up

3 years ago · 64601e42c1
parent 6555d927ea
commit 64601e42c1
13 changed files with 39 additions and 111 deletions
--- a/plugins/op_waf/conf/luawaf.conf
+++ b/plugins/op_waf/conf/luawaf.conf
@ -7,4 +7,3 @@ init_worker_by_lua_file {$WAF_PATH}/lua/init_worker.lua;
 access_by_lua_file  {$WAF_PATH}/lua/init.lua;

 # init_by_lua_file  {$WAF_PATH}/lua/init.lua;
-# access_by_lua_file {$WAF_PATH}/lua/waf.lua;
--- a/plugins/op_waf/index.py
+++ b/plugins/op_waf/index.py
@ -329,6 +329,9 @@ def start():
    conf = conf.replace('#include luawaf.conf;', "include luawaf.conf;")
    mw.writeFile(path, conf)

+    import tool_task
+    tool_task.createBgTask()
+
    mw.restartWeb()
    return 'ok'

@ -339,6 +342,10 @@ def stop():
    conf = conf.replace('include luawaf.conf;', "#include luawaf.conf;")

    mw.writeFile(path, conf)
+
+    import tool_task
+    tool_task.removeBgTask()
+
    mw.restartWeb()
    return 'ok'

--- a/plugins/op_waf/install.sh
+++ b/plugins/op_waf/install.sh
@ -27,7 +27,9 @@ Install_of(){
 Uninstall_of(){

 	cd ${rootPath} && python3 ${rootPath}/plugins/op_waf/index.py stop
-	rm -rf $serverPath/op_waf
+	if [ "$?" == "0" ];then
+		rm -rf $serverPath/op_waf
+	fi
 }


--- a/plugins/op_waf/tool_task.py
+++ b/plugins/op_waf/tool_task.py
@ -52,7 +52,7 @@ def createBgTask():
    removeBgTask()
    args = {
        "period": "minute-n",
-        "minute-n": "3",
+        "minute-n": "1",
    }
    createBgTaskByName(getPluginName(), args)

@ -71,7 +71,7 @@ def createBgTaskByName(name, args):
            print("计划任务已经存在!")
            return True
    import crontab_api
-    api = crontab_api.crontab_api()
+    cron_api = crontab_api.crontab_api()

    period = args['period']
    _hour = ''
@ -87,16 +87,18 @@ def createBgTaskByName(name, args):
        _where1 = args['minute-n']
        _minute = ''

+    mw_dir = mw.getRunDir()
    cmd = '''
+mw_dir=%s
 rname=%s
 plugin_path=%s
 script_path=%s
 logs_file=$plugin_path/${rname}.log
-''' % (name, getServerDir(), getPluginDir())
+''' % (mw_dir, name, getServerDir(), getPluginDir())
    cmd += 'echo "★【`date +"%Y-%m-%d %H:%M:%S"`】 STSRT★" >> $logs_file' + "\n"
    cmd += 'echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" >> $logs_file' + "\n"
-    cmd += 'echo "python3 $script_path/tool_task.py run >> $logs_file 2>&1"' + "\n"
-    cmd += 'python3 $script_path/tool_task.py run >> $logs_file 2>&1' + "\n"
+    cmd += 'echo "cd $mw_dir && source bin/activate && python3 $script_path/tool_task.py run >> $logs_file 2>&1"' + "\n"
+    cmd += 'cd $mw_dir && source bin/activate && python3 $script_path/tool_task.py run >> $logs_file 2>&1' + "\n"
    cmd += 'echo "【`date +"%Y-%m-%d %H:%M:%S"`】 END★" >> $logs_file' + "\n"
    cmd += 'echo "<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" >> $logs_file' + "\n"

@ -115,7 +117,7 @@ logs_file=$plugin_path/${rname}.log
        'urladdress': '',
    }

-    task_id = api.add(params)
+    task_id = cron_api.add(params)
    if task_id > 0:
        cfg["task_id"] = task_id
        cfg["name"] = name
@ -144,8 +146,15 @@ def removeBgTask():
    return False


