diff --git a/Cargo.lock b/Cargo.lock index 040405c..f069022 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -13,18 +13,18 @@ dependencies = [ [[package]] name = "ansi_term" -version = "0.11.0" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b" +checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2" dependencies = [ "winapi", ] [[package]] name = "anyhow" -version = "1.0.44" +version = "1.0.62" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61604a8f862e1d5c3229fdd78f8b02c68dcf73a4c4b05fd636d12240aaa242c1" +checksum = "1485d4d2cc45e7b201ee3767015c96faa5904387c9d87c6efdd0fb511f12d305" [[package]] name = "atty" @@ -39,9 +39,9 @@ dependencies = [ [[package]] name = "autocfg" -version = "1.0.1" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" +checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "bitflags" @@ -51,7 +51,7 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "blockfast" -version = "0.1.0" +version = "0.1.1" dependencies = [ "anyhow", "clap", @@ -63,9 +63,9 @@ dependencies = [ [[package]] name = "bytes" -version = "1.1.0" +version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4872d67bab6358e59559027aa3b9157c53d9358c51423c17554809a8858e0f8" +checksum = "ec8a7b6a70fde80372154c65702f00a0f56f3e1c36abbc6c440484be248856db" [[package]] name = "cfg-if" @@ -75,9 +75,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "clap" -version = "2.33.3" +version = "2.34.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "37e58ac78573c40708d45522f0d80fa2f01cc4f9b4e2bf749807255454312002" +checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c" dependencies = [ "ansi_term", "atty", @@ -90,9 +90,9 @@ dependencies = [ [[package]] name = "crossbeam-channel" -version = "0.5.1" +version = "0.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "06ed27e177f16d65f0f0c22a213e17c696ace5dd64b14258b52f9417ccb52db4" +checksum = "c2dd04ddaf88237dc3b8d8f9a3c1004b506b54b3313403944054d23c0870c521" dependencies = [ "cfg-if", "crossbeam-utils", @@ -100,57 +100,47 @@ dependencies = [ [[package]] name = "crossbeam-utils" -version = "0.8.5" +version = "0.8.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d82cfc11ce7f2c3faef78d8a684447b40d503d9681acebed6cb728d45940c4db" +checksum = "51887d4adc7b564537b15adcfb307936f8075dfcd5f00dde9a9f1d29383682bc" dependencies = [ "cfg-if", - "lazy_static", + "once_cell", ] [[package]] name = "filetime" -version = "0.2.15" +version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "975ccf83d8d9d0d84682850a38c8169027be83368805971cc4f238c2b245bc98" +checksum = "e94a7bbaa59354bc20dd75b67f23e2797b4490e9d6928203fb105c79e448c86c" dependencies = [ "cfg-if", "libc", "redox_syscall", - "winapi", -] - -[[package]] -name = "fsevent-sys" -version = "4.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c0e564d24da983c053beff1bb7178e237501206840a3e6bf4e267b9e8ae734a" -dependencies = [ - "libc", + "windows-sys", ] [[package]] name = "futures-core" -version = "0.3.17" +version = "0.3.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88d1c26957f23603395cd326b0ffe64124b818f4449552f960d815cfba83a53d" +checksum = "d2acedae88d38235936c3922476b10fced7b2b68136f5e3c03c2d5be348a1115" [[package]] name = "futures-task" -version = "0.3.17" +version = "0.3.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d3d00f4eddb73e498a54394f228cd55853bdf059259e8e7bc6e69d408892e99" +checksum = "842fc63b931f4056a24d59de13fb1272134ce261816e063e634ad0c15cdc5306" [[package]] name = "futures-util" -version = "0.3.17" +version = "0.3.