From 6a54d6edf28342ded7fb88f4fc244d7e0c9e5f2e Mon Sep 17 00:00:00 2001 From: midefos Date: Sun, 12 May 2024 14:54:47 +0200 Subject: [PATCH] iptables-save every minute --- Cargo.lock | 82 -------------------------------------------- Cargo.toml | 1 - Dockerfile | 9 ++--- src/iptables_save.rs | 3 +- src/main.rs | 15 +++++++- 5 files changed, 17 insertions(+), 93 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index bede6b5..79ad54a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -104,21 +104,6 @@ dependencies = [ "windows-sys 0.52.0", ] -[[package]] -name = "foreign-types" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" -dependencies = [ - "foreign-types-shared", -] - -[[package]] -name = "foreign-types-shared" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" - [[package]] name = "futures-core" version = "0.3.30" @@ -243,7 +228,6 @@ version = "0.1.0" dependencies = [ "iptables", "linemux", - "openssl", "regex", "tokio", ] @@ -322,60 +306,6 @@ dependencies = [ "memchr", ] -[[package]] -name = "once_cell" -version = "1.19.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" - -[[package]] -name = "openssl" -version = "0.10.64" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f" -dependencies = [ - "bitflags 2.5.0", - "cfg-if", - "foreign-types", - "libc", - "once_cell", - "openssl-macros", - "openssl-sys", -] - -[[package]] -name = "openssl-macros" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "openssl-src" -version = "300.2.3+3.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5cff92b6f71555b61bb9315f7c64da3ca43d87531622120fea0195fc761b4843" -dependencies = [ - "cc", -] - -[[package]] -name = "openssl-sys" -version = "0.9.102" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c597637d56fbc83893a35eb0dd04b2b8e7a50c91e64e9493e398b5df4fb45fa2" -dependencies = [ - "cc", - "libc", - "openssl-src", - "pkg-config", - "vcpkg", -] - [[package]] name = "pin-project-lite" version = "0.2.14" @@ -388,12 +318,6 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" -[[package]] -name = "pkg-config" -version = "0.3.30" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" - [[package]] name = "proc-macro2" version = "1.0.82" @@ -528,12 +452,6 @@ version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" -[[package]] -name = "vcpkg" -version = "0.2.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" - [[package]] name = "walkdir" version = "2.5.0" diff --git a/Cargo.toml b/Cargo.toml index cf496cd..12a58e3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -8,4 +8,3 @@ iptables = "0.5.1" linemux = "0.3.0" regex = "1.10.4" tokio = { version = "1.37.0", features = ["macros", "rt", "rt-multi-thread", "signal"]} -openssl = { version = "0.10.64", features = ["vendored"] } diff --git a/Dockerfile b/Dockerfile index 1159205..257e5ad 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,11 @@ FROM rust:latest as builder -RUN rustup target add x86_64-unknown-linux-musl -RUN apt update && apt install -y musl-tools musl-dev -RUN update-ca-certificates - COPY . . - -RUN cargo build --target x86_64-unknown-linux-musl --release +RUN cargo build --release FROM ubuntu:latest RUN apt update && apt upgrade -y && apt install iptables iptables-persistent -y -COPY --from=builder /target/x86_64-unknown-linux-musl/release/martillo-maldito ./ +COPY --from=builder /target/release/martillo-maldito ./ CMD ["/martillo-maldito"] diff --git a/src/iptables_save.rs b/src/iptables_save.rs index 231d84b..d91aba7 100644 --- a/src/iptables_save.rs +++ b/src/iptables_save.rs @@ -2,7 +2,6 @@ use std::process::Command; pub fn save_iptables() { let _ = Command::new("iptables-save") - .arg(">") - .arg("/host_iptables/rules.v4") + .args(&["-f", "/host_iptables/rules.v4"]) .output(); } diff --git a/src/main.rs b/src/main.rs index 802d855..7ec37bf 100644 --- a/src/main.rs +++ b/src/main.rs @@ -3,7 +3,7 @@ pub mod login_attempt; use linemux::MuxedLines; use login_attempt::LoginAttempt; -use std::collections::HashMap; +use std::{collections::HashMap, thread::sleep, time::Duration}; #[tokio::main] async fn main() -> std::io::Result<()> { @@ -12,6 +12,19 @@ async fn main() -> std::io::Result<()> { lines.add_file("/host_ssh/auth.log").await?; let mut login_attempts: HashMap = HashMap::new(); + let seconds_iptables = Duration::from_secs(60); + println!( + "starting iptables-save, run every {} seconds", + seconds_iptables.as_secs() + ); + tokio::spawn(async move { + loop { + sleep(seconds_iptables); + iptables_save::save_iptables(); + println!("saved iptables rules"); + } + }); + println!("listening to changes over /host_ssh/auth.log"); while let Ok(Some(line)) = lines.next_line().await { if let Some(login_attempt) = LoginAttempt::capture(line.line()) {