diff --git a/INSTALL.txt b/INSTALL.txt index ec251d7..b7d5acc 100644 --- a/INSTALL.txt +++ b/INSTALL.txt @@ -27,7 +27,7 @@ Pour stopper : control-C puis S. - en mode interactif : -# ./OctavE -i -t -l +# ./OctavE -itl Pour le moment, nous sommes en phase de test et je conseille de se mettre plutot en mode interactif :-) diff --git a/auth1.txt b/auth1.txt index 182b010..059671a 100644 --- a/auth1.txt +++ b/auth1.txt @@ -28,10 +28,18 @@ docs.rs 15.196.0.0/14 15.200.0.0/16 15.236.0.0/14 +17.0.0.0/8 18.128.0.0/9 18.32.0.0/11 18.64.0.0/10 20.0.0.0/11 +20.33.0.0/16 +20.34.0.0/15 +20.36.0.0/14 +20.40.0.0/13 +20.48.0.0/12 +20.64.0.0/10 +20.128.0.0/16 34.128.0.0/10 34.192.0.0/10 34.64.0.0/10 @@ -48,6 +56,11 @@ docs.rs 35.72.0.0/13 35.80.0.0/12 44.192.0.0/10 +47.235.0.0/16 +47.236.0.0/14 +47.240.0.0/14 +47.244.0.0/15 +47.246.0.0/16 50.31.128.0/17 52.0.0.0/10 52.192.0.0/12 @@ -69,6 +82,10 @@ docs.rs 54.224.0.0/11 54.64.0.0/11 63.32.0.0/14 +67.55.4.0/22 +67.55.8.0/21 +67.55.16.0/20 +67.55.32.0/19 76.223.0.0/17 76.223.128.0/19 76.223.160.0/20 @@ -80,9 +97,20 @@ docs.rs 108.128.0.0/13 108.136.0.0/14 142.250.0.0/15 +162.158.0.0/15 172.217.0.0/16 +199.59.148.0/22 209.67.0.0/16 216.58.192.0/19 # ajouts media.adeo.com +annonces-marine.com +youboat.com +mozilla.com +films.viewsurf.com +keenetic.pro +magzdb.elibrary.keenetic.pro +manomano.com +www.dailymotion.com +aliexpress.com diff --git a/octave.c b/octave.c index da1725d..cb74fc6 100644 --- a/octave.c +++ b/octave.c @@ -45,12 +45,12 @@ https://e2li.org -> menu : Projet Prosecco. #include #include -#define Version "1.00" +#define Version "1.01" #define F_GETPIPE_SZ 1032 #define F_SETPIPE_SZ 1031 -static int RUN=1, REQ=0, ENDT=0, REPR=0, p1[2],Trace=0; +static int RUN=1, REQ=0, ENDT=0, REPR=0, JCTL=0, LogC=0, WH=1, p1[2],Trace=0; static pid_t pid; static char * NPROG, *IFACE=NULL; #define DELAYR 20 /* delai avant relance auto */ @@ -88,6 +88,14 @@ int r; return 1; } +int isIPv6(char *a) +{ +struct in6_addr S; +int r; + if ((r = inet_pton(AF_INET6,a, (void *)&S)) <= 0) return 0; + return 1; +} + int isCidr(char*r) { char buf[20], *sn; @@ -102,6 +110,21 @@ int n; return n; } +int isCidr6(char*r) +{ +char buf[52], *sn; +int n; + if (strlen(r)>50) return 0; + strcpy(buf,r); + if ((sn=strstr(buf,"/")) == NULL) return 0; + *sn = '\0'; + if (!isIPv6(buf)) return 0; + n = atoi(sn+1); + if (n>128) return 0; + return n; +} + +uint64_t NbAddCidrs = 0; int isSousRes(char*r, char *a) { struct in_addr Sa, Sr, Sm; @@ -198,7 +221,7 @@ char a[20],*p, *g, *w; *w = '\0'; w++; if (isSousRes(p,a)) { - if (T3) printf("T3: %s contient %s (%s)\n",p,a,w); + if (T1) printf("T1: %s contient %s (%s)\n",p,a,w); delCidr(g); } } @@ -207,7 +230,7 @@ char a[20],*p, *g, *w; void listCidr(void) { int i; - printf("CIDR : %d\n",iC); + printf("CIDR : %d elts representent %lld adresses.\n",iC,(long long)NbAddCidrs); for (i=0; i 0) { /* test si CIDR */ addCidr(w); + NbAddCidrs += (int)(1< 0) { /* test si CIDR6 */ + printf("%s : CIDR IPv6 non pris en compte pour l'instant !\n",w); return 1; } if (*line == '-') { @@ -434,14 +462,21 @@ int i,n=0; -int comsh(char *com) +#define EX_NOOUT 1 +#define EX_NOERR 2 +#define EX_SILENT EX_NOOUT|EX_NOERR + +int comsh(char *com,int mode) { pid_t pid; int ret; if ((pid = fork()) < 0) { perror("fork2"); return 99; } + if (T3) printf("$ %s\n",com); if (pid == 0) { + if (mode & EX_NOOUT) close(1); + if (mode & EX_NOERR) close(2); signal(SIGINT,SIG_IGN); execl("/bin/sh", "sh", "-c", com, (char *) 0); perror("execl2"); return 98; @@ -454,7 +489,7 @@ int exeCom(char * comm) /* on se reserve le droit de modifier */ { char b[120]; sprintf(b,"%s >/dev/null 2>&1",comm); - return comsh(b); + return comsh(b,EX_SILENT); } /* ### fct de MAJ iptables */ @@ -632,6 +667,8 @@ void pr_encours(void) } #define SUNIC "|sort|uniq" +#define JCTLSYS "journalctl --system" +#define JCTLSYSG JCTLSYS"|grep " #define CHLOG "/var/log/user.log" #define CHLOGREP "/var/log/user.log|grep " #define CUT6 "|cut -d' ' -f6" @@ -642,6 +679,7 @@ void pr_encours(void) #define AWK5 "|awk '{ print $5}'" #define AWK4 "|awk '{ print $4}'" #define DREJ "^REJECT " +#define DACC "^ACCEPT " void * fct_com(void * p) { int REQ=1; @@ -651,7 +689,7 @@ pid_t pid; fauth = (char*)p; pid = getpid(); read_history(FHISTO); - if (REPR) comsh("reset"); + if (REPR) comsh("reset",0); while (REQ) { if (kill(pid,SIGUSR1) < 0) { /* verif processus acquisition */ ENDT=1; @@ -707,73 +745,102 @@ pid_t pid; break; case 'a' : if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); - sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,".* ok", - CHLOG,CUT6,SUNIC); - comsh(com); + if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s%s",JCTLSYSG,NPROG,pid, + ".* ok", CUT6,SUNIC); + else sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid, + ".* ok", CHLOG,CUT6,SUNIC); + comsh(com,0); break; case 'i' : if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); - sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,".* DENY", - CHLOG,CUT6,SUNIC); - comsh(com); + if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s%s",JCTLSYSG,NPROG,pid, + ".* DENY", CUT6,SUNIC); + else sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid, + ".* DENY", CHLOG,CUT6,SUNIC); + comsh(com,0); break; case 'e' : if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); - sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,".* ACCEPT", - CHLOG,CUT6,SUNIC); - comsh(com); + if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s%s",JCTLSYSG,NPROG,pid, + ".* ACCEPT", CUT6,SUNIC); + else sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid, + ".* ACCEPT", CHLOG,CUT6,SUNIC); + comsh(com,0); break; case 'E' : if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); - sprintf(com,"grep '%s\\[%d\\]%s' %s%s",NPROG,pid,".*ERR: ", - CHLOG,CUTM45); - comsh(com); + if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s",JCTLSYSG,NPROG,pid, + ".*ERR: ", CUTM45); + else sprintf(com,"grep '%s\\[%d\\]%s' %s%s",NPROG,pid, + ".