Patrick Foubet 6 місяці тому
джерело
коміт
1be0ca4359
4 змінених файлів з 169 додано та 63 видалено
  1. +1
    -1
      INSTALL.txt
  2. +28
    -0
      auth1.txt
  3. +136
    -59
      octave.c
  4. +4
    -3
      t1.sh

+ 1
- 1
INSTALL.txt Переглянути файл

@@ -27,7 +27,7 @@ Pour stopper : control-C puis S.

- en mode interactif :

# ./OctavE -i -t -l
# ./OctavE -itl

Pour le moment, nous sommes en phase de test et je conseille de se mettre plutot
en mode interactif :-)


+ 28
- 0
auth1.txt Переглянути файл

@@ -28,10 +28,18 @@ docs.rs
15.196.0.0/14
15.200.0.0/16
15.236.0.0/14
17.0.0.0/8
18.128.0.0/9
18.32.0.0/11
18.64.0.0/10
20.0.0.0/11
20.33.0.0/16
20.34.0.0/15
20.36.0.0/14
20.40.0.0/13
20.48.0.0/12
20.64.0.0/10
20.128.0.0/16
34.128.0.0/10
34.192.0.0/10
34.64.0.0/10
@@ -48,6 +56,11 @@ docs.rs
35.72.0.0/13
35.80.0.0/12
44.192.0.0/10
47.235.0.0/16
47.236.0.0/14
47.240.0.0/14
47.244.0.0/15
47.246.0.0/16
50.31.128.0/17
52.0.0.0/10
52.192.0.0/12
@@ -69,6 +82,10 @@ docs.rs
54.224.0.0/11
54.64.0.0/11
63.32.0.0/14
67.55.4.0/22
67.55.8.0/21
67.55.16.0/20
67.55.32.0/19
76.223.0.0/17
76.223.128.0/19
76.223.160.0/20
@@ -80,9 +97,20 @@ docs.rs
108.128.0.0/13
108.136.0.0/14
142.250.0.0/15
162.158.0.0/15
172.217.0.0/16
199.59.148.0/22
209.67.0.0/16
216.58.192.0/19

# ajouts
media.adeo.com
annonces-marine.com
youboat.com
mozilla.com
films.viewsurf.com
keenetic.pro
magzdb.elibrary.keenetic.pro
manomano.com
www.dailymotion.com
aliexpress.com

+ 136
- 59
octave.c Переглянути файл

@@ -45,12 +45,12 @@ https://e2li.org -> menu : Projet Prosecco.
#include <arpa/inet.h>
#include <pthread.h>

#define Version "1.00"
#define Version "1.01"

#define F_GETPIPE_SZ 1032
#define F_SETPIPE_SZ 1031

static int RUN=1, REQ=0, ENDT=0, REPR=0, p1[2],Trace=0;
static int RUN=1, REQ=0, ENDT=0, REPR=0, JCTL=0, LogC=0, WH=1, p1[2],Trace=0;
static pid_t pid;
static char * NPROG, *IFACE=NULL;
#define DELAYR 20 /* delai avant relance auto */
@@ -88,6 +88,14 @@ int r;
return 1;
}

int isIPv6(char *a)
{
struct in6_addr S;
int r;
if ((r = inet_pton(AF_INET6,a, (void *)&S)) <= 0) return 0;
return 1;
}

int isCidr(char*r)
{
char buf[20], *sn;
@@ -102,6 +110,21 @@ int n;
return n;
}

int isCidr6(char*r)
{
char buf[52], *sn;
int n;
if (strlen(r)>50) return 0;
strcpy(buf,r);
if ((sn=strstr(buf,"/")) == NULL) return 0;
*sn = '\0';
if (!isIPv6(buf)) return 0;
n = atoi(sn+1);
if (n>128) return 0;
return n;
}

uint64_t NbAddCidrs = 0;
int isSousRes(char*r, char *a)
{
struct in_addr Sa, Sr, Sm;
@@ -198,7 +221,7 @@ char a[20],*p, *g, *w;
*w = '\0';
w++;
if (isSousRes(p,a)) {
if (T3) printf("T3: %s contient %s (%s)\n",p,a,w);
if (T1) printf("T1: %s contient %s (%s)\n",p,a,w);
delCidr(g);
}
}
@@ -207,7 +230,7 @@ char a[20],*p, *g, *w;
void listCidr(void)
{
int i;
printf("CIDR : %d\n",iC);
printf("CIDR : %d elts representent %lld adresses.\n",iC,(long long)NbAddCidrs);
for (i=0; i<iC; i++) printf("\t%s\n", Tcidr[i]);
}

@@ -296,15 +319,20 @@ int litligne(char * line)
{
char *w, **S;
void * M;
int t;
int t,v;
if (*line == '#') return 1;
if ((w=strstr(line, "\n")) != NULL) *w = '\0';
w=line;
if (*w == '-') w++;
t=strlen(w);
if (t==0) return 1;
if (isCidr(w)) { /* test si CIDR */
if ((v=isCidr(w)) > 0) { /* test si CIDR */
addCidr(w);
NbAddCidrs += (int)(1<<v);
return 1;
}
if ((v=isCidr6(w)) > 0) { /* test si CIDR6 */
printf("%s : CIDR IPv6 non pris en compte pour l'instant !\n",w);
return 1;
}
if (*line == '-') {
@@ -434,14 +462,21 @@ int i,n=0;



int comsh(char *com)
#define EX_NOOUT 1
#define EX_NOERR 2
#define EX_SILENT EX_NOOUT|EX_NOERR

int comsh(char *com,int mode)
{
pid_t pid;
int ret;
if ((pid = fork()) < 0) {
perror("fork2"); return 99;
}
if (T3) printf("$ %s\n",com);
if (pid == 0) {
if (mode & EX_NOOUT) close(1);
if (mode & EX_NOERR) close(2);
signal(SIGINT,SIG_IGN);
execl("/bin/sh", "sh", "-c", com, (char *) 0);
perror("execl2"); return 98;
@@ -454,7 +489,7 @@ int exeCom(char * comm) /* on se reserve le droit de modifier */
{
char b[120];
sprintf(b,"%s >/dev/null 2>&1",comm);
return comsh(b);
return comsh(b,EX_SILENT);
}

/* ### fct de MAJ iptables */
@@ -632,6 +667,8 @@ void pr_encours(void)
}
#define SUNIC "|sort|uniq"
#define JCTLSYS "journalctl --system"
#define JCTLSYSG JCTLSYS"|grep "
#define CHLOG "/var/log/user.log"
#define CHLOGREP "/var/log/user.log|grep "
#define CUT6 "|cut -d' ' -f6"
@@ -642,6 +679,7 @@ void pr_encours(void)
#define AWK5 "|awk '{ print $5}'"
#define AWK4 "|awk '{ print $4}'"
#define DREJ "^REJECT "
#define DACC "^ACCEPT "
void * fct_com(void * p)
{
int REQ=1;
@@ -651,7 +689,7 @@ pid_t pid;
fauth = (char*)p;
pid = getpid();
read_history(FHISTO);
if (REPR) comsh("reset");
if (REPR) comsh("reset",0);
while (REQ) {
if (kill(pid,SIGUSR1) < 0) { /* verif processus acquisition */
ENDT=1;
@@ -707,73 +745,102 @@ pid_t pid;
break;
case 'a' :
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,".* ok",
CHLOG,CUT6,SUNIC);
comsh(com);
if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s%s",JCTLSYSG,NPROG,pid,
".* ok", CUT6,SUNIC);
else sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,
".* ok", CHLOG,CUT6,SUNIC);
comsh(com,0);
break;
case 'i' :
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,".* DENY",
CHLOG,CUT6,SUNIC);
comsh(com);
if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s%s",JCTLSYSG,NPROG,pid,
".* DENY", CUT6,SUNIC);
else sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,
".* DENY", CHLOG,CUT6,SUNIC);
comsh(com,0);
break;
case 'e' :
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,".* ACCEPT",
CHLOG,CUT6,SUNIC);
comsh(com);
if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s%s",JCTLSYSG,NPROG,pid,
".* ACCEPT", CUT6,SUNIC);
else sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,
".* ACCEPT", CHLOG,CUT6,SUNIC);
comsh(com,0);
break;
case 'E' :
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
sprintf(com,"grep '%s\\[%d\\]%s' %s%s",NPROG,pid,".*ERR: ",
CHLOG,CUTM45);
comsh(com);
if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s",JCTLSYSG,NPROG,pid,
".*ERR: ", CUTM45);
else sprintf(com,"grep '%s\\[%d\\]%s' %s%s",NPROG,pid,
".*ERR: ", CHLOG,CUTM45);
comsh(com,0);
break;
case 'L' :
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid,
if (*(cmd+1) == '\0') {
if (JCTL) sprintf(com,"%s'%s\\[%d\\]'|grep %s%s",JCTLSYSG,NPROG,
pid, "-v 'Re[pq]. '",CUTM45);
else sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid,
CHLOGREP,"-v 'Re[pq]. '",CUTM45);
comsh(com);
} else {
if (JCTL) sprintf(com,"%s'%s\\[%d\\]'|grep %s%s|grep '%s'",JCTLSYSG
,NPROG,pid,"-v 'Re[pq]. '",CUTM45,cmd+1);
else sprintf(com,"grep '%s\\[%d\\]' %s%s%s|grep '%s'",NPROG,pid,
CHLOGREP,"-v 'Re[pq]. '",CUTM45,cmd+1);
}
comsh(com,0);
break;
case 'T' :
if (*(cmd+1) != '\0') { /* avec parametre */
if ((*(cmd+1) == '+') && (*(cmd+2) != '\0')) { /* script + param */
sprintf(com,"./t1.sh %d %s >.Trav%d",pid,cmd+2,pid);
comsh(com);
comsh(com,0);
sprintf(com,"cat .Trav%d",pid);
} else sprintf(com,"grep '%s\\[%d\\].*%s' %s%s%s",NPROG,pid,cmd+1,
} else {
if (JCTL)
sprintf(com,"%s'%s\\[%d\\].*%s'|grep%s%s",JCTLSYSG,NPROG,pid,
cmd+1," 'Re[pq]. '",CUTM45);
else
sprintf(com,"grep '%s\\[%d\\].*%s' %s%s%s",NPROG,pid,cmd+1,
CHLOGREP," 'Re[pq]. '",CUTM45);
} else
sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid,
}
} else {
if (JCTL)sprintf(com,"%s'%s\\[%d\\]'|grep %s%s",JCTLSYSG,NPROG,pid,
" 'Re[pq]. '",CUTM45);
else sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid,
CHLOGREP," 'Re[pq]. '",CUTM45);
comsh(com);
}
comsh(com,0);
prInOut();
break;
case '>' :
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid,
if (JCTL) sprintf(com,"%s'%s\\[%d\\].*%s%s%s",JCTLSYSG,NPROG,pid,
" Req. '",CUT7S,SUNIC);
else sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid,
CHLOGREP," 'Req. '",CUT7S,SUNIC);
comsh(com);
comsh(com,0);
prInOut();
break;
case '<' :
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid,
if (JCTL) sprintf(com,"%s'%s\\[%d\\].*%s%s%s",JCTLSYSG,NPROG,pid,
" Rep. '",CUT7S,SUNIC);
else sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid,
CHLOGREP," 'Rep. '",CUT7S,SUNIC);
comsh(com);
comsh(com,0);
prInOut();
break;
case 'r' :
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
sprintf(com,"%s -L|grep %s%s%s",IPT,DREJ,AWK5,SUNIC);
sprintf(com,"%s -L %s|grep %s%s%s",IPT,OUTP,DREJ,AWK5,SUNIC);
pr_encours();
comsh(com);
comsh(com,0);