+def getCpuUsed():
+    import psutil
+    used = psutil.cpu_percent(interval=1)
+    path = getServerDir() + "/cpu.info"
+    mw.writeFile(path, str(int(used)))
+
+
 def run():
-    print('op lua run ok')
+    getCpuUsed()

 if __name__ == "__main__":
    if len(sys.argv) > 1:
--- a/plugins/op_waf/waf/lua/common.lua
+++ b/plugins/op_waf/waf/lua/common.lua
@ -4,9 +4,9 @@ local _M = { _VERSION = '0.02' }
 local mt = { __index = _M }

 local json = require "cjson"
-local ngx_match = ngx.re.find

-local debug_mode = true
+local ngx_match = ngx.re.find
+local debug_mode = false

 local waf_root = "{$WAF_ROOT}"
 local cpath = waf_root.."/waf/"
@ -259,24 +259,6 @@ function _M.write_to_file(self, logstr)
 end


-function _M.write_drop_ip(self, is_drop, drop_time)
-    local filename = self.logdir .. 'waf_drop_ip.log'
-
-    local fp = io.open(filename,'ab')
-    local server_name = self.params["server_name"]
-    local ip = self.params["server_name"]
-    local request_uri = self.params["request_uri"]
-
-    if fp == nil then return false end
-    local logtmp = {os.time(),ip,server_name,request_uri,drop_time,is_drop}
-    local logstr = json.encode(logtmp) .. "\n"
-    fp:write(logstr)
-    fp:flush()
-    fp:close()
-    return true
-end
-
-
 function _M.continue_key(self,key)
    key = tostring(key)
    if string.len(key) > 64 then return false end;
@ -525,7 +507,6 @@ function _M.write_log(self, name, rule)

    local count = ngx.shared.waf_drop_ip:get(ip)

-    self:D("count:"..tostring(count))
    if (count > retry) then
        local safe_count,_ = ngx.shared.waf_drop_sum:get(ip)
        if not safe_count then
@ -539,25 +520,23 @@ function _M.write_log(self, name, rule)
        local logtmp = {
            ngx.localtime(),
            ip,
-            method,ngx.var.request_uri, 
-            ngx.var.http_user_agent, 
-            name, 
+            method,ngx.var.request_uri,
+            ngx.var.http_user_agent,
+            name,
            retry_cycle .. '秒以内累计超过'..retry..'次以上非法请求,封锁'.. lock_time ..'秒'
        }
        local logstr = json.encode(logtmp) .. "\n"
        retry_times = retry + 1
        ngx.shared.waf_drop_ip:set(ip, retry_times, lock_time)
-
-        self:write_drop_ip('inc',lock_time)
        self:write_to_file(logstr)
    else
        local logtmp = {
            ngx.localtime(),
-            ip, 
-            method, 
-            ngx.var.request_uri, 
-            ngx.var.http_user_agent, 
-            name, 
+            ip,
+            method,
+            ngx.var.request_uri,
+            ngx.var.http_user_agent,
+            name,
            rule
        }
        local logstr = json.encode(logtmp) .. "\n"
--- a/plugins/op_waf/waf/lua/init.lua
+++ b/plugins/op_waf/waf/lua/init.lua
@ -13,6 +13,9 @@ local config_domains = require "domains"
 C:setConfData(config, site_config)
 C:setDebug(true)

