gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加总控配置文件

Browse Source
This commit is contained in:
liuxueli
2019-11-20 18:02:54 +08:00
parent 5c04ba23aa
commit 0a11db6d2e
6 changed files with 251 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
bin/main.conf Normal file
View File

@@ -0,0 +1,39 @@
[MAAT]
MAAT_MODE=1
#EFFECTIVE_FLAG=
STAT_SWITCH=1
PERF_SWITCH=1
TABLE_INFO=tsgconf/tsg_tableinfo.conf
STAT_FILE=tsg_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP=127.0.0.1
REDIS_PORT_NUM=10
REDIS_PORT=6380
REDIS_INDEX=2
JSON_CFG_FILE=tsgconf/tsg_maat.json
INC_CFG_DIR=tsgrule/inc/index/
FULL_CFG_DIR=tsgrule/full/index/
IP_ADDR_TABLE=TSG_OBJ_IP_ADDR
SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID
[TSG_LOG]
MODE=1
NIC_NAME=eth1
MAX_SERVICE=0
LOG_LEVEL=10
LOG_PATH=./tsglog/tsglog
BROKER_LIST=127.0.0.1:9092
COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
[FIELD_STAT]
CYCLE=3
TELEGRAF_PORT=8125
TELEGRAF_IP=127.0.0.1
OUTPUT_PATH=./tsg_stat.log
APP_NAME=tsg_master
[SYSTEM]
LOG_LEVEL=10
LOG_PATH=./tsglog/tsg_master
POLICY_PRIORITY_LABEL=POLICY_PRIORITY

41
bin/tsg_log_field.conf Normal file
View File

@@ -0,0 +1,41 @@
#TYPE1:UCHAR,2:USHORT,3:ULONG,4:ULOG,5:USTRING,6:FILE,7:UBASE64,8:PACKET
#TYPE TOPIC SERVICE
TOPIC SECURITY-EVENT-LOG 0
#TYPE FIELD VALUE
LONG common_policy_id 1
LONG common_service 2
LONG common_action 3
LONG common_start_time 4
LONG common_end_time 5
STRING common_l4_protocol 6
LONG common_address_type 7
STRING common_server_ip 8
STRING common_client_ip 9
LONG common_server_port 10
LONG common_client_port 11
LONG common_stream_dir 12
STRING common_address_list 13
LONG common_entrance_id 14
LONG common_device_id 15
LONG common_link_id 16
STRING common_isp 17
LONG common_encapsulation 18
LONG common_direction 19
STRING common_sled_ip 20
STRING common_user_tags 21
STRING common_user_region 22
STRING common_app_label 23
LONG common_app_id 24
LONG common_protocol_id 25
LONG common_c2s_pkt_num 26
LONG common_s2c_pkt_num 27
LONG common_c2s_byte_num 28
LONG common_s2c_byte_num 29
LONG common_con_duration_ms 30
LONG common_has_dup_traffic 31
STRING common_stream_error 32
STRING common_stream_trace_id 33
STRING common_schema_type 34
STRING http_host 35
STRING ssl_sni 36

84
bin/tsg_maat.json Normal file
View File

@@ -0,0 +1,84 @@
{
"compile_table": "TSG_SECURITY_COMPILE",
"group_table": "POLICY_OBJECT",
"rules": [
{
"compile_id": 1,
"service": 0,
"action": 16,
"do_blacklist": 0,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_1",
"regions": [
{
"table_name": "TSG_OBJ_IP_ADDR",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "61.135.169.125",
"mask_src_ip": "255.255.255.255",
"src_port": "80",
"mask_src_port": "65535",
"dst_ip": "192.168.41.228",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 6,
"direction": "double"
}
}
]
}
]
},
{
"compile_id": 2,
"service": 0,
"action": 128,
"do_blacklist": 0,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "FQDN_SNI",
"regions": [
{
"table_name": "TSG_OBJ_FQDN",
"table_type": "expr",
"table_content": {
"keywords": "baidu.com",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 3,
"service": 0,
"action": 128,
"do_blacklist": 0,
"do_log": 1,
"effective_rage": 0,
"user_region": "Virtual",
"is_valid": "yes",
"groups": [
{
"group_name":"FQDN_SNI",
"virtual_table":"TSG_FIELD_SSL_SNI",
"not_flag" : 0
}
]
}
]
}

40
bin/tsg_maat_ip_deny.json Normal file
View File

@@ -0,0 +1,40 @@
{
"compile_table": "TSG_SECURITY_COMPILE",
"group_table": "POLICY_OBJECT",
"rules": [
{
"compile_id": 1,
"service": 0,
"action": 16,
"do_blacklist": 0,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_1",
"regions": [
{
"table_name": "TSG_OBJ_IP_ADDR",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "117.18.237.29",
"mask_src_ip": "255.255.255.255",
"src_port": "80",
"mask_src_port": "65535",
"dst_ip": "192.168.41.228",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 6,
"direction": "double"
}
}
]
}
]
}
]
}

9
bin/tsg_master.inf Normal file
View File

@@ -0,0 +1,9 @@
[PLUGINFO]
PLUGNAME=TSG_MASTER
SO_PATH=./plug/platform/tsg_master/tsg_master.so
INIT_FUNC=TSG_MASTER_INIT
DESTROY_FUNC=TSG_MASTER_UNLOAD
[TCP]
FUNC_FLAG=ALL
FUNC_NAME=TSG_MASTER_TCP_ENTRY

38
bin/tsg_tableinfo.conf Normal file
View File

@@ -0,0 +1,38 @@
#each collumn seperate with '\t'
#id (0~65535)
#name string
#type one of ip,expr,expr_plus,digest,intval,compile or plugin
#src_charset one of GBK,BIG5,UNICODE,UTF8
#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
#do_merege yes or no
#cross cache 0~max
#quickswitch quickon or quick off
#id name type src_charset dst_charset do_merge cross_cache quickswitch
0 TSG_SECURITY_COMPILE compile escape --
1 POLICY_OBJECT group UTF8 UTF8 no 0
2 TSG_OBJ_IP_ADDR ip UTF8 UTF8 no 0
3 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 no 0
4 TSG_OBJ_ACCOUNT expr UTF8 UTF8 no 0
5 TSG_OBJ_URL expr UTF8 UTF8 no 0
6 TSG_OBJ_FQDN expr UTF8 UTF8 no 0
7 TSG_OBJ_KEYWORDS expr UTF8 UTF8 no 0
8 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN --
9 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL --
10 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
11 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
12 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS --
13 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS --
14 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN --
15 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN --
16 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN --
17 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN --
18 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT --
19 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT --
20 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT --
21 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS --
22 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS --
23 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS --
24 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS --
25 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL --
26 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS --
27 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT --