admin/safe_duck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复在debian4.19.0-17-amd64下的各种蛋疼编译问题

Browse Source
This commit is contained in:
huoji
2023-12-03 00:19:46 +08:00
parent 73a35c7327
commit 8e7813103e
4 changed files with 25 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
linux_kernel/Makefile
View File

@@ -4,6 +4,8 @@ safe_duck-objs := main.o msg.o global.o some_struct.o ip_hashmap.o network.o cli
PWD := $(shell pwd) PWD := $(shell pwd)
KVER := $(shell uname -r) KVER := $(shell uname -r)
KDIR := /lib/modules/$(KVER)/build KDIR := /lib/modules/$(KVER)/build
CFLAGS-y += -std=c99
all: all:
$(MAKE) -C $(KDIR) M=$(PWD) modules $(MAKE) -C $(KDIR) M=$(PWD) modules
clean: clean:

21
linux_kernel/network.c
View File

@@ -63,10 +63,11 @@ bool check_syn_attack(struct iphdr *ip_header, struct sk_buff *skb) {
} }
data->info.syn_scan_info.num_syn_packets++; data->info.syn_scan_info.num_syn_packets++;
if (data->info.syn_scan_info.num_syn_packets >= SYN_SCAN_THRESHOLD) { if (data->info.syn_scan_info.num_syn_packets >= SYN_SCAN_THRESHOLD) {
// printk(KERN_ERR "SYN attack detected from %pI4 num packet: %d printk(KERN_ERR
// \n", "SYN attack detected from %pI4 num packet: %d "
// &ip_header->saddr, "SYN_SCAN_THRESHOLD: %d \n",
// data->info.syn_scan_info.num_syn_packets); &ip_header->saddr, data->info.syn_scan_info.num_syn_packets,
SYN_SCAN_THRESHOLD);
push_msg_syn_attack(ip_address_key); push_msg_syn_attack(ip_address_key);
block_ip_address(ip_address_key, IP_ATTCK_BLOCK_TIME); block_ip_address(ip_address_key, IP_ATTCK_BLOCK_TIME);
is_block = true; is_block = true;
@@ -109,14 +110,16 @@ bool check_ssh_brute_force_attack(struct iphdr *ip_header,
if (time_diff >= SSH_BRUTE_FORCE_TIME) { if (time_diff >= SSH_BRUTE_FORCE_TIME) {
data->info.crack_ip_info.num_connect = 0; data->info.crack_ip_info.num_connect = 0;
data->info.crack_ip_info.last_seen = current_time_sec; data->info.crack_ip_info.last_seen = current_time_sec;
// printk(KERN_ERR "reset num_connect time_diff: %d \n", time_diff);
break; break;
} }
data->info.crack_ip_info.num_connect++; data->info.crack_ip_info.num_connect++;
if (data->info.crack_ip_info.num_connect >= SSH_BRUTE_FORCE_THRESHOLD) { if (data->info.crack_ip_info.num_connect >= SSH_BRUTE_FORCE_THRESHOLD) {
// printk(KERN_ERR "SYN attack detected from %pI4 num packet: %d printk(KERN_ERR
// \n", "SSH attack detected from %pI4 num packet: %d "
// &ip_header->saddr, "SSH_BRUTE_FORCE_THRESHOLD: %d time_diff: %d\n",
// data->info.syn_scan_info.num_syn_packets); &ip_header->saddr, data->info.crack_ip_info.num_connect,
SSH_BRUTE_FORCE_THRESHOLD, time_diff);
push_msg_ssh_bf_attack(ip_address_key); push_msg_ssh_bf_attack(ip_address_key);
block_ip_address(ip_address_key, IP_ATTCK_BLOCK_TIME); block_ip_address(ip_address_key, IP_ATTCK_BLOCK_TIME);
is_block = true; is_block = true;
@@ -134,7 +137,7 @@ bool check_in_packet(struct iphdr *ip_header, struct sk_buff *skb) {
} }
if (check_is_blacklist_ip(ip_header->saddr)) { if (check_is_blacklist_ip(ip_header->saddr)) {
is_block = true; is_block = true;
printk(KERN_ERR "Block ip address: %pI4\n", &ip_header->saddr); // printk(KERN_ERR "Block ip address: %pI4\n", &ip_header->saddr);
break; break;
} }
if (check_syn_attack(ip_header, skb)) { if (check_syn_attack(ip_header, skb)) {

2
linux_kernel/network.h
View File

@@ -3,7 +3,7 @@
#define IP_ATTCK_BLOCK_TIME 600 #define IP_ATTCK_BLOCK_TIME 600
#define SYN_SCAN_THRESHOLD 500 #define SYN_SCAN_THRESHOLD 500
#define SYN_SCAN_TIME 10 #define SYN_SCAN_TIME 10
#define SSH_BRUTE_FORCE_THRESHOLD 10 #define SSH_BRUTE_FORCE_THRESHOLD 1200
#define SSH_BRUTE_FORCE_TIME 5 #define SSH_BRUTE_FORCE_TIME 5
#define SSH_PORT 22 #define SSH_PORT 22
extern unsigned int network_callback(const struct nf_hook_ops *ops, extern unsigned int network_callback(const struct nf_hook_ops *ops,

10
linux_service/CMakeLists.txt
View File

@@ -2,6 +2,16 @@ cmake_minimum_required(VERSION 3.10)
project(safe_duck) project(safe_duck)
# 设置 C++ 标准为 C++17
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_STANDARD_REQUIRED ON)
set(CMAKE_CXX_EXTENSIONS OFF)
# 设置构建类型为 Debug
set(CMAKE_BUILD_TYPE Debug) set(CMAKE_BUILD_TYPE Debug)
# 添加可执行文件及源文件
add_executable(safe_duck safe_duck.cpp msg.cpp tools.cpp global.cpp ip_blacktable.cpp events/network.cpp sqlite/sqlite3.c) add_executable(safe_duck safe_duck.cpp msg.cpp tools.cpp global.cpp ip_blacktable.cpp events/network.cpp sqlite/sqlite3.c)
# 链接 pthread 库和 dl 库
target_link_libraries(safe_duck pthread dl)