gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

更新配置文件

Browse Source 
添加autorelease.sh文件
增加预安装脚本
This commit is contained in:
liuxueli
2019-12-12 15:38:14 +08:00
parent 7282a23e29
commit 68bc2cea5b
9 changed files with 164 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
CMakeLists.txt
View File

@@ -33,40 +33,15 @@ set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run)
add_subdirectory (src)
set(CONFLIST /plug/conflist.inf)
set(MASTER_INF "./plug/platform/tsg_master/tsg_master.inf")
set(PROJECT_LIST /etc/project_list.conf)
file(WRITE ${PROJECT_SOURCE_DIR}/install.sh "#!/bin/sh\r\n")
file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "DST=\${RPM_INSTALL_PREFIX}\r\n")
file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "mkdir -p \${DST}/plug/platform/\r\n")
file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "mkdir -p \${DST}/etc/\r\n")
file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "touch \${DST}${CONFLIST}\r\n")
file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "touch \${DST}${PROJECT_LIST}\r\n")
file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "if [[ -z `grep -rn 'POLICY_PRIORITY' \${DST}${PROJECT_LIST}` ]];then\r\n")
file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "echo 'POLICY_PRIORITY struct' >> \${DST}${PROJECT_LIST}\r\nfi\r\n")
file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "if [[ -z `grep -rn 'tsg_master.inf' \${DST}${CONFLIST}` ]];then\r\n")
file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "sed -i '/\\[platform\\]/a\\${MASTER_INF}' \${DST}${CONFLIST}\r\nfi\r\n")
#file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "echo './plug/platform/tsg_master/tsg_master.inf' >> \${DST}\${CONFLIST}\r\nfi\r\n")
SET(CPACK_RPM_PRE_INSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/install.sh")
file(WRITE ${PROJECT_SOURCE_DIR}/uninstall.sh "#!/bin/sh\r\n")
file(APPEND ${PROJECT_SOURCE_DIR}/uninstall.sh "DST=\${RPM_INSTALL_PREFIX}\r\n")
file(APPEND ${PROJECT_SOURCE_DIR}/uninstall.sh "mkdir -p \${DST}/plug/platform/\r\n")
file(APPEND ${PROJECT_SOURCE_DIR}/uninstall.sh "sed -i '/tsg_master.inf/d' \${DST}${CONFLIST}\r\n")
file(APPEND ${PROJECT_SOURCE_DIR}/uninstall.sh "sed -i '/POLICY_PRIORITY/d' \${DST}${PROJECT_LIST}\r\n")
SET(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/uninstall.sh")
SET(CPACK_RPM_PRE_INSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/preinstall/install.sh")
SET(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/preinstall/uninstall.sh")
install(FILES bin/main.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf)
install(FILES bin/tsg_tableinfo.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf)
install(FILES bin/maat.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf)
install(FILES bin/tsg_static_tableinfo.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf)
install(FILES bin/tsg_dynamic_tableinfo.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf)
install(FILES bin/tsg_log_field.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf)
install(FILES bin/tsg_maat.json DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf)
install(FILES bin/tsg_maat_ip_deny.json DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf)
install(FILES inc/tsg_send_log.h DESTINATION /opt/MESA/include/tsg)
install(FILES inc/tsg_rule.h DESTINATION /opt/MESA/include/tsg)

