gfwleak/tango-verify-policy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

策略验证配置文件、rpm包修改

Browse Source 
1. 支持虚拟表配置修改
2. 支持tar、rpm打包
3. 修改table_info配置
This commit is contained in:
fengweihao
2020-01-09 14:32:00 +08:00
parent cbc3cc52be
commit 3308970cdc
19 changed files with 270 additions and 148 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CMakeLists.txt
View File

@@ -1,7 +1,8 @@
#cmake_minimum_required(VERSION 3.5) cmake_minimum_required(VERSION 3.5)
project(verify-policy) project(verify-policy)
set(CMAKE_MODULE_PATH ${PROJECT_SOURCE_DIR}/cmake) set(CMAKE_MODULE_PATH ${PROJECT_SOURCE_DIR}/cmake)
set(CMAKE_SCRIPT_PATH ${PROJECT_SOURCE_DIR}/script)
include(Version) include(Version)
include(Package) include(Package)
@@ -14,7 +15,7 @@ if(NOT CMAKE_BUILD_TYPE)
endif() endif()
if (CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT) if (CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
set (CMAKE_INSTALL_PREFIX "/home/mesasoft/tfe" CACHE PATH "default install path" FORCE ) set (CMAKE_INSTALL_PREFIX "/home/tsg/verify-policy" CACHE PATH "default install path" FORCE )
endif() endif()
# Global compile options # Global compile options
@@ -44,6 +45,7 @@ endif()
add_custom_target("install-program" COMMAND ${CMAKE_COMMAND} ARGS -DCOMPONENT=Program -P cmake_install.cmake) add_custom_target("install-program" COMMAND ${CMAKE_COMMAND} ARGS -DCOMPONENT=Program -P cmake_install.cmake)
add_custom_target("install-profile" COMMAND ${CMAKE_COMMAND} ARGS -DCOMPONENT=Profile -P cmake_install.cmake) add_custom_target("install-profile" COMMAND ${CMAKE_COMMAND} ARGS -DCOMPONENT=Profile -P cmake_install.cmake)
add_custom_target("tarball" COMMAND sh ${CMAKE_SCRIPT_PATH}/tarball.sh ${TARGET_VERSION} ${TARGET_DESCRIBE})
enable_testing() enable_testing()
#add_subdirectory(conf) #add_subdirectory(conf)

19
cmake/Package.cmake
View File

@@ -9,8 +9,9 @@ message(STATUS "Package: ${CPACK_PACKAGE_NAME}")
set(CPACK_PACKAGE_VENDOR "MESASOFT") set(CPACK_PACKAGE_VENDOR "MESASOFT")
set(CPACK_PACKAGE_VERSION_MAJOR "${VERIFY_POLIC_VERSION_MAJOR}") set(CPACK_PACKAGE_VERSION_MAJOR "${VERIFY_POLIC_VERSION_MAJOR}")
set(CPACK_PACKAGE_VERSION_MINOR "${VERIFY_POLIC_VERSION_MINOR}") set(CPACK_PACKAGE_VERSION_MINOR "${VERIFY_POLIC_VERSION_MINOR}")
set(CPACK_PACKAGE_VERSION_PATCH "${VERIFY_POLIC_VERSION_PATCH}.${VERIFY_POLIC_DESCRIBE}") set(CPACK_PACKAGE_VERSION_PATCH "${VERIFY_POLIC_VERSION_PATCH}.${TARGET_DESCRIBE}")
set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX}) set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX})
message(STATUS "VERSION: ${VERIFY_POLIC_VERSION_MAJOR}")
# RPM Build # RPM Build
set(CPACK_GENERATOR "RPM") set(CPACK_GENERATOR "RPM")
@@ -19,10 +20,20 @@ set(CPACK_RPM_FILE_NAME "RPM-DEFAULT")
set(CPACK_RPM_PACKAGE_AUTOREQPROV "no") set(CPACK_RPM_PACKAGE_AUTOREQPROV "no")
set(CPACK_RPM_PACKAGE_RELEASE_DIST on) set(CPACK_RPM_PACKAGE_RELEASE_DIST on)
set(CPACK_RPM_DEBUGINFO_PACKAGE on) set(CPACK_RPM_DEBUGINFO_PACKAGE on)
set(CPACK_RPM_PRE_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PreInstall.in)
#set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostInstall.in) #set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostInstall.in)
#set(CPACK_RPM_POST_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostUninstall.in) #set(CPACK_RPM_POST_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostUninstall.in)
#set(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PreUninstall.in) #set(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PreUninstall.in)
set(CMAKE_INSTALL_PREFIX "/home/tsg/verify-policy")
set(CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX /home/tsg)
install(PROGRAMS build/platform/verify-policy DESTINATION ./bin)
install(DIRECTORY ./conf DESTINATION ./)
install(DIRECTORY ./resource DESTINATION ./)
install(FILES script/verify-policy.service DESTINATION /usr/lib/systemd/system/)
# Must uninstall the debug package before install release package # Must uninstall the debug package before install release package
if(CMAKE_BUILD_TYPE STREQUAL "Debug") if(CMAKE_BUILD_TYPE STREQUAL "Debug")
set(CPACK_RPM_PACKAGE_CONFLICTS "verify-policy") set(CPACK_RPM_PACKAGE_CONFLICTS "verify-policy")
@@ -31,7 +42,7 @@ else()
endif() endif()
# setup %config(noreplace) # setup %config(noreplace)
set(CPACK_RPM_USER_FILELIST "%config(noreplace) ${CMAKE_INSTALL_PREFIX}/conf/pangu/pangu_pxy.conf" set(CPACK_RPM_USER_FILELIST "%config(noreplace) ${CMAKE_INSTALL_PREFIX}/conf/verify_policy.conf"
"%config(noreplace) ${CMAKE_INSTALL_PREFIX}/conf/tfe/decrypt_mirror.conf" "%config(noreplace) ${CMAKE_INSTALL_PREFIX}/resource/table_info.conf"
"%config(noreplace) ${CMAKE_INSTALL_PREFIX}/conf/tfe/tfe.conf") "%config(noreplace) ${CMAKE_INSTALL_PREFIX}/resource/dynamic_maat_table_info.conf")
include(CPack) include(CPack)

2
cmake/PostInstall.in
View File

@@ -1,2 +0,0 @@
%systemd_post mrenv.service mrzcpd.service mrtunnat.service
/sbin/ldconfig

2
cmake/PostUninstall.in
View File

@@ -1,2 +0,0 @@
%systemd_postun_with_restart mrenv.service mrzcpd.service mrtunnat.service
/sbin/ldconfig

0
cmake/PreInstall.in Normal file
View File

1
cmake/PreUninstall.in
View File

@@ -1 +0,0 @@
%systemd_preun mrenv.service mrzcpd.service mrtunnat.service

12
cmake/Version.cmake
View File

@@ -31,8 +31,14 @@ if(NOT VERIFY_POLIC_VERSION_PATCH)
set(VERIFY_POLIC_VERSION_PATCH 0) set(VERIFY_POLIC_VERSION_PATCH 0)
endif() endif()
set(VERIFY_POLIC_VERSION "${VERIFY_POLIC_VERSION_MAJOR}.${VERIFY_POLIC_VERSION_MINOR}.${VERIFY_POLIC_VERSION_PATCH}") set(TARGET_DESCRIBE "${VCS_SHORT_HASH}")
set(TARGET_VERSION "${VERIFY_POLICY_VERSION_MAJOR}.${VERIFY_POLIC_VERSION_MINOR}.${VERIFY_POLIC_VERSION_PATCH}-${TARGET_DESCRIBE}")
set(TARGET_GIT_VERSION "${VERIFY_POLICY_VERSION_MAJOR}.${VERIFY_POLIC_VERSION_MINOR}.${VERIFY_POLIC_VERSION_PATCH}-${TARGET_DESCRIBE}")
# Replace .- with _
string(REGEX REPLACE "[\\.\\-]" "_" TARGET_VAR_VERSION "${TARGET_GIT_VERSION}")
# print information # print information
message(STATUS "Welcome to Verify Policy Engine, Version: ${VERIFY_POLIC_VERSION}") message(STATUS "Welcome to Verify Policy Engine, Version: ${TARGET_VERSION}")
add_definitions(-DVERIFY_POLIC_VERSION=${VERIFY_POLIC_VERSION}) add_definitions(-DTARGET_GIT_VERSION=\"${TARGET_GIT_VERSION}\")
add_definitions(-DTARGET_VAR_VERSION=${TARGET_VAR_VERSION})

2
common/CMakeLists.txt
View File

@@ -1,4 +1,4 @@
add_library(common src/verify_policy_logging.cpp) add_library(common src/verify_policy_logging.cpp)
target_include_directories(common PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include) target_include_directories(common PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include)
target_link_libraries(common PUBLIC MESA_handle_logger) target_link_libraries(common PUBLIC MESA_handle_logger libevent-static)

18
common/include/verify_policy.h
View File

@@ -1,7 +1,7 @@
/************************************************************************* /*************************************************************************
> File Name: verify_policy.h > File Name: verify_policy.h
> Author: > Author:
> Mail: > Mail:
> Created Time: 2019年08月23日 星期五 18时06分03秒 > Created Time: 2019年08月23日 星期五 18时06分03秒
************************************************************************/ ************************************************************************/
@@ -38,7 +38,7 @@ enum http_ev_bit_number
enum tfe_http_event enum tfe_http_event
{ {
EV_HTTP_IP = 1ULL << IP_BITNUM, EV_HTTP_IP = 1ULL << IP_BITNUM,
EV_HTTP_URL = 1ULL << URL_BITNUM, EV_HTTP_URL = 1ULL << URL_BITNUM,
EV_HTTP_FQDN = 1ULL << FQDN_BITNUM, EV_HTTP_FQDN = 1ULL << FQDN_BITNUM,
EV_HTTP_REQ_HDR = 1ULL << REQ_HDR_BITNUM, EV_HTTP_REQ_HDR = 1ULL << REQ_HDR_BITNUM,
EV_HTTP_RESP_HDR = 1ULL << RESP_HDR_BITNUM, EV_HTTP_RESP_HDR = 1ULL << RESP_HDR_BITNUM,
@@ -49,21 +49,21 @@ enum tfe_http_event
struct verify_proxy_thread struct verify_proxy_thread
{ {
int id; int id;
pthread_t pid; pthread_t pid;
evutil_socket_t accept_fd; evutil_socket_t accept_fd;
pthread_attr_t *attr; pthread_attr_t *attr;
struct evhttp *http; struct evhttp *http;
struct event_base *base; struct event_base *base;
void * (*routine)(void *); void * (*routine)(void *);
}; };
struct verify_proxy struct verify_proxy
{ {
char name[VERIFY_SYMBOL_MAX]; char name[VERIFY_SYMBOL_MAX];
void * logger; void * logger;
unsigned int log_level; unsigned int log_level;
unsigned int nr_work_threads; unsigned int nr_work_threads;
unsigned int listen_port; unsigned int listen_port;
struct verify_proxy_thread *work_threads[TFE_THREAD_MAX]; struct verify_proxy_thread *work_threads[TFE_THREAD_MAX];
}; };

4
common/src/verify_policy_logging.cpp
View File

@@ -47,6 +47,10 @@ void * verify_syslog_init(const char *config)
}else{ }else{
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Log module initialization"); mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Log module initialization");
} }
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "%s:%d", "Log level", logging_sc_lid.run_log_level);
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "%s:%s", "Log Directory", logging_sc_lid.run_log_path);
return logging_sc_lid.run_log_handle; return logging_sc_lid.run_log_handle;
finish: finish:
return NULL; return NULL;

54
conf/verify-policy.conf
View File

@@ -1,54 +0,0 @@
[SYSTEM]
#1:print on screen, 0:don't
DEBUG_SWITCH = 1
#10:DEBUG, 20:INFO, 30:FATAL
RUN_LOG_LEVEL = 10
RUN_LOG_PATH = ./logs
[CONFIG]
#Number of running threads
thread-nu = 4
[maat]
# 0:json 1: redis 2: iris
maat_input_mode=0
table_info=resource/pangu/table_info.conf
json_cfg_file=resource/pangu/pangu_http.json
stat_file=log/pangu_scan.status
full_cfg_dir=pangu_policy/
inc_cfg_dir=pangu_policy/
maat_redis_server=192.168.10.31
maat_redis_port=6379
maat_redis_db_index=0
effect_interval_s=1
accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
[NTC_MAAT]
#Configure the load mode,
#0: using the configuration distribution network
#1: using local json
#2: using Redis reads
maat_json_switch=2
#When the loading mode is sent to the network, set the scanning configuration modification interval (s).
effective_interval=1
#Specify the location of the configuration library table file
table_info=./conf/table_info.conf
#Incremental profile path
inc_cfg_dir=./rule/inc/index
#Full profile path
full_cfg_dir=./rule/full/index
#Json file path when json schema is used
pxy_obj_keyring=./conf/pxy_obj_keyring.json
[LIBEVENT]
#Local monitor port number, default is 9991
port = 9991
[CERTSTORE_REDIS]
#The Redis server IP address and port number where the certificate is stored locally
ip = 127.0.0.1
port = 6379
[MAAT_REDIS]
#Maat monitors the Redsi server IP address and port number
ip = 192.168.11.243
port = 6379
dbindex = 4

37
conf/verify_policy.conf Normal file
View File

@@ -0,0 +1,37 @@
[SYSTEM]
#1:print on screen, 0:don't
DEBUG_SWITCH = 1
#10:DEBUG, 20:INFO, 30:FATAL
RUN_LOG_LEVEL = 10
RUN_LOG_PATH = ./logs
[CONFIG]
#Number of running threads
thread-nu = 4
[maat]
# 0:json 1: redis 2: iris
maat_input_mode=1
table_info=./resource/table_info.conf
json_cfg_file=./resource/pangu_http.json
stat_file=logs/verify-policy.status
full_cfg_dir=verify-policy/
inc_cfg_dir=verify-policy/
maat_redis_server=192.168.40.120
maat_redis_port_range=7002
maat_redis_db_index=0
effect_interval_s=1
accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
[dynamic_maat]
maat_input_mode=1
table_info=./resource/dynamic_maat_table_info.conf
maat_redis_server=192.168.40.120
maat_redis_port_range=7002
maat_redis_db_index=1
effect_interval_s=1
[LISTEN]
#Local monitor port number, default is 9991
port = 9994

4
platform/CMakeLists.txt
View File

@@ -1,3 +1,7 @@
if(COMMAND cmake_policy)
cmake_policy(SET CMP0003 NEW)
endif(COMMAND cmake_policy)
add_executable(verify-policy src/verify_policy.cpp) add_executable(verify-policy src/verify_policy.cpp)
#target_include_directories(verify-policy PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include) #target_include_directories(verify-policy PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include)

81
platform/src/verify_policy.cpp
View File

@@ -1,7 +1,7 @@
/************************************************************************* /*************************************************************************
> File Name: verify-policy.cpp > File Name: verify-policy.cpp
> Author: > Author:
> Mail: > Mail:
> Created Time: 2019年08月23日 星期五 14时41分17秒 > Created Time: 2019年08月23日 星期五 14时41分17秒
************************************************************************/ ************************************************************************/
@@ -35,7 +35,7 @@ struct verify_policy_query
{ {
enum scan_table object_type; enum scan_table object_type;
int addr_type; int addr_type;
char *clientIp1; char *clientIp1;
unsigned int clientPort1; unsigned int clientPort1;
char *serverIp1; char *serverIp1;
@@ -44,17 +44,15 @@ struct verify_policy_query
struct keyword_obj keywords[16]; struct keyword_obj keywords[16];
}; };
#if 0 /* VERSION STRING */
#ifdef VERIFY_POLIC_VERSION #ifdef TARGET_GIT_VERSION
char *git_version = VERIFY_POLIC_VERSION; static __attribute__((__used__)) const char * git_ver = TARGET_GIT_VERSION;
#else #else
char *default_version = "1.1.1"; static __attribute__((__used__)) const char * git_ver = "1.1";
#endif #endif
#endif
const char *default_version = "1.1.1";
const char * version() const char * version()
{ {
return default_version; return git_ver;
} }
extern int pangu_policy_init(struct verify_proxy * verify, const char* profile_path); extern int pangu_policy_init(struct verify_proxy * verify, const char* profile_path);
@@ -62,7 +60,7 @@ extern int pangu_policy_init(struct verify_proxy * verify, const char* profile_p
static int verify_policy_init(struct verify_proxy * verify, const char *profile) static int verify_policy_init(struct verify_proxy * verify, const char *profile)
{ {
int xret = -1; int xret = -1;
xret = MESA_load_profile_uint_nodef(profile, "CONFIG", "thread-nu", &(verify->nr_work_threads)); xret = MESA_load_profile_uint_nodef(profile, "CONFIG", "thread-nu", &(verify->nr_work_threads));
if (xret < 0){ if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of running threads failed"); mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of running threads failed");
@@ -71,7 +69,8 @@ static int verify_policy_init(struct verify_proxy * verify, const char *profile)
if (xret < 0){ if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Listen Port invalid"); mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Listen Port invalid");
} }
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Listen Port %d", verify->listen_port); mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "%s:%d", "The Threads", verify->nr_work_threads);
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "%s:%d", "Libevent Port", verify->listen_port);
return xret; return xret;
} }
@@ -86,7 +85,7 @@ enum scan_table verify_type_str2idx(const char *action_str)
table_name[PXY_CTRL_HTTP_RES_HDR] = "res_hdr"; table_name[PXY_CTRL_HTTP_RES_HDR] = "res_hdr";
table_name[PXY_CTRL_HTTP_RES_BODY] = "keywords"; table_name[PXY_CTRL_HTTP_RES_BODY] = "keywords";
table_name[PXY_CTRL_SUBSCRIBE_ID] = "subscribeid"; table_name[PXY_CTRL_SUBSCRIBE_ID] = "subscribeid";
size_t i = 0; size_t i = 0;
for (i = 0; i < sizeof(table_name) / sizeof(const char *); i++) for (i = 0; i < sizeof(table_name) / sizeof(const char *); i++)
@@ -107,9 +106,9 @@ struct verify_policy_query *get_query_from_request(const char *data)
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "invalid policy parameter"); mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "invalid policy parameter");
return NULL; return NULL;
} }
struct verify_policy_query *query_ctx = ALLOC(struct verify_policy_query, 1); struct verify_policy_query *query_ctx = ALLOC(struct verify_policy_query, 1);
cJSON* item = NULL, *subitem = NULL; cJSON* item = NULL, *subitem = NULL;
item = cJSON_GetObjectItem(data_json,"objectType"); item = cJSON_GetObjectItem(data_json,"objectType");
if(item && item->type==cJSON_String) if(item && item->type==cJSON_String)
@@ -155,20 +154,20 @@ struct verify_policy_query *get_query_from_request(const char *data)
{ {
query_ctx->keywords[i].condition_scope =strdup(item->valuestring); query_ctx->keywords[i].condition_scope =strdup(item->valuestring);
query_ctx->keywords[i].condition_type = verify_type_str2idx(item->valuestring); query_ctx->keywords[i].condition_type = verify_type_str2idx(item->valuestring);
} }
item = cJSON_GetObjectItem(subitem, "keywords"); item = cJSON_GetObjectItem(subitem, "keywords");
if(item && item->type==cJSON_String) if(item && item->type==cJSON_String)
{ {
query_ctx->keywords[i].keyword =strdup(item->valuestring); query_ctx->keywords[i].keyword =strdup(item->valuestring);
} }
i++; i++;
} }
} }
for (i = 0; i < c_num; i++) for (i = 0; i < c_num; i++)
{ {
p += snprintf(p, sizeof(buff) - (p - buff), ", conditionScope:%s, keywords:%s", query_ctx->keywords[i].condition_scope, query_ctx->keywords[i].keyword); p += snprintf(p, sizeof(buff) - (p - buff), ", conditionScope:%s, keywords:%s", query_ctx->keywords[i].condition_scope, query_ctx->keywords[i].keyword);
} }
*p = '\0'; *p = '\0';
mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "%s", buff); mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "%s", buff);
return query_ctx; return query_ctx;
} }
@@ -184,7 +183,7 @@ char *verify_policy_scan(struct verify_policy_query *policy_query, int thread_id
if (key_obj->condition_scope == NULL) if (key_obj->condition_scope == NULL)
key_obj->condition_type = policy_query->object_type; key_obj->condition_type = policy_query->object_type;
switch(key_obj->condition_type) switch(key_obj->condition_type)
{ {
case PXY_CTRL_IP: case PXY_CTRL_IP:
@@ -198,19 +197,19 @@ char *verify_policy_scan(struct verify_policy_query *policy_query, int thread_id
case PXY_CTRL_HTTP_FQDN: case PXY_CTRL_HTTP_FQDN:
http_scan(key_obj->keyword, EV_HTTP_FQDN, NULL, 0, ctx); http_scan(key_obj->keyword, EV_HTTP_FQDN, NULL, 0, ctx);
break; break;
case PXY_CTRL_HTTP_REQ_HDR: case PXY_CTRL_HTTP_REQ_HDR:
http_scan(key_obj->keyword, EV_HTTP_REQ_HDR, NULL, 0, ctx); http_scan(key_obj->keyword, EV_HTTP_REQ_HDR, NULL, 0, ctx);
break; break;
case PXY_CTRL_HTTP_RES_HDR: case PXY_CTRL_HTTP_RES_HDR:
http_scan(key_obj->keyword, EV_HTTP_RESP_HDR, NULL, 0, ctx); http_scan(key_obj->keyword, EV_HTTP_RESP_HDR, NULL, 0, ctx);
break; break;
case PXY_CTRL_HTTP_REQ_BODY: case PXY_CTRL_HTTP_REQ_BODY:
case PXY_CTRL_HTTP_RES_BODY: case PXY_CTRL_HTTP_RES_BODY:
http_scan(key_obj->keyword, EV_HTTP_CONTENT, NULL, 0, ctx); http_scan(key_obj->keyword, EV_HTTP_CONTENT, NULL, 0, ctx);
break; break;
default: default:
break; break;
} }
} }
policy_payload = web_json_table_add(ctx); policy_payload = web_json_table_add(ctx);
@@ -229,7 +228,7 @@ evhttp_socket_send(struct evhttp_request *req, char *sendbuf)
goto err; goto err;
} }
evhttp_add_header(evhttp_request_get_output_headers(req), evhttp_add_header(evhttp_request_get_output_headers(req),
"Content-Type", "text/html"); "Content-Type", "text/html");
evhttp_add_header(evhttp_request_get_output_headers(req), "Connection", "keep-alive"); evhttp_add_header(evhttp_request_get_output_headers(req), "Connection", "keep-alive");
evbuffer_add_printf(evb, "%s", sendbuf); evbuffer_add_printf(evb, "%s", sendbuf);
evhttp_send_reply(req, HTTP_OK, "OK", evb); evhttp_send_reply(req, HTTP_OK, "OK", evb);
@@ -243,12 +242,12 @@ done:
} }
void evhttp_request_cb(struct evhttp_request *evh_req, void *arg) void evhttp_request_cb(struct evhttp_request *evh_req, void *arg)
{ {
char *policy_payload= NULL; char *policy_payload= NULL;
struct evbuffer * evbuf_body = NULL; struct evbuffer * evbuf_body = NULL;
char *input = NULL; ssize_t inputlen=0; char *input = NULL; ssize_t inputlen=0;
struct verify_policy_query *policy_query = NULL; struct verify_policy_query *policy_query = NULL;
struct verify_proxy_thread *thread_ctx = (struct verify_proxy_thread *)arg; struct verify_proxy_thread *thread_ctx = (struct verify_proxy_thread *)arg;
if (evhttp_request_get_command(evh_req) != EVHTTP_REQ_POST) if (evhttp_request_get_command(evh_req) != EVHTTP_REQ_POST)
@@ -256,7 +255,7 @@ void evhttp_request_cb(struct evhttp_request *evh_req, void *arg)
mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "FAILED (post type)"); mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "FAILED (post type)");
goto error; goto error;
} }
evbuf_body = evhttp_request_get_input_buffer(evh_req); evbuf_body = evhttp_request_get_input_buffer(evh_req);
if (!evbuf_body || 0==(inputlen = evbuffer_get_length(evbuf_body)) ||!(input = (char *)evbuffer_pullup(evbuf_body,inputlen))) if (!evbuf_body || 0==(inputlen = evbuffer_get_length(evbuf_body)) ||!(input = (char *)evbuffer_pullup(evbuf_body,inputlen)))
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to get post data information."); mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to get post data information.");
@@ -264,11 +263,11 @@ void evhttp_request_cb(struct evhttp_request *evh_req, void *arg)
} }
policy_query = get_query_from_request(input); policy_query = get_query_from_request(input);
if (policy_query == NULL) if (policy_query == NULL)
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Data parsing failed."); mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Data parsing failed.");
goto error; goto error;
} }
policy_payload = verify_policy_scan(policy_query, thread_ctx->id); policy_payload = verify_policy_scan(policy_query, thread_ctx->id);
if (policy_payload) if (policy_payload)
{ {
@@ -277,7 +276,7 @@ void evhttp_request_cb(struct evhttp_request *evh_req, void *arg)
free(policy_payload); free(policy_payload);
} }
goto finish; goto finish;
error: error:
evhttp_send_error(evh_req, HTTP_BADREQUEST, 0); evhttp_send_error(evh_req, HTTP_BADREQUEST, 0);
finish: finish:
@@ -288,30 +287,30 @@ void * verify_policy_thread(void * arg)
{ {
struct evhttp_bound_socket *bound = NULL; struct evhttp_bound_socket *bound = NULL;
struct verify_proxy_thread *thread_ctx = (struct verify_proxy_thread *)arg; struct verify_proxy_thread *thread_ctx = (struct verify_proxy_thread *)arg;
thread_ctx->base = event_base_new(); thread_ctx->base = event_base_new();
if (! thread_ctx->base) if (! thread_ctx->base)
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Can'thread_ctx allocate event base"); mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Can'thread_ctx allocate event base");
goto finish; goto finish;
} }
thread_ctx->http = evhttp_new(thread_ctx->base); thread_ctx->http = evhttp_new(thread_ctx->base);
if (!thread_ctx->http) if (!thread_ctx->http)
{ {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "couldn'thread_ctx create evhttp. Exiting."); mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "couldn'thread_ctx create evhttp. Exiting.");
goto error; goto error;
} }
evhttp_set_cb(thread_ctx->http, "/v1/policy/verification", evhttp_request_cb, thread_ctx); evhttp_set_cb(thread_ctx->http, "/v1/policy/verification", evhttp_request_cb, thread_ctx);
bound = evhttp_accept_socket_with_handle(thread_ctx->http, thread_ctx->accept_fd); bound = evhttp_accept_socket_with_handle(thread_ctx->http, thread_ctx->accept_fd);
if (bound != NULL) if (bound != NULL)
{ {
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Bound(%p) to port %d - Awaiting connections ... ", bound, mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Bound(%p) to port %d - Awaiting connections ... ", bound,
g_verify_proxy->listen_port); g_verify_proxy->listen_port);
} }
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Work thread %u is run...", thread_ctx->id); mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Work thread %u is run...", thread_ctx->id);
event_base_dispatch(thread_ctx->base); event_base_dispatch(thread_ctx->base);
error: error:
event_base_free(thread_ctx->base); event_base_free(thread_ctx->base);
@@ -466,7 +465,7 @@ int main(int argc, char * argv[])
switch (opt) switch (opt)
{ {
case 'v': case 'v':
fprintf(stderr, "Tango Frontend Engine, Version: %s\n", version()); fprintf(stderr, "Welcome to Verify Policy Engine, Version: %s\n", version());
return 0; return 0;
default: default:
break; break;
@@ -481,12 +480,12 @@ int main(int argc, char * argv[])
ret = verify_policy_init(g_verify_proxy, main_profile); ret = verify_policy_init(g_verify_proxy, main_profile);
CHECK_OR_EXIT(ret == 0, "Failed at loading profile %s, Exit.", main_profile); CHECK_OR_EXIT(ret == 0, "Failed at loading profile %s, Exit.", main_profile);
ret = pangu_policy_init(g_verify_proxy, main_profile); ret = pangu_policy_init(g_verify_proxy, main_profile);
CHECK_OR_EXIT(ret == 0, "Failed at init panggu module, Exit."); CHECK_OR_EXIT(ret == 0, "Failed at init panggu module, Exit.");
ret = pangu_policy_work_thread_run(g_verify_proxy); ret = pangu_policy_work_thread_run(g_verify_proxy);
return ret; return ret;
} }

19
resource/dynamic_maat_table_info.conf Normal file
View File

@@ -0,0 +1,19 @@
#each collumn seperate with '\t'
#id (0~65535)
#name string
#type one of ip,expr,expr_plus,digest,intval,compile or plugin
#src_charset one of GBK,BIG5,UNICODE,UTF8
#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
#do_merege [yes/no]
#cross cache [number]
#quick mode [quickon/quickoff], default [quickoff]
#For ip/intval/digest/compile/group
#id name type
#
#For plugin table
#id name type json_descr
#
#For expr/expr_plus Table
#id name type src_charset dst_charset do_merge cross_cache quick_mode
1 TSG_DYN_SUBSCRIBER_IP plugin {"key":3,"valid":5}

49
resource/table_info.conf Normal file
View File

@@ -0,0 +1,49 @@
#each collumn seperate with '\t'
#id (0~65535)
#name string
#type one of ip,expr,expr_plus,digest,intval,compile or plugin
#src_charset one of GBK,BIG5,UNICODE,UTF8
#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
#do_merege [yes/no]
#cross cache [number]
#quick mode [quickon/quickoff], default [quickoff]
#For ip/intval/digest/compile/group
#id name type
#
#For plugin table
#id name type json_descr
#
#For expr/expr_plus Table
#id name type src_charset dst_charset do_merge cross_cache quick_mode
0 PXY_CTRL_COMPILE compile escape --
1 GROUP_COMPILE_RELATION group --
2 TSG_OBJ_IP_ADDR ip_plus ---
3 TSG_OBJ_URL expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
4 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL --
5 TSG_OBJ_FQDN expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
5 TSG_OBJ_FQDN_CAT expr UTF8 GBK/UNICODE/UTF8/url_encode_gb2312/url_encode_utf8 yes 0 quickoff
6 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN --
7 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8 yes 0 quickoff
8 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
9 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
10 TSG_OBJ_KEYWORDS expr UTF8 GBK/UNICODE/UTF8 yes 128 quickoff
11 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS --
12 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS --
13 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 quickon
14 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN --
15 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN --
16 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN --
17 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN --
18 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0
19 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT --
20 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT --
21 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT --
22 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS --
23 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS --
24 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS --
25 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS --
26 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL --
27 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS --
28 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT --

60
scan/src/pangu_http.cpp
View File

@@ -1,7 +1,7 @@
/************************************************************************* /*************************************************************************
> File Name: pangu_http.cpp > File Name: pangu_http.cpp
> Author: > Author:
> Mail: > Mail:
> Created Time: 2019年08月23日 星期五 16时53分25秒 > Created Time: 2019年08月23日 星期五 16时53分25秒
************************************************************************/ ************************************************************************/
#include <assert.h> #include <assert.h>
@@ -45,7 +45,7 @@ struct pangu_http_ctx
stream_para_t sp; stream_para_t sp;
size_t hit_cnt; size_t hit_cnt;
struct Maat_rule_t result[MAX_SCAN_RESULT]; struct Maat_rule_t result[MAX_SCAN_RESULT];
size_t n_enforce; size_t n_enforce;
struct Maat_rule_t * enforce_rules; struct Maat_rule_t * enforce_rules;
int thread_id; int thread_id;
}; };
@@ -169,46 +169,46 @@ char *web_json_table_add(void *pme)
cJSON *execute_obj=NULL, *obj_list=NULL, *category_obj=NULL; cJSON *execute_obj=NULL, *obj_list=NULL, *category_obj=NULL;
struct pangu_http_ctx * ctx = (struct pangu_http_ctx *) pme; struct pangu_http_ctx * ctx = (struct pangu_http_ctx *) pme;
policy_obj=cJSON_CreateObject(); policy_obj=cJSON_CreateObject();
cJSON_AddNumberToObject(policy_obj, "code", 200); cJSON_AddNumberToObject(policy_obj, "code", 200);
cJSON_AddStringToObject(policy_obj, "msg", ""); cJSON_AddStringToObject(policy_obj, "msg", "");
cJSON_AddNumberToObject(policy_obj, "success", 1); cJSON_AddNumberToObject(policy_obj, "success", 1);
data_obj = cJSON_CreateObject(); data_obj = cJSON_CreateObject();
cJSON_AddItemToObject(policy_obj, "data", data_obj); cJSON_AddItemToObject(policy_obj, "data", data_obj);
/*hitPolicyList **/ /*hitPolicyList **/
hit_obj = cJSON_CreateObject(); hit_obj = cJSON_CreateObject();
cJSON_AddItemToObject(data_obj, "hitPolicyList", hit_obj); cJSON_AddItemToObject(data_obj, "hitPolicyList", hit_obj);
if (ctx->hit_cnt >= 1) if (ctx->hit_cnt >= 1)
{ {
for (i = 0; i < ctx->hit_cnt; i++) for (i = 0; i < ctx->hit_cnt; i++)
{ {
cJSON_AddNumberToObject(hit_obj, "policyId", ctx->result[i].config_id); cJSON_AddNumberToObject(hit_obj, "policyId", ctx->result[i].config_id);
cJSON_AddStringToObject(hit_obj, "policyName", ""); cJSON_AddStringToObject(hit_obj, "policyName", "");
} }
} }
/*executePolicyList **/ /*executePolicyList **/
execute_obj = cJSON_CreateObject(); execute_obj = cJSON_CreateObject();
cJSON_AddItemToObject(data_obj, "executePolicyList", execute_obj); cJSON_AddItemToObject(data_obj, "executePolicyList", execute_obj);
cJSON_AddNumberToObject(execute_obj, "policyId", ctx->enforce_rules[0].config_id); cJSON_AddNumberToObject(execute_obj, "policyId", ctx->enforce_rules[0].config_id);
cJSON_AddStringToObject(execute_obj, "policyName", ""); cJSON_AddStringToObject(execute_obj, "policyName", "");
/*objectList**/ /*objectList**/
obj_list = cJSON_CreateObject(); obj_list = cJSON_CreateObject();
cJSON_AddItemToObject(data_obj, "objectList", obj_list); cJSON_AddItemToObject(data_obj, "objectList", obj_list);
cJSON_AddNumberToObject(obj_list, "objectId", 12); cJSON_AddNumberToObject(obj_list, "objectId", 12);
cJSON_AddStringToObject(obj_list, "objectName", ""); cJSON_AddStringToObject(obj_list, "objectName", "");
cJSON *itemList = cJSON_CreateObject(); cJSON *itemList = cJSON_CreateObject();
cJSON_AddItemToObject(obj_list, "itemList", itemList); cJSON_AddItemToObject(obj_list, "itemList", itemList);
cJSON_AddNumberToObject(itemList, "itemId", 12); cJSON_AddNumberToObject(itemList, "itemId", 12);
cJSON_AddStringToObject(itemList, "reqParam", ""); cJSON_AddStringToObject(itemList, "reqParam", "");
/*categoryList**/ /*categoryList**/
category_obj = cJSON_CreateObject(); category_obj = cJSON_CreateObject();
cJSON_AddItemToObject(data_obj, "categoryList", category_obj); cJSON_AddItemToObject(data_obj, "categoryList", category_obj);
cJSON_AddNumberToObject(category_obj, "categoryId", 12); cJSON_AddNumberToObject(category_obj, "categoryId", 12);
cJSON_AddStringToObject(category_obj, "reqParam", ""); cJSON_AddStringToObject(category_obj, "reqParam", "");
policy_payload = cJSON_PrintUnformatted(policy_obj); policy_payload = cJSON_PrintUnformatted(policy_obj);
@@ -224,7 +224,7 @@ void http_scan(const char * value, enum tfe_http_event events,
const char * field_val = NULL; const char * field_val = NULL;
int scan_ret = 0, table_id = 0; int scan_ret = 0, table_id = 0;
size_t hit_cnt = 0; size_t hit_cnt = 0;
struct pangu_http_ctx * ctx = (struct pangu_http_ctx *) pme; struct pangu_http_ctx * ctx = (struct pangu_http_ctx *) pme;
if (events & EV_HTTP_IP) if (events & EV_HTTP_IP)
@@ -278,7 +278,7 @@ void http_scan(const char * value, enum tfe_http_event events,
if ((events & EV_HTTP_REQ_HDR) || (events & EV_HTTP_RESP_HDR)) if ((events & EV_HTTP_REQ_HDR) || (events & EV_HTTP_RESP_HDR))
{ {
table_id = events & PXY_CTRL_HTTP_REQ_HDR ? g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_REQ_HDR] : g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_RES_HDR]; table_id = events & PXY_CTRL_HTTP_REQ_HDR ? g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_REQ_HDR] : g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_RES_HDR];
const char * str_field_name = NULL; const char * str_field_name = NULL;
scan_ret = Maat_set_scan_status(g_pangu_rt->maat, &(ctx->scan_mid), MAAT_SET_SCAN_DISTRICT, scan_ret = Maat_set_scan_status(g_pangu_rt->maat, &(ctx->scan_mid), MAAT_SET_SCAN_DISTRICT,
str_field_name, strlen(str_field_name)); str_field_name, strlen(str_field_name));
@@ -314,7 +314,7 @@ void http_scan(const char * value, enum tfe_http_event events,
} }
return ; return ;
} }
char * verify_policy_str_to_addr() char * verify_policy_str_to_addr()
{ {
return NULL; return NULL;
@@ -342,7 +342,9 @@ static Maat_feather_t create_maat_feather(const char * instance_name, const char
MESA_load_profile_string_def(profile, section, "json_cfg_file", json_cfg_file, sizeof(json_cfg_file), ""); MESA_load_profile_string_def(profile, section, "json_cfg_file", json_cfg_file, sizeof(json_cfg_file), "");
MESA_load_profile_string_def(profile, section, "maat_redis_server", redis_server, sizeof(redis_server), ""); MESA_load_profile_string_def(profile, section, "maat_redis_server", redis_server, sizeof(redis_server), "");
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "%s:%s", "Maat Redis Ip", redis_server);
MESA_load_profile_string_def(profile, section, "maat_redis_port_range", redis_port_range, sizeof(redis_server), "6379"); MESA_load_profile_string_def(profile, section, "maat_redis_port_range", redis_port_range, sizeof(redis_server), "6379");
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "%s:%s", "Maat Redis Port", redis_port_range);
ret=sscanf(redis_port_range,"%d-%d", &redis_port_begin, &redis_port_end); ret=sscanf(redis_port_range,"%d-%d", &redis_port_begin, &redis_port_end);
if(ret==1) if(ret==1)
{ {
@@ -460,7 +462,7 @@ void subscribe_id_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA* to, MAAT_PLUGIN_EX_D
int pangu_policy_init(struct verify_proxy * verify, const char* profile_path) int pangu_policy_init(struct verify_proxy * verify, const char* profile_path)
{ {
int ret = -1; int ret = -1;
g_pangu_rt = ALLOC(struct pangu_rt, 1); g_pangu_rt = ALLOC(struct pangu_rt, 1);
g_pangu_rt->thread_num = verify->nr_work_threads; g_pangu_rt->thread_num = verify->nr_work_threads;
@@ -473,14 +475,14 @@ int pangu_policy_init(struct verify_proxy * verify, const char* profile_path)
} }
const char * table_name[__SCAN_TABLE_MAX]; const char * table_name[__SCAN_TABLE_MAX];
table_name[PXY_CTRL_IP] = "PXY_CTRL_IP"; table_name[PXY_CTRL_IP] = "TSG_OBJ_IP_ADDR";
table_name[PXY_CTRL_HTTP_URL] = "PXY_CTRL_HTTP_URL"; table_name[PXY_CTRL_HTTP_URL] = "TSG_FIELD_HTTP_URL";
table_name[PXY_CTRL_HTTP_FQDN] = "TSG_OBJ_FQDN"; table_name[PXY_CTRL_HTTP_FQDN] = "TSG_FIELD_HTTP_HOST";
table_name[PXY_CTRL_HTTP_REQ_HDR] = "PXY_CTRL_HTTP_REQ_HDR"; table_name[PXY_CTRL_HTTP_REQ_HDR] = "TSG_FIELD_HTTP_REQ_HDR";
table_name[PXY_CTRL_HTTP_REQ_BODY] = "TSG_OBJ_CONTENT"; table_name[PXY_CTRL_HTTP_REQ_BODY] = "TSG_FIELD_HTTP_REQ_CONTENT";
table_name[PXY_CTRL_HTTP_RES_HDR] = "PXY_CTRL_HTTP_RES_HDR"; table_name[PXY_CTRL_HTTP_RES_HDR] = "TSG_FIELD_HTTP_RES_HDR";
table_name[PXY_CTRL_HTTP_RES_BODY] = "TSG_OBJ_CONTENT"; table_name[PXY_CTRL_HTTP_RES_BODY] = "TSG_FIELD_HTTP_RES_CONTENT";
table_name[PXY_CTRL_SUBSCRIBE_ID] = "PXY_CTRL_SUBSCRIBE_ID"; table_name[PXY_CTRL_SUBSCRIBE_ID] = "TSG_OBJ_SUBSCRIBER_ID";
for (int i = 0; i < __SCAN_TABLE_MAX; i++) for (int i = 0; i < __SCAN_TABLE_MAX; i++)
{ {
g_pangu_rt->scan_table_id[i] = Maat_table_register(g_pangu_rt->maat, table_name[i]); g_pangu_rt->scan_table_id[i] = Maat_table_register(g_pangu_rt->maat, table_name[i]);
@@ -490,7 +492,7 @@ int pangu_policy_init(struct verify_proxy * verify, const char* profile_path)
goto error_out; goto error_out;
} }
} }
g_pangu_rt->dyn_maat = create_maat_feather("dyn", profile_path, "DYNAMIC_MAAT", g_pangu_rt->thread_num, g_pangu_rt->local_logger); g_pangu_rt->dyn_maat = create_maat_feather("dyn", profile_path, "DYNAMIC_MAAT", g_pangu_rt->thread_num, g_pangu_rt->local_logger);
if (!g_pangu_rt->maat) if (!g_pangu_rt->maat)
{ {

