|
|
|
@@ -45,12 +45,12 @@ https://e2li.org -> menu : Projet Prosecco. |
|
|
|
#include <arpa/inet.h> |
|
|
|
#include <pthread.h> |
|
|
|
|
|
|
|
#define Version "1.00" |
|
|
|
#define Version "1.01" |
|
|
|
|
|
|
|
#define F_GETPIPE_SZ 1032 |
|
|
|
#define F_SETPIPE_SZ 1031 |
|
|
|
|
|
|
|
static int RUN=1, REQ=0, ENDT=0, REPR=0, p1[2],Trace=0; |
|
|
|
static int RUN=1, REQ=0, ENDT=0, REPR=0, JCTL=0, LogC=0, WH=1, p1[2],Trace=0; |
|
|
|
static pid_t pid; |
|
|
|
static char * NPROG, *IFACE=NULL; |
|
|
|
#define DELAYR 20 /* delai avant relance auto */ |
|
|
|
@@ -88,6 +88,14 @@ int r; |
|
|
|
return 1; |
|
|
|
} |
|
|
|
|
|
|
|
int isIPv6(char *a) |
|
|
|
{ |
|
|
|
struct in6_addr S; |
|
|
|
int r; |
|
|
|
if ((r = inet_pton(AF_INET6,a, (void *)&S)) <= 0) return 0; |
|
|
|
return 1; |
|
|
|
} |
|
|
|
|
|
|
|
int isCidr(char*r) |
|
|
|
{ |
|
|
|
char buf[20], *sn; |
|
|
|
@@ -102,6 +110,21 @@ int n; |
|
|
|
return n; |
|
|
|
} |
|
|
|
|
|
|
|
int isCidr6(char*r) |
|
|
|
{ |
|
|
|
char buf[52], *sn; |
|
|
|
int n; |
|
|
|
if (strlen(r)>50) return 0; |
|
|
|
strcpy(buf,r); |
|
|
|
if ((sn=strstr(buf,"/")) == NULL) return 0; |
|
|
|
*sn = '\0'; |
|
|
|
if (!isIPv6(buf)) return 0; |
|
|
|
n = atoi(sn+1); |
|
|
|
if (n>128) return 0; |
|
|
|
return n; |
|
|
|
} |
|
|
|
|
|
|
|
uint64_t NbAddCidrs = 0; |
|
|
|
int isSousRes(char*r, char *a) |
|
|
|
{ |
|
|
|
struct in_addr Sa, Sr, Sm; |
|
|
|
@@ -198,7 +221,7 @@ char a[20],*p, *g, *w; |
|
|
|
*w = '\0'; |
|
|
|
w++; |
|
|
|
if (isSousRes(p,a)) { |
|
|
|
if (T3) printf("T3: %s contient %s (%s)\n",p,a,w); |
|
|
|
if (T1) printf("T1: %s contient %s (%s)\n",p,a,w); |
|
|
|
delCidr(g); |
|
|
|
} |
|
|
|
} |
|
|
|
@@ -207,7 +230,7 @@ char a[20],*p, *g, *w; |
|
|
|
void listCidr(void) |
|
|
|
{ |
|
|
|
int i; |
|
|
|
printf("CIDR : %d\n",iC); |
|
|
|
printf("CIDR : %d elts representent %lld adresses.\n",iC,(long long)NbAddCidrs); |
|
|
|
for (i=0; i<iC; i++) printf("\t%s\n", Tcidr[i]); |
|
|
|
} |
|
|
|
|
|
|
|
@@ -296,15 +319,20 @@ int litligne(char * line) |
|
|
|
{ |
|
|
|
char *w, **S; |
|
|
|
void * M; |
|
|
|
int t; |
|
|
|
int t,v; |
|
|
|
if (*line == '#') return 1; |
|
|
|
if ((w=strstr(line, "\n")) != NULL) *w = '\0'; |
|
|
|
w=line; |
|
|
|
if (*w == '-') w++; |
|
|
|
t=strlen(w); |
|
|
|
if (t==0) return 1; |
|
|
|
if (isCidr(w)) { /* test si CIDR */ |
|
|
|
if ((v=isCidr(w)) > 0) { /* test si CIDR */ |
|
|
|
addCidr(w); |
|
|
|
NbAddCidrs += (int)(1<<v); |
|
|
|
return 1; |
|
|
|
} |
|
|
|
if ((v=isCidr6(w)) > 0) { /* test si CIDR6 */ |
|
|
|
printf("%s : CIDR IPv6 non pris en compte pour l'instant !\n",w); |
|
|
|
return 1; |
|
|
|
} |
|
|
|
if (*line == '-') { |
|
|
|
@@ -434,14 +462,21 @@ int i,n=0; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
