Last active
May 15, 2023 02:52
-
-
Save leewp14/9df90a03f9ef76203ceeab87b237053e to your computer and use it in GitHub Desktop.
Stupid problematic script to simplify UFW logs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <string.h> | |
| #include <stdbool.h> | |
| #include <stdlib.h> | |
| #define maxPortCount 65536 | |
| struct portsStruct{ | |
| // char port[6]; | |
| int count; | |
| }; | |
| static const char version[] = "20230427"; | |
| static bool isVerbose = false; | |
| static bool isOutgoing = false; | |
| static bool isLoopback = false; | |
| static bool isCustomPort = false; | |
| static char customPort[6] = ""; | |
| static const char segmentSeperator[2] = " "; | |
| static const char valueSeperator[2] = "="; | |
| //static const int maxPortCount = 65536; | |
| static struct portsStruct portsHistory[maxPortCount] = {0}; | |
| void printBanner(const char version[]){ | |
| printf(" ><><><><><><><><><><><><><><><><>< \n"); | |
| printf(" < R A G E - INF%8s > \n", version); | |
| printf(" < wplee@infonal.com.my > \n"); | |
| printf(" ><><><><><><><><><><><><><><><><>< \n"); | |
| } | |
| // https://stackoverflow.com/questions/55401073/passing-pointer-by-reference-in-c | |
| int fileInit(int argc, char *argv[], FILE **fileIn){ | |
| if(argc > 1){ | |
| bool fileParamTry = true; | |
| char *paramIsVerbose = strdup("--verbose"); | |
| char *paramIsOutgoing = strdup("--outgoing"); | |
| char *paramIsLoopback = strdup("--loopback"); | |
| char *paramCustomPort = strdup("--port="); | |
| for(int i = 1; i < argc; i++){ | |
| if(!strcmp(argv[i], paramIsVerbose)){ | |
| // set verbose | |
| isVerbose = true; | |
| printf(" <i> isVerbose = true \n"); | |
| continue; | |
| } | |
| if(!strcmp(argv[i], paramIsOutgoing)){ | |
| // set isOutgoing | |
| isOutgoing = true; | |
| printf(" <i> isOutgoing = true \n"); | |
| continue; | |
| } | |
| if(!strcmp(argv[i], paramIsLoopback)){ | |
| // set isLoopback | |
| isLoopback = true; | |
| printf(" <i> isLoopback = true \n"); | |
| continue; | |
| } | |
| if(strstr(argv[i], paramCustomPort)){ | |
| // check if custom port param is valid | |
| } | |
| if(fileParamTry){ | |
| *fileIn = fopen(argv[i], "r"); | |
| if(*fileIn != NULL){ | |
| fileParamTry = false; | |
| } | |
| } | |
| } | |
| } | |
| if (*fileIn == NULL) { | |
| // open file in reading mode | |
| *fileIn = fopen("ufw.log", "r"); | |
| } | |
| if (*fileIn != NULL) { | |
| return 0; | |
| } | |
| return -1; | |
| } | |
| int collector(int currentPort, bool isIncoming){ | |
| // int currentPort = atoi(port); | |
| if(currentPort > 0 && currentPort < maxPortCount){ | |
| portsHistory[currentPort].count++; | |
| return portsHistory[currentPort].count; | |
| } | |
| return -1; | |
| } | |
| int decryptor(char *inputLine){ | |
| // init vars. | |
| bool isAllow = false; | |
| bool isIncoming = false; | |
| bool isUDP = false; | |
| char valIncomingInt[10]; | |
| char valOutgoingInt[10]; | |
| char valSrc[40]; | |
| char valDest[40]; | |
| char valSrcPort[6]; | |
| char valDestport[6]; | |
| // split line into segments using seperator | |
| char *segmentPointer; | |
| char *segment = strtok_r(strdup(inputLine), segmentSeperator, &segmentPointer); | |
| while (segment != NULL){ | |
| // evaluate segment | |
| if(strstr(segment, "ALLOW]") || strstr(segment, "AUDIT]")){ | |
| // mark traffic as allowed | |
| isAllow = true; | |
| // do nothing, default is already true. | |
| }else{ | |
| // isAllow = false; | |
| // break; | |
| // we cannot break here because first segment is date, not BLOCK] | |
| } | |
| if(strstr(segment, "IN=")){ | |
| if(strcmp(segment, "IN=") == 0){ | |
| // for outgoing traffic, IN= is unspecified. | |
| strcpy(valIncomingInt, "X"); | |
| }else{ | |
| // IN= is specified with an interface, mark as incoming. | |
| isIncoming = true; | |
| // grep value | |
| char *tmpPointer; | |
| char *tmp = strtok_r(strdup(segment), valueSeperator, &tmpPointer); | |
| // move pointer to get actual value | |
| tmp = strtok_r(NULL, valueSeperator, &tmpPointer); | |
| while(tmp != NULL){ | |
| strcpy(valIncomingInt, tmp); | |
| tmp = strtok_r(NULL, valueSeperator, &tmpPointer); | |
| } | |
| } | |
| } | |
| if(strstr(segment, "OUT=")){ | |
| // fixup! revert the behaviour, we not controlling other ppl's firewall! | |
| if(!isIncoming || true){ | |
| // grep value | |
| char *tmpPointer; | |
| char *tmp = strtok_r(strdup(segment), valueSeperator, &tmpPointer); | |
| // move pointer to get actual value | |
| tmp = strtok_r(NULL, valueSeperator, &tmpPointer); | |
| while(tmp != NULL){ | |
| strcpy(valOutgoingInt, tmp); | |
| tmp = strtok_r(NULL, valueSeperator, &tmpPointer); | |
| } | |
| }else{ | |
| strcpy(valOutgoingInt, "X"); | |
| } | |
| } | |
| if(strstr(segment, "SRC=")){ | |
| // grep value | |
| char *tmpPointer; | |
| char *tmp = strtok_r(strdup(segment), valueSeperator, &tmpPointer); | |
| // move pointer to get actual value | |
| tmp = strtok_r(NULL, valueSeperator, &tmpPointer); | |
| while(tmp != NULL){ | |
| strcpy(valSrc, tmp); | |
| tmp = strtok_r(NULL, valueSeperator, &tmpPointer); | |
| } | |
| } | |
| if(strstr(segment, "DST=")){ | |
| // grep value | |
| char *tmpPointer; | |
| char *tmp = strtok_r(strdup(segment), valueSeperator, &tmpPointer); | |
| // move pointer to get actual value | |
| tmp = strtok_r(NULL, valueSeperator, &tmpPointer); | |
| while(tmp != NULL){ | |
| strcpy(valDest, tmp); | |
| tmp = strtok_r(NULL, valueSeperator, &tmpPointer); | |
| } | |
| } | |
| if(strstr(segment, "SPT=")){ | |
| if(isIncoming){ | |
| // incoming traffic, we only want destination ports. | |
| }else{ | |
| // grep value | |
| char *tmpPointer; | |
| char *tmp = strtok_r(strdup(segment), valueSeperator, &tmpPointer); | |
| // move pointer to get actual value | |
| tmp = strtok_r(NULL, valueSeperator, &tmpPointer); | |
| while(tmp != NULL){ | |
| strcpy(valSrcPort, tmp); | |
| tmp = strtok_r(NULL, valueSeperator, &tmpPointer); | |
| } | |
| } | |
| } | |
| if(strstr(segