From 8e7813103ee91ebc752b70d9e9b733f0ab1efc78 Mon Sep 17 00:00:00 2001 From: huoji Date: Sun, 3 Dec 2023 00:19:46 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=9C=A8debian4.19.0-17-amd6?= =?UTF-8?q?4=E4=B8=8B=E7=9A=84=E5=90=84=E7=A7=8D=E8=9B=8B=E7=96=BC?= =?UTF-8?q?=E7=BC=96=E8=AF=91=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- linux_kernel/Makefile | 2 ++ linux_kernel/network.c | 21 ++++++++++++--------- linux_kernel/network.h | 2 +- linux_service/CMakeLists.txt | 10 ++++++++++ 4 files changed, 25 insertions(+), 10 deletions(-) diff --git a/linux_kernel/Makefile b/linux_kernel/Makefile index a74643e..216af02 100644 --- a/linux_kernel/Makefile +++ b/linux_kernel/Makefile @@ -4,6 +4,8 @@ safe_duck-objs := main.o msg.o global.o some_struct.o ip_hashmap.o network.o cli PWD := $(shell pwd) KVER := $(shell uname -r) KDIR := /lib/modules/$(KVER)/build +CFLAGS-y += -std=c99 + all: $(MAKE) -C $(KDIR) M=$(PWD) modules clean: diff --git a/linux_kernel/network.c b/linux_kernel/network.c index 01ee34f..be4d9d6 100644 --- a/linux_kernel/network.c +++ b/linux_kernel/network.c @@ -63,10 +63,11 @@ bool check_syn_attack(struct iphdr *ip_header, struct sk_buff *skb) { } data->info.syn_scan_info.num_syn_packets++; if (data->info.syn_scan_info.num_syn_packets >= SYN_SCAN_THRESHOLD) { - // printk(KERN_ERR "SYN attack detected from %pI4 num packet: %d - // \n", - // &ip_header->saddr, - // data->info.syn_scan_info.num_syn_packets); + printk(KERN_ERR + "SYN attack detected from %pI4 num packet: %d " + "SYN_SCAN_THRESHOLD: %d \n", + &ip_header->saddr, data->info.syn_scan_info.num_syn_packets, + SYN_SCAN_THRESHOLD); push_msg_syn_attack(ip_address_key); block_ip_address(ip_address_key, IP_ATTCK_BLOCK_TIME); is_block = true; @@ -109,14 +110,16 @@ bool check_ssh_brute_force_attack(struct iphdr *ip_header, if (time_diff >= SSH_BRUTE_FORCE_TIME) { data->info.crack_ip_info.num_connect = 0; data->info.crack_ip_info.last_seen = current_time_sec; + // printk(KERN_ERR "reset num_connect time_diff: %d \n", time_diff); break; } data->info.crack_ip_info.num_connect++; if (data->info.crack_ip_info.num_connect >= SSH_BRUTE_FORCE_THRESHOLD) { - // printk(KERN_ERR "SYN attack detected from %pI4 num packet: %d - // \n", - // &ip_header->saddr, - // data->info.syn_scan_info.num_syn_packets); + printk(KERN_ERR + "SSH attack detected from %pI4 num packet: %d " + "SSH_BRUTE_FORCE_THRESHOLD: %d time_diff: %d\n", + &ip_header->saddr, data->info.crack_ip_info.num_connect, + SSH_BRUTE_FORCE_THRESHOLD, time_diff); push_msg_ssh_bf_attack(ip_address_key); block_ip_address(ip_address_key, IP_ATTCK_BLOCK_TIME); is_block = true; @@ -134,7 +137,7 @@ bool check_in_packet(struct iphdr *ip_header, struct sk_buff *skb) { } if (check_is_blacklist_ip(ip_header->saddr)) { is_block = true; - printk(KERN_ERR "Block ip address: %pI4\n", &ip_header->saddr); + // printk(KERN_ERR "Block ip address: %pI4\n", &ip_header->saddr); break; } if (check_syn_attack(ip_header, skb)) { diff --git a/linux_kernel/network.h b/linux_kernel/network.h index 04b36ce..e732d9f 100644 --- a/linux_kernel/network.h +++ b/linux_kernel/network.h @@ -3,7 +3,7 @@ #define IP_ATTCK_BLOCK_TIME 600 #define SYN_SCAN_THRESHOLD 500 #define SYN_SCAN_TIME 10 -#define SSH_BRUTE_FORCE_THRESHOLD 10 +#define SSH_BRUTE_FORCE_THRESHOLD 1200 #define SSH_BRUTE_FORCE_TIME 5 #define SSH_PORT 22 extern unsigned int network_callback(const struct nf_hook_ops *ops, diff --git a/linux_service/CMakeLists.txt b/linux_service/CMakeLists.txt index 4b4a373..8f0e775 100644 --- a/linux_service/CMakeLists.txt +++ b/linux_service/CMakeLists.txt @@ -2,6 +2,16 @@ cmake_minimum_required(VERSION 3.10) project(safe_duck) +# 设置 C++ 标准为 C++17 +set(CMAKE_CXX_STANDARD 17) +set(CMAKE_CXX_STANDARD_REQUIRED ON) +set(CMAKE_CXX_EXTENSIONS OFF) + +# 设置构建类型为 Debug set(CMAKE_BUILD_TYPE Debug) +# 添加可执行文件及源文件 add_executable(safe_duck safe_duck.cpp msg.cpp tools.cpp global.cpp ip_blacktable.cpp events/network.cpp sqlite/sqlite3.c) + +# 链接 pthread 库和 dl 库 +target_link_libraries(safe_duck pthread dl)