int comsh(char *com) |
|
|
|
#define EX_NOOUT 1 |
|
|
|
#define EX_NOERR 2 |
|
|
|
#define EX_SILENT EX_NOOUT|EX_NOERR |
|
|
|
|
|
|
|
int comsh(char *com,int mode) |
|
|
|
{ |
|
|
|
pid_t pid; |
|
|
|
int ret; |
|
|
|
if ((pid = fork()) < 0) { |
|
|
|
perror("fork2"); return 99; |
|
|
|
} |
|
|
|
if (T3) printf("$ %s\n",com); |
|
|
|
if (pid == 0) { |
|
|
|
if (mode & EX_NOOUT) close(1); |
|
|
|
if (mode & EX_NOERR) close(2); |
|
|
|
signal(SIGINT,SIG_IGN); |
|
|
|
execl("/bin/sh", "sh", "-c", com, (char *) 0); |
|
|
|
perror("execl2"); return 98; |
|
|
|
@@ -454,7 +489,7 @@ int exeCom(char * comm) /* on se reserve le droit de modifier */ |
|
|
|
{ |
|
|
|
char b[120]; |
|
|
|
sprintf(b,"%s >/dev/null 2>&1",comm); |
|
|
|
return comsh(b); |
|
|
|
return comsh(b,EX_SILENT); |
|
|
|
} |
|
|
|
|
|
|
|
/* ### fct de MAJ iptables */ |
|
|
|
@@ -632,6 +667,8 @@ void pr_encours(void) |
|
|
|
} |
|
|
|
|
|
|
|
#define SUNIC "|sort|uniq" |
|
|
|
#define JCTLSYS "journalctl --system" |
|
|
|
#define JCTLSYSG JCTLSYS"|grep " |
|
|
|
#define CHLOG "/var/log/user.log" |
|
|
|
#define CHLOGREP "/var/log/user.log|grep " |
|
|
|
#define CUT6 "|cut -d' ' -f6" |
|
|
|
@@ -642,6 +679,7 @@ void pr_encours(void) |
|
|
|
#define AWK5 "|awk '{ print $5}'" |
|
|
|
#define AWK4 "|awk '{ print $4}'" |
|
|
|
#define DREJ "^REJECT " |
|
|
|
#define DACC "^ACCEPT " |
|
|
|
void * fct_com(void * p) |
|
|
|
{ |
|
|
|
int REQ=1; |
|
|
|
@@ -651,7 +689,7 @@ pid_t pid; |
|
|
|
fauth = (char*)p; |
|
|
|
pid = getpid(); |
|
|
|
read_history(FHISTO); |
|
|
|
if (REPR) comsh("reset"); |
|
|
|
if (REPR) comsh("reset",0); |
|
|
|
while (REQ) { |
|
|
|
if (kill(pid,SIGUSR1) < 0) { /* verif processus acquisition */ |
|
|
|
ENDT=1; |
|
|
|
@@ -707,73 +745,102 @@ pid_t pid; |
|
|
|
break; |
|
|
|
case 'a' : |
|
|
|
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); |
|
|
|
sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,".* ok", |
|
|
|
CHLOG,CUT6,SUNIC); |
|
|
|
comsh(com); |
|
|
|
if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s%s",JCTLSYSG,NPROG,pid, |
|
|
|
".* ok", CUT6,SUNIC); |
|
|
|
else sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid, |
|
|
|
".* ok", CHLOG,CUT6,SUNIC); |
|
|
|
comsh(com,0); |
|
|
|
break; |
|
|
|
case 'i' : |
|
|
|
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); |
|
|
|
sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,".* DENY", |
|
|
|
CHLOG,CUT6,SUNIC); |
|
|
|
comsh(com); |
|
|
|
if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s%s",JCTLSYSG,NPROG,pid, |
|
|
|
".* DENY", CUT6,SUNIC); |
|
|
|
else sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid, |
|
|
|
".* DENY", CHLOG,CUT6,SUNIC); |
|
|
|
comsh(com,0); |
|
|
|
break; |
|
|
|
case 'e' : |
|
|
|
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); |