34
autorelease.sh Normal file
View File

@@ -0,0 +1,34 @@
#!/bin/sh
if [ $# -lt 8 ] ; then
echo "USAGE: ./autorelease.sh [API_V4_URL] [PROJECT_URL]
[PROJECT_ID] [TOKEN]
[COMMIT_TAG] [JOB] [PROJECT_NAME] [USER_DEFINE]"
echo "$1; $2; $3; $4; $5; $6; $7; $8"
exit 1;
fi
CI_API_V4_URL=$1
CI_PROJECT_URL=$2
CI_PROJECT_ID=$3
CI_TOKEN=$4
CI_COMMIT_TAG=$5
ARTIFACTS_JOB=$6
CI_PROJECT_NAME=$7
USER_DEFINE=$8
res=`echo -e "curl --header \"PRIVATE-TOKEN: $CI_TOKEN\" $CI_API_V4_URL/projects/$CI_PROJECT_ID/releases/$CI_COMMIT_TAG -o /dev/null -s -w %{http_code}"| /bin/bash`
if [[ $res == "200" ]]; then
eval $(echo -e "curl --request POST --header \"PRIVATE-TOKEN: $CI_TOKEN\" \
--data name=\"$CI_PROJECT_NAME-$USER_DEFINE-$CI_COMMIT_TAG.zip\" \
--data url=\"$CI_PROJECT_URL/-/jobs/artifacts/$CI_COMMIT_TAG/download?job=$ARTIFACTS_JOB\"\
$CI_API_V4_URL/projects/$CI_PROJECT_ID/releases/$CI_COMMIT_TAG/assets/links")
else
eval $(echo -e "curl --header 'Content-Type: application/json' --header \
\"PRIVATE-TOKEN: $CI_TOKEN\" --data '{ \"name\": \"$CI_COMMIT_TAG\", \
\"tag_name\": \"$CI_COMMIT_TAG\", \"description\": \"auto_release\",\
\"assets\": { \"links\": [{ \"name\": \
\"$CI_PROJECT_NAME-$USER_DEFINE-$CI_COMMIT_TAG.zip\", \"url\": \
\"$CI_PROJECT_URL/-/jobs/artifacts/$CI_COMMIT_TAG/download?job=$ARTIFACTS_JOB\"\
}] } }' --request POST $CI_API_V4_URL/projects/$CI_PROJECT_ID/releases/")
fi

31
bin/maat.conf Normal file
View File

@@ -0,0 +1,31 @@
[STATIC]
MAAT_MODE=2
#EFFECTIVE_FLAG=
STAT_SWITCH=1
PERF_SWITCH=1
TABLE_INFO=tsgconf/tsg_static_tableinfo.conf
STAT_FILE=tsg_static_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP=192.168.40.120
REDIS_PORT_NUM=1
REDIS_PORT=7002
REDIS_INDEX=0
JSON_CFG_FILE=tsgconf/tsg_maat.json
INC_CFG_DIR=tsgrule/inc/index/
FULL_CFG_DIR=tsgrule/full/index/
[DYNAMIC]
MAAT_MODE=2
#EFFECTIVE_FLAG=
STAT_SWITCH=1
PERF_SWITCH=1
TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
STAT_FILE=tsg_dynamic_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP=192.168.40.120
REDIS_PORT_NUM=1
REDIS_PORT=7002
REDIS_INDEX=1
JSON_CFG_FILE=tsgconf/tsg_maat.json
INC_CFG_DIR=tsgrule/inc/index/
FULL_CFG_DIR=tsgrule/full/index/

22
bin/main.conf
View File

@@ -1,30 +1,18 @@
[MAAT]
MAAT_MODE=1
#EFFECTIVE_FLAG=
STAT_SWITCH=1
PERF_SWITCH=1
TABLE_INFO=tsgconf/tsg_tableinfo.conf
STAT_FILE=tsg_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP=127.0.0.1
REDIS_PORT_NUM=10
REDIS_PORT=6380
REDIS_INDEX=2
JSON_CFG_FILE=tsgconf/tsg_maat.json
INC_CFG_DIR=tsgrule/inc/index/
FULL_CFG_DIR=tsgrule/full/index/
PROFILE=./tsgconf/maat.conf
IP_ADDR_TABLE=TSG_OBJ_IP_ADDR
SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID
CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP
[TSG_LOG]
MODE=1
NIC_NAME=eth1
NIC_NAME=lo
MAX_SERVICE=0
LOG_LEVEL=10
LOG_PATH=./tsglog/tsglog
BROKER_LIST=127.0.0.1:9092
COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
COMMON_FIELD_FILE=./tsgconf/tsg_log_field.conf
[FIELD_STAT]
CYCLE=3

11
bin/tsg_dynamic_tableinfo.conf Normal file
View File

@@ -0,0 +1,11 @@
#each collumn seperate with '\t'
#id (0~65535)
#name string
#type one of ip,expr,expr_plus,digest,intval,compile or plugin
#src_charset one of GBK,BIG5,UNICODE,UTF8
#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
#do_merege yes or no
#cross cache 0~max
#quickswitch quickon or quick off
#id name type src_charset dst_charset do_merge cross_cache quickswitch
0 TSG_DYN_SUBSCRIBER_IP plugin {"key":3,"valid":5} --

77
bin/tsg_maat.json
View File

@@ -1,11 +1,11 @@
{
"compile_table": "TSG_SECURITY_COMPILE",
"group_table": "POLICY_OBJECT",
"group_table": "GROUP_COMPILE_RELATION",
"rules": [
{
"compile_id": 1,
{
"compile_id": 172,
"service": 0,
"action": 16,
"action": 2,
"do_blacklist": 0,
"do_log": 1,
"effective_rage": 0,
@@ -13,72 +13,31 @@
"is_valid": "yes",
"groups": [
{
"group_name": "group_1",
"regions": [
{
"table_type": "ip_plus",
"table_name": "TSG_OBJ_IP_ADDR",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "61.135.169.125",
"mask_src_ip": "255.255.255.255",
"src_port": "80",
"mask_src_port": "65535",
"dst_ip": "192.168.41.228",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"saddr_format": "range",
"src_ip1": "192.168.50.133",
"src_ip2": "192.168.50.142",
"sport_format": "range",
"src_port1": "0",
"src_port2": "0",
"daddr_format": "mask",
"dst_ip1": "0.0.0.0",
"dst_ip2": "255.255.255.255",
"dport_format": "range",
"dst_port1": "0",
"dst_port2": "0",
"protocol": 6,
"direction": "double"
}
}
]
}
]
},
{
"compile_id": 2,
"service": 0,
"action": 128,
"do_blacklist": 0,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "FQDN_SNI",
"regions": [
{
"table_name": "TSG_OBJ_FQDN",
"table_type": "expr",
"table_content": {
"keywords": "baidu.com",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 3,
"service": 0,
"action": 128,
"do_blacklist": 0,
"do_log": 1,
"effective_rage": 0,
"user_region": "Virtual",
"is_valid": "yes",
"groups": [
{
"group_name":"FQDN_SNI",
"virtual_table":"TSG_FIELD_SSL_SNI",
"not_flag" : 0
}
]
]
}
]
}

41
bin/tsg_static_tableinfo.conf Normal file
View File

@@ -0,0 +1,41 @@
#each collumn seperate with '\t'
#id (0~65535)
#name string
#type one of ip,expr,expr_plus,digest,intval,compile or plugin
#src_charset one of GBK,BIG5,UNICODE,UTF8
#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
#do_merege yes or no
#cross cache 0~max
#quickswitch quickon or quick off
#id name type src_charset dst_charset do_merge cross_cache quickswitch
0 TSG_SECURITY_COMPILE compile escape --
1 GROUP_COMPILE_RELATION group UTF8 UTF8 no 0
2 TSG_OBJ_IP_ADDR ip_plus UTF8 UTF8 no 0
3 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0
4 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0
5 TSG_OBJ_URL expr UTF8 UTF8/GBK yes 0
6 TSG_OBJ_FQDN expr UTF8 UTF8 yes 0
6 TSG_OBJ_FQDN_CAT expr UTF8 UTF8 yes 0
7 TSG_OBJ_KEYWORDS expr UTF8 UTF8 yes 0
8 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8/GBK yes 0
9 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN --
10 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL --
11 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
12 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
13 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS --
14 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS --
15 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN --
16 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN --
17 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN --
18 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN --
19 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT --
20 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT --
21 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT --
22 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS --
23 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS --
24 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS --
25 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS --
26 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL --
27 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS --
28 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT --
29 FW_PROFILE_DNS_RECORDS plugin {"key":1,"valid":5} --

14
preinstall/install.sh Normal file
View File

@@ -0,0 +1,14 @@
#!/bin/sh
DST=${RPM_INSTALL_PREFIX}
mkdir -p ${DST}/plug/platform/
mkdir -p ${DST}/etc/
touch ${DST}/plug/conflist.inf
touch ${DST}/etc/project_list.conf
if [[ -z `grep -rn 'POLICY_PRIORITY' ${DST}/etc/project_list.conf` ]];then
echo 'POLICY_PRIORITY struct' >> ${DST}/etc/project_list.conf
fi
if [[ -z `grep -rn 'tsg_master.inf' ${DST}/plug/conflist.inf` ]];then
sed -i '/\[platform\]/a\./plug/platform/tsg_master/tsg_master.inf' ${DST}/plug/conflist.inf
fi

5
preinstall/uninstall.sh Normal file
View File

@@ -0,0 +1,5 @@
#!/bin/sh
DST=${RPM_INSTALL_PREFIX}
mkdir -p ${DST}/plug/platform/
sed -i '/tsg_master.inf/d' ${DST}/plug/conflist.inf
sed -i '/POLICY_PRIORITY/d' ${DST}/etc/project_list.conf