From 68bc2cea5b455dc843890396c75def219da1f82e Mon Sep 17 00:00:00 2001 From: liuxueli Date: Thu, 12 Dec 2019 15:38:14 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E9=85=8D=E7=BD=AE=E6=96=87?= =?UTF-8?q?=E4=BB=B6=20=E6=B7=BB=E5=8A=A0autorelease.sh=E6=96=87=E4=BB=B6?= =?UTF-8?q?=20=E5=A2=9E=E5=8A=A0=E9=A2=84=E5=AE=89=E8=A3=85=E8=84=9A?= =?UTF-8?q?=E6=9C=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CMakeLists.txt | 35 +++------------- autorelease.sh | 34 +++++++++++++++ bin/maat.conf | 31 ++++++++++++++ bin/main.conf | 22 +++------- bin/tsg_dynamic_tableinfo.conf | 11 +++++ bin/tsg_maat.json | 77 ++++++++-------------------------- bin/tsg_static_tableinfo.conf | 41 ++++++++++++++++++ preinstall/install.sh | 14 +++++++ preinstall/uninstall.sh | 5 +++ 9 files changed, 164 insertions(+), 106 deletions(-) create mode 100644 autorelease.sh create mode 100644 bin/maat.conf create mode 100644 bin/tsg_dynamic_tableinfo.conf create mode 100644 bin/tsg_static_tableinfo.conf create mode 100644 preinstall/install.sh create mode 100644 preinstall/uninstall.sh diff --git a/CMakeLists.txt b/CMakeLists.txt index 3190ebb..547ccb2 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -33,40 +33,15 @@ set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run) add_subdirectory (src) -set(CONFLIST /plug/conflist.inf) -set(MASTER_INF "./plug/platform/tsg_master/tsg_master.inf") -set(PROJECT_LIST /etc/project_list.conf) - -file(WRITE ${PROJECT_SOURCE_DIR}/install.sh "#!/bin/sh\r\n") -file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "DST=\${RPM_INSTALL_PREFIX}\r\n") -file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "mkdir -p \${DST}/plug/platform/\r\n") -file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "mkdir -p \${DST}/etc/\r\n") -file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "touch \${DST}${CONFLIST}\r\n") -file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "touch \${DST}${PROJECT_LIST}\r\n") - -file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "if [[ -z `grep -rn 'POLICY_PRIORITY' \${DST}${PROJECT_LIST}` ]];then\r\n") -file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "echo 'POLICY_PRIORITY struct' >> \${DST}${PROJECT_LIST}\r\nfi\r\n") - -file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "if [[ -z `grep -rn 'tsg_master.inf' \${DST}${CONFLIST}` ]];then\r\n") -file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "sed -i '/\\[platform\\]/a\\${MASTER_INF}' \${DST}${CONFLIST}\r\nfi\r\n") -#file(APPEND ${PROJECT_SOURCE_DIR}/install.sh "echo './plug/platform/tsg_master/tsg_master.inf' >> \${DST}\${CONFLIST}\r\nfi\r\n") - -SET(CPACK_RPM_PRE_INSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/install.sh") - -file(WRITE ${PROJECT_SOURCE_DIR}/uninstall.sh "#!/bin/sh\r\n") -file(APPEND ${PROJECT_SOURCE_DIR}/uninstall.sh "DST=\${RPM_INSTALL_PREFIX}\r\n") -file(APPEND ${PROJECT_SOURCE_DIR}/uninstall.sh "mkdir -p \${DST}/plug/platform/\r\n") - -file(APPEND ${PROJECT_SOURCE_DIR}/uninstall.sh "sed -i '/tsg_master.inf/d' \${DST}${CONFLIST}\r\n") -file(APPEND ${PROJECT_SOURCE_DIR}/uninstall.sh "sed -i '/POLICY_PRIORITY/d' \${DST}${PROJECT_LIST}\r\n") - -SET(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/uninstall.sh") +SET(CPACK_RPM_PRE_INSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/preinstall/install.sh") +SET(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/preinstall/uninstall.sh") install(FILES bin/main.