From 0593a2bfeab198a40c9a9448d6f4f5c3dabdb49c Mon Sep 17 00:00:00 2001 From: midefos Date: Fri, 30 Aug 2024 12:27:32 +0200 Subject: [PATCH] upgrading, and improving ban server --- Cargo.lock | 98 ++++++++++++++++++++++++++++++++++++++++------------- Cargo.toml | 10 +++--- src/main.rs | 76 ++++++++++++++++++++++++----------------- 3 files changed, 124 insertions(+), 60 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1ffc199..248bcb6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -87,9 +87,9 @@ checksum = "8318a53db07bb3f8dca91a600466bdb3f2eaadeedfdbcf02e1accbad9271ba50" [[package]] name = "cc" -version = "1.1.13" +version = "1.1.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72db2f7947ecee9b03b510377e8bb9077afa27176fdbff55c51027e976fdcc48" +checksum = "57b6a275aa2903740dc87da01c62040406b8812552e97129a63ea8850a17c6e6" dependencies = [ "shlex", ] @@ -137,10 +137,23 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80" [[package]] -name = "filetime" -version = "0.2.24" +name = "env_logger" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf401df4a4e3872c4fe8151134cf483738e74b67fc934d6532c882b3d24a4550" +checksum = "44533bbbb3bb3c1fa17d9f2e4e38bbbaf8396ba82193c4cb1b6445d711445d36" +dependencies = [ + "atty", + "humantime", + "log", + "regex", + "termcolor", +] + +[[package]] +name = "filetime" +version = "0.2.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "35c0522e981e68cbfa8c3f978441a5f34b30b96e146b33cd3359176b50fe8586" dependencies = [ "cfg-if", "libc", @@ -218,6 +231,15 @@ version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" +[[package]] +name = "humantime" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df004cfca50ef23c36850aaaa59ad52cc70d0e90243c3c7737a4dd32dc7a3c4f" +dependencies = [ + "quick-error", +] + [[package]] name = "inotify" version = "0.9.6" @@ -317,11 +339,24 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" [[package]] -name = "martillo-maldito" +name = "logfmt_logger" version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "60da8a0835af8f55c23833348fae381a75380e4748465acc7faf094e426e2f0c" +dependencies = [ + "env_logger", + "log", + "termcolor", +] + +[[package]] +name = "martillo-maldito" +version = "0.1.2" dependencies = [ "iptables", "linemux", + "log", + "logfmt_logger", "openssl", "regex", "serde", @@ -400,9 +435,9 @@ dependencies = [ [[package]] name = "object" -version = "0.36.3" +version = "0.36.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27b64972346851a39438c60b341ebc01bba47464ae329e55cf343eb93964efd9" +checksum = "084f1a5821ac4c651660a94a7153d27ac9d8a53736203f58b31945ded098070a" dependencies = [ "memchr", ] @@ -436,7 +471,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] @@ -513,10 +548,16 @@ dependencies = [ ] [[package]] -name = "quote" -version = "1.0.36" +name = "quick-error" +version = "1.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" +checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" + +[[package]] +name = "quote" +version = "1.0.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] @@ -582,29 +623,29 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.208" +version = "1.0.209" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cff085d2cb684faa248efb494c39b68e522822ac0de72ccf08109abde717cfb2" +checksum = "99fce0ffe7310761ca6bf9faf5115afbc19688edd00171d81b1bb1b116c63e09" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.208" +version = "1.0.209" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24008e81ff7613ed8e5ba0cfaf24e2c2f1e5b8a0495711e44fcd4882fca62bcf" +checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] name = "serde_json" -version = "1.0.125" +version = "1.0.127" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83c8e735a073ccf5be70aa8066aa984eaf2fa000db6c8d0100ae605b366d31ed" +checksum = "8043c06d9f82bd7271361ed64f415fe5e12a77fdb52e573e7f06a516dea329ad" dependencies = [ "itoa", "memchr", @@ -679,15 +720,24 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.75" +version = "2.0.76" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6af063034fc1935ede7be0122941bafa9bacb949334d090b77ca98b5817c7d9" +checksum = "578e081a14e0cefc3279b0472138c513f37b41a08d5a3cca9b6e4e8ceb6cd525" dependencies = [ "proc-macro2", "quote", "unicode-ident", ] +[[package]] +name = "termcolor" +version = "1.