midefos/martillo-maldito
midefos/martillo-maldito
1
0
Fork 0
Code

print true/false depending of result

Browse Source
This commit is contained in:
midefos 2024-07-23 22:56:03 +02:00
parent d6b1502759
commit 31768af600
4 changed files with 75 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
Cargo.lock generated
View File

@ -343,6 +343,18 @@ dependencies = [
"windows-sys 0.48.0", "windows-sys 0.48.0",
] ]
[[package]]
name = "mio"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4569e456d394deccd22ce1c1913e6ea0e54519f577285001215d33557431afe4"
dependencies = [
"hermit-abi 0.3.9",
"libc",
"wasi",
"windows-sys 0.52.0",
]
[[package]] [[package]]
name = "nix" name = "nix"
version = "0.29.0" version = "0.29.0"
@ -367,21 +379,11 @@ dependencies = [
"inotify", "inotify",
"kqueue", "kqueue",
"libc", "libc",
"mio", "mio 0.8.11",
"walkdir", "walkdir",
"windows-sys 0.45.0", "windows-sys 0.45.0",
] ]
[[package]]
name = "num_cpus"
version = "1.16.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43"
dependencies = [
"hermit-abi 0.3.9",
"libc",
]
[[package]] [[package]]
name = "object" name = "object"
version = "0.36.1" version = "0.36.1"
@ -420,7 +422,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn 2.0.71", "syn 2.0.72",
] ]
[[package]] [[package]]
@ -581,7 +583,7 @@ checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn 2.0.71", "syn 2.0.72",
] ]
[[package]] [[package]]
@ -656,9 +658,9 @@ dependencies = [
[[package]] [[package]]
name = "syn" name = "syn"
version = "2.0.71" version = "2.0.72"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b146dcf730474b4bcd16c311627b31ede9ab149045db4d6088b3becaea046462" checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
@ -676,30 +678,29 @@ dependencies = [
[[package]] [[package]]
name = "tokio" name = "tokio"
version = "1.38.1" version = "1.39.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "eb2caba9f80616f438e09748d5acda951967e1ea58508ef53d9c6402485a46df" checksum = "d040ac2b29ab03b09d4129c2f5bbd012a3ac2f79d38ff506a4bf8dd34b0eac8a"
dependencies = [ dependencies = [
"backtrace", "backtrace",
"bytes", "bytes",
"libc", "libc",
"mio", "mio 1.0.1",
"num_cpus",
"pin-project-lite", "pin-project-lite",
"signal-hook-registry", "signal-hook-registry",
"tokio-macros", "tokio-macros",
"windows-sys 0.48.0", "windows-sys 0.52.0",
] ]
[[package]] [[package]]
name = "tokio-macros" name = "tokio-macros"
version = "2.3.0" version = "2.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5f5ae998a069d4b5aba8ee9dad856af7d520c3699e6159b185c2acd48155d39a" checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
"syn 2.0.71", "syn 2.0.72",
] ]
[[package]] [[package]]

6
src/iptables_save.rs
View File

@ -1,7 +1,7 @@
use std::{path::Path, process::Command}; use std::{path::Path, process::Command};
pub fn save_iptables(path: &Path) { pub fn save_iptables(path: &Path) -> std::io::Result<std::process::Output> {
let _ = Command::new("iptables-save") Command::new("iptables-save")
.args(["-f", path.to_str().unwrap()]) .args(["-f", path.to_str().unwrap()])
.output(); .output()
} }

