1.更新设备编号配置文件tsg_sn.json为字符串模式; 2.添加测试flood工具; 3.升级rpm包;v1.0.4 cec6_deploy

author: lijia <[email protected]> 2020-06-27 20:16:02 +0800
committer: lijia <[email protected]> 2020-06-27 20:16:02 +0800
commit: ae69e8b6ee0af5970a5ce7f9775a3d2ae9096752 (patch)
tree: 7f25f4fd9f71913af232d1e1dd20641f8582a164
parent: 729277e1cfffe0bfe10596fa1838f73d24f40747 (diff)
21 files changed, 62 insertions, 25 deletions
diff --git a/roles/active_defence/files/rpm/houyi-1.3.4.38c2e01-1.el7.x86_64.rpm b/roles/active_defence/files/rpm/houyi-1.3.4.38c2e01-1.el7.x86_64.rpm
deleted file mode 100644
index 72b4bb1..0000000
--- a/roles/active_defence/files/rpm/houyi-1.3.4.38c2e01-1.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/active_defence/files/rpm/houyi-1.3.6.7bba6be-1.el7.x86_64.rpm b/roles/active_defence/files/rpm/houyi-1.3.6.7bba6be-1.el7.x86_64.rpm
new file mode 100644
index 0000000..821d67d
--- /dev/null
+++ b/roles/active_defence/files/rpm/houyi-1.3.6.7bba6be-1.el7.x86_64.rpm
diff --git a/roles/active_defence/files/rpm/houyi-common-tools-1.0.4.863f9b6-1.el7.x86_64.rpm b/roles/active_defence/files/rpm/houyi-common-tools-1.0.4.863f9b6-1.el7.x86_64.rpm
deleted file mode 100644
index 57915e3..0000000
--- a/roles/active_defence/files/rpm/houyi-common-tools-1.0.4.863f9b6-1.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/active_defence/files/rpm/houyi-common-tools-1.0.5.816d1a9-1.el7.x86_64.rpm b/roles/active_defence/files/rpm/houyi-common-tools-1.0.5.816d1a9-1.el7.x86_64.rpm
new file mode 100644
index 0000000..444a6f3
--- /dev/null
+++ b/roles/active_defence/files/rpm/houyi-common-tools-1.0.5.816d1a9-1.el7.x86_64.rpm
diff --git a/roles/active_defence/files/rpm/houyi-plug-1.3.1.7b597cb-1.el7.x86_64.rpm b/roles/active_defence/files/rpm/houyi-plug-1.3.1.7b597cb-1.el7.x86_64.rpm
deleted file mode 100644
index 277983c..0000000
--- a/roles/active_defence/files/rpm/houyi-plug-1.3.1.7b597cb-1.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/active_defence/files/rpm/houyi-plug-1.3.3.3a55116-1.el7.x86_64.rpm b/roles/active_defence/files/rpm/houyi-plug-1.3.3.3a55116-1.el7.x86_64.rpm
new file mode 100644
index 0000000..9df1f18
--- /dev/null
+++ b/roles/active_defence/files/rpm/houyi-plug-1.3.3.3a55116-1.el7.x86_64.rpm
diff --git a/roles/active_defence/files/rpm/net_flood-2.1.5.aac7d26-1.el7.x86_64.rpm b/roles/active_defence/files/rpm/net_flood-2.1.5.aac7d26-1.el7.x86_64.rpm
deleted file mode 100644
index e73d36c..0000000
--- a/roles/active_defence/files/rpm/net_flood-2.1.5.aac7d26-1.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/active_defence/files/rpm/net_flood-2.1.6.e346e94-1.el7.x86_64.rpm b/roles/active_defence/files/rpm/net_flood-2.1.6.e346e94-1.el7.x86_64.rpm
new file mode 100644
index 0000000..04cf4c3
--- /dev/null
+++ b/roles/active_defence/files/rpm/net_flood-2.1.6.e346e94-1.el7.x86_64.rpm
diff --git a/roles/active_defence/files/rpm/sapp-4.0.14.91cbc1b-x86_64...rpm b/roles/active_defence/files/rpm/sapp-4.0.14.91cbc1b-x86_64...rpm
deleted file mode 100644
index f0ca673..0000000
--- a/roles/active_defence/files/rpm/sapp-4.0.14.91cbc1b-x86_64...rpm
+++ /dev/null
diff --git a/roles/active_defence/files/rpm/sapp-4.0.15.df7b27b-1.el7.x86_64.rpm b/roles/active_defence/files/rpm/sapp-4.0.15.df7b27b-1.el7.x86_64.rpm
new file mode 100644
index 0000000..8216885
--- /dev/null
+++ b/roles/active_defence/files/rpm/sapp-4.0.15.df7b27b-1.el7.x86_64.rpm
diff --git a/roles/active_defence/files/tools/reflect_dns.sh b/roles/active_defence/files/tools/reflect_dns.sh
new file mode 100644
index 0000000..cff02b1
--- /dev/null
+++ b/roles/active_defence/files/tools/reflect_dns.sh
@@ -0,0 +1 @@
+./udp_dns_flood -d 192.168.50.16 -t 53 -s 192.168.50.12 -p 1 -m test.com -i enp175s0f0 -D '52:54:00:36:5f:da' -v
diff --git a/roles/active_defence/files/tools/tcp_syn_flood b/roles/active_defence/files/tools/tcp_syn_flood
new file mode 100644
index 0000000..aae03ea
--- /dev/null
+++ b/roles/active_defence/files/tools/tcp_syn_flood
diff --git a/roles/active_defence/files/tools/udp_dns_flood b/roles/active_defence/files/tools/udp_dns_flood
new file mode 100644
index 0000000..5d03906
--- /dev/null
+++ b/roles/active_defence/files/tools/udp_dns_flood
diff --git a/roles/active_defence/tasks/main.yml b/roles/active_defence/tasks/main.yml
index 02e5333..c0eb1b2 100644
--- a/roles/active_defence/tasks/main.yml
+++ b/roles/active_defence/tasks/main.yml
@@ -168,7 +168,13 @@
 #    src: "{{ role_path }}/files/service/sapp.service"
 #    dest: "/usr/lib/systemd/system"
 #  when: install_sapp | bool      
-     
+
+- name: "use same maat_test.json"
+  shell: ln -sf /opt/houyi/bin/houyi_etc/maat_test.json /home/mesasoft/sapp_run/houyi_etc/
+  args:
+    executable: /bin/bash
+  tags: shell
+    
 - name: "enable houyi service"
   systemd:
     name: houyi
@@ -180,3 +186,17 @@
     name: sapp
     enabled: yes
     daemon_reload: yes
+
+- name: "Copy test tools tcp_syn_flood"
+  copy:
+    src: "{{ role_path }}/files/tools/tcp_syn_flood"
+    dest: "/opt/houyi/bin"
+    mode: '0755'
+  tags: tools
+
+- name: "Copy test tools udp_dns_flood"
+  copy:
+    src: "{{ role_path }}/files/tools/udp_dns_flood"
+    dest: "/opt/houyi/bin"
+    mode: '0755'
+  tags: tools
diff --git a/roles/active_defence/templates/houyi.conf.j2 b/roles/active_defence/templates/houyi.conf.j2
index 3243df4..1871418 100644
--- a/roles/active_defence/templates/houyi.conf.j2
+++ b/roles/active_defence/templates/houyi.conf.j2
@@ -1,6 +1,7 @@
 [main]
 send_pkt_tool_path=./net_flood
-send_pkt_dev_name=tap_houyi
+stateless_dev_name=tap_0,tap_1,tap_2
+statefull_dev_name=tun_cc0,tun_cc1,tun_cc2
 log_path=./houyi_log/runtime.log
 log_level=20
 