*ERR: ", CHLOG,CUTM45); + comsh(com,0); break; case 'L' : - if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); - sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid, + if (*(cmd+1) == '\0') { + if (JCTL) sprintf(com,"%s'%s\\[%d\\]'|grep %s%s",JCTLSYSG,NPROG, + pid, "-v 'Re[pq]. '",CUTM45); + else sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid, CHLOGREP,"-v 'Re[pq]. '",CUTM45); - comsh(com); + } else { + if (JCTL) sprintf(com,"%s'%s\\[%d\\]'|grep %s%s|grep '%s'",JCTLSYSG + ,NPROG,pid,"-v 'Re[pq]. '",CUTM45,cmd+1); + else sprintf(com,"grep '%s\\[%d\\]' %s%s%s|grep '%s'",NPROG,pid, + CHLOGREP,"-v 'Re[pq]. '",CUTM45,cmd+1); + } + comsh(com,0); break; case 'T' : if (*(cmd+1) != '\0') { /* avec parametre */ if ((*(cmd+1) == '+') && (*(cmd+2) != '\0')) { /* script + param */ sprintf(com,"./t1.sh %d %s >.Trav%d",pid,cmd+2,pid); - comsh(com); + comsh(com,0); sprintf(com,"cat .Trav%d",pid); - } else sprintf(com,"grep '%s\\[%d\\].*%s' %s%s%s",NPROG,pid,cmd+1, + } else { + if (JCTL) + sprintf(com,"%s'%s\\[%d\\].*%s'|grep%s%s",JCTLSYSG,NPROG,pid, + cmd+1," 'Re[pq]. '",CUTM45); + else + sprintf(com,"grep '%s\\[%d\\].*%s' %s%s%s",NPROG,pid,cmd+1, CHLOGREP," 'Re[pq]. '",CUTM45); - } else - sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid, + } + } else { + if (JCTL)sprintf(com,"%s'%s\\[%d\\]'|grep %s%s",JCTLSYSG,NPROG,pid, + " 'Re[pq]. '",CUTM45); + else sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid, CHLOGREP," 'Re[pq]. '",CUTM45); - comsh(com); + } + comsh(com,0); prInOut(); break; case '>' : if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); - sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid, + if (JCTL) sprintf(com,"%s'%s\\[%d\\].*%s%s%s",JCTLSYSG,NPROG,pid, + " Req. '",CUT7S,SUNIC); + else sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid, CHLOGREP," 'Req. '",CUT7S,SUNIC); - comsh(com); + comsh(com,0); prInOut(); break; case '<' : if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); - sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid, + if (JCTL) sprintf(com,"%s'%s\\[%d\\].*%s%s%s",JCTLSYSG,NPROG,pid, + " Rep. '",CUT7S,SUNIC); + else sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid, CHLOGREP," 'Rep. '",CUT7S,SUNIC); - comsh(com); + comsh(com,0); prInOut(); break; case 'r' : if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); - sprintf(com,"%s -L|grep %s%s%s",IPT,DREJ,AWK5,SUNIC); + sprintf(com,"%s -L %s|grep %s%s%s",IPT,OUTP,DREJ,AWK5,SUNIC); pr_encours(); - comsh(com); + comsh(com,0); break; case 'R' : if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); sprintf(com,"%s -L|grep %s%s%s",IP6T,DREJ,AWK4,SUNIC); pr_encours(); - comsh(com); + comsh(com,0); break; case 'S' : if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); @@ -781,36 +848,44 @@ pid_t pid; REQ = 0; write(p1[1],"\n",1); break; - case 'V' : + case 'v' : if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); - printf("Version %s\n",Version); - prInOut(); + sprintf(com,"%s -L %s|grep %s%s%s",IPT,MYCH,DACC,AWK5,SUNIC); + pr_encours(); + comsh(com,0); break; case ' ' : - if (*(cmd+1) != '\0') comsh(cmd+1); + if (*(cmd+1) != '\0') comsh(cmd+1,0); break; + case '?' : + if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); + printf("Version %s\n",Version); + prInOut(); default : - printf("+url\t: Allow (autoriser une Url)\n"); - printf("-url\t: Deny (interdire une Url)\n"); - printf("a\t: Autorisations suivant analyse\n"); - printf("i\t: Interdictions suivant analyse\n"); - printf("e\t: Exceptions suivant analyse\n"); - printf("E\t: Liste des erreurs\n"); - printf("l[+|-]\t: Liste des elements dynamiques\n"); - printf("L\t: Logs du systeme\n"); - printf("r\t: Rejets actifs IPv4 (dure plusieurs sec.)