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf) -install(FILES bin/tsg_tableinfo.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf) +install(FILES bin/maat.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf) +install(FILES bin/tsg_static_tableinfo.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf) +install(FILES bin/tsg_dynamic_tableinfo.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf) install(FILES bin/tsg_log_field.conf DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf) install(FILES bin/tsg_maat.json DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf) -install(FILES bin/tsg_maat_ip_deny.json DESTINATION ${CMAKE_INSTALL_PREFIX}/tsgconf) install(FILES inc/tsg_send_log.h DESTINATION /opt/MESA/include/tsg) install(FILES inc/tsg_rule.h DESTINATION /opt/MESA/include/tsg) diff --git a/autorelease.sh b/autorelease.sh new file mode 100644 index 0000000..34eaefb --- /dev/null +++ b/autorelease.sh @@ -0,0 +1,34 @@ +#!/bin/sh +if [ $# -lt 8 ] ; then + echo "USAGE: ./autorelease.sh [API_V4_URL] [PROJECT_URL] + [PROJECT_ID] [TOKEN] + [COMMIT_TAG] [JOB] [PROJECT_NAME] [USER_DEFINE]" + echo "$1; $2; $3; $4; $5; $6; $7; $8" +exit 1; +fi + +CI_API_V4_URL=$1 +CI_PROJECT_URL=$2 +CI_PROJECT_ID=$3 +CI_TOKEN=$4 +CI_COMMIT_TAG=$5 +ARTIFACTS_JOB=$6 +CI_PROJECT_NAME=$7 +USER_DEFINE=$8 + +res=`echo -e "curl --header \"PRIVATE-TOKEN: $CI_TOKEN\" $CI_API_V4_URL/projects/$CI_PROJECT_ID/releases/$CI_COMMIT_TAG -o /dev/null -s -w %{http_code}"| /bin/bash` + +if [[ $res == "200" ]]; then + eval $(echo -e "curl --request POST --header \"PRIVATE-TOKEN: $CI_TOKEN\" \ + --data name=\"$CI_PROJECT_NAME-$USER_DEFINE-$CI_COMMIT_TAG.zip\" \ + --data url=\"$CI_PROJECT_URL/-/jobs/artifacts/$CI_COMMIT_TAG/download?job=$ARTIFACTS_JOB\"\ + $CI_API_V4_URL/projects/$CI_PROJECT_ID/releases/$CI_COMMIT_TAG/assets/links") +else + eval $(echo -e "curl --header 'Content-Type: application/json' --header \ + \"PRIVATE-TOKEN: $CI_TOKEN\" --data '{ \"name\": \"$CI_COMMIT_TAG\", \ + \"tag_name\": \"$CI_COMMIT_TAG\", \"description\": \"auto_release\",\ + \"assets\": { \"links\": [{ \"name\": \ + \"$CI_PROJECT_NAME-$USER_DEFINE-$CI_COMMIT_TAG.zip\", \"url\": \ + \"$CI_PROJECT_URL/-/jobs/artifacts/$CI_COMMIT_TAG/download?job=$ARTIFACTS_JOB\"\ + }] } }' --request POST $CI_API_V4_URL/projects/$CI_PROJECT_ID/releases/") +fi \ No newline at end of file diff --git a/bin/maat.conf b/bin/maat.conf new file mode 100644 index 0000000..d63a3e6 --- /dev/null +++ b/bin/maat.conf @@ -0,0 +1,31 @@ +[STATIC] +MAAT_MODE=2 +#EFFECTIVE_FLAG= +STAT_SWITCH=1 +PERF_SWITCH=1 +TABLE_INFO=tsgconf/tsg_static_tableinfo.conf +STAT_FILE=tsg_static_maat.status +EFFECT_INTERVAL_S=1 +REDIS_IP=192.168.40.120 +REDIS_PORT_NUM=1 +REDIS_PORT=7002 +REDIS_INDEX=0 +JSON_CFG_FILE=tsgconf/tsg_maat.json +INC_CFG_DIR=tsgrule/inc/index/ +FULL_CFG_DIR=tsgrule/full/index/ + +[DYNAMIC] +MAAT_MODE=2 +#EFFECTIVE_FLAG= +STAT_SWITCH=1 +PERF_SWITCH=1 +TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf +STAT_FILE=tsg_dynamic_maat.status +EFFECT_INTERVAL_S=1 +REDIS_IP=192.168.40.120 +REDIS_PORT_NUM=1 +REDIS_PORT=7002 +REDIS_INDEX=1 +JSON_CFG_FILE=tsgconf/tsg_maat.json +INC_CFG_DIR=tsgrule/inc/index/ +FULL_CFG_DIR=tsgrule/full/index/ diff --git a/bin/main.conf b/bin/main.conf index d79582c..8a5c46c 100644 --- a/bin/main.conf +++ b/bin/main.conf @@ -1,30 +1,18 @@ [MAAT] -MAAT_MODE=1 -#EFFECTIVE_FLAG= -STAT_SWITCH=1 -PERF_SWITCH=1 -TABLE_INFO=tsgconf/tsg_tableinfo.conf -STAT_FILE=tsg_maat.status -EFFECT_INTERVAL_S=1 -REDIS_IP=127.0.0.1 -REDIS_PORT_NUM=10 -REDIS_PORT=6380 -REDIS_INDEX=2 -JSON_CFG_FILE=tsgconf/tsg_maat.json -INC_CFG_DIR=tsgrule/inc/index/ -FULL_CFG_DIR=tsgrule/full/index/ - +PROFILE=./tsgconf/maat.conf IP_ADDR_TABLE=TSG_OBJ_IP_ADDR SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID +CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP + [TSG_LOG] MODE=1 -NIC_NAME=eth1 +NIC_NAME=lo MAX_SERVICE=0 LOG_LEVEL=10 LOG_PATH=./tsglog/tsglog BROKER_LIST=127.0.0.1:9092 -COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf +COMMON_FIELD_FILE=./tsgconf/tsg_log_field.conf [FIELD_STAT] CYCLE=3 diff --git a/bin/tsg_dynamic_tableinfo.conf b/bin/tsg_dynamic_tableinfo.conf new file mode 100644 index 0000000..7b24971 --- /dev/null +++ b/bin/tsg_dynamic_tableinfo.conf @@ -0,0 +1,11 @@ +#each collumn seperate with '\t' +#id (0~65535) +#name string +#type one of ip,expr,expr_plus,digest,intval,compile or plugin +#src_charset one of GBK,BIG5,UNICODE,UTF8 +#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/' +#do_merege yes or no +#cross cache 0~max +#quickswitch quickon or quick off +#id name type src_charset dst_charset do_merge cross_cache quickswitch +0 TSG_DYN_SUBSCRIBER_IP plugin {"key":3,"valid":5} -- diff --git a/bin/tsg_maat.json b/bin/tsg_maat.json index a592c25..90cb922 100644 --- a/bin/tsg_maat.json +++ b/bin/tsg_maat.json @@ -1,11 +1,11 @@ { "compile_table": "TSG_SECURITY_COMPILE", - "group_table": "POLICY_OBJECT", + "group_table": "GROUP_COMPILE_RELATION", "rules": [ - { - "compile_id": 1, + { + "compile_id": 172, "service": 0, - "action": 16, + "action": 2, "do_blacklist": 0, "do_log": 1, "effective_rage": 0, @@ -13,72 +13,31 @@ "is_valid": "yes", "groups": [ { - "group_name": "group_1", "regions": [ { + "table_type": "ip_plus", "table_name": "TSG_OBJ_IP_ADDR", - "table_type": "ip", "table_content": { "addr_type": "ipv4", - "src_ip": "61.135.169.125", - "mask_src_ip": "255.255.255.255", - "src_port": "80", - "mask_src_port": "65535", - "dst_ip": "192.168.41.228", - "mask_dst_ip": "255.255.255.255", - "dst_port": "0", - "mask_dst_port": "65535", + "saddr_format": "range", + "src_ip1": "192.168.50.133", + "src_ip2": "192.168.50.142", + "sport_format": "range", + "src_port1": "0", + "src_port2": "0", + "daddr_format": "mask", + "dst_ip1": "0.0.0.0", + "dst_ip2": "255.255.255.255", + "dport_format": "range", + "dst_port1": "0", + "dst_port2": "0", "protocol": 6, "direction": "double" } } ] } - ] - }, - { - "compile_id": 2, - "service": 0, - "action": 128, - "do_blacklist": 0, - "do_log": 1, - "effective_rage": 0, - "user_region": "anything", - "is_valid": "yes", - "groups": [ - { - "group_name": "FQDN_SNI", - "regions": [ - { - "table_name": "TSG_OBJ_FQDN", - "table_type": "expr", - "table_content": { - "keywords": "baidu.com", - "expr_type": "and", - "match_method": "sub", - "format": "uncase plain" - } - } - ] - } - ] - }, - { - "compile_id": 3, - "service": 0, - "action": 128, - "do_blacklist": 0, - "do_log": 1, - "effective_rage": 0, - "user_region": "Virtual", - "is_valid": "yes", - "groups": [ - { - "group_name":"FQDN_SNI", - "virtual_table":"TSG_FIELD_SSL_SNI", - "not_flag" : 