60
src/iptables_wrapper.rs
View File

@ -1,7 +1,6 @@
use std::collections::HashMap;
use iptables::IPTables; use iptables::IPTables;
use regex::Regex; use regex::Regex;
use std::collections::HashMap;
pub fn is_port_secured(port: u16, docker: bool) -> bool { pub fn is_port_secured(port: u16, docker: bool) -> bool {
let iptables = iptables::new(false).unwrap(); let iptables = iptables::new(false).unwrap();
@ -80,11 +79,15 @@ pub fn map_secured_ports_allowed_ips(docker: bool) -> HashMap<u16, Vec<String>>
result result
} }
pub fn secure_port_rule(port: u16) -> String { fn secure_port_rule(port: u16) -> String {
format!("-p tcp --dport {} -j DROP", port) format!("-p tcp --dport {} -j DROP", port)
} }
pub fn secure_port(port: u16, docker: bool, position: Option<i32>) { pub fn secure_port(
port: u16,
docker: bool,
position: Option<i32>,
) -> Result<(), Box<dyn std::error::Error>> {
let iptables = iptables::new(false).unwrap(); let iptables = iptables::new(false).unwrap();
let table = "filter"; let table = "filter";
@ -95,22 +98,23 @@ pub fn secure_port(port: u16, docker: bool, position: Option<i32>) {
} else { } else {
append_unique(&iptables, table, &chain, &rule) append_unique(&iptables, table, &chain, &rule)
} }
println!("Port {} secured", port);
} }
pub fn unsecure_port(port: u16, docker: bool) { pub fn unsecure_port(port: u16, docker: bool) -> Result<(), Box<dyn std::error::Error>> {
let iptables = iptables::new(false).unwrap(); let iptables = iptables::new(false).unwrap();
let _ = iptables.delete("filter", &get_chain(docker), &secure_port_rule(port)); iptables.delete("filter", &get_chain(docker), &secure_port_rule(port))
println!("Port {} unsecured", port);
} }
pub fn allow_ip_for_port_rule(port: u16, ip: &str) -> String { fn allow_ip_for_port_rule(port: u16, ip: &str) -> String {
format!("-p tcp --dport {} -s {} -j ACCEPT", port, ip) format!("-p tcp --dport {} -s {} -j ACCEPT", port, ip)
} }
pub fn allow_ip_for_port(ip: &str, port: u16, docker: bool, position: Option<i32>) { pub fn allow_ip_for_port(
ip: &str,
port: u16,
docker: bool,
position: Option<i32>,
) -> Result<(), Box<dyn std::error::Error>> {
let iptables = iptables::new(false).unwrap(); let iptables = iptables::new(false).unwrap();
let table = "filter"; let table = "filter";
@ -121,18 +125,19 @@ pub fn allow_ip_for_port(ip: &str, port: u16, docker: bool, position: Option<i32
} else { } else {
append_unique(&iptables, table, &chain, &rule) append_unique(&iptables, table, &chain, &rule)
} }
println!("Allowed {} to access {}", ip, port);
} }
pub fn remove_allow_ip_for_port(ip: &str, port: u16, docker: bool) { pub fn remove_allow_ip_for_port(
ip: &str,
port: u16,
docker: bool,
) -> Result<(), Box<dyn std::error::Error>> {
let iptables = iptables::new(false).unwrap(); let iptables = iptables::new(false).unwrap();
let _ = iptables.delete( iptables.delete(
"filter", "filter",
&get_chain(docker), &get_chain(docker),
&allow_ip_for_port_rule(port, ip), &allow_ip_for_port_rule(port, ip),
); )
println!("Removed access of {} to {}", ip, port);
} }
fn get_chain(docker: bool) -> String { fn get_chain(docker: bool) -> String {
@ -143,12 +148,23 @@ fn get_chain(docker: bool) -> String {
} }
} }
fn append_unique(iptables: &IPTables, table: &str, chain: &str, rule: &str) { fn append_unique(
let _ = iptables.append_unique(table, chain, rule); iptables: &IPTables,
table: &str,
chain: &str,
rule: &str,
) -> Result<(), Box<dyn std::error::Error>> {
iptables.append_unique(table, chain, rule)
} }
fn insert_unique(iptables: &IPTables, table: &str, chain: &str, rule: &str, position: i32) { fn insert_unique(
let _ = iptables.insert_unique(table, chain, rule, position); iptables: &IPTables,
table: &str,
chain: &str,
rule: &str,
position: i32,
) -> Result<(), Box<dyn std::error::Error>> {
iptables.insert_unique(table, chain, rule, position)
} }
fn extract_ip(regex: &Regex, input: &str) -> Option<String> { fn extract_ip(regex: &Regex, input: &str) -> Option<String> {

18
src/main.rs
View File

@ -46,19 +46,22 @@ async fn main() {
port, port,
docker, docker,
position, position,
} => secure_port(port, docker, position), } => println!("{}", secure_port(port, docker, position).is_ok()),
Cli::UnsecurePort { port, docker } => unsecure_port(port, docker), Cli::UnsecurePort { port, docker } => println!("{}", unsecure_port(port, docker).is_ok()),
Cli::AllowIpForPort { Cli::AllowIpForPort {
ip, ip,
port, port,
docker, docker,
position, position,
} => allow_ip_for_port(&ip, port, docker, position), } => println!("{}", allow_ip_for_port(&ip, port, docker, position).is_ok()),
Cli::OnlyIpForPort { ip, port, docker } => { Cli::OnlyIpForPort { ip, port, docker } => {
allow_ip_for_port(&ip, port, docker, Some(1)); let allowed = allow_ip_for_port(&ip, port, docker, Some(1));
secure_port(port, docker, Some(2)); let secured = secure_port(port, docker, Some(2));
println!("{}", allowed.is_ok() && secured.is_ok());
}
Cli::RemoveAllowIpPort { ip, port, docker } => {
println!("{}", remove_allow_ip_for_port(&ip, port, docker).is_ok())
} }
Cli::RemoveAllowIpPort { ip, port, docker } => remove_allow_ip_for_port(&ip, port, docker),
Cli::SaveIPTables { iptables_save } => { Cli::SaveIPTables { iptables_save } => {
let path = if let Some(iptables_save) = iptables_save { let path = if let Some(iptables_save) = iptables_save {
iptables_save iptables_save
@ -66,8 +69,7 @@ async fn main() {
PathBuf::from("/etc/iptables/rules.v4") PathBuf::from("/etc/iptables/rules.v4")
}; };
iptables_save::save_iptables(&path); println!("{}", iptables_save::save_iptables(&path).is_ok())
println!("Saved IPTables to {}", path.display());
} }
} }
} }