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "36568465210a3a6ee45e1f165136d68671471a501e632e9a98d96872222b5481" +checksum = "f0828a5471e340229c11c77ca80017937ce3c58cb788a17e5f1c2d5c485a9577" dependencies = [ - "autocfg", "futures-core", "futures-task", - "pin-project-lite 0.2.7", + "pin-project-lite", "pin-utils", "slab", ] @@ -166,9 +156,9 @@ dependencies = [ [[package]] name = "inotify" -version = "0.9.4" +version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d88ed757e516714cd8736e65b84ed901f72458512111871f20c1d377abdfbf5e" +checksum = "f8069d3ec154eb856955c1c0fbffefbf5f3c40a104ec912d4797314c1801abff" dependencies = [ "bitflags", "inotify-sys", @@ -186,9 +176,9 @@ dependencies = [ [[package]] name = "kqueue" -version = "1.0.4" +version = "1.0.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "058a107a784f8be94c7d35c1300f4facced2e93d2fbe5b1452b44e905ddca4a9" +checksum = "4d6112e8f37b59803ac47a42d14f1f3a59bbf72fc6857ffc5be455e28a691f8e" dependencies = [ "kqueue-sys", "libc", @@ -212,69 +202,58 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.103" +version = "0.2.132" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd8f7255a17a627354f321ef0055d63b898c6fb27eff628af4d1b66b7331edf6" +checksum = "8371e4e5341c3a96db127eb2465ac681ced4c433e01dd0e938adbef26ba93ba5" [[package]] name = "linemux" -version = "0.2.3" +version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "faffd44046d5dcc8b31e76840fa2a9e975b3b6e6ad2db576cf71dca8c27945b9" +checksum = "51157eba73f3dae3b17ae3ea5b29a8ad0346bdff3881e9a00646b827db066a83" dependencies = [ "futures-util", "notify", - "pin-project-lite 0.1.12", + "pin-project-lite", "tokio", ] [[package]] name = "log" -version = "0.4.14" +version = "0.4.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51b9bbe6c47d51fc3e1a9b945965946b4c44142ab8792c50835a980d362c2710" +checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e" dependencies = [ "cfg-if", ] [[package]] name = "memchr" -version = "2.4.1" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a" +checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" [[package]] name = "mio" -version = "0.7.13" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c2bdb6314ec10835cd3293dd268473a835c02b7b352e788be788b3c6ca6bb16" +checksum = "57ee1c23c7c63b0c9250c339ffdc69255f110b298b901b9f6c82547b7b87caaf" dependencies = [ "libc", "log", - "miow", - "ntapi", - "winapi", -] - -[[package]] -name = "miow" -version = "0.3.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9f1c5b025cda876f66ef43a113f91ebc9f4ccef34843000e0adf6ebbab84e21" -dependencies = [ - "winapi", + "wasi", + "windows-sys", ] [[package]] name = "notify" -version = "5.0.0-pre.13" +version = "5.0.0-pre.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "245d358380e2352c2d020e8ee62baac09b3420f1f6c012a31326cfced4ad487d" +checksum = "530f6314d6904508082f4ea424a0275cf62d341e118b313663f266429cb19693" dependencies = [ "bitflags", "crossbeam-channel", "filetime", - "fsevent-sys", "inotify", "kqueue", "libc", @@ -283,36 +262,27 @@ dependencies = [ "winapi", ] -[[package]] -name = "ntapi" -version = "0.3.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f6bb902e437b6d86e03cce10a7e2af662292c5dfef23b65899ea3ac9354ad44" -dependencies = [ - "winapi", -] - [[package]] name = "num_cpus" -version = "1.13.0" +version = "1.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05499f3756671c15885fee9034446956fff3f243d6077b91e5767df161f766b3" +checksum = "19e64526ebdee182341572e50e9ad03965aa510cd94427a4549448f285e957a1" dependencies = [ "hermit-abi", "libc", ] [[package]] -name = "pin-project-lite" -version = "0.1.12" +name = "once_cell" +version = "1.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "257b64915a082f7811703966789728173279bdebb956b143dbcd23f6f970a777" +checksum = "074864da206b4973b84eb91683020dbefd6a8c3f0f38e054d93954e891935e4e" [[package]] name = "pin-project-lite" -version = "0.2.7" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d31d11c69a6b52a174b42bdc0c30e5e11670f90788b2c471c31c1d17d449443" +checksum = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116" [[package]] name = "pin-utils" @@ -322,36 +292,36 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "proc-macro2" -version = "1.0.29" +version = "1.0.