>Zamiast warnings.on można użyć lms-makewarnings (buduje przekierowania na
>bazie salda użytkownika) bądź lms-makemessages (buduje przekierowania na
>bazie ostrzeżenia ustawianego hostom).
>
Zapewne masz racje :)
w zalacznikach zestawik plikow od mojego rozwiazania
index.php - osobiscie trzymam go w lms/pages/warning/ do czego config
apache ma vhosta na port 81
warning.on, warning.off - to poprostu pliki z regulka iptables
warning.check - narazie baardzo brzydko, ale mozna sprawdzic kto ma
przeczytane a kto nie
(grepuje iptables -t nat -nL)
warnings.on - na bazie ktoregos lms-* generuje regolki dla wszystkich
kompow z ostrzezeniem
--
Goblin
/usr/sbin/iptables -t nat -D PREROUTING -p tcp -s $1 --dport 80 -j REDIRECT --to-port 81
/usr/sbin/iptables -t nat -I PREROUTING -p tcp -s $1 --dport 80 -j REDIRECT --to-port 81
#!/usr/bin/perl -w
#
# LMS version 1.3-cvs
#
# (C) 2001-2004 LMS Developers
#
# Please, see the doc/AUTHORS for more information about authors!
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License Version 2 as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
# USA.
#
# $Id: lms-complex,v 1.29 2004/04/12 07:14:08 alec Exp $
use strict;
use DBI;
use Config::IniFiles;
use Getopt::Long;
use vars qw($configfile $quiet $help $version);
sub mask2prefix($)
{
my $mask = shift @_;
my @tmp = split('\.',$mask,4);
my $q = sprintf("%b%b%b%b",$tmp[0],$tmp[1],$tmp[2],$tmp[3]);
$q =~ s/0*$//;
if ($q =~ /0/) {
print " You idiot. error in mask\n";
}
my $len = length($q) ;
return $len;
}
sub matchip($$$)
{
my ($ip,$net,$mask) = @_;
my $prefix = mask2prefix($mask);
my $bmask = 2**32 <<(32-$prefix);
my @net = split('\.',$net,4);
my $bnet = dotquad2u32($net);
if(($bnet & $bmask)!= $bnet) {
print "EEediot net &mask != net\n"; return 1==0
}
my $bip = dotquad2u32($ip);
return (($bip&$bmask) == $bnet);
}
sub dotquad2u32($)
{
my $dq = shift||'0.0.0.0';
my @dq = split('\.',$dq,4);
return ((($dq[0] << 8) + $dq[1] << 8) + $dq[2] << 8) + $dq[3];
}
sub u32todotquad($)
{
my $p = shift @_;
return sprintf "%d.%d.%d.%d", ($p>>24)&0xff,($p>>16)&0xff, ($p>>8)&0xff,$p&0xff;
}
sub isprivate($)
{
my ($ip) = @_;
return matchip($ip,"192.168.0.0","255.255.0.0") || matchip($ip,"10.0.0.0","255.0.0.0") || matchip($ip,"172.16.0.0","255.240.0.0");
}
sub publicmap($)
{
return 0;
}
my $_version = '1.3-cvs';
my %options = (
"--config-file|C=s" => \$configfile,
"--quiet|q" => \$quiet,
"--help|h" => \$help,
"--version|v" => \$version
);
Getopt::Long::config("no_ignore_case");
GetOptions(%options);
if($help)
{
print STDERR <<EOF;
lms-complex, version $_version
(C) 2001-2004 LMS Developers
-C, --config-file=/etc/lms/lms.ini alternate config file (default: /etc/lms/lms.ini);
-h, --help print this help and exit;
-v, --version print version info and exit;
-q, --quiet suppress any output, except errors;
EOF
exit 0;
}
if($version)
{
print STDERR <<EOF;
lms-complex, version $_version
(C) 2001-2004 LMS Developers
EOF
exit 0;
}
if(!$configfile)
{
$configfile = "/etc/lms/lms.ini";
}
if(!$quiet)
{
print STDOUT "lms-warnings.on, version $_version\n";
print STDOUT "(C) 2001-2004 LMS Developers\n";
print STDOUT "Using file $configfile as config.\n";
}
if(! -r $configfile)
{
