n2 = strlen(cmd)) > 0) {
  598. write(p1[1],"\n",1);
  599. add_history(cmd);
  600. switch (*cmd) {
  601. case '+' :
  602. if (*(cmd+1) != '\0') {
  603. if (litligne(cmd+1)) { /* ajout au fichier fauth */
  604. if (debloqueIP(cmd+1,NULL)) printf("Element non valable !\n");
  605. else {
  606. if (printQ("ajouter au fichier parametres"))
  607. ajoutParam(fauth,cmd+1);
  608. listeAllow();
  609. }
  610. } else printf("Erreur ajout param. !\n");
  611. } else listeAllow();
  612. break;
  613. case '-' :
  614. if (*(cmd+1) != '\0') {
  615. if (litligne(cmd)) { /* ajout au fichier fauth */
  616. if (rebloqueIP(cmd+1)) printf("Element non valable !\n");
  617. else {
  618. if (printQ("ajouter au fichier parametres"))
  619. ajoutParam(fauth,cmd);
  620. listeDeny();
  621. }
  622. } else printf("Erreur ajout param. !\n");
  623. } else listeDeny();
  624. break;
  625. case 'l' :
  626. listElt(cmd[1]);
  627. printf(" %s Utilise %d elts/%d : %.2f%% (Max. %d)!\n",ctime(&tim1),iT,
  628. NBT, (float)(iT*100)/(float)NBT, MaxElt);
  629. prInOut();
  630. break;
  631. case 't' :
  632. if (*(cmd+1) != '\0') {
  633. if ((cmd[1] == '+') || (cmd[1] == '-')) {
  634. if ((cmd[1] == '+') && (Trace < TMAX)) Trace++;
  635. else {
  636. if ((cmd[1] == '-') && (Trace > TMIN)) Trace--;
  637. else printf("Erreur: niveau dans [%d, %d].\n",TMIN,TMAX);
  638. }
  639. } else printf("Erreur: Utiliser t+ ou t- !\n");
  640. }
  641. printf(" Trace niveau %d\n",Trace);
  642. break;
  643. case 'a' :
  644. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  645. sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,".* ok",
  646. CHLOG,CUT6,SUNIC);
  647. comsh(com);
  648. break;
  649. case 'i' :
  650. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  651. sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,".* DENY",
  652. CHLOG,CUT6,SUNIC);
  653. comsh(com);
  654. break;
  655. case 'e' :
  656. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  657. sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,".* ACCEPT",
  658. CHLOG,CUT6,SUNIC);
  659. comsh(com);
  660. break;
  661. case 'E' :
  662. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  663. sprintf(com,"grep '%s\\[%d\\]%s' %s%s",NPROG,pid,".*ERR: ",
  664. CHLOG,CUTM45);
  665. comsh(com);
  666. break;
  667. case 'L' :
  668. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  669. sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid,
  670. CHLOGREP,"-v 'Re[pq]. '",CUTM45);
  671. comsh(com);
  672. break;
  673. case 'T' :
  674. if (*(cmd+1) != '\0') { /* avec parametre */
  675. if ((*(cmd+1) == '+') && (*(cmd+2) != '\0')) { /* script + param */
  676. sprintf(com,"./t1.sh %d %s >.Trav%d",pid,cmd+2,pid);
  677. comsh(com);
  678. sprintf(com,"cat .Trav%d",pid);
  679. } else sprintf(com,"grep '%s\\[%d\\].*%s' %s%s%s",NPROG,pid,cmd+1,
  680. CHLOGREP," 'Re[pq]. '",CUTM45);
  681. } else
  682. sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid,
  683. CHLOGREP," 'Re[pq]. '",CUTM45);
  684. comsh(com);
  685. prInOut();
  686. break;
  687. case '>' :
  688. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  689. sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid,
  690. CHLOGREP," 'Req. '",CUT7S,SUNIC);
  691. comsh(com);
  692. prInOut();
  693. break;
  694. case '<' :
  695. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  696. sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid,
  697. CHLOGREP," 'Rep. '",CUT7S,SUNIC);
  698. comsh(com);
  699. prInOut();
  700. break;
  701. case 'r' :
  702. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  703. sprintf(com,"%s -L|grep %s%s%s",IPT,DREJ,AWK5,SUNIC);
  704. pr_encours();
  705. comsh(com);
  706. break;
  707. case 'R' :
  708. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  709. sprintf(com,"%s -L|grep %s%s%s",IP6T,DREJ,AWK4,SUNIC);
  710. pr_encours();
  711. comsh(com);
  712. break;
  713. case 'S' :
  714. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  715. RUN = 0;
  716. REQ = 0;
  717. write(p1[1],"\n",1);
  718. break;
  719. case 'V' :
  720. if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
  721. printf("Version %s\n",Version);
  722. prInOut();
  723. break;
  724. case ' ' :
  725. if (*(cmd+1) != '\0') comsh(cmd+1);
  726. break;
  727. default :
  728. printf("+url\t: Allow (autoriser une Url)\n");
  729. printf("-url\t: Deny (interdire une Url)\n");
  730. printf("a\t: Autorisations suivant analyse\n");
  731. printf("i\t: Interdictions suivant analyse\n");
  732. printf("e\t: Exceptions suivant analyse\n");
  733. printf("E\t: Liste des erreurs\n");
  734. printf("l[+|-]\t: Liste des elements dynamiques\n");
  735. printf("L\t: Logs du systeme\n");
  736. printf("r\t: Rejets actifs IPv4 (dure plusieurs sec.)\n");
  737. printf("R\t: Rejets actifs IPv6 (dure plusieurs sec.)\n");
  738. printf("S\t: Stopper\n");
  739. printf("t+|-\t: Niveau de trace : 0 (off) => 3\n");
  740. printf("T[mot]\t: Traces des demandes/reponses contenant mot\n");
  741. printf(">\t: Traces des demandes triees\n");
  742. printf("<\t: Traces des reponses triees\n");
  743. printf("V\t: Version\n");
  744. break;
  745. }
  746. }
  747. }
  748. write_history(FHISTO);
  749. free(cmd);
  750. /* fin dialogue */
  751. pthread_exit(NULL);
  752. }
  753. void getIface(void)
  754. {
  755. FILE * fd;
  756. char *line = NULL, *s, *w;
  757. size_t ll = 0;
  758. int n;
  759. if ((fd = fopen("/proc/net/route","r")) == NULL) {
  760. perror("route"); return;
  761. }
  762. while ((n = getline(&line, &ll, fd)) > 0) {
  763. if ((s=strstr(line,"00000000"))==NULL) continue;
  764. w=line;
  765. while ((*w != ' ') && (*w != '\t')) w++;
  766. *w = '\0';
  767. w++;
  768. while ((*w == ' ') || (*w == '\t')) w++;
  769. if (s==w) { /* ok */
  770. IFACE = (char*)malloc(strlen(line)+1);
  771. strcpy(IFACE,line);
  772. break;
  773. }
  774. }
  775. free(line);
  776. fclose(fd);
  777. }
  778. #define Vie (ie >= 0)
  779. int main(int N, char * P[])
  780. {
  781. pthread_t thid;
  782. FILE * fp;
  783. char *analyse="tcpdump", *line = NULL, *cmd = NULL, *s1, *s2, *refU;
  784. char *fauth = "auth1.txt", *strR = "-R", *Pars, strPID[8], **NP;
  785. size_t ll = 0, lc = 0;
  786. ssize_t n,n2;
  787. int Inter=0, LogC=0, i, ie, np=0, opt;
  788. if ((NPROG = strrchr(P[0],(int)'/')) == NULL) NPROG=P[0];
  789. else NPROG++;
  790. sprintf(strPID,"%d",getpid());
  791. /* verif. options */
  792. while ((opt = getopt(N, P, "ilp:R:t")) != -1) {
  793. switch (opt) {
  794. case 'i':
  795. Inter = 1;
  796. break;
  797. case 'l':
  798. LogC = 1;
  799. break;
  800. case 't':
  801. Trace = TMIN+1;
  802. break;
  803. case 'p':
  804. fauth = optarg;
  805. break;
  806. case 'R':
  807. REPR=1;
  808. np = atoi(optarg);
  809. break;
  810. default: /* '?' */
  811. fprintf(stderr, "Utilisation: %s [options]\nAvec les options :\n", NPROG);
  812. fprintf(stderr, "\t-i : mode interactif,\n");