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755" +dependencies = [ + "winapi-util", +] + [[package]] name = "textwrap" version = "0.11.0" @@ -699,9 +749,9 @@ dependencies = [ [[package]] name = "tokio" -version = "1.39.3" +version = "1.40.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9babc99b9923bfa4804bd74722ff02c0381021eafa4db9949217e3be8e84fff5" +checksum = "e2b070231665d27ad9ec9b8df639893f46727666c6767db40317fbe920a5d998" dependencies = [ "backtrace", "bytes", @@ -721,7 +771,7 @@ checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index c7d314b..444ab75 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "martillo-maldito" -version = "0.1.1" +version = "0.1.2" edition = "2021" [dependencies] @@ -8,7 +8,9 @@ structopt = "0.3.26" iptables = "0.5.2" linemux = "0.3.0" regex = "1.10.6" -tokio = { version = "1.39.3", features = ["macros", "rt", "rt-multi-thread", "signal"]} +tokio = { version = "1.40.0", features = ["macros", "rt", "rt-multi-thread", "signal"]} openssl = { version = "0.10.66", features = ["vendored"] } -serde = {version = "1.0.208", features = ["derive"]} -serde_json = "1.0.125" +serde = {version = "1.0.209", features = ["derive"]} +serde_json = "1.0.127" +log = "0.4.22" +logfmt_logger = "0.1.1" diff --git a/src/main.rs b/src/main.rs index 2b8f8c7..7879645 100644 --- a/src/main.rs +++ b/src/main.rs @@ -9,12 +9,15 @@ use iptables_wrapper::{ map_secured_ports_allowed_ips, remove_allow_ip_for_port, secure_port, unsecure_port, }; use linemux::MuxedLines; +use log::{error, info}; use login_attempt::LoginAttempt; use std::{collections::HashMap, path::PathBuf, thread::sleep, thread::spawn, time::Duration}; use structopt::StructOpt; #[tokio::main] async fn main() { + logfmt_logger::init(); + match Cli::from_args() { Cli::BanServer { ssh_auth_log, @@ -79,11 +82,6 @@ async fn start_ban_server( ssh_auth_log: PathBuf, iptables_save: Option, ) -> std::io::Result<()> { - let iptables = iptables::new(false).unwrap(); - let mut lines = MuxedLines::new()?; - lines.add_file(&ssh_auth_log).await?; - let mut login_attempts: HashMap = HashMap::new(); - if let Some(iptables_save) = iptables_save { let seconds_iptables = Duration::from_secs(60); println!( @@ -97,39 +95,53 @@ async fn start_ban_server( }); } - println!("Listeging to changer over file: {}", ssh_auth_log.display()); + let iptables = iptables::new(false).unwrap(); + let mut lines = MuxedLines::new()?; + lines.add_file(&ssh_auth_log).await?; + let mut login_attempts: HashMap = HashMap::new(); + + info!("listening changes over {}", ssh_auth_log.display()); loop { - while let Ok(Some(line)) = lines.next_line().await { - if let Some(login_attempt) = LoginAttempt::capture(line.line()) { - println!( - "Failed login attempt from {}@{}:{}", - login_attempt.user, login_attempt.ip, login_attempt.port - ); + let next_line = lines.next_line().await; - match login_attempts.get_mut(&login_attempt.ip) { - Some(count) => { - *count += 1; + if let Err(err) = next_line { + error!("reading next file: {}", err); + continue; + } + let line = next_line.unwrap(); + if line.is_none() { + continue; + } - if *count == 3 { - if iptables - .append_unique( - "filter", - "INPUT", - &format!("--source {} -j DROP", login_attempt.ip), - ) - .is_ok() - { - println!("IP {} banned", login_attempt.ip); - } else { - println!("IP {} already banned", login_attempt.ip); - } + let line = line.unwrap(); - login_attempts.remove(&login_attempt.ip); + if let Some(login_attempt) = LoginAttempt::capture(line.line()) { + info!( + "login attempt from {}@{}:{}", + login_attempt.user, login_attempt.ip, login_attempt.port + ); + + match login_attempts.get_mut(&login_attempt.ip) { + Some(count) => { + *count += 1; + + if *count == 3 { + if iptables + .append_unique( + "filter", + "INPUT", + &format!("--source {} -j DROP", login_attempt.ip), + ) + .is_ok() + { + info!("IP {} banned", login_attempt.ip); } + + login_attempts.remove(&login_attempt.ip); } - None => { - login_attempts.insert(login_attempt.ip.clone(), 1); - } + } + None => { + login_attempts.insert(login_attempt.ip.clone(), 1); } } }