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9f5105d4fdaab20335ca9565e106a5d9b82b6219b5ba735731124ac6711d23d" +checksum = "0a2ca2c61bc9f3d74d2886294ab7b9853abd9c1ad903a3ac7815c58989bb7bab" dependencies = [ - "unicode-xid", + "unicode-ident", ] [[package]] name = "quote" -version = "1.0.9" +version = "1.0.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3d0b9745dc2debf507c8422de05d7226cc1f0644216dfdfead988f9b1ab32a7" +checksum = "bbe448f377a7d6961e30f5955f9b8d106c3f5e449d493ee1b125c1d43c2b5179" dependencies = [ "proc-macro2", ] [[package]] name = "redox_syscall" -version = "0.2.10" +version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8383f39639269cde97d255a32bdb68c047337295414940c68bdd30c2e13203ff" +checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a" dependencies = [ "bitflags", ] [[package]] name = "regex" -version = "1.5.4" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d07a8629359eb56f1e2fb1652bb04212c072a87ba68546a04065d525673ac461" +checksum = "4c4eb3267174b8c6c2f654116623910a0fef09c4753f8dd83db29c48a0df988b" dependencies = [ "aho-corasick", "memchr", @@ -360,9 +330,9 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.6.25" +version = "0.6.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b" +checksum = "a3f87b73ce11b1619a3c6332f45341e0047173771e8b8b73f87bfeefb7b56244" [[package]] name = "same-file" @@ -375,9 +345,12 @@ dependencies = [ [[package]] name = "slab" -version = "0.4.4" +version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c307a32c1c5c437f38c7fd45d753050587732ba8628319fbdf12a7e289ccc590" +checksum = "4614a76b2a8be0058caa9dbbaf66d988527d86d003c11a94fbd335d7661edcef" +dependencies = [ + "autocfg", +] [[package]] name = "strsim" @@ -387,13 +360,13 @@ checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a" [[package]] name = "syn" -version = "1.0.78" +version = "1.0.99" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4eac2e6c19f5c3abc0c229bea31ff0b9b091c7b14990e8924b92902a303a0c0" +checksum = "58dbef6ec655055e20b86b15a8cc6d439cca19b667537ac6a1369572d151ab13" dependencies = [ "proc-macro2", "quote", - "unicode-xid", + "unicode-ident", ] [[package]] @@ -407,23 +380,24 @@ dependencies = [ [[package]] name = "tokio" -version = "1.12.0" +version = "1.20.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c2c2416fdedca8443ae44b4527de1ea633af61d8f7169ffa6e72c5b53d24efcc" +checksum = "7a8325f63a7d4774dd041e363b2409ed1c5cbbd0f867795e661df066b2b0a581" dependencies = [ "autocfg", "bytes", "memchr", "num_cpus", - "pin-project-lite 0.2.7", + "once_cell", + "pin-project-lite", "tokio-macros", ] [[package]] name = "tokio-macros" -version = "1.4.1" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "154794c8f499c2619acd19e839294703e9e32e7630ef5f46ea80d4ef0fbee5eb" +checksum = "9724f9a975fb987ef7a3cd9be0350edcbe130698af5b8f7a631e23d42d052484" dependencies = [ "proc-macro2", "quote", @@ -431,16 +405,16 @@ dependencies = [ ] [[package]] -name = "unicode-width" -version = "0.1.9" +name = "unicode-ident" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3ed742d4ea2bd1176e236172c8429aaf54486e7ac098db29ffe6529e0ce50973" +checksum = "c4f5b37a154999a8f3f98cc23a628d850e154479cd94decf3414696e12e31aaf" [[package]] -name = "unicode-xid" -version = "0.2.2" +name = "unicode-width" +version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3" +checksum = "3ed742d4ea2bd1176e236172c8429aaf54486e7ac098db29ffe6529e0ce50973" [[package]] name = "vec_map" @@ -459,6 +433,12 @@ dependencies = [ "winapi-util", ] +[[package]] +name = "wasi" +version = "0.11.