36
script/tarball.sh Normal file
View File

@@ -0,0 +1,36 @@
X=verify-policy
#X=certstore
typeset -l version
version=`lsb_release -i -s`
version_id=`lsb_release -r -s`
machine=`uname -m`
issue_date=`date "+%Y%m%d"`
tarball="$X-$2-$version$version_id-$machine-$issue_date".tar.gz
do_mkdir(){
if [ ! -d "../package" ]; then
mkdir ../package
fi
cd ../package
rm $X -rf
mkdir $X
mkdir $X/bin
}
do_copy(){
cp ../resource/ $X -rf
cp ../build/platform/verify-policy $X/bin
cp ../conf $X -rf
}
do_tarball(){
tar -zcvf $1 $X
rm $X -rf
echo "`date` BUILD=$X COMMIT=$2 ARCHIVE=$tarball" >> release.log
}
do_mkdir
do_copy $1
do_tarball $tarball

12
script/verify-policy.service Normal file
View File

@@ -0,0 +1,12 @@
[Unit]
Description=Verify Policy Engine
After=redis.service
[Service]
WorkingDirectory=/home/tsg/verify-policy
ExecStart=/home/tsg/verify-policy/bin/verify-policy
Restart=always
RestartSec=5s
[Install]
WantedBy=multi-user.target