提供maat_redis_tool，支持导出redis中的配置。

2017-10-02 20:19:01 +08:00
parent ba5781158b
commit 6a4aa9d4f6
8 changed files with 212 additions and 5 deletions
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -0,0 +1,8 @@
+LIBS= ../lib/libmaatframe.so -lhiredis_vip
+INC=-I../inc/ -I ../src/entry/ -I../src/inc_internal/ -I/usr/include/MESA/
+all:
+	g++ -o maat_redis_tool.o -c -g -Wall maat_redis_tool.cpp $(INC)
+	g++ -o maat_redis_tool maat_redis_tool.o $(LIBS)
+	g++ -o digest_gen -g digest_gen.c $(INC) $(LIBS)
+clean:
+	rm *.o
--- a/tools/digest_gen.c
+++ b/tools/digest_gen.c
@@ -0,0 +1,164 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <dirent.h>
+#include <sys/stat.h>
+#include <time.h>
+#include <math.h>
+#include <assert.h>
+#include "stream_fuzzy_hash.h"
+#include "gram_index_engine.h"
+
+void* entropy_start(void)
+{
+	unsigned long long * char_num=(unsigned long long*)calloc(sizeof(unsigned long long),256+1);
+	return (void*)char_num;
+}
+void entropy_feed(void* handle,const unsigned char*buff, int size)
+{
+	int i=0;
+	unsigned long long * char_num=(unsigned long long *)handle;
+	for(i=0;i<size;i++)
+	{
+		char_num[buff[i]+1]++;;
+	}
+	char_num[0]+=size;
+	return;
+}
+double entropy_stop(void* handle)
+{
+	unsigned long long * char_num=(unsigned long long *)handle;
+	int i;
+	double sum = 0,p=0;
+	for(i = 0; i < 256; i++)
+	{
+		p = (double)char_num[i+1]/char_num[0];
+		if(p != 0)
+		{
+			sum += (p*(log(p)/log(2))); 
+		}
+	}
+	free(handle);
+	return (-sum);
+}
+void hash_file(const char* path,double *p_entropy,off_t *file_size, char* sfh_buffer,int size)
+{
+	unsigned long long read_size=0,feed_offset=0;
+	char read_buff[1024*4];
+	void * entropy_handle=NULL;
+	double file_entropy=0.0;
+	int hash_length;
+	char * digest_result_buff=NULL;
+	struct stat digest_fstat;
+	FILE* fp;
+	stat(path,&digest_fstat);
+	fp = fopen(path, "r");
+	if(NULL == fp)
+	{
+		printf("Open %s failed\n", path);
+		return;
+	}
+	read_size=0;
+	feed_offset=0;
+	sfh_instance_t * fhandle = SFH_instance(0);
+	entropy_handle=entropy_start();
+	while(0==feof(fp))
+	{
+		read_size=fread(read_buff,1,sizeof(read_buff),fp);
+		SFH_feed(fhandle,read_buff,read_size,feed_offset);
+		feed_offset+=read_size;
+		entropy_feed(entropy_handle,(const unsigned char*) read_buff, read_size);
+	}
+	file_entropy=entropy_stop(entropy_handle);
+	*p_entropy=file_entropy;
+	hash_length = SFH_status(fhandle, HASH_LENGTH);
+	SFH_digest(fhandle, sfh_buffer, size);
+	//printf("%s %u %lf %s\n",path,digest_fstat.st_size,file_entropy,digest_result_buff);
+	SFH_release(fhandle);
+	*file_size=digest_fstat.st_size;
+	fclose(fp);
+	return;
+}
+void digest_gen_print_usage(void)
+{
+	printf("digest_gen dermines the similarity of two signatures/strings/files with a score in [0,100].\n");
+	printf("Higher score means more similar.\nUsage:\n");
+	printf("\t-f [FILE], caculate a file's SFH digest.\n");
+	printf("\t-s specify the first string/file for comparing.\n");
+	printf("\t-d specify the second string/file for comparing.\n");
+	printf("\t-c compare two simple strings that specified by -s and -d.\n");
+	printf("\t-m compare two SFH signatures that specified by -s and -d.\n");
+	printf("\t-p compare two files that specified by -s and -d.\n");
+	printf("example: ./digest_gen -p -s file1 -d file2\n");
+	
+	return;
+}
+int main(int argc, char * argv[])