|
|
|
sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid,".* ACCEPT", |
|
|
|
CHLOG,CUT6,SUNIC); |
|
|
|
comsh(com); |
|
|
|
if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s%s",JCTLSYSG,NPROG,pid, |
|
|
|
".* ACCEPT", CUT6,SUNIC); |
|
|
|
else sprintf(com,"grep '%s\\[%d\\]%s' %s%s%s",NPROG,pid, |
|
|
|
".* ACCEPT", CHLOG,CUT6,SUNIC); |
|
|
|
comsh(com,0); |
|
|
|
break; |
|
|
|
case 'E' : |
|
|
|
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); |
|
|
|
sprintf(com,"grep '%s\\[%d\\]%s' %s%s",NPROG,pid,".*ERR: ", |
|
|
|
CHLOG,CUTM45); |
|
|
|
comsh(com); |
|
|
|
if (JCTL) sprintf(com,"%s'%s\\[%d\\]%s'%s",JCTLSYSG,NPROG,pid, |
|
|
|
".*ERR: ", CUTM45); |
|
|
|
else sprintf(com,"grep '%s\\[%d\\]%s' %s%s",NPROG,pid, |
|
|
|
".*ERR: ", CHLOG,CUTM45); |
|
|
|
comsh(com,0); |
|
|
|
break; |
|
|
|
case 'L' : |
|
|
|
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); |
|
|
|
sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid, |
|
|
|
if (*(cmd+1) == '\0') { |
|
|
|
if (JCTL) sprintf(com,"%s'%s\\[%d\\]'|grep %s%s",JCTLSYSG,NPROG, |
|
|
|
pid, "-v 'Re[pq]. '",CUTM45); |
|
|
|
else sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid, |
|
|
|
CHLOGREP,"-v 'Re[pq]. '",CUTM45); |
|
|
|
comsh(com); |
|
|
|
} else { |
|
|
|
if (JCTL) sprintf(com,"%s'%s\\[%d\\]'|grep %s%s|grep '%s'",JCTLSYSG |
|
|
|
,NPROG,pid,"-v 'Re[pq]. '",CUTM45,cmd+1); |
|
|
|
else sprintf(com,"grep '%s\\[%d\\]' %s%s%s|grep '%s'",NPROG,pid, |
|
|
|
CHLOGREP,"-v 'Re[pq]. '",CUTM45,cmd+1); |
|
|
|
} |
|
|
|
comsh(com,0); |
|
|
|
break; |
|
|
|
case 'T' : |
|
|
|
if (*(cmd+1) != '\0') { /* avec parametre */ |
|
|
|
if ((*(cmd+1) == '+') && (*(cmd+2) != '\0')) { /* script + param */ |
|
|
|
sprintf(com,"./t1.sh %d %s >.Trav%d",pid,cmd+2,pid); |
|
|
|
comsh(com); |
|
|
|
comsh(com,0); |
|
|
|
sprintf(com,"cat .Trav%d",pid); |
|
|
|
} else sprintf(com,"grep '%s\\[%d\\].*%s' %s%s%s",NPROG,pid,cmd+1, |
|
|
|
} else { |
|
|
|
if (JCTL) |
|
|
|
sprintf(com,"%s'%s\\[%d\\].*%s'|grep%s%s",JCTLSYSG,NPROG,pid, |
|
|
|
cmd+1," 'Re[pq]. '",CUTM45); |
|
|
|
else |
|
|
|
sprintf(com,"grep '%s\\[%d\\].*%s' %s%s%s",NPROG,pid,cmd+1, |
|
|
|
CHLOGREP," 'Re[pq]. '",CUTM45); |
|
|
|
} else |
|
|
|
sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid, |
|
|
|
} |
|
|
|
} else { |
|
|
|
if (JCTL)sprintf(com,"%s'%s\\[%d\\]'|grep %s%s",JCTLSYSG,NPROG,pid, |
|
|
|
" 'Re[pq]. '",CUTM45); |
|
|
|
else sprintf(com,"grep '%s\\[%d\\]' %s%s%s",NPROG,pid, |
|
|
|
CHLOGREP," 'Re[pq]. '",CUTM45); |
|
|
|
comsh(com); |
|
|
|
} |
|
|
|
comsh(com,0); |
|
|
|
prInOut(); |
|
|
|
break; |
|
|
|
case '>' : |
|
|
|
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); |
|
|
|
sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid, |
|
|
|