print STDERR "Fatal error: Unable to read configuration file $configfile, exiting.\n";
exit 1;
}
my $ini = new Config::IniFiles -file => $configfile;
my $networks_list = $ini->val('complex', 'networks') || '';
my $forward_to_list = $ini->val('complex', 'forward_to') || '';
my $cfile = $ini->val('complex', 'script_file') || '/etc/rc.d/rc.lms.complex';
my $cuid = $ini->val('complex', 'script_owneruid') || '0';
my $cgid = $ini->val('complex', 'script_ownergid') || '0';
my $cperm = $ini->val('complex', 'script_permission') || '700';
my $tcbin = $ini->val('complex', 'tc_binary') || '/sbin/tc';
my $ipbin = $ini->val('complex', 'iptables_binary') || '/usr/sbin/iptables';
my $snataddr = $ini->val('complex', 'snat_address') || '';
my $prescript = $ini->val('complex', 'prescript') || '';
my $postscript = $ini->val('complex', 'postscript') || '';
my $dbtype = $ini->val('database', 'type') || 'mysql';
my $dbhost = $ini->val('database', 'host') || 'localhost';
my $dbuser = $ini->val('database', 'user') || 'root';
my $dbpasswd = $ini->val('database', 'password') || '';
my $dbname = $ini->val('database', 'database') || 'lms';
my $dbase;
if($dbtype eq "mysql")
{
$dbase = DBI->connect("DBI:mysql:database=$dbname;host=$dbhost","$dbuser","$dbpasswd", { RaiseError => 1 });
}
elsif($dbtype eq "postgres")
{
$dbase = DBI->connect("DBI:Pg:dbname=$dbname;host=$dbhost","$dbuser","$dbpasswd", { RaiseError => 1 });
}
elsif($dbtype eq "sqlite")
{
$dbase = DBI->connect("DBI:SQLite:dbname=$dbname;host=$dbhost","$dbuser","$dbpasswd", { RaiseError => 1 });
$dbase->func('inet_ntoa',1,'u32todotquad','create_function');
$dbase->func('inet_aton',1,'dotquad2u32','create_function');
}
else
{
print STDERR "Fatal error: unsupported database type: $dbtype, exiting.\n";
exit 1;
}
my $allnetworks = "";
my $dbq = $dbase->prepare("SELECT name FROM networks");
$dbq->execute();
while (my $row = $dbq->fetchrow_hashref()) {
$allnetworks = "$allnetworks $row->{'name'}";
}
if(!$networks_list)
{
$networks_list = $allnetworks;
}
if(!$forward_to_list)
{
$forward_to_list = $allnetworks;
}
my @networks = split ' ',$networks_list;
my @fw_networks = split ' ',$forward_to_list;
foreach my $key (@networks)
{
my $dbq = $dbase->prepare("SELECT inet_ntoa(address) AS address, mask FROM networks WHERE name = UPPER('$key')");
$dbq->execute();
while (my $row = $dbq->fetchrow_hashref())
{
my $sdbq = $dbase->prepare("SELECT inet_ntoa(ipaddr) AS ipaddr FROM nodes WHERE warning = 1 AND access = 1 ORDER BY ipaddr");
$sdbq->execute();
while(my $srow = $sdbq->fetchrow_hashref())
{
if(matchip($srow->{'ipaddr'},$row->{'address'},$row->{'mask'}))
{
print "$srow->{'ipaddr'} : ";
system "/usr/sbin/iptables -t nat -nL | grep $srow->{'ipaddr'} | grep REDIR";
print "\n";
}
}
}
}
$dbase->disconnect();
chown $cuid, $cgid, $cfile or print "Warning! Unable to set owner of $cfile to $cuid.$cgid.\n";
chmod oct($cperm), $cfile or print "Warning! Unable to set permission $cperm to $cfile.\n";
#!/usr/bin/perl -w
#
# LMS version 1.3-cvs
#
# (C) 2001-2004 LMS Developers
#
# Please, see the doc/AUTHORS for more information about authors!
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License Version 2 as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