+{
+	char path[256];
+	char str1[4096],str2[4096];
+	int oc=0;
+	int confidence=0;
+	int model=0;
+	double file_entropy=0.0;
+	off_t file_size=0;
+	char sfh_buffer1[4096]={0},sfh_buffer2[4096]={0};
+	const char* b_opt_arg=NULL;
+	if(argc<2)
+	{
+		digest_gen_print_usage();
+		return 0;
+	}
+	while((oc=getopt(argc,argv,"f:pcms:d:"))!=-1)
+	{
+		switch(oc)
+		{
+			case 'f':
+				model=oc;
+				strncpy(path,optarg,sizeof(path));
+				break;
+			case 'c':
+			case 'm':
+			case 'p':
+				model=oc;
+				break;
+			case 's':
+				strncpy(str1,optarg,sizeof(str1));
+				break;
+			case 'd':
+				strncpy(str2,optarg,sizeof(str2));
+				break;
+			case '?':
+			default:
+				digest_gen_print_usage();
+				return 0;
+				break;
+		}
+	}
+	switch(model)
+	{
+		case 'f':
+			hash_file(path,&file_entropy,&file_size,sfh_buffer1,sizeof(sfh_buffer1));
+			printf("%s %u %lf %s\n",path,file_size,file_entropy,sfh_buffer1);
+			break;
+		case 'c':
+			confidence=GIE_string_similiarity(str1, strlen(str1), str2, strlen(str2));
+			printf("%d\n",confidence);
+			break;
+		case 'm':
+			confidence=GIE_sfh_similiarity(str1, strlen(str1), str2, strlen(str2));
+			printf("%d\n",confidence);
+			break;
+		case 'p':
+			hash_file(str1,&file_entropy,&file_size,sfh_buffer1,sizeof(sfh_buffer1));
+			hash_file(str2,&file_entropy,&file_size,sfh_buffer2,sizeof(sfh_buffer2));
+			confidence=GIE_sfh_similiarity(sfh_buffer1, strlen(sfh_buffer1), sfh_buffer2, strlen(sfh_buffer2));
+			printf("%d\n",confidence);
+			break;
+		default:
+			assert(0);
+	}
+	return 0;
+}
+
--- a/tools/digest_test.data
+++ b/tools/digest_test.data
--- a/tools/maat_redis_tool.cpp
+++ b/tools/maat_redis_tool.cpp
@@ -0,0 +1,180 @@
+#include "Maat_rule.h"
+#include "Maat_command.h"
+#include "Maat_rule_internal.h"
+#include "json2iris.h"
+#include "config_monitor.h"
+#include "hiredis.h"
+#include <unistd.h>
+#include <stdio.h>
+#include <assert.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+const char* redis_dump_dir="./redis_dump";
+void maat_tool_print_usage(void)
+{
+	printf("maat_redis_tool manipulate rules from redis.\n");
+	printf("Usage:\n");
+	printf("\t-h [host], redis IP, 127.0.0.1 as default.\n");
+	printf("\t-p [port], redis port, 6379 as default.\n");
+	printf("\t-d [dir], dump rules from redis to [dir], %s as default.\n",redis_dump_dir);
+	printf("example: ./maat_redis_tool -h 127.0.0.1 -p 6379 -d %s\n",redis_dump_dir);
+	
+	return;
+}
+static int compare_serial_rule(const void *a, const void *b)
+{
+	struct serial_rule_t *ra=(struct serial_rule_t *)a;
+	struct serial_rule_t *rb=(struct serial_rule_t *)b;
+
+	char p_str[256],q_str[256];
+	snprintf(p_str,sizeof(p_str),"%s.%d",ra->table_name,ra->rule_id);
+	snprintf(q_str,sizeof(q_str),"%s.%d",rb->table_name,rb->rule_id);
+	return strcmp(p_str,q_str);
+}
+void read_rule_from_redis(const char*redis_ip, int redis_port, int redis_db,const char* output_path ,void*logger)
+{
+	struct serial_rule_t* rule_list;
+	int rule_num=0,line_count=0;
+	int i=0,ret=0;
+	int update_type=CM_UPDATE_TYPE_INC;
+	unsigned int version=0;
+	const char* cur_table=NULL;
+
+	char table_path[256],index_path[256];
+	FILE *table_fp=NULL, *index_fp=NULL;
+
+	struct timeval connect_timeout;
+	connect_timeout.tv_sec=0;
+	connect_timeout.tv_usec=100*1000; // 100 ms
+
+	redisContext * ctx;