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" + [[package]] name = "winapi" version = "0.3.9" @@ -489,3 +469,46 @@ name = "winapi-x86_64-pc-windows-gnu" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "windows-sys" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea04155a16a59f9eab786fe12a4a450e75cdb175f9e0d80da1e17db09f55b8d2" +dependencies = [ + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_msvc" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9bb8c3fd39ade2d67e9874ac4f3db21f0d710bee00fe7cab16949ec184eeaa47" + +[[package]] +name = "windows_i686_gnu" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "180e6ccf01daf4c426b846dfc66db1fc518f074baa793aa7d9b9aaeffad6a3b6" + +[[package]] +name = "windows_i686_msvc" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2e7917148b2812d1eeafaeb22a97e4813dfa60a3f8f78ebe204bcc88f12f024" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4dcd171b8776c41b97521e5da127a2d86ad280114807d0b2ab1e462bc764d9e1" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.36.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c811ca4a8c853ef420abd8592ba53ddbbac90410fab6903b3e79972a631f7680" diff --git a/Cargo.toml b/Cargo.toml index 25f875d..0cbd2c2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "blockfast" -version = "0.1.0" +version = "0.1.1" authors = ["Pierre Dubouilh "] edition = "2018" diff --git a/Makefile b/Makefile index 077aef0..2e29f99 100644 --- a/Makefile +++ b/Makefile @@ -1,23 +1,41 @@ -build: +build:: cargo build - cargo clippy - cargo fmt + cargo clippy --all + cargo fmt --all -run: +run:: + touch /tmp/sshdtest + touch /tmp/clftest cargo run -- -s=/tmp/sshdtest -c=/tmp/clftest -watch: +ci:: test + cargo fmt --all -- --check + cargo clippy -- -D warnings + +publish:: ci + cargo publish + +watch:: ls src/*.rs | entr -rc -- make run -test: +test:: cargo test -watch-test: +watch-test:: ls src/*.rs | entr -rc -- make test -release: +release:: cargo build --target x86_64-unknown-linux-musl --release -ci: test - cargo fmt --all -- --check - cargo clippy -- -D warnings \ No newline at end of file +hit-sshd:: + echo "Sep 26 06:25:32 livecompute sshd[23254]: Invalid user neal from 9.124.36.195" >> /tmp/sshdtest + +ok-sshd:: + echo "Sep 26 06:25:19 livecompute sshd[23246]: successful login 8.124.36.195 port 41883 ssh2" >> /tmp/sshdtest + +hit-clf:: + echo "1.124.36.195 - p [25/Sep/2021:13:49:56 +0200] \"POST /some/rpc HTTP/2.0\" 401 923" >> /tmp/clftest + +ok-clf:: + echo "2.124.36.195 - p [25/Sep/2021:13:49:56 +0200] \"POST /some/rpc HTTP/2.0\" 200 23012" >> /tmp/clftest + diff --git a/src/clf.rs b/src/clf.rs index 63453ad..b40c532 100644 --- a/src/clf.rs +++ b/src/clf.rs @@ -1,28 +1,35 @@ use crate::utils::ParsingStatus; -use anyhow::Result; +use anyhow::*; use lazy_static::lazy_static; -use std::net::IpAddr; +use regex::Regex; +use std::{net::IpAddr, str::FromStr}; -// TODO: allow user-provided list -// TODO: match different error-levels (10 404, but only 5 401, etc...) lazy_static! { static ref BAD_STATUSES: [u32; 2] = [401, 429]; + static ref RE_IP: Regex = Regex::new(r"^(\S+)\s").unwrap(); + static ref RE_STATUS: Regex = Regex::new(r"(\d+)\s(\w+)$").unwrap(); } +#[allow(clippy::bind_instead_of_map)] pub fn parse(line: &str) -> Result { - // TODO: Use a proper parser ? - let elts: Vec<&str> = line.split_whitespace().collect(); + let ip = RE_IP + .captures(line) + .and_then(|c| c.get(1)) + .and_then(|g| Some(g.as_str())) + .and_then(|e| IpAddr::from_str(e).ok()) + .ok_or_else(|| anyhow!("cant parse clf line - ip"))?; - let ip_str = elts[0]; - let ip = ip_str.parse::()?; + let status = RE_STATUS + .captures(line) + .and_then(|c| c.get(1)) + .and_then(|g| Some(g.as_str())) + .and_then(|e| e.parse::().ok()) + .ok_or_else(|| anyhow!