diff --git a/roles/active_defence/templates/houyi_cc_setup_env.script.j2 b/roles/active_defence/templates/houyi_cc_setup_env.script.j2
index 4ac2a7f..616b17c 100644
--- a/roles/active_defence/templates/houyi_cc_setup_env.script.j2
+++ b/roles/active_defence/templates/houyi_cc_setup_env.script.j2
@@ -1,16 +1,27 @@
-ifconfig tun_cc 192.168.1.254/24 up
-ip rule del table 200
-ip rule add from 192.168.1.254/32 table 200
-ip route add default via 192.168.1.253 table 200
+ip tuntap add dev tun_cc0 mode tun
+ip tuntap add dev tun_cc1 mode tun
+ip tuntap add dev tun_cc2 mode tun
+ifconfig tun_cc0 192.168.1.254/24 up
+ifconfig tun_cc1 192.168.2.254/24 up
+ifconfig tun_cc2 192.168.3.254/24 up
+ip rule del table 1001
+ip rule del table 1002
+ip rule del table 1003
+ip rule add from 192.168.1.254/32 table 1001
+ip rule add from 192.168.2.254/32 table 1002
+ip rule add from 192.168.3.254/32 table 1003
+ip route add default via 192.168.1.253 table 1001
+ip route add default via 192.168.2.253 table 1002
+ip route add default via 192.168.3.253 table 1003
+echo "500000" > /proc/sys/fs/file-max
 echo "1" >  /proc/sys/net/ipv4/tcp_syncookies
 echo "2" > /proc/sys/net/ipv4/tcp_syn_retries
 echo "1" >  /proc/sys/net/ipv4/tcp_tw_reuse
 echo "1" > /proc/sys/net/ipv4/tcp_tw_recycle
 echo "10" > /proc/sys/net/ipv4/tcp_fin_timeout
-echo "0" > /proc/sys/net/ipv4/tcp_timestamps
 echo "1025  65500" > /proc/sys/net/ipv4/ip_local_port_range
 echo "262144" > /proc/sys/net/ipv4/tcp_max_syn_backlog
 echo "30" > /proc/sys/net/ipv4/tcp_keepalive_time
 echo "3" > /proc/sys/net/ipv4/tcp_keepalive_probes
-echo "5" > /proc/sys/net/ipv4/tcp_keepalive_intvl
-sysctl -p
-\ No newline at end of file
+echo "3" > /proc/sys/net/ipv4/tcp_keepalive_intvl
+systemctl start irqbalance.service
+\ No newline at end of file
diff --git a/roles/active_defence/templates/houyi_plug.conf.j2 b/roles/active_defence/templates/houyi_plug.conf.j2
index 45ad19e..fa0d9d4 100644
--- a/roles/active_defence/templates/houyi_plug.conf.j2
+++ b/roles/active_defence/templates/houyi_plug.conf.j2
@@ -1,4 +1,5 @@
 [main]
+send_thread_num=3
 log_path=./houyi_log/runtime.log
 log_level=20
 
