gfwleak/k18-ntcs-web-argus-service
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
20c49800d60fdbb14c5853096c30c108bf22e69d
k18-ntcs-web-argus-service/src/main/resources/maatXml/maat.xml
zhangdongxu 4cf1bf2815 1、将0x411与0x404两个serivce合并,删除0x401 APP内置规则定义特征发现功能 
2、修改配置文件,添加service到应对结构中,并为回调类结构添加说明
2018-07-10 11:03:40 +08:00

324 lines
15 KiB
XML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<p:maat xmlns:p="http://www.w3school.com.cn" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.w3school.com.cn maat.xsd">
<!--
#0x105 音频样例阻断 261=0:MM_SAMPLE_AUDIO
#0x106 视频样例阻断 262=0:MM_SAMPLE_VIDEO
#0x107 图片样例阻断 263=0:MM_SAMPLE_PIC
#0x108 VOIP样例阻断 264=0:MM_SAMPLE_VOIP
#0x185 音频样例监测 389=0:MM_SAMPLE_AUDIO
#0x186 视频样例监测 390=0:MM_SAMPLE_VIDEO
#0x187 图片样例监测 391=0:MM_SAMPLE_PIC
#0x188 VOIP样例监测 392=0:MM_SAMPLE_VOIP
-->
<p:maatType service="261;263;264;389;390;391;392">
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{un_maat_table_name};,;[cfg_id]</p:keyExpression>
<p:valueExpression>[cfg_id];\t;[is_valid];\t;[dst_file];\t;[dst_file_md5];\t;[op_time];&amp;nbsp;[level];\t;[file_id];\n</p:valueExpression>
</p:expressions>
<p:sequences>
<p:operation>1</p:operation>
<p:sequenceKey>MAAT_VERSION</p:sequenceKey>
</p:sequences>
<p:expressions>
<p:keyExpression>MAAT_UPDATE_STATUS</p:keyExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_RULE_TIMER</p:keyExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_VERSION_TIMER</p:keyExpression>
</p:expressions>
</p:maatType>
<!--
#0x109 音频色情阻断 265=0:MM_PORN_AUDIO_LEVEL
#0x10A 视频色情阻断 266=0:MM_PORN_VIDEO_LEVEL
#0x189 音频色情监测 393=0:MM_PORN_AUDIO_LEVEL
#0x18A 视频色情监测 394=0:MM_PORN_VIDEO_LEVEL
-->
<p:maatType service="265;266;393;394">
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{un_maat_table_name};,;[cfg_id]</p:keyExpression>
<p:valueExpression>[cfg_id];\t;[service];\t;[level];\t;[description];\t;[is_valid];\n</p:valueExpression>
</p:expressions>
<p:sequences>
<p:operation>1</p:operation>
<p:sequenceKey>MAAT_VERSION</p:sequenceKey>
</p:sequences>
<p:expressions>
<p:keyExpression>MAAT_UPDATE_STATUS</p:keyExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_RULE_TIMER</p:keyExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_VERSION_TIMER</p:keyExpression>
</p:expressions>
</p:maatType>
<!--
#0x03 IP地址丢弃 3=0:INLINE_IP_CB
#0x04 IP地址丢弃 4=0:INLINE_IP_CB
#0x19 IPSec丢弃 25=0:INLINE_IP_CB
#0x1C GRE 丢弃 28=0:INLINE_IP_CB
#0x1D IPSEC丢弃 29=0:INLINE_IP_CB
-->
<p:maatType service="3;4;25;28;29">
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{un_maat_table_name};,;[cfg_id]</p:keyExpression>
<p:valueExpression>[cfg_id];\t;[service];\t;[action];\t;[addr_type];\t;[src_ip];\t;[mask_src_ip];\t;[src_port];\t;[mask_src_port];\t;[dst_ip];\t;[mask_dst_ip];\t;[dst_port];\t;[mask_dst_port];\t;[protocol];\t;[direction];\t;[is_valid];\t;[op_time];&amp;nbsp;\n</p:valueExpression>
</p:expressions>
<p:sequences>
<p:operation>1</p:operation>
<p:sequenceKey>MAAT_VERSION</p:sequenceKey>
</p:sequences>
<p:expressions>
<p:keyExpression>MAAT_UPDATE_STATUS</p:keyExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_RULE_TIMER</p:keyExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_VERSION_TIMER</p:keyExpression>
</p:expressions>
</p:maatType>
<!--
#0x05 DDOS流量丢弃 5=0:DDOS_TARGET_IP_CB
#0x40 DNS欺骗配置(回调) 64=0:NTC_DNS_FAKE_IP_CB
-->
<p:maatType service="64;5">
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{un_maat_table_name};,;[cfg_id]</p:keyExpression>
<p:valueExpression>[cfg_id];\t;[service];\t;[action];\t;[policyGroup];\t;[addr_type];\t;[src_ip];\t;[mask_src_ip];\t;[src_port];\t;[mask_src_port];\t;[dst_ip];\t;[mask_dst_ip];\t;[dst_port];\t;[mask_dst_port];\t;[protocol];\t;[direction];\t;[is_valid];\t;[op_time];&amp;nbsp;\n</p:valueExpression>
</p:expressions>
<p:sequences>
<p:operation>1</p:operation>
<p:sequenceKey>MAAT_VERSION</p:sequenceKey>
</p:sequences>
<p:expressions>
<p:keyExpression>MAAT_UPDATE_STATUS</p:keyExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_RULE_TIMER</p:keyExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_VERSION_TIMER</p:keyExpression>
</p:expressions>
</p:maatType>
<!--
#0x41 DNS 响应策略配置(回调) 65=0:NTC_DNS_RES_STRATEGY
-->
<p:maatType service="65">
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{un_maat_table_name};,;[cfg_id]</p:keyExpression>
<p:valueExpression>[cfg_id];\t;[service];\t;[action];\t;[req_strate_id];\t;[strate_name];\t;[res_group_1_id];\t;[res_group_1_num];\t;[res_group_2_id];\t;[res_group_2_num];\t;[res_group_3_id];\t;[res_group_3_num];\t;[res_group_4_id];\t;[res_group_4_num];\t;[res_group_5_id];\t;[res_group_5_num];\t;[min_ttl];\t;[max_ttl];\t;[is_valid];\n</p:valueExpression>
</p:expressions>
<p:sequences>
<p:operation>1</p:operation>
<p:sequenceKey>MAAT_VERSION</p:sequenceKey>
</p:sequences>
<p:expressions>
<p:keyExpression>MAAT_UPDATE_STATUS</p:keyExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_RULE_TIMER</p:keyExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_VERSION_TIMER</p:keyExpression>
</p:expressions>
</p:maatType>
<!--
#0x340 IP复用地址池配置回调 832=0:IR_STATIC_IP_POOL_CB
-->
<p:maatType service="832">
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{un_maat_table_name};,;[cfg_id]</p:keyExpression>
<p:valueExpression>[cfg_id];\t;[service];\t;[action];\t;[policy_group];\t;[addr_type];\t;[ip];\t;[port];\t;[user_region];\t;[location];\t;[is_valid];\t;[op_time];&amp;nbsp;\n
</p:valueExpression>
</p:expressions>
<p:sequences>
<p:operation>1</p:operation>
<p:sequenceKey>MAAT_VERSION</p:sequenceKey>
</p:sequences>
<p:expressions>
<p:keyExpression>MAAT_UPDATE_STATUS</p:keyExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_RULE_TIMER</p:keyExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_VERSION_TIMER</p:keyExpression>
</p:expressions>
</p:maatType>
<p:maatType service="1;2;16;17;18;19;20;21;22;23;24;26;27;30;31;32;33;34;128;129;130;131;132;133;134;135;136;137;138;139;140;141;143;144;145;256;257;258;259;260;384;385;386;387;388;512;513;528;529;544;545;560;561;768;848;1024;1025;1026;1027;1028;1040;1056;1057;1058">
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{compile_table_name};,;[compile_id]</p:keyExpression>
<p:valueExpression>[compile_id];\t;[service];\t;[action];\t;[do_blacklist];\t;[do_log];\t;[effective_range];\t;[user_region];\t;[is_valid];\t;[group_num];\t;[father_cfg_id];\t;[op_time];&amp;nbsp;0;\n</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{group_table_name};,;[group_id]</p:keyExpression>
<p:valueExpression>[group_id];\t;[compile_id];\t;[is_valid];\t;[op_time];&amp;nbsp;0;\n</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{ip_region_table_name};,;[region_id]</p:keyExpression>
<p:valueExpression>[region_id];\t;[group_id];\t;[addr_type];\t;[src_ip];\t;[mask_src_ip];\t;[src_port];\t;[mask_src_port];\t;[dst_ip];\t;[mask_dst_ip];\t;[dst_port];\t;[mask_dst_port];\t;[protocol];\t;[direction];\t;[is_valid];\t;[op_time];&amp;nbsp;0;\t;[action];\t;[service];\t;[user_region];\n</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{str_region_table_name};,;[region_id]</p:keyExpression>