  813. fprintf(stderr, "\t-l : log des requetes,\n");
  814. fprintf(stderr, "\t-p fichier : nom du fichier parametres (%s par defaut),\n",fauth);
  815. fprintf(stderr, "\t-t : avec trace.\n");
  816. return 1;
  817. }
  818. }
  819. if ((REPR) && (np != getpid())) {
  820. fprintf(stderr,"Erreur reprise %d\n", np);
  821. return 1;
  822. }
  823. if (optind < N) {
  824. fprintf(stderr,"Parametre inconnu : %s\n", P[optind]);
  825. return 1;
  826. }
  827. getIface();
  828. if (REPR) {
  829. while (IFACE==NULL) { sleep(1); getIface(); }
  830. } else {
  831. if (IFACE == NULL) {
  832. fprintf(stderr,"Interface reseau absente !\n");
  833. return 9;
  834. }
  835. }
  836. printf("%s %s sur %s\n", NPROG, Version, IFACE);
  837. /* verif privilege root */
  838. if ((getuid() > 0) && (geteuid() > 0)) {
  839. fprintf(stderr,"A executer sous root !\n");
  840. return 2;
  841. }
  842. if (T1) printf("T1: Fichier parametres = %s\n",fauth);
  843. signal(SIGUSR1,SIG_IGN);
  844. if (pipe(p1) < 0) {
  845. perror("pipe"); return 3;
  846. }
  847. openlog(NULL,LOG_PID,0);
  848. /* on lance le fils : */
  849. if ((pid = fork()) < 0) {
  850. perror("fork"); return 4;
  851. }
  852. if (pid == 0) {
  853. signal(SIGINT,SIG_IGN);
  854. close(0);
  855. close(p1[0]);
  856. dup2(p1[1],1); /* stdout dans p1 */
  857. dup2(p1[1],2); /* idem stderr */
  858. setsid();
  859. execlp(analyse,analyse,"-tn","-i",IFACE,"port","53",NULL);
  860. perror("execl");
  861. return 5;
  862. }
  863. if (Inter) signal(SIGINT,SIG_IGN);
  864. else signal(SIGINT,interup);
  865. if ((np=initIPT())!=0) {
  866. if (T1) printf("Erreur initIPT %d !!??\n",np);
  867. syslog(LOG_WARNING, "ERR: Erreur initIPT %d !!??\n",np);
  868. }
  869. /* lecture des listes */
  870. lectliste(fauth);
  871. if (T1) recaplistes();
  872. sleep(1); /* attend le fils en place */
  873. if (kill(pid,SIGUSR1) < 0) return 6;
  874. signal(SIGCHLD,interup);
  875. /*
  876. fcntl(p1[0], F_SETFL, O_NONBLOCK);
  877. flag0 = fcntl(0, F_GETFL, O_NONBLOCK);
  878. fcntl(0, F_SETFL, O_NONBLOCK);
  879. */
  880. /* on analyse la sortie de p1 */
  881. if ((fp = fdopen(p1[0],"r")) == NULL) {
  882. perror("fdopen"); return 7;
  883. }
  884. fcntl(p1[0], F_SETPIPE_SZ,1048576);
  885. if (T1) printf("Depart %s %s PIDF:%d !\n",NPROG, strPID,pid);
  886. if (T1) printf("Capacite pipe : %ld bytes\n", (long)fcntl(p1[0], F_GETPIPE_SZ));
  887. np=0;
  888. /* lancement du thread */
  889. if (Inter) {
  890. if (pthread_create(&thid,NULL,fct_com,(void*)fauth) != 0) {
  891. fprintf(stderr,"Erreur pthread_create !\n"); return 9;
  892. }
  893. }
  894. while (RUN) {
  895. tachePer1();
  896. if ((n = getline(&line, &ll, fp)) > 0) {
  897. if (ENDT) {
  898. printf("Erreur : plus de tache d'analyse !\n"); break;
  899. }
  900. if (RUN == 0) break;
  901. if ((n==1) && (*line=='\n')) continue;
  902. if (np==0) { np++;
  903. if (REPR) syslog(LOG_INFO,"Reprise de l'analyse !");
  904. else syslog(LOG_INFO,"Debut de l'analyse !");
  905. }
  906. /* analyse */
  907. if ((s1=strstr(line, " > ")) == NULL) continue;
  908. if (strncmp(s1-3,".53",3) == 0) { /* REPONSE */
  909. if ((s2=strstr(s1+3, ":")) == NULL) continue;
  910. NBin++;
  911. *s2 = '\0';
  912. s1 = s2 -1;
  913. while (*s1 != '.') s1--;
  914. np = atoi(s1+1);
  915. if ((ie = isElt(np)) == -1) { /* Elt OK ou ABSENT ! */
  916. ie = isElt(-np);
  917. s1 = s2+1;
  918. if ((s2=strstr(s1, " A ")) != NULL) { /* IPv4 */
  919. s2++;