+	ctx=redisConnectWithTimeout(redis_ip, redis_port,connect_timeout);
+	if(ctx==NULL)
+	{
+		printf("Unable to connect %s:%d db%d\n",redis_ip,redis_port,redis_db);
+		return;
+	}
+
+	printf("Reading key list from %s:%d db%d.\n",redis_ip,redis_port,redis_db);
+	rule_num=get_rm_key_list(0, ctx, &rule_list, logger,&version, &update_type);
+	assert(update_type==CM_UPDATE_TYPE_FULL);
+	printf("MAAT Version: %d, key number: %d\n", version, rule_num);
+	printf("Reading value: ");
+	ret=get_maat_redis_value(ctx,rule_list,rule_num,logger,1);
+	if(ret<0)
+	{
+		goto clean_up;
+	}
+	qsort(rule_list,rule_num, sizeof(struct serial_rule_t),
+                  compare_serial_rule);
+	if((access(output_path,F_OK)) <0)
+
+	{	if((mkdir(output_path,S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH)) < 0)
+		printf("mkdir %s error\n",output_path);
+
+	}
+	snprintf(index_path,sizeof(index_path),"%s/full_config_index.%010d",output_path,version);
+	index_fp=fopen(index_path,"w");
+	if(index_fp==NULL)
+	{
+		printf("Open %s failed.\n",index_path);
+		goto clean_up;
+	}
+
+	for(i=0;i<rule_num;i++)
+	{
+		if(cur_table==NULL||0!=strcmp(cur_table,rule_list[i].table_name))
+		{
+			if(table_fp!=NULL)
+			{
+				fprintf(index_fp,"%s\t%d\t%s\n",cur_table,line_count,table_path);
+				fclose(table_fp);
+				table_fp=NULL;
+				set_file_rulenum(table_path,line_count, logger);
+				line_count=0;
+			}
+			snprintf(table_path,sizeof(table_path),"%s/%s.%010d",output_path,rule_list[i].table_name,version);
+			set_file_rulenum(table_path, 0, logger);
+			table_fp=fopen(table_path,"a");
+			if(table_fp==NULL)
+			{
+				printf("Open %s failed.\n",table_path);
+				goto clean_up;
+			}
+			printf("Writing %s\n",table_path);
+			cur_table=rule_list[i].table_name;
+		}
+		fprintf(table_fp,"%s\tRID=%d\n",rule_list[i].table_line,rule_list[i].rule_id);
+		line_count++;
+	}
+	fclose(table_fp);
+	table_fp=NULL;
+	fprintf(index_fp,"%s\t%d\t%s\n",cur_table,line_count,table_path);
+	set_file_rulenum(table_path,line_count, logger);
+	
+	printf("Writing complete: %s\n",index_path);
+clean_up:
+	for(i=0;i<rule_num;i++)
+	{
+		empty_serial_rules(rule_list+i);
+	}
+	free(rule_list);
+	rule_list=NULL;
+	if(ctx!=NULL)
+	{
+		redisFree(ctx);
+	}
+	if(index_fp!=NULL)
+	{
+		fclose(index_fp);
+	}
+	if(table_fp!=NULL)
+	{
+		fclose(table_fp);
+	}
+	return;
+}
+int main(int argc, char * argv[])
+{
+	int oc=0;
+	char model='?';
+	char redis_ip[64];
+	int redis_port=6379;
+	int redis_db=0;
+	strncpy(redis_ip,"127.0.0.1",sizeof(redis_ip));
+	char table_info[128];
+	strncpy(table_info,"./table_info.conf",sizeof(table_info));
+	char dump_dir[128];
+	strncpy(dump_dir,redis_dump_dir,sizeof(dump_dir));
+	while((oc=getopt(argc,argv,"mh:p:t:d:f:"))!=-1)
+	{
+		switch(oc)
+		{
+			case 'm':
+				model=oc;
+				break;
+			case 'h':
+				strncpy(redis_ip,optarg,sizeof(redis_ip));
+				break;
+			case 'p':
+				sscanf(optarg,"%d",&redis_port);
+				break;
+			case 't':
+				strncpy(table_info,optarg,sizeof(table_info));
+				break;
+			case 'd':
+				strncpy(dump_dir,optarg,sizeof(dump_dir));
+				if(dump_dir[strlen(dump_dir)-1]=='/')
+				{
+					dump_dir[strlen(dump_dir)-1]='\0';
+				}
+				break;
+			case '?':
+			default:
+				maat_tool_print_usage();
+				return 0;
+				break;
+		}
+	}
+	read_rule_from_redis(redis_ip,redis_port, redis_db,dump_dir, NULL);
+}