<p:valueExpression>[region_id];\t;[group_id];\t;[keywords];\t;[expr_type];\t;[match_method];\t;[is_hexbin];\t;[is_valid];\t;[op_time];&amp;nbsp;0;\t;[action];\t;[service];\t;[user_region];\n</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{str_str_region_table_name};,;[region_id]</p:keyExpression>
<p:valueExpression>[region_id];\t;[group_id];\t;[keywords];\t;[district];\t;[expr_type];\t;[match_method];\t;[is_hexbin];\t;[is_valid];\t;[op_time];&amp;nbsp;0;\t;[action];\t;[service];\t;[user_region];\n</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{num_region_table_name};,;[region_id]</p:keyExpression>
<p:valueExpression>[region_id];\t;[group_id];\t;[low_boundary];\t;[up_boundary];\t;[is_valid];\t;[op_time];&amp;nbsp;0;\t;[action];\t;[service];\t;[user_region];\n</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{file_digest_table_name};,;[region_id]</p:keyExpression>
<p:valueExpression>[region_id];\t;[group_id];\t;[raw_len];\t;[digest];\t;[cfds_level];\t;[is_valid];\t;[op_time];&amp;nbsp;0;\t;[action];\t;[service];\t;[user_region];\n</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{ip_client_range_table_name};,;[region_id]</p:keyExpression>
<p:valueExpression>[region_id];\t;[group_id];\t;[addr_type];\t;[src_ip];\t;[mask_src_ip];\t;[src_port];\t;[mask_src_port];\t;[dst_ip];\t;[mask_dst_ip];\t;[dst_port];\t;[mask_dst_port];\t;[protocol];\t;[direction];\t;[is_valid];\t;[op_time];&amp;nbsp;0;\t;[action];\t;[service];\t;[user_region];\n</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_UPDATE_STATUS</p:keyExpression>
<!-- <p:valueExpression>add;{tableName};,;{id}</p:valueExpression> -->
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_RULE_TIMER</p:keyExpression>
<!-- <p:valueExpression>[region_id];\t;[group_id];\t;[keywords];\t;[expr_type];\t;[match_method];\t;[is_hexbin];\t;[is_valid];\t;[op_time]</p:valueExpression> -->
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_VERSION_TIMER</p:keyExpression>
<!-- <p:valueExpression>{region_id};{maatVersion}</p:valueExpression> -->
</p:expressions>
<p:sequences>
<p:operation>1</p:operation>
<p:sequenceKey>MAAT_VERSION</p:sequenceKey>
</p:sequences>
</p:maatType>
<!--
<p:maatType service="17;1;256;258;260;384;386;388">
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{compile_table_name};,;[compile_id]</p:keyExpression>
<p:valueExpression>[compile_id];\t;[service];\t;[action];\t;[do_blacklist];\t;[do_log];\t;[effective_range];\t;[user_region];\t;[is_valid];\t;[group_num];\t;[father_cfg_id];\t;[op_time]</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{group_table_name};,;[group_id]</p:keyExpression>
<p:valueExpression>[group_id];\t;[compile_id];\t;[is_valid];\t;[op_time]</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{ip_region_table_name};,;[region_id]</p:keyExpression>
<p:valueExpression>[region_id];\t;[group_id];\t;[addr_type];\t;[src_ip];\t;[mask_src_ip];\t;[src_port];\t;[mask_src_port];\t;[dst_ip];\t;[mask_dst_ip];\t;[dst_port];\t;[mask_dst_port];\t;[protocol];\t;[direction];\t;[is_valid];\t;[op_time]</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{str_region_table_name};,;[region_id]</p:keyExpression>
<p:valueExpression>[region_id];\t;[group_id];\t;[keywords];\t;[expr_type];\t;[match_method];\t;[is_hexbin];\t;[is_valid];\t;[op_time]</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_UPDATE_STATUS</p:keyExpression>