("cant parse clf line - status"))?; - let http_code_str = elts[elts.len() - 2] as &str; - let http_code = http_code_str.parse::()?; + let is_bad_status = BAD_STATUSES.iter().any(|s| s == &status); - for status in BAD_STATUSES.iter() { - if *status == http_code { - return Ok(ParsingStatus::BadEntry(ip)); - } + if is_bad_status { + return Ok(ParsingStatus::BadEntry(ip)); } Ok(ParsingStatus::OkEntry) diff --git a/src/jail.rs b/src/jail.rs index 1038c09..fe0f8dd 100644 --- a/src/jail.rs +++ b/src/jail.rs @@ -5,95 +5,48 @@ use std::sync::Mutex; use anyhow::*; -use crate::utils::JailStatus; +use crate::utils::log; pub struct Jail { - jailtime: u32, + name: String, allowance: u8, remand: Mutex>, } -const JAIL_NAME: &str = "blockfast_jail"; - -const ERR_MSG: &str = - "error using ipset/iptables, maybe it's not installed, this program isn't running as root ?"; - -fn ipset_init() -> Result<()> { - let init0 = format!("ipset create {} hash:ip timeout 0", JAIL_NAME); - let init1 = format!( - "iptables -I INPUT 1 -m set -j DROP --match-set {} src", - JAIL_NAME - ); - let init2 = format!( - "iptables -I FORWARD 1 -m set -j DROP --match-set {} src", - JAIL_NAME - ); - - let args0: Vec<&str> = init0.split_whitespace().collect(); - let args1: Vec<&str> = init1.split_whitespace().collect(); - let args2: Vec<&str> = init2.split_whitespace().collect(); - - // create - let out = Command::new("sudo").args(args0).output()?; - if out.status.code() != Some(0) { - let already_exists = - std::str::from_utf8(&out.stderr)?.contains("set with the same name already exists"); - - if already_exists { - return Ok(()); - } else { - eprintln!("{:?}", out); - bail!(ERR_MSG); - } - } - - // setup input - let out = Command::new("sudo").args(args1).output()?; - if out.status.code() != Some(0) { - eprintln!("{:?}", out); - bail!(ERR_MSG); - } +impl Jail { + pub fn new(allowance: u8, jailtime: u32) -> Result { + const ERR_MSG: &str = "error using ipset/iptables, maybe it's not installed, this program isn't running as root ?"; + let n = format!("blockfast_jail_{}", jailtime); - // setup fwd - let out = Command::new("sudo").args(args2).output()?; - if out.status.code() != Some(0) { - eprintln!("{:?}", out); - bail!(ERR_MSG); - } + let i0 = format!("ipset create -exist {} hash:ip timeout {}", n, jailtime); + let i1 = format!("iptables -I INPUT 1 -m set -j DROP --match-set {} src", n); + let i2 = format!("iptables -I FORWARD 1 -m set -j DROP --match-set {} src", n); - Ok(()) -} + let args0: Vec<&str> = i0.split_whitespace().collect(); + let args1: Vec<&str> = i1.split_whitespace().collect(); + let args2: Vec<&str> = i2.split_whitespace().collect(); -fn ipset_block(jailtime: u32, ip: IpAddr) -> Result<()> { - let sentence = format!( - "ipset add {} {} timeout {}", - JAIL_NAME, - ip.to_string(), - jailtime - ); - let sentence_sl: Vec<&str> = sentence.split_whitespace().collect(); - - let out = Command::new("sudo").args(sentence_sl).output()?; - if out.status.code() != Some(0) { - eprintln!("{:?}", out); - bail!("error executing ipset ban"); - } + // create + let out = Command::new("sudo").args(args0).output()?; + ensure!(out.status.code() == Some(0), "{}: {:?}", ERR_MSG, out); - Ok(()) -} + // setup input + let out = Command::new("sudo").args(args1).output()?; + ensure!(out.status.code() == Some(0), "{}: {:?}", ERR_MSG, out); -impl Jail { - pub fn new(allowance: u8, jailtime: u32) -> Result { - ipset_init()?; + // setup fwd + let out = Command::new("sudo").args(args2).output()?; + ensure!(out.status.code() == Some(0), "{}: {:?}", ERR_MSG, out); + log!("jail setup, allowance {}, time {}s", allowance, jailtime); Ok(Jail { + name: n, allowance, - jailtime, remand: Mutex::new(HashMap::new()), }) } - pub fn probe(&self, ip: IpAddr) -> Result { + pub fn sentence(&self, ip: IpAddr, target: &str) -> Result<()> { let should_ban = { let mut locked_map = self.remand.lock().map_err(|_| anyhow!