break;
case 'R' :
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
sprintf(com,"%s -L|grep %s%s%s",IP6T,DREJ,AWK4,SUNIC);
pr_encours();
comsh(com);
comsh(com,0);
break;
case 'S' :
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
@@ -781,36 +848,44 @@ pid_t pid;
REQ = 0;
write(p1[1],"\n",1);
break;
case 'V' :
case 'v' :
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
printf("Version %s\n",Version);
prInOut();
sprintf(com,"%s -L %s|grep %s%s%s",IPT,MYCH,DACC,AWK5,SUNIC);
pr_encours();
comsh(com,0);
break;
case ' ' :
if (*(cmd+1) != '\0') comsh(cmd+1);
if (*(cmd+1) != '\0') comsh(cmd+1,0);
break;
case '?' :
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1);
printf("Version %s\n",Version);
prInOut();
default :
printf("+url\t: Allow (autoriser une Url)\n");
printf("-url\t: Deny (interdire une Url)\n");
printf("a\t: Autorisations suivant analyse\n");
printf("i\t: Interdictions suivant analyse\n");
printf("e\t: Exceptions suivant analyse\n");
printf("E\t: Liste des erreurs\n");
printf("l[+|-]\t: Liste des elements dynamiques\n");
printf("L\t: Logs du systeme\n");
printf("r\t: Rejets actifs IPv4 (dure plusieurs sec.)\n");
printf("R\t: Rejets actifs IPv6 (dure plusieurs sec.)\n");
printf("S\t: Stopper\n");
printf("t+|-\t: Niveau de trace : 0 (off) => 3\n");
printf("T[mot]\t: Traces des demandes/reponses contenant mot\n");
printf(">\t: Traces des demandes triees\n");
printf("<\t: Traces des reponses triees\n");
printf("V\t: Version\n");
printf("?\t\t: Version et menu.\n");
printf("+url\t\t: Allow (autoriser une Url)\n");
printf("-url\t\t: Deny (interdire une Url)\n");
printf("a\t\t: Autorisations suivant analyse\n");
printf("i\t\t: Interdictions suivant analyse\n");
printf("e\t\t: Exceptions suivant analyse\n");
printf("E\t\t: Liste des erreurs\n");
printf("l[+|-]\t\t: Liste des elements dynamiques\n");
printf("L[filtre]\t: Logs du systeme avec filtre de type regex\n");
printf("r\t\t: Rejets actifs IPv4 (dure plusieurs sec.)\n");
printf("R\t\t: Rejets actifs IPv6 (dure plusieurs sec.)\n");
printf("v\t\t: Validations actives IPv4 (dure plusieurs sec.)\n");
printf("t+|-\t\t: Niveau de trace : 0 (off) => 3\n");
if (LogC) {
printf("T[+][mot]\t: Traces des demandes/reponses contenant mot.\n\t\t Avec + fait les liaisons entre requetes et reponses.\n");
printf(">\t\t: Traces des demandes triees\n");
printf("<\t\t: Traces des reponses triees\n");
}
printf("S\t\t: Stopper\n");
break;
}
}
}
write_history(FHISTO);
WH=write_history(FHISTO);
free(cmd);
/* fin dialogue */
pthread_exit(NULL);
@@ -851,7 +926,7 @@ char *analyse="tcpdump", *line = NULL, *cmd = NULL, *s1, *s2, *refU;
char *fauth = "auth1.txt", *strR = "-R", *Pars, strPID[8], **NP;
size_t ll = 0, lc = 0;
ssize_t n,n2;
int Inter=0, LogC=0, i, ie, np=0, opt;
int Inter=0, i, ie, np=0, opt;
if ((NPROG = strrchr(P[0],(int)'/')) == NULL) NPROG=P[0];
else NPROG++;
sprintf(strPID,"%d",getpid());
@@ -906,6 +981,7 @@ int Inter=0, LogC=0, i, ie, np=0, opt;
fprintf(stderr,"A executer sous root !\n");
return 2;
}
if (comsh(JCTLSYS,EX_SILENT) == 0) JCTL=1;
if (T1) printf("T1: Fichier parametres = %s\n",fauth);
signal(SIGUSR1,SIG_IGN);
if (pipe(p1) < 0) {
@@ -1093,7 +1169,7 @@ int Inter=0, LogC=0, i, ie, np=0, opt;
close(p1[1]);
closelog();
if (ENDT) { /* relance auto */
comsh("reset");
comsh("reset",0);
if (T1) printf("Relance auto %s dans %d sec. ...\n",strPID, DELAYR);
sleep(DELAYR); /* attend N s */
NP = (char**)malloc((sizeof(Pars))*(N+3));
@@ -1101,6 +1177,7 @@ int Inter=0, LogC=0, i, ie, np=0, opt;
NP[i++]=strR;
NP[i++]=strPID;
NP[i]=NULL;
if (WH) write_history(FHISTO);
execv(P[0],NP);
perror("execv");
}


+ 4
- 3
t1.sh Переглянути файл

@@ -7,15 +7,16 @@ explic ()
}

[ $# != 2 ] && explic
liste=`grep 'OctavE\['$1'\].*'$2 /var/log/user.log|grep -v ' ERR: '|grep ': Re[pq]\. '|cut -d' ' -f7|sort|uniq`
liste=`journalctl --system|grep 'OctavE\['$1'\].*'$2|grep -v ' ERR: '|grep ': Re[pq]\. '|cut -d' ' -f7|sort|uniq`
p=""
for v in $liste
do
p=$p"|"$v
done
[ "$p" = "" ] && exit 0
p2=`echo $p|sed 's/|//'`
# echo '('$p2')'
grep 'OctavE\['$1'\]' /var/log/user.log|egrep '('$p2')'|cut -d' ' -f1-3,6-

journalctl --system|grep 'OctavE\['$1'\]'|egrep '('$p2')'|cut -d' ' -f1-3,6-

exit 0


Завантаження…
Відмінити
Зберегти