<p:valueExpression>add;{tableName};,;{id}</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_RULE_TIMER</p:keyExpression>
<p:valueExpression>[region_id];\t;[group_id];\t;[keywords];\t;[expr_type];\t;[match_method];\t;[is_hexbin];\t;[is_valid];\t;[op_time]</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_VERSION_TIMER</p:keyExpression>
<p:valueExpression>{region_id};{maatVersion}</p:valueExpression>
</p:expressions>
<p:sequences>
<p:operation>1</p:operation>
<p:sequenceKey>MAAT_VERSION</p:sequenceKey>
</p:sequences>
</p:maatType>
<p:maatType service="257;385">
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{compile_table_name};,;[compile_id]</p:keyExpression>
<p:valueExpression>[compile_id];\t;[service];\t;[action];\t;[do_blacklist];\t;[do_log];\t;[effective_range];\t;[user_region];\t;[is_valid];\t;[group_num];\t;[father_cfg_id];\t;[op_time]</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{group_table_name};,;[group_id]</p:keyExpression>
<p:valueExpression>[group_id];\t;[cfg_id];\t;[is_valid];\t;[op_time]</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{str_region_table_name};,;[region_id]</p:keyExpression>
<p:valueExpression>[region_id];\t;[group_id];\t;[keywords];\t;[expr_type];\t;[match_method];\t;[is_hexbin];\t;[is_valid];\t;[op_time]</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_UPDATE_STATUS</p:keyExpression>
<p:valueExpression>add;{tableName};,;{id}</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_RULE_TIMER</p:keyExpression>
<p:valueExpression>[region_id];\t;[group_id];\t;[keywords];\t;[expr_type];\t;[match_method];\t;[is_hexbin];\t;[is_valid];\t;[op_time]</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_VERSION_TIMER</p:keyExpression>
<p:valueExpression>{region_id};{maatVersion}</p:valueExpression>
</p:expressions>
<p:sequences>
<p:operation>1</p:operation>
<p:sequenceKey>MAAT_VERSION</p:sequenceKey>
</p:sequences>
</p:maatType>
<p:maatType service="259;387">
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{compile_table_name};,;[compile_id]</p:keyExpression>
<p:valueExpression>[compile_id];\t;[service];\t;[action];\t;[do_blacklist];\t;[do_log];\t;[effective_range];\t;[user_region];\t;[is_valid];\t;[group_num];\t;[father_cfg_id];\t;[op_time]</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{group_table_name};,;[group_id]</p:keyExpression>
<p:valueExpression>[group_id];\t;[compile_id];\t;[is_valid];\t;[op_time]</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>EFFECTIVE_RULE;:;{num_region_table_name};,;[region_id]</p:keyExpression>
<p:valueExpression>[region_id];\t;[group_id];\t;[low_boundary];\t;[up_boundary];\t;[is_valid];\t;[op_time]</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_UPDATE_STATUS</p:keyExpression>
<p:valueExpression>add;{tableName};,;{id}</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_RULE_TIMER</p:keyExpression>
<p:valueExpression>[region_id];\t;[group_id];\t;[keywords];\t;[expr_type];\t;[match_method];\t;[is_hexbin];\t;[is_valid];\t;[op_time]</p:valueExpression>
</p:expressions>
<p:expressions>
<p:keyExpression>MAAT_VERSION_TIMER</p:keyExpression>
<p:valueExpression>{region_id};{maatVersion}</p:valueExpression>
</p:expressions>
<p:sequences>
<p:operation>1</p:operation>
<p:sequenceKey>MAAT_VERSION</p:sequenceKey>
</p:sequences>
</p:maatType> -->
</p:maat>
Reference in New Issue View Git Blame Copy Permalink