("cant lock"))?; @@ -109,10 +62,15 @@ impl Jail { }; if should_ban { - ipset_block(self.jailtime, ip)?; - Ok(JailStatus::Jailed(ip)) - } else { - Ok(JailStatus::Remand) + log!("{} jailtime for: {}", target, ip); + let sentence = format!("ipset add -exist {} {}", self.name, ip); + let sentence_sl: Vec<&str> = sentence.split_whitespace().collect(); + + let out = Command::new("sudo").args(sentence_sl).output()?; + let stderr = std::str::from_utf8(&out.stderr)?; + ensure!(out.status.code() == Some(0), "executing ban {}", stderr); } + + Ok(()) } } diff --git a/src/main.rs b/src/main.rs index 17a4800..1700d1a 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,5 +1,8 @@ +use std::path::PathBuf; +use std::result::Result::Ok; + use anyhow::*; -use linemux::MuxedLines; +use linemux::{Line, MuxedLines}; mod clf; mod sshd; @@ -9,41 +12,9 @@ mod jail; use crate::jail::Jail; use crate::utils::*; -fn judge( - path_sshd: &str, - path_clf: &str, - payload: &str, - path: &str, - jail: &Jail, -) -> Result { - let do_sshd = !path_sshd.is_empty(); - let do_clf = !path_clf.is_empty(); - let mut target = ""; - - let ret_parse = if do_sshd && path.ends_with(path_sshd) { - target = "sshd"; - sshd::parse(payload) - } else if do_clf && path.ends_with(path_clf) { - target = "clf "; - clf::parse(payload) - } else { - Err(anyhow!("cant locate file !")) - }; - - let ip = match ret_parse? { - ParsingStatus::OkEntry => return Ok(Judgment::Good), - ParsingStatus::BadEntry(ip) => ip, - }; - - match jail.probe(ip)? { - JailStatus::Remand => Ok(Judgment::Remand), - JailStatus::Jailed(ip) => Ok(Judgment::Bad(target, ip)), - } -} - async fn run() -> Result<()> { let args = utils::cli().get_matches(); - let mut lines = MuxedLines::new()?; + let mut ml = MuxedLines::new()?; // jail let jailtime_str = args.value_of("jailtime").unwrap_or(""); @@ -53,46 +24,54 @@ async fn run() -> Result<()> { let allowance = allowance_str.parse().context("parsing allowance")?; let jail = Jail::new(allowance, jailtime)?; - eprintln!( - "+ jail setup, offences allowed: {}, jailtime {}s", - allowance, jailtime - ); // sshd - let path_sshd = args.value_of("sshd_logpath").unwrap_or(""); - if !path_sshd.is_empty() { - lines.add_file(path_sshd).await?; - eprintln!("+ starting with sshd parsing at {}", path_sshd); + let mut path_sshd: PathBuf = args.value_of("sshd_logpath").unwrap_or("").into(); + if path_sshd.exists() { + path_sshd = std::fs::canonicalize(path_sshd)?; + ml.add_file(&path_sshd).await?; + log!("starting with sshd parsing at {:?}", &path_sshd); } // common log format - let path_clf = args.value_of("clf_logpath").unwrap_or(""); - if !path_clf.is_empty() { - lines.add_file(path_clf).await?; - eprintln!("+ starting with clf parsing at {}", path_clf); + let mut path_clf: PathBuf = args.value_of("clf_logpath").unwrap_or("").into(); + if path_clf.exists() { + path_clf = std::fs::canonicalize(path_clf)?; + ml.add_file(&path_clf).await?; + log!("starting with clf parsing at {:?}", &path_clf); } - while let Ok(Some(line)) = lines.next_line().await { + let assess_line = |line: Line| { let payload = line.line(); - let path = line.source().display().to_string(); - - match judge(path_sshd, path_clf, payload, &path, &jail) { - Err(err) => eprintln!("! ERR {:?} - file {}", err, path), - Ok(Judgment::Good) => {} - Ok(Judgment::Remand) => {} - Ok(Judgment::Bad(target, ip)) => { - eprintln!("~ too many infraction, {} jailtime for: {}", target, ip) - } + let path = line.source(); + + let (target, ret) = if path == path_sshd { + ("sshd", sshd::parse(payload)?) + } else if path == path_clf { + ("clf", clf::parse(payload)?) + } else { + bail!("file {:?} unknown", path) }; + + if let ParsingStatus::BadEntry(ip) = ret { + jail.sentence(ip, target)?; + } + + Ok(()) + }; + + while let Ok(Some(line)) = ml.next_line().await { + if let Err(e) = assess_line(line) { + log!