diff options
| author | lijia <[email protected]> | 2019-12-23 16:12:51 +0800 |
|---|---|---|
| committer | lijia <[email protected]> | 2019-12-23 16:12:51 +0800 |
| commit | 8a87a5b2b10d3e06a5a78c95694e2626ddb5f79f (patch) | |
| tree | 05115e17900a2d576249d39bf09f112155169ddc /roles | |
create new project.
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/sled-mcn0/files/bin/houyi | bin | 0 -> 91992 bytes | |||
| -rw-r--r-- | roles/sled-mcn0/files/bin/houyi_send_plug.so | bin | 0 -> 36808 bytes | |||
| -rw-r--r-- | roles/sled-mcn0/files/bin/net_flood | bin | 0 -> 109704 bytes | |||
| -rw-r--r-- | roles/sled-mcn0/files/etc/dns_query.base64 | 1 | ||||
| -rw-r--r-- | roles/sled-mcn0/files/etc/houyi.conf | 17 | ||||
| -rw-r--r-- | roles/sled-mcn0/files/etc/houyi.inf | 5 | ||||
| -rw-r--r-- | roles/sled-mcn0/files/etc/houyi_plug.conf | 8 | ||||
| -rw-r--r-- | roles/sled-mcn0/files/etc/houyi_plug_static_arp.conf | 6 | ||||
| -rw-r--r-- | roles/sled-mcn0/files/etc/maat_tableinfo.conf | 14 | ||||
| -rw-r--r-- | roles/sled-mcn0/files/etc/maat_test.json | 89 | ||||
| -rw-r--r-- | roles/sled-mcn0/files/service/houyi.service | 12 | ||||
| -rw-r--r-- | roles/sled-mcn0/tasks/main.yml | 65 | ||||
| -rw-r--r-- | roles/sled-mcn0/templates/conflist.inf.j2 | 7 |
13 files changed, 224 insertions, 0 deletions
diff --git a/roles/sled-mcn0/files/bin/houyi b/roles/sled-mcn0/files/bin/houyi Binary files differnew file mode 100644 index 0000000..fb4f832 --- /dev/null +++ b/roles/sled-mcn0/files/bin/houyi diff --git a/roles/sled-mcn0/files/bin/houyi_send_plug.so b/roles/sled-mcn0/files/bin/houyi_send_plug.so Binary files differnew file mode 100644 index 0000000..92bf35f --- /dev/null +++ b/roles/sled-mcn0/files/bin/houyi_send_plug.so diff --git a/roles/sled-mcn0/files/bin/net_flood b/roles/sled-mcn0/files/bin/net_flood Binary files differnew file mode 100644 index 0000000..078ecde --- /dev/null +++ b/roles/sled-mcn0/files/bin/net_flood diff --git a/roles/sled-mcn0/files/etc/dns_query.base64 b/roles/sled-mcn0/files/etc/dns_query.base64 new file mode 100644 index 0000000..3146da2 --- /dev/null +++ b/roles/sled-mcn0/files/etc/dns_query.base64 @@ -0,0 +1 @@ +BAAABAAAAAAAABHRlc3QDY29tAAD/AAE=
\ No newline at end of file diff --git a/roles/sled-mcn0/files/etc/houyi.conf b/roles/sled-mcn0/files/etc/houyi.conf new file mode 100644 index 0000000..5b2b333 --- /dev/null +++ b/roles/sled-mcn0/files/etc/houyi.conf @@ -0,0 +1,17 @@ +[main] +send_pkt_tool_path=./net_flood +log_path=./houyi_log/runtime.log +log_level=20 + + +[maat] +table_info=./houyi_etc/maat_tableinfo.conf +#json, redis, local_file +config_src_type=json +json_cfg_file=./houyi_etc/maat_test.json +inc_dir=./redis_dump/ +full_dir=./redis_dump/ +redis_server_ip=192.168.40.131 +redis_server_port=7002 +redis_index=0 + diff --git a/roles/sled-mcn0/files/etc/houyi.inf b/roles/sled-mcn0/files/etc/houyi.inf new file mode 100644 index 0000000..adaac08 --- /dev/null +++ b/roles/sled-mcn0/files/etc/houyi.inf @@ -0,0 +1,5 @@ +[PLUGINFO] +PLUGNAME=houyi_send_plug +SO_PATH=./plug/business/houyi/houyi_send_plug.so +INIT_FUNC=houyi_plug_init + diff --git a/roles/sled-mcn0/files/etc/houyi_plug.conf b/roles/sled-mcn0/files/etc/houyi_plug.conf new file mode 100644 index 0000000..3407f6b --- /dev/null +++ b/roles/sled-mcn0/files/etc/houyi_plug.conf @@ -0,0 +1,8 @@ +[main] +log_path=./houyi_log/runtime.log +log_level=20 + +log_interval=3 +fs2_remote_server_ip=192.168.40.1 +fs2_remote_server_port=8152 + diff --git a/roles/sled-mcn0/files/etc/houyi_plug_static_arp.conf b/roles/sled-mcn0/files/etc/houyi_plug_static_arp.conf new file mode 100644 index 0000000..f1ea429 --- /dev/null +++ b/roles/sled-mcn0/files/etc/houyi_plug_static_arp.conf @@ -0,0 +1,6 @@ +#static arp table, +#dir ip-version ip-string mac-addr-with':' +#dir: 0:C2I, 1:I2C +#example: +#0 4 192.168.40.161 46:9d:8e:37:53:f9 +#0 6 fe80::449d:8eff:fe37:53f9 46:9d:8e:37:53:f9
\ No newline at end of file diff --git a/roles/sled-mcn0/files/etc/maat_tableinfo.conf b/roles/sled-mcn0/files/etc/maat_tableinfo.conf new file mode 100644 index 0000000..edb9083 --- /dev/null +++ b/roles/sled-mcn0/files/etc/maat_tableinfo.conf @@ -0,0 +1,14 @@ +#each collumn seperate with '\t' +#id (0~65535) +#name string +#type one of ip,expr,expr_plus,digest,intval,compile or plugin +#src_charset one of GBK,BIG5,UNICODE,UTF8 +#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/' +#do_merege yes or no +#cross cache 0~max +#quickswitch quickon or quick off +#id name type src_charset dst_charset do_merge cross_cache quickswitch +0 ACTIVE_DEFENCE_COMPILE plugin {"key":1,"valid":8} +1 ACTIVE_DEFENCE_PROFILE_CLAIMED_SRC_IP plugin {"key":1,"valid":5} +2 ACTIVE_DEFENCE_PROFILE_REFLECTOR plugin {"key":1,"valid":5} +3 GROUP_COMPILE_RELATION group -- diff --git a/roles/sled-mcn0/files/etc/maat_test.json b/roles/sled-mcn0/files/etc/maat_test.json new file mode 100644 index 0000000..8eeda28 --- /dev/null +++ b/roles/sled-mcn0/files/etc/maat_test.json @@ -0,0 +1,89 @@ +{ + "compile_table": "ACTIVE_DEFENCE_COMPILE", + "group_table": "GROUP_COMPILE_RELATION", + "rules": [ + { + "compile_id": 114, + "service": 0, + "action": 2, + "do_blacklist": 0, + "do_log": 1, + "effective_rage": 0, + "user_region": "{ \"method\":\"reflection\", \"reflector_type\":\"DNS\", \"__comments\":\"active_defence_profile_reflector.profile_id\", \"target_ip\":\"192.168.41.198\", \"target_port\":6666, \"rate_pps\":10, \"payload\":\"zasBAAABAAAAAAAABHRlc3QDY29tAAD/AAE=\", \"reflector_profile_id\":4011}", + "is_valid": "no", + "groups": [ + { + "regions": [ + { + "table_name": "IP_CONFIG", + "table_type": "ip", + "table_content": { + "addr_type": "ipv4", + "src_ip": "0.0.0.0", + "mask_src_ip": "255.255.255.255", + "src_port": "0", + "mask_src_port": "65535", + "dst_ip": "0.0.0.0", + "mask_dst_ip": "255.255.255.255", + "dst_port": "0", + "mask_dst_port": "65535", + "protocol": 6, + "direction": "double" + } + } + ] + } + ] + }, + { + "compile_id": 102, + "service": 0, + "action": 2, + "do_blacklist": 0, + "do_log": 1, + "effective_rage": 0, + "user_region": "{ \"method\":\"flood\", \"l4_protocol\":\"UDP\", \"__comments\":\"active_defence_profile_reflector.profile_id\", \"target_ip\":\"192.168.40.161\", \"target_port\":22222, \"rate_pps\":12, \"payload\":\"dGVzdA==\", \"claimed_src_ip_profile_id\":4001}", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "IP_CONFIG", + "table_type": "ip", + "table_content": { + "addr_type": "ipv4", + "src_ip": "0.0.0.0", + "mask_src_ip": "255.255.255.255", + "src_port": "0", + "mask_src_port": "65535", + "dst_ip": "0.0.0.0", + "mask_dst_ip": "255.255.255.255", + "dst_port": "0", + "mask_dst_port": "65535", + "protocol": 6, + "direction": "double" + } + } + ] + } + ] + } + ], + + "plugin_table": [ + { + "table_name": "ACTIVE_DEFENCE_PROFILE_CLAIMED_SRC_IP", + "table_content": [ + "4001\tgroup123\t[\"192.168.40.21\",\"192.168.40.22\",\"192.168.40.23\"]\t4\tnull\t1\t2019-12-02", + "6002\tgroup456\t[\"fe80::2487:81ff:fefa:222d\",\"fe80::2487:81ff:fefa:333d\"]\t6\tnull\t1\t2019-12-02" + ] + }, + { + "table_name": "ACTIVE_DEFENCE_PROFILE_REFLECTOR", + "table_content": [ + "4011\tgroup1234\t[\"192.168.40.134\",\"192.168.40.134\"]\t4\t1\t2019-12-02", + "6022\tgroup4567\t[\"fe80::db5a:b3e0:2d9:ce2c\",\"fe80::db3a:b3e3:3d9:ce3c\"]\t6\t1\t2019-12-02" + ] + } + ] +} diff --git a/roles/sled-mcn0/files/service/houyi.service b/roles/sled-mcn0/files/service/houyi.service new file mode 100644 index 0000000..1563b89 --- /dev/null +++ b/roles/sled-mcn0/files/service/houyi.service @@ -0,0 +1,12 @@ +[Unit] +Description=houyi service +Wants=network-online.target + +[Service] +WorkingDirectory=/opt/houyi/bin +ExecStart=/opt/houyi/bin/houyi +Restart=always +RestartSec=5s + +[Install] +WantedBy=multi-user.target
\ No newline at end of file diff --git a/roles/sled-mcn0/tasks/main.yml b/roles/sled-mcn0/tasks/main.yml new file mode 100644 index 0000000..8b01827 --- /dev/null +++ b/roles/sled-mcn0/tasks/main.yml @@ -0,0 +1,65 @@ +--- +- name: "copy houyi to destination server" + copy: + src: "{{ role_path }}/files/bin/houyi" + dest: "/opt/houyi/bin/" + mode: 0755 + +- name: "copy net_flood to destination server" + copy: + src: "{{ role_path }}/files/bin/net_flood" + dest: "/opt/houyi/bin/" + mode: 0755 + +- name: "copy houyi_send_plug to destination server" + copy: + src: "{{ role_path }}/files/bin/houyi_send_plug.so" + dest: "/home/mesasoft/sapp_run/plug/business/houyi/" + +- name: "copy houyi.conf to destination server" + copy: + src: "{{ role_path }}/files/etc/houyi.conf" + dest: "/opt/houyi/bin/houyi_etc/" + +- name: "copy houyi static arp.conf to destination server" + copy: + src: "{{ role_path }}/files/etc/houyi_plug_static_arp.conf" + dest: "/opt/houyi/bin/houyi_etc/" + +- name: "copy maat tableinfo conf to destination server" + synchronize: + src: "{{ role_path }}/files/etc/maat_tableinfo.conf" + dest: "/opt/houyi/bin/houyi_etc/" + +- name: "copy maat test json to destination server" + synchronize: + src: "{{ role_path }}/files/etc/maat_test.json" + dest: "/opt/houyi/bin/houyi_etc/" + +- name: "copy plug.inf to destination server" + copy: + src: "{{ role_path }}/files/etc/houyi.inf" + dest: "/home/mesasoft/sapp_run/plug/business/houyi/" + +- name: "copy houyi_plug.conf to destination server" + copy: + src: "{{ role_path }}/files/etc/houyi_plug.conf" + dest: "/home/mesasoft/sapp_run/houyi_etc/" + mode: 0644 + +- name: "copy houyi.service destination server" + copy: + src: "{{ role_path }}/files/service/houyi.service" + dest: "/usr/lib/systemd/system/" + +- name: Template the sapp conflist.inf + template: + src: "{{ role_path }}/templates/conflist.inf.j2" + dest: /home/mesasoft/sapp_run/plug/conflist.inf + tags: template + +- name: "enable houyi service" + systemd: + name: houyi + enabled: yes + daemon_reload: yes diff --git a/roles/sled-mcn0/templates/conflist.inf.j2 b/roles/sled-mcn0/templates/conflist.inf.j2 new file mode 100644 index 0000000..9c7f3dd --- /dev/null +++ b/roles/sled-mcn0/templates/conflist.inf.j2 @@ -0,0 +1,7 @@ +[platform] + +[protocol] + +[business] +./plug/business/houyi/houyi.inf + |