diff --git a/cmake/Package.cmake b/cmake/Package.cmake index 5bb224b..6a2f178 100644 --- a/cmake/Package.cmake +++ b/cmake/Package.cmake @@ -17,17 +17,16 @@ set(CPACK_RPM_FILE_NAME "RPM-DEFAULT") set(CPACK_RPM_PACKAGE_AUTOREQPROV "no") set(CPACK_RPM_PACKAGE_RELEASE_DIST on) set(CPACK_RPM_DEBUGINFO_PACKAGE on) -set(CPACK_RPM_PRE_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PreInstall.in) -#set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostInstall.in) -#set(CPACK_RPM_POST_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostUninstall.in) -#set(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PreUninstall.in) +set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostInstall.in) +set(CPACK_RPM_POST_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostUninstall.in) +set(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PreUninstall.in) set(CMAKE_INSTALL_PREFIX "/opt/tsg/verify-policy") set(CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX /opt/tsg) install(PROGRAMS build/platform/verify-policy DESTINATION ./bin) -install(DIRECTORY ./conf DESTINATION ./) -install(DIRECTORY ./resource DESTINATION ./) +install(DIRECTORY ./conf DESTINATION ${CMAKE_INSTALL_PREFIX}/) +install(DIRECTORY ./resource DESTINATION ${CMAKE_INSTALL_PREFIX}/) install(FILES script/service/verify-policy.service DESTINATION /usr/lib/systemd/system/) install(FILES script/tmpfiles/verify_policy.conf DESTINATION /usr/lib/tmpfiles.d/) diff --git a/cmake/PostInstall.in b/cmake/PostInstall.in new file mode 100644 index 0000000..00d79b7 --- /dev/null +++ b/cmake/PostInstall.in @@ -0,0 +1,3 @@ +%sysctl_apply +%tmpfiles_create +/sbin/ldconfig diff --git a/cmake/PostUninstall.in b/cmake/PostUninstall.in new file mode 100644 index 0000000..00d79b7 --- /dev/null +++ b/cmake/PostUninstall.in @@ -0,0 +1,3 @@ +%sysctl_apply +%tmpfiles_create +/sbin/ldconfig diff --git a/cmake/PreInstall.in b/cmake/PreInstall.in deleted file mode 100644 index e69de29..0000000 diff --git a/cmake/PreUninstall.in b/cmake/PreUninstall.in new file mode 100644 index 0000000..a3325d5 --- /dev/null +++ b/cmake/PreUninstall.in @@ -0,0 +1,2 @@ +%sysctl_apply +%tmpfiles_create diff --git a/resource/table_info_proxy.conf b/resource/table_info_proxy.conf index b756e4b..1cda569 100644 --- a/resource/table_info_proxy.conf +++ b/resource/table_info_proxy.conf @@ -31,7 +31,7 @@ 12 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS -- 13 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS -- 14 TSG_OBJ_SUBSCRIBER_ID expr UTF8 UTF8 yes 0 quickon -15 TSG_OBJ_APP_ID expr UTF8 UTF8 yes 0 +15 TSG_OBJ_APP_ID intval UTF8 UTF8 yes 0 16 TSG_SECURITY_SOURCE_ADDR virtual TSG_OBJ_IP_ADDR -- 17 TSG_SECURITY_DESTINATION_ADDR virtual TSG_OBJ_IP_ADDR -- 18 TSG_SECURITY_ADDR composition {"source":"TSG_SECURITY_SOURCE_ADDR","destination":"TSG_SECURITY_DESTINATION_ADDR"} @@ -47,19 +47,3 @@ 28 TSG_SECURITY_DESTINATION_LOCATION virtual TSG_OBJ_GEO_LOCATION -- 29 TSG_FIELD_DOH_QNAME virtual TSG_OBJ_FQDN -- 30 TSG_FIELD_DOH_HOST virtual TSG_OBJ_FQDN -- -#eliminate the alarm -31 TSG_OBJ_ACCOUNT expr UTF8 UTF8 yes 0 -32 TSG_FIELD_SSL_SNI virtual TSG_OBJ_FQDN -- -33 TSG_FIELD_SSL_CN virtual TSG_OBJ_FQDN -- -34 TSG_FIELD_SSL_SAN virtual TSG_OBJ_FQDN -- -35 TSG_FIELD_DNS_QNAME virtual TSG_OBJ_FQDN -- -36 TSG_FIELD_MAIL_ACCOUNT virtual TSG_OBJ_ACCOUNT -- -37 TSG_FIELD_MAIL_FROM virtual TSG_OBJ_ACCOUNT -- -38 TSG_FIELD_MAIL_TO virtual TSG_OBJ_ACCOUNT -- -39 TSG_FIELD_MAIL_SUBJECT virtual TSG_OBJ_KEYWORDS -- -40 TSG_FIELD_MAIL_CONTENT virtual TSG_OBJ_KEYWORDS -- -41 TSG_FIELD_MAIL_ATT_NAME virtual TSG_OBJ_KEYWORDS -- -42 TSG_FIELD_MAIL_ATT_CONTENT virtual TSG_OBJ_KEYWORDS -- -43 TSG_FIELD_FTP_URI virtual TSG_OBJ_URL -- -44 TSG_FIELD_FTP_CONTENT virtual TSG_OBJ_KEYWORDS -- -45 TSG_FIELD_FTP_ACCOUNT virtual TSG_OBJ_ACCOUNT -- diff --git a/resource/table_info_security.conf b/resource/table_info_security.conf index 80f2464..7d3ca97 100644 --- a/resource/table_info_security.conf +++ b/resource/table_info_security.conf @@ -18,7 +18,7 @@ 7 TSG_OBJ_FQDN expr UTF8 UTF8 yes 0 7 TSG_OBJ_FQDN_CAT expr UTF8 UTF8 yes 0 8 TSG_OBJ_KEYWORDS expr UTF8 UTF8/GBK/windows-1251 yes 0 -9 TSG_OBJ_APP_ID expr UTF8 UTF8 yes 0 +9 TSG_OBJ_APP_ID intval UTF8 UTF8 yes 0 10 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8/GBK yes 0 11 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN -- 12 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL -- diff --git a/scan/src/pangu_http.cpp b/scan/src/pangu_http.cpp index ed42538..67f894b 100644 --- a/scan/src/pangu_http.cpp +++ b/scan/src/pangu_http.cpp @@ -723,6 +723,20 @@ size_t http_policy_scan(enum verify_policy_type policy_type, struct verify_polic goto decide; } + if (protocol_field == PXY_CTRL_APP_ID || protocol_field == PXY_SECURITY_APP_ID) + { + int scan_val=atoi(value); + scan_ret=Maat_scan_intval(g_pangu_rt->maat[policy_type], g_pangu_rt->scan_table_id[policy_type][protocol_field], scan_val, ctx->result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &(ctx->scan_mid), ctx->thread_id); + if(scan_ret>0) + { + hit_cnt+=scan_ret; + } + n_read=Maat_get_scan_status(g_pangu_rt->maat[policy_type], &(ctx->scan_mid), MAAT_GET_SCAN_HIT_PATH, ctx->hit_path, sizeof(ctx->hit_path)); + query_obj->nth_scan = ctx->hit_path[ctx->n_read].Nth_scan; + ctx->n_read=n_read; + goto decide; + } + if ((protocol_field == PXY_CTRL_HTTP_REQ_HDR) || protocol_field == PXY_CTRL_HTTP_RES_HDR) { struct http_field_name *field_name = (protocol_field == PXY_CTRL_HTTP_REQ_HDR) ? req_fields : resp_fields; diff --git a/script/service/verify-policy.service b/script/service/verify-policy.service index 2f2f6d3..013cd14 100644 --- a/script/service/verify-policy.service +++ b/script/service/verify-policy.service @@ -3,8 +3,8 @@ Description=Verify Policy Engine After=redis.service [Service] -WorkingDirectory=/home/tsg/verify-policy -ExecStart=/home/tsg/verify-policy/bin/verify-policy +WorkingDirectory=/opt/tsg/verify-policy +ExecStart=/opt/tsg/verify-policy/bin/verify-policy Restart=always RestartSec=5s