if (JCTL) sprintf(com,"%s'%s\\[%d\\].*%s%s%s",JCTLSYSG,NPROG,pid, |
|
|
|
" Req. '",CUT7S,SUNIC); |
|
|
|
else sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid, |
|
|
|
CHLOGREP," 'Req. '",CUT7S,SUNIC); |
|
|
|
comsh(com); |
|
|
|
comsh(com,0); |
|
|
|
prInOut(); |
|
|
|
break; |
|
|
|
case '<' : |
|
|
|
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); |
|
|
|
sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid, |
|
|
|
if (JCTL) sprintf(com,"%s'%s\\[%d\\].*%s%s%s",JCTLSYSG,NPROG,pid, |
|
|
|
" Rep. '",CUT7S,SUNIC); |
|
|
|
else sprintf(com,"grep '%s\\[%d\\]' %s%s%s%s",NPROG,pid, |
|
|
|
CHLOGREP," 'Rep. '",CUT7S,SUNIC); |
|
|
|
comsh(com); |
|
|
|
comsh(com,0); |
|
|
|
prInOut(); |
|
|
|
break; |
|
|
|
case 'r' : |
|
|
|
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); |
|
|
|
sprintf(com,"%s -L|grep %s%s%s",IPT,DREJ,AWK5,SUNIC); |
|
|
|
sprintf(com,"%s -L %s|grep %s%s%s",IPT,OUTP,DREJ,AWK5,SUNIC); |
|
|
|
pr_encours(); |
|
|
|
comsh(com); |
|
|
|
comsh(com,0); |
|
|
|
break; |
|
|
|
case 'R' : |
|
|
|
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); |
|
|
|
sprintf(com,"%s -L|grep %s%s%s",IP6T,DREJ,AWK4,SUNIC); |
|
|
|
pr_encours(); |
|
|
|
comsh(com); |
|
|
|
comsh(com,0); |
|
|
|
break; |
|
|
|
case 'S' : |
|
|
|
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); |
|
|
|
@@ -781,36 +848,44 @@ pid_t pid; |
|
|
|
REQ = 0; |
|
|
|
write(p1[1],"\n",1); |
|
|
|
break; |
|
|
|
case 'V' : |
|
|
|
case 'v' : |
|
|
|
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); |
|
|
|
printf("Version %s\n",Version); |
|
|
|
prInOut(); |
|
|
|
sprintf(com,"%s -L %s|grep %s%s%s",IPT,MYCH,DACC,AWK5,SUNIC); |
|
|
|
pr_encours(); |
|
|
|
comsh(com,0); |
|
|
|
break; |
|
|
|
case ' ' : |
|
|
|
if (*(cmd+1) != '\0') comsh(cmd+1); |
|
|
|
if (*(cmd+1) != '\0') comsh(cmd+1,0); |
|
|
|
break; |
|
|
|
case '?' : |
|
|
|
if (*(cmd+1) != '\0') printf("ignore %s\n",cmd+1); |
|
|
|
printf("Version %s\n",Version); |
|
|
|
prInOut(); |
|
|
|
default : |
|
|
|
printf("+url\t: Allow (autoriser une Url)\n"); |
|
|
|
printf("-url\t: Deny (interdire une Url)\n"); |
|
|
|
printf("a\t: Autorisations suivant analyse\n"); |
|
|
|
printf("i\t: Interdictions suivant analyse\n"); |
|
|
|
printf("e\t: Exceptions suivant analyse\n"); |
|
|
|
printf("E\t: Liste des erreurs\n"); |
|
|
|
printf("l[+|-]\t: Liste des elements dynamiques\n"); |
|
|
|
printf("L\t: Logs du systeme\n"); |
|
|
|
printf("r\t: Rejets actifs IPv4 (dure plusieurs sec.)\n"); |
|
|
|
printf("R\t: Rejets actifs IPv6 (dure plusieurs sec.)\n"); |
|
|
|
printf("S\t: Stopper\n"); |
|
|
|
printf("t+|-\t: Niveau de trace : 0 (off) => 3\n"); |
|
|
|
printf("T[mot]\t: Traces des demandes/reponses contenant mot\n"); |
|
|
|
printf(">\t: Traces des demandes triees\n"); |