+-- local ngx_os = require "os"
+-- C:("msss".. ngx_os.name)
+

 local get_html = require "html_get"
 local post_html = require "html_post"
--- a/plugins/op_waf/waf/lua/waf.lua
+++ b/plugins/op_waf/waf/lua/waf.lua
@ -1 +0,0 @@
-waf()
--- a/plugins/op_waf/waf/wafconf/blockip
+++ b/plugins/op_waf/waf/wafconf/blockip
@ -1 +0,0 @@
-10.0.68.75
--- a/plugins/op_waf/waf/wafconf/post
+++ b/plugins/op_waf/waf/wafconf/post
@ -1,18 +0,0 @@
-select.+(from|limit)
-(?:(union(.*?)select))
-\b(or|xor|and)\b.*(=|<|>|'|")
-having|load_file
-sleep\((\s*)(\d*)(\s*)\)
-benchmark\((.*)\,(.*)\)
-base64_decode\(
-(?:from\W+information_schema\W)
-into(\s+)+(?:dump|out)file\s*
-group\s+by.+\(
-xwork.MethodAccessor
-(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(
-xwork\.MethodAccessor
-(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/
-java\.lang
-\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[
-\<(iframe|script|body|img|layer|div|meta|style|base|object|input)
-(onmouseover|onerror|onload)\=
--- a/plugins/op_waf/waf/wafconf/returnhtml
+++ b/plugins/op_waf/waf/wafconf/returnhtml
@ -1,39 +0,0 @@
-<!doctype html>
-<html>
-<head>
-<meta charset="utf-8">
-<title>网站防火墙</title>
-<style>
-*{margin:0;padding:0;color:#444}
-body{font-size:14px;font-family:"宋体"}
-.main{width:600px;margin:10% auto;}
-.title{background: #20a53a;color: #fff;font-size: 16px;height: 40px;line-height: 40px;padding-left: 20px;}
-.content{background-color:#f3f7f9; height:280px;border:1px dashed #c6d9b6;padding:20px}
-.t1{border-bottom: 1px dashed #c6d9b6;color: #ff4000;font-weight: bold; margin: 0 0 20px; padding-bottom: 18px;}
-.t2{margin-bottom:8px; font-weight:bold}
-ol{margin:0 0 20px 22px;padding:0;}
-ol li{line-height:30px}
-</style>
-</head>
-
-<body>
-	<div class="main">
-		<div class="title">网站防火墙</div>
-		<div class="content">
-			<p class="t1">您的请求带有不合法参数，已被网站管理员设置拦截！</p>
-			<p class="t2">可能原因：</p>
-			<ol>
-				<li>您提交的内容包含危险的攻击请求</li>
-			</ol>
-			<p class="t2">如何解决：</p>
-			<ol>
-				<li>检查提交内容；</li>
-				<li>如网站托管，请联系空间提供商；</li>
-				<li>普通网站访客，请联系网站管理员；</li>
-				<li>这是误报，请联系网站管理员；</li>
-			</ol>
-		</div>
-	</div>
-</body>
-</html>
-
--- a/plugins/op_waf/waf/wafconf/url
+++ b/plugins/op_waf/waf/wafconf/url
@ -1,9 +0,0 @@
-\.(svn|htaccess|mysql_history|bash_history|git|DS_Store|idea|user\.ini)
-\.(bak|inc|old|mdb|sh|sql|php~|swp|java|class)$
-(vhost|bbs|host|wwwroot|www|site|root|backup|data|ftp|db|admin|website|web).*\.(rar|sql|zip|tar\.gz|tar)
-(elastic|jmx-console|jmxinvokerservlet)
-java\.lang
-/CSV/
-/(hack|shell|spy|phpspy)\.php$
-(manager|host-manager)/html$
-/(attachments|upimg|images|css|uploadfiles|html|uploads|templets|static|template|data|forumdata|upload|includes|cache|avatar)/(\\w+).(php|jsp)
--- a/plugins/op_waf/waf/wafconf/user-agent
+++ b/plugins/op_waf/waf/wafconf/user-agent
@ -1 +0,0 @@
-(HTTrack|Apache-HttpClient|harvest|audit|dirbuster|pangolin|nmap|sqln|hydra|Parser|libwww|BBBike|sqlmap|w3af|owasp|Nikto|fimap|havij|zmeu|BabyKrokodil|netsparker|httperf|bench| SF/)
--- a/plugins/op_waf/waf/wafconf/whiteip
+++ b/plugins/op_waf/waf/wafconf/whiteip
@ -1,2 +0,0 @@
-127.0.0.1
-^192\.168\.
				`@ -1 +0,0 @@`
				`(HTTrack\|Apache-HttpClient\|harvest\|audit\|dirbuster\|pangolin\|nmap\|sqln\|hydra\|Parser\|libwww\|BBBike\|sqlmap\|w3af\|owasp\|Nikto\|fimap\|havij\|zmeu\|BabyKrokodil\|netsparker\|httperf\|bench\| SF/)`