diff --git a/roles/active_defence/templates/maat_test.json.j2 b/roles/active_defence/templates/maat_test.json.j2
index c2d163d..5e73b54 100644
--- a/roles/active_defence/templates/maat_test.json.j2
+++ b/roles/active_defence/templates/maat_test.json.j2
@@ -3,13 +3,13 @@
     "group_table": "GROUP_COMPILE_RELATION",
     "rules": [
 		{
-			"compile_id": 103,
+		"compile_id": 103,
             "service": 0,
             "action": 2,
             "do_blacklist": 0,
             "do_log": 1,
             "effective_rage": 0,
-            "user_region": "{ \"method\":\"cc\", \"l7_protocol\":\"HTTP\", \"__comments\":\"active_defence_profile_claimed_src_ip.profile_id\", \"target_url\":\"http://ipv4.test.com/index.html\", \"rate_cps\":1,\"claimed_src_ip_profile_id\":4103}",
+            "user_region": "{\"method\":\"cc\",\"l7_protocol\":\"HTTP\",\"target_url\":\"http://172.16.1.134/index.html\",\"rate_cps\":1,\"claimed_src_ip_profile_id\":4103}",
             "is_valid": "yes",
             "groups": [
                 {
@@ -42,7 +42,7 @@
             "do_blacklist": 0,
             "do_log": 1,
             "effective_rage": 0,
-            "user_region": "{ \"method\":\"reflection\", \"reflector_type\":\"DNS\", \"__comments\":\"active_defence_profile_reflector.profile_id\", \"target_ip\":\"10.3.22.222\", \"target_port\":5353, \"rate_pps\":1, \"payload_profile_id\":5001, \"reflector_profile_id\":4101}",
+            "user_region":"{\"method\":\"reflection\",\"reflector_type\":\"DNS\",\"target_ip\":\"172.16.1.138\",\"target_port\":5353,\"rate_pps\":1,\"payload_profile_id\":5001,\"reflector_profile_id\":4101}",
             "is_valid": "yes",
             "groups": [
                 {
@@ -75,7 +75,7 @@
             "do_blacklist": 0,
             "do_log": 1,
             "effective_rage": 0,
-            "user_region": "{ \"method\":\"flood\", \"l4_protocol\":\"TCP\", \"__comments\":\"active_defence_profile_reflector.profile_id\", \"target_ip\":\"10.3.22.222\", \"target_port\":8080, \"rate_pps\":1, \"payload\":\"dGVzdA==\", \"claimed_src_ip_profile_id\":4102}",
+            "user_region":"{\"method\":\"flood\",\"l4_protocol\":\"TCP\",\"target_ip\":\"172.16.1.134\",\"target_port\":8080,\"rate_pps\":1,\"payload\":\"dGVzdA==\",\"claimed_src_ip_profile_id\":4102}",
             "is_valid": "yes",
             "groups": [
                 {
@@ -107,15 +107,15 @@
         {
             "table_name": "ACTIVE_DEFENCE_PROFILE_CLAIMED_SRC_IP",
             "table_content": [
-                "4103\tgroup123\t[\"10.1.1.0/24\",\"10.1.2.0/24\",\"10.1.3.0/24\"]\t4\tnull\t1\t2019-12-02",
-                "4102\tgroup123\t[\"10.3.22.129/25\"]\t4\tnull\t1\t2019-12-02",
+                "4103\tgroup123\t[\"10.1.1.0/24\",\"10.2.2.0/24\",\"10.3.3.0/24\"]\t4\tnull\t1\t2019-12-02",
+                "4102\tgroup123\t[\"10.0.0.0/8\"]\t4\tnull\t1\t2019-12-02",
                 "6001\tgroup456\t[\"fe80::2487:81ff:fefa:222d/80\",\"fe80::2487:81ff:fefa:333d/96\"]\t6\tnull\t1\t2019-12-02"
             ]
         },
         {
             "table_name": "ACTIVE_DEFENCE_PROFILE_REFLECTOR",
             "table_content": [
-                "4101\tgroup1234\t[\"10.3.22.11\",\"10.3.22.11\"]\t4\tDNS\t1\t2019-12-02",
+                "4101\tgroup1234\t[\"172.16.1.134\"]\t4\tDNS\t1\t2019-12-02",
                 "6002\tgroup4567\t[\"fe80::db5a:b3e0:2d9:ce2c\",\"fe80::db3a:b3e3:3d9:ce3c\"]\t6\tNTP\t1\t2019-12-02"
             ]
         },
diff --git a/roles/active_defence/templates/tsg_sn.json.j2 b/roles/active_defence/templates/tsg_sn.json.j2
index 3986e47..b9fdf6d 100644
--- a/roles/active_defence/templates/tsg_sn.json.j2
+++ b/roles/active_defence/templates/tsg_sn.json.j2
@@ -1,3 +1,3 @@
 {
-	"sn": {{houyi_global.log.device_id}}
+	"sn": "{{houyi_global.log.device_id}}"
 }
 \ No newline at end of file
diff --git a/xxg_env/group_vars/all.yml b/xxg_env/group_vars/all.yml
index af612d1..71f2b61 100644
--- a/xxg_env/group_vars/all.yml
+++ b/xxg_env/group_vars/all.yml
@@ -9,16 +9,16 @@ houyi_global:
             mode: "transparent"
             
     houyi:
-        redis_server_ip: "192.168.40.131"
-        redis_server_port: 7002
+        redis_server_ip: "192.168.40.120"
+        redis_server_port: 7003
         redis_index: 0
         
     rpm_files:
-        houyi_rpm_file: "houyi-1.3.4.38c2e01-1.el7.x86_64.rpm"    
-        houyi_common_tools_rpm_file: "houyi-common-tools-1.0.4.863f9b6-1.el7.x86_64.rpm"
-        houyi_plug_rpm_file: "houyi-plug-1.3.1.7b597cb-1.el7.x86_64.rpm"
-        net_flood_rpm_file: "net_flood-2.1.5.aac7d26-1.el7.x86_64.rpm"
-        sapp_rpm_file: "sapp-4.0.14.91cbc1b-x86_64...rpm"
+        houyi_rpm_file: "houyi-1.3.6.7bba6be-1.el7.x86_64.rpm"    
+        houyi_common_tools_rpm_file: "houyi-common-tools-1.0.5.816d1a9-1.el7.x86_64.rpm"
+        houyi_plug_rpm_file: "houyi-plug-1.3.3.3a55116-1.el7.x86_64.rpm"
+        net_flood_rpm_file: "net_flood-2.1.6.e346e94-1.el7.x86_64.rpm"
+        sapp_rpm_file: "sapp-4.0.15.df7b27b-1.el7.x86_64.rpm"
         wire_graft_rpm_file: "wire-graft-1.0.3.162dae3-1.el7.x86_64.rpm"
         
     kafka:
@@ -33,4 +33,4 @@ houyi_global:
         enabled: 1
         redis_server_ip: "192.168.40.120"
         redis_server_port: 7003
-        redis_index: 6
-\ No newline at end of file
+        redis_index: 6
diff --git a/xxg_env/hosts.xxg b/xxg_env/hosts.xxg
index d7d4ff7..31d1fe1 100644
--- a/xxg_env/hosts.xxg
+++ b/xxg_env/hosts.xxg
@@ -3,7 +3,10 @@ ansible_user=root
 install_sapp=false
 
 [active_defence]
+192.168.40.84
 192.168.40.85
+192.168.40.86
+192.168.40.87
 
 [tsg-all:children]
 active_defence
author	lijia <[email protected]>	2020-06-27 20:16:02 +0800
committer	lijia <[email protected]>	2020-06-27 20:16:02 +0800
commit	ae69e8b6ee0af5970a5ce7f9775a3d2ae9096752 (patch)
tree	7f25f4fd9f71913af232d1e1dd20641f8582a164
parent	729277e1cfffe0bfe10596fa1838f73d24f40747 (diff)