0 - } - ] + ] } ] } diff --git a/bin/tsg_static_tableinfo.conf b/bin/tsg_static_tableinfo.conf new file mode 100644 index 0000000..d9d2863 --- /dev/null +++ b/bin/tsg_static_tableinfo.conf @@ -0,0 +1,41 @@ +#each collumn seperate with '\t' +#id (0~65535) +#name string +#type one of ip,expr,expr_plus,digest,intval,compile or plugin +#src_charset one of GBK,BIG5,UNICODE,UTF8 +#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/' +#do_merege yes or no +#cross cache 0~max +#quickswitch quickon or quick off +#id name type src_charset dst_charset do_merge cross_cache quickswitch +0 TSG_SECURITY_COMPILE compile escape -- +1 GROUP_COMPILE_RELATION group UTF8 UTF8 no 0 +2 TSG_OBJ_IP_ADDR ip_plus UTF8 UTF8 no 0 +3 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 +4 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0 +5 TSG_OBJ_URL expr UTF8 UTF8/GBK yes 0 +6 TSG_OBJ_FQDN expr UTF8 UTF8 yes 0 +6 TSG_OBJ_FQDN_CAT expr UTF8 UTF8 yes 0 +7 TSG_OBJ_KEYWORDS expr UTF8 UTF8 yes 0 +8 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8/GBK yes 0 +9 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN -- +10 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL -- +11 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- +12 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE -- +13 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS -- +14 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS -- +15 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN -- +16 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN -- +17 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN -- +18 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN -- +19 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT -- +20 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT -- +21 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT -- +22 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS -- +23 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS -- +24 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS -- +25 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS -- +26 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL -- +27 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS -- +28 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT -- +29 FW_PROFILE_DNS_RECORDS plugin {"key":1,"valid":5} -- diff --git a/preinstall/install.sh b/preinstall/install.sh new file mode 100644 index 0000000..7cd45f4 --- /dev/null +++ b/preinstall/install.sh @@ -0,0 +1,14 @@ +#!/bin/sh +DST=${RPM_INSTALL_PREFIX} +mkdir -p ${DST}/plug/platform/ +mkdir -p ${DST}/etc/ +touch ${DST}/plug/conflist.inf +touch ${DST}/etc/project_list.conf + +if [[ -z `grep -rn 'POLICY_PRIORITY' ${DST}/etc/project_list.conf` ]];then +echo 'POLICY_PRIORITY struct' >> ${DST}/etc/project_list.conf +fi + +if [[ -z `grep -rn 'tsg_master.inf' ${DST}/plug/conflist.inf` ]];then +sed -i '/\[platform\]/a\./plug/platform/tsg_master/tsg_master.inf' ${DST}/plug/conflist.inf +fi diff --git a/preinstall/uninstall.sh b/preinstall/uninstall.sh new file mode 100644 index 0000000..14e1334 --- /dev/null +++ b/preinstall/uninstall.sh @@ -0,0 +1,5 @@ +#!/bin/sh +DST=${RPM_INSTALL_PREFIX} +mkdir -p ${DST}/plug/platform/ +sed -i '/tsg_master.inf/d' ${DST}/plug/conflist.inf +sed -i '/POLICY_PRIORITY/d' ${DST}/etc/project_list.conf