|
|
|
printf("<\t: Traces des reponses triees\n"); |
|
|
|
printf("V\t: Version\n"); |
|
|
|
printf("?\t\t: Version et menu.\n"); |
|
|
|
printf("+url\t\t: Allow (autoriser une Url)\n"); |
|
|
|
printf("-url\t\t: Deny (interdire une Url)\n"); |
|
|
|
printf("a\t\t: Autorisations suivant analyse\n"); |
|
|
|
printf("i\t\t: Interdictions suivant analyse\n"); |
|
|
|
printf("e\t\t: Exceptions suivant analyse\n"); |
|
|
|
printf("E\t\t: Liste des erreurs\n"); |
|
|
|
printf("l[+|-]\t\t: Liste des elements dynamiques\n"); |
|
|
|
printf("L[filtre]\t: Logs du systeme avec filtre de type regex\n"); |
|
|
|
printf("r\t\t: Rejets actifs IPv4 (dure plusieurs sec.)\n"); |
|
|
|
printf("R\t\t: Rejets actifs IPv6 (dure plusieurs sec.)\n"); |
|
|
|
printf("v\t\t: Validations actives IPv4 (dure plusieurs sec.)\n"); |
|
|
|
printf("t+|-\t\t: Niveau de trace : 0 (off) => 3\n"); |
|
|
|
if (LogC) { |
|
|
|
printf("T[+][mot]\t: Traces des demandes/reponses contenant mot.\n\t\t Avec + fait les liaisons entre requetes et reponses.\n"); |
|
|
|
printf(">\t\t: Traces des demandes triees\n"); |
|
|
|
printf("<\t\t: Traces des reponses triees\n"); |
|
|
|
} |
|
|
|
printf("S\t\t: Stopper\n"); |
|
|
|
break; |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
write_history(FHISTO); |
|
|
|
WH=write_history(FHISTO); |
|
|
|
free(cmd); |
|
|
|
/* fin dialogue */ |
|
|
|
pthread_exit(NULL); |
|
|
|
@@ -851,7 +926,7 @@ char *analyse="tcpdump", *line = NULL, *cmd = NULL, *s1, *s2, *refU; |
|
|
|
char *fauth = "auth1.txt", *strR = "-R", *Pars, strPID[8], **NP; |
|
|
|
size_t ll = 0, lc = 0; |
|
|
|
ssize_t n,n2; |
|
|
|
int Inter=0, LogC=0, i, ie, np=0, opt; |
|
|
|
int Inter=0, i, ie, np=0, opt; |
|
|
|
if ((NPROG = strrchr(P[0],(int)'/')) == NULL) NPROG=P[0]; |
|
|
|
else NPROG++; |
|
|
|
sprintf(strPID,"%d",getpid()); |
|
|
|
@@ -906,6 +981,7 @@ int Inter=0, LogC=0, i, ie, np=0, opt; |
|
|
|
fprintf(stderr,"A executer sous root !\n"); |
|
|
|
return 2; |
|
|
|
} |
|
|
|
if (comsh(JCTLSYS,EX_SILENT) == 0) JCTL=1; |
|
|
|
if (T1) printf("T1: Fichier parametres = %s\n",fauth); |
|
|
|
signal(SIGUSR1,SIG_IGN); |
|
|
|
if (pipe(p1) < 0) { |
|
|
|
@@ -1093,7 +1169,7 @@ int Inter=0, LogC=0, i, ie, np=0, opt; |
|
|
|
close(p1[1]); |
|
|
|
closelog(); |
|
|
|
if (ENDT) { /* relance auto */ |
|
|
|
comsh("reset"); |
|
|
|
comsh("reset",0); |
|
|
|
if (T1) printf("Relance auto %s dans %d sec. ...\n",strPID, DELAYR); |
|
|
|
sleep(DELAYR); /* attend N s */ |
|
|
|
NP = (char**)malloc((sizeof(Pars))*(N+3)); |
|
|
|
@@ -1101,6 +1177,7 @@ int Inter=0, LogC=0, i, ie, np=0, opt; |
|
|
|
NP[i++]=strR; |
|
|
|
NP[i++]=strPID; |
|
|
|
NP[i]=NULL; |
|
|
|
if (WH) write_history(FHISTO); |
|
|
|
execv(P[0],NP); |
|
|
|
perror("execv"); |
|
|
|
} |
|
|
|
|