("ERR: {:?}", e); + } } Ok(()) } #[tokio::main] -async fn main() -> std::io::Result<()> { - let ret = run().await; - let _ = ret.map_err(|e| eprintln!("! ERROR {:?}", e)); +async fn main() -> Result<()> { + run().await?; eprintln!("\n"); let _ = utils::cli().print_help(); Ok(()) diff --git a/src/sshd.rs b/src/sshd.rs index 17a93aa..44311ca 100644 --- a/src/sshd.rs +++ b/src/sshd.rs @@ -1,8 +1,7 @@ use anyhow::*; use lazy_static::lazy_static; use regex::Regex; -use std::net::IpAddr; -use std::str::FromStr; +use std::{net::IpAddr, str::FromStr}; use crate::utils::ParsingStatus; @@ -15,27 +14,24 @@ lazy_static! { static ref SSHD_BAD: [Rule; 3] = [ Rule { matcher: "Failed password".to_string(), - extractor: Regex::new(r"(from.)(.*)(.port)").unwrap(), + extractor: Regex::new(r"(from.)(\S+)").unwrap(), }, Rule { matcher: "Invalid user ".to_string(), - extractor: Regex::new(r"(from.)(.*)").unwrap(), + extractor: Regex::new(r"(from.)(\S+)").unwrap(), }, Rule { matcher: "authentication failure".to_string(), - extractor: Regex::new(r"(rhost=)(.*)").unwrap() + extractor: Regex::new(r"(rhost=)(\S+)").unwrap() }, ]; } pub fn parse(line: &str) -> Result { - let hits = SSHD_BAD.iter().find_map(|rule| { - if line.contains(&rule.matcher) { - rule.extractor.captures(line) - } else { - None - } - }); + let hits = SSHD_BAD + .iter() + .find(|rule| line.contains(&rule.matcher)) + .and_then(|r| r.extractor.captures(line)); if hits.is_none() { return Ok(ParsingStatus::OkEntry); @@ -43,12 +39,10 @@ pub fn parse(line: &str) -> Result { let ip = hits .and_then(|c| c.get(2)) - .and_then(|m| IpAddr::from_str(m.as_str()).ok()); + .and_then(|m| IpAddr::from_str(m.as_str()).ok()) + .ok_or_else(|| anyhow!("cant parse sshd line"))?; - match ip { - Some(ip) => Ok(ParsingStatus::BadEntry(ip)), - None => Err(anyhow!("cant parse sshd entry")), - } + Ok(ParsingStatus::BadEntry(ip)) } #[cfg(test)] @@ -93,12 +87,10 @@ mod tests { fn malformed() { let vectors = [ "Sep 26 06:25:19 livecompute sshd[23246]: Failed password for root from 179.124.36.195.232 port 41883 ssh2", - "Sep 26 06:26:14 livecompute sshd[23292]: pam_unix(sshd:auth): authentication failure; logname= u =0 tty=ssh ruser= rhost=", ]; vectors.iter().for_each(|e| { - let ret = parse(*e); - assert!(ret.is_err()); + parse(*e).expect_err(""); }) } } diff --git a/src/utils.rs b/src/utils.rs index afd98a8..61c82d5 100644 --- a/src/utils.rs +++ b/src/utils.rs @@ -1,24 +1,29 @@ use clap::{App, Arg}; use std::net::IpAddr; +#[derive(Debug)] pub enum ParsingStatus { OkEntry, BadEntry(IpAddr), } -pub enum Judgment { - Good, - Remand, - Bad(&'static str, IpAddr), -} -pub enum JailStatus { - Remand, - Jailed(IpAddr), +macro_rules! log{ + ($first:expr) => { + let e = std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH)?; + eprintln!("{} ~ {}", e.as_secs(), $first); + }; + ($first:expr, $($others:expr),+) => { + let e = std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH)?; + let formatted = format!($first, $($others), *); + eprintln!("{} ~ {}", e.as_secs(), formatted); + }; } +pub(crate) use log; + pub fn cli() -> App<'static, 'static> { App::new("ban internets scanner fast 🍶") - .version("v0.0.1") + .version(env!("CARGO_PKG_VERSION")) .author("pierre dubouilh ") // .arg(Arg::with_name("prune") // .short("prune") @@ -29,7 +34,7 @@ pub fn cli() -> App<'static, 'static> { Arg::with_name("jailtime") .short("j") .help("jail time (seconds)") - .default_value("3600") + .default_value("21600") // 6 hours .takes_value(true), ) .arg( @@ -55,7 +60,7 @@ pub fn cli() -> App<'static, 'static> { ) // .arg(Arg::with_name("clf_bad_http_codes") // .short("cb") - // .help("bad CLF http codes") - // .default_value("{401, 429}") + // .help("bad http statuses for CLF") + // .default_value([401, 429]) // .takes_value(true)) }