  920. s1 = strrchr(s2,(int)' ');
  921. *s1 = '\0';
  922. if (LogC) syslog(LOG_INFO,"Rep. %d %s",np,s2);
  923. if Vie {
  924. markElt(ie,4); refU = Turl[ie];
  925. } else {
  926. if (T1) printf("Elt %d non trouve !!??\n",np);
  927. syslog(LOG_WARNING,"ERR: Elt %d non trouve !!??\n",np);
  928. refU = NULL;
  929. }
  930. if (!verifIPOk(s2, refU))
  931. if Vie syslog(LOG_INFO,"Deblocage IP4 %s",refU);
  932. } else {
  933. if ((s2=strstr(s1, " AAAA ")) != NULL) { /* IPv6 */
  934. s2++;
  935. s1 = strrchr(s2,(int)' ');
  936. *s1 = '\0';
  937. if (LogC) syslog(LOG_INFO,"Rep. %d %s",np,s2);
  938. if Vie markElt(ie,2);
  939. dropIP6(s2);
  940. } else {
  941. if Vie markElt(ie,1);
  942. }
  943. }
  944. continue;
  945. }
  946. s1 = s2+1;
  947. if ((s2=strstr(s1, " A ")) == NULL) {
  948. if ((s2=strstr(s1, " AAAA ")) == NULL) {
  949. markElt(ie,1);
  950. } else { /* traitement IPv6 */
  951. s2++;
  952. if (LogC) syslog(LOG_INFO,"Rep. %d %s",np,s2);
  953. s1 = strrchr(s2,(int)' ');
  954. *s1 = '\0';
  955. if (markElt(ie,2)) dropIP6(s2);
  956. }
  957. continue;
  958. }
  959. /* IPv4 REJECT */
  960. s2++;
  961. s1 = strrchr(s2,(int)' ');
  962. *s1 = '\0';
  963. if (LogC) syslog(LOG_INFO,"Rep. %d %s",np,s2);
  964. syslog(LOG_INFO,"%s DENY",Turl[ie]);
  965. if (markElt(ie,4)) dropIP(s2);
  966. } else { /* DEMANDE */
  967. NBout++;
  968. *s1 = '\0';
  969. s2 = s1 +1;
  970. while (*s1 != '.') s1--;
  971. np = atoi(s1+1);
  972. if ((s1=strstr(s2, " A? ")) == NULL) continue;
  973. s1 += 4;
  974. s2 = s1 +1;
  975. while (*s2 != ' ') s2++;
  976. *(s2-1) = '\0'; /* on supprime le '.' */
  977. if (LogC) syslog(LOG_INFO,"Req. %d %s",np,s1);
  978. if (strstr(s1, ".") == NULL) { /* il doit en rester 1 */
  979. if (T1) printf("Ignore : %d %s !\n",np,s1);
  980. syslog(LOG_WARNING,"ERR: Ignore %d %s !\n",np,s1);
  981. continue;
  982. }
  983. if (!isDeny(s1)) { // V2 ! On enregistre le OK en NEGATIF
  984. if (isElt(-np) < 0) {
  985. addElt(-np,s1);
  986. syslog(LOG_INFO,"%s ok",s1);
  987. }
  988. continue;
  989. }
  990. if (isElt(np) < 0) {
  991. i=addElt(np,s1);
  992. if (T3) printf("T3: addElt %d %d/%d\n",NbElt,i,NBT);
  993. }
  994. }
  995. }
  996. if (REQ) {
  997. printf("Taper votre commande : H pour help !\n");
  998. if ((n2 = getline(&cmd, &lc, stdin)) > 0) {
  999. switch (*cmd) {
  1000. case 'C' :
  1001. REQ = 0;
  1002. break;
  1003. case 'L' :
  1004. listElt(cmd[1]);
  1005. printf(" %s Utilise %d elts/%d : %.2f%% (Max. %d)!\n",
  1006. ctime(&tim1),iT,NBT,(float)(iT*100)/(float)NBT,MaxElt);
  1007. break;
  1008. case 'S' :
  1009. RUN = 0;
  1010. REQ = 0;
  1011. break;
  1012. default :
  1013. printf("C\t: continuer\n");
  1014. printf("L\t: liste des elts\n");
  1015. printf("S\t: stopper\n");
  1016. break;
  1017. }
  1018. }
  1019. }
  1020. }
  1021. syslog(LOG_INFO,"Fin de l'analyse !");
  1022. free(line);
  1023. free(cmd);
  1024. kill(pid,SIGTERM);
  1025. close(p1[0]);
  1026. close(p1[1]);
  1027. closelog();
  1028. if (ENDT) { /* relance auto */
  1029. comsh("reset");
  1030. if (T1) printf("Relance auto %s dans %d sec. ...\n",strPID, DELAYR);
  1031. sleep(DELAYR); /* attend N s */
  1032. NP = (char**)malloc((sizeof(Pars))*(N+3));
  1033. for (i=0;i<N;i++) NP[i] = P[i];
  1034. NP[i++]=strR;
  1035. NP[i++]=strPID;
  1036. NP[i]=NULL;
  1037. execv(P[0],NP);
  1038. perror("execv");
  1039. }
  1040. printf("Fin du programme!\n");
  1041. return 0;
  1042. }