\n"); - printf("R\t: Rejets actifs IPv6 (dure plusieurs sec.)\n"); - printf("S\t: Stopper\n"); - printf("t+|-\t: Niveau de trace : 0 (off) => 3\n"); - printf("T[mot]\t: Traces des demandes/reponses contenant mot\n"); - printf(">\t: Traces des demandes triees\n"); - printf("<\t: Traces des reponses triees\n"); - printf("V\t: Version\n"); + printf("?\t\t: Version et menu.\n"); + printf("+url\t\t: Allow (autoriser une Url)\n"); + printf("-url\t\t: Deny (interdire une Url)\n"); + printf("a\t\t: Autorisations suivant analyse\n"); + printf("i\t\t: Interdictions suivant analyse\n"); + printf("e\t\t: Exceptions suivant analyse\n"); + printf("E\t\t: Liste des erreurs\n"); + printf("l[+|-]\t\t: Liste des elements dynamiques\n"); + printf("L[filtre]\t: Logs du systeme avec filtre de type regex\n"); + printf("r\t\t: Rejets actifs IPv4 (dure plusieurs sec.)\n"); + printf("R\t\t: Rejets actifs IPv6 (dure plusieurs sec.)\n"); + printf("v\t\t: Validations actives IPv4 (dure plusieurs sec.)\n"); + printf("t+|-\t\t: Niveau de trace : 0 (off) => 3\n"); + if (LogC) { + printf("T[+][mot]\t: Traces des demandes/reponses contenant mot.\n\t\t Avec + fait les liaisons entre requetes et reponses.\n"); + printf(">\t\t: Traces des demandes triees\n"); + printf("<\t\t: Traces des reponses triees\n"); + } + printf("S\t\t: Stopper\n"); break; } } } - write_history(FHISTO); + WH=write_history(FHISTO); free(cmd); /* fin dialogue */ pthread_exit(NULL); @@ -851,7 +926,7 @@ char *analyse="tcpdump", *line = NULL, *cmd = NULL, *s1, *s2, *refU; char *fauth = "auth1.txt", *strR = "-R", *Pars, strPID[8], **NP; size_t ll = 0, lc = 0; ssize_t n,n2; -int Inter=0, LogC=0, i, ie, np=0, opt; +int Inter=0, i, ie, np=0, opt; if ((NPROG = strrchr(P[0],(int)'/')) == NULL) NPROG=P[0]; else NPROG++; sprintf(strPID,"%d",getpid()); @@ -906,6 +981,7 @@ int Inter=0, LogC=0, i, ie, np=0, opt; fprintf(stderr,"A executer sous root !\n"); return 2; } + if (comsh(JCTLSYS,EX_SILENT) == 0) JCTL=1; if (T1) printf("T1: Fichier parametres = %s\n",fauth); signal(SIGUSR1,SIG_IGN); if (pipe(p1) < 0) { @@ -1093,7 +1169,7 @@ int Inter=0, LogC=0, i, ie, np=0, opt; close(p1[1]); closelog(); if (ENDT) { /* relance auto */ - comsh("reset"); + comsh("reset",0); if (T1) printf("Relance auto %s dans %d sec. ...\n",strPID, DELAYR); sleep(DELAYR); /* attend N s */ NP = (char**)malloc((sizeof(Pars))*(N+3)); @@ -1101,6 +1177,7 @@ int Inter=0, LogC=0, i, ie, np=0, opt; NP[i++]=strR; NP[i++]=strPID; NP[i]=NULL; + if (WH) write_history(FHISTO); execv(P[0],NP); perror("execv"); } diff --git a/t1.sh b/t1.sh index d0a81d2..abf3989 100755 --- a/t1.sh +++ b/t1.sh @@ -7,15 +7,16 @@ explic () } [ $# != 2 ] && explic -liste=`grep 'OctavE\['$1'\].*'$2 /var/log/user.log|grep -v ' ERR: '|grep ': Re[pq]\. '|cut -d' ' -f7|sort|uniq` +liste=`journalctl --system|grep 'OctavE\['$1'\].*'$2|grep -v ' ERR: '|grep ': Re[pq]\. '|cut -d' ' -f7|sort|uniq` p="" for v in $liste do p=$p"|"$v done +[ "$p" = "" ] && exit 0 p2=`echo $p|sed 's/|//'` # echo '('$p2')' -grep 'OctavE\['$1'\]' /var/log/user.log|egrep '('$p2')'|cut -d' ' -f1-3,6- - +journalctl --system|grep 'OctavE\['$1'\]'|egrep '('$p2')'|cut -d' ' -f1-3,6- +exit 0