# USA.
#
# $Id: lms-complex,v 1.29 2004/04/12 07:14:08 alec Exp $
use strict;
use DBI;
use Config::IniFiles;
use Getopt::Long;
use vars qw($configfile $quiet $help $version);
sub mask2prefix($)
{
my $mask = shift @_;
my @tmp = split('\.',$mask,4);
my $q = sprintf("%b%b%b%b",$tmp[0],$tmp[1],$tmp[2],$tmp[3]);
$q =~ s/0*$//;
if ($q =~ /0/) {
print " You idiot. error in mask\n";
}
my $len = length($q) ;
return $len;
}
sub matchip($$$)
{
my ($ip,$net,$mask) = @_;
my $prefix = mask2prefix($mask);
my $bmask = 2**32 <<(32-$prefix);
my @net = split('\.',$net,4);
my $bnet = dotquad2u32($net);
if(($bnet & $bmask)!= $bnet) {
print "EEediot net &mask != net\n"; return 1==0
}
my $bip = dotquad2u32($ip);
return (($bip&$bmask) == $bnet);
}
sub dotquad2u32($)
{
my $dq = shift||'0.0.0.0';
my @dq = split('\.',$dq,4);
return ((($dq[0] << 8) + $dq[1] << 8) + $dq[2] << 8) + $dq[3];
}
sub u32todotquad($)
{
my $p = shift @_;
return sprintf "%d.%d.%d.%d", ($p>>24)&0xff,($p>>16)&0xff, ($p>>8)&0xff,$p&0xff;
}
sub isprivate($)
{
my ($ip) = @_;
return matchip($ip,"192.168.0.0","255.255.0.0") || matchip($ip,"10.0.0.0","255.0.0.0") || matchip($ip,"172.16.0.0","255.240.0.0");
}
sub publicmap($)
{
return 0;
}
my $_version = '1.3-cvs';
my %options = (
"--config-file|C=s" => \$configfile,
"--quiet|q" => \$quiet,
"--help|h" => \$help,
"--version|v" => \$version
);
Getopt::Long::config("no_ignore_case");
GetOptions(%options);
if($help)
{
print STDERR <<EOF;
lms-complex, version $_version
(C) 2001-2004 LMS Developers
-C, --config-file=/etc/lms/lms.ini alternate config file (default: /etc/lms/lms.ini);
-h, --help print this help and exit;
-v, --version print version info and exit;
-q, --quiet suppress any output, except errors;
EOF
exit 0;
}
if($version)
{
print STDERR <<EOF;
lms-complex, version $_version
(C) 2001-2004 LMS Developers
EOF
exit 0;
}
if(!$configfile)
{
$configfile = "/etc/lms/lms.ini";
}
if(!$quiet)
{
print STDOUT "lms-warnings.on, version $_version\n";
print STDOUT "(C) 2001-2004 LMS Developers\n";
print STDOUT "Using file $configfile as config.\n";
}
if(! -r $configfile)
{
print STDERR "Fatal error: Unable to read configuration file $configfile, exiting.\n";
exit 1;
}
my $ini = new Config::IniFiles -file => $configfile;
my $networks_list = $ini->val('messages', 'networks') || '';
my $forward_to_list = $ini->val('messages', 'forward_to') || '';
my $dbtype = $ini->val('database', 'type') || 'mysql';
my $dbhost = $ini->val('database', 'host') || 'localhost';
my $dbuser = $ini->val('database', 'user') || 'root';
my $dbpasswd = $ini->val('database', 'password') || '';
my $dbname = $ini->val('database', 'database') || 'lms';
my $dbase;
if($dbtype eq "mysql")
{
$dbase = DBI->connect("DBI:mysql:database=$dbname;host=$dbhost","$dbuser","$dbpasswd", { RaiseError => 1 });
}
elsif($dbtype eq "postgres")
{
$dbase = DBI->connect("DBI:Pg:dbname=$dbname;host=$dbhost","$dbuser","$dbpasswd", { RaiseError => 1 });
}
elsif($dbtype eq "sqlite")
{
$dbase = DBI->connect("DBI:SQLite:dbname=$dbname;host=$dbhost","$dbuser","$dbpasswd", { RaiseError => 1 });
$dbase->func('inet_ntoa',1,'u32todotquad','create_function');
$dbase->func('inet_aton',1,'dotquad2u32','create_function');
}
else
{
print STDERR "Fatal error: unsupported database type: $dbtype, exiting.\n";
exit 1;
}
my $allnetworks = "";
my $dbq = $dbase->prepare("SELECT name FROM networks");
$dbq->execute();
while (my $row = $dbq->fetchrow_hashref()) {
$allnetworks = "$allnetworks $row->{'name'}";
}
if(!$networks_list)
{
$networks_list = $allnetworks;
}
if(!$forward_to_list)
{
$forward_to_list = $allnetworks;
}
my @networks = split ' ',$networks_list;
my @fw_networks = split ' ',$forward_to_list;
foreach my $key (@networks)
{
my $dbq = $dbase->prepare("SELECT inet_ntoa(address) AS address, mask FROM networks WHERE name = UPPER('$key')");
$dbq->execute();
while (my $row = $dbq->fetchrow_hashref())
{
my $sdbq = $dbase->prepare("SELECT inet_ntoa(ipaddr) AS ipaddr FROM nodes WHERE warning = 1 AND access = 1 ORDER BY ipaddr");
$sdbq->execute();
while(my $srow = $sdbq->fetchrow_hashref())
{
if(matchip($srow->{'ipaddr'},$row->{'address'},$row->{'mask'}))
{
print "Generuje przekierowanie do ostrzezenia dla $srow->{'ipaddr'} \n";
system "/usr/sbin/iptables -t nat -D PREROUTING -p tcp -s $srow->{'ipaddr'} --dport 80 -j REDIRECT --to-port 81";
system "/usr/sbin/iptables -t nat -I PREROUTING -p tcp -s $srow->{'ipaddr'} --dport 80 -j REDIRECT --to-port 81";
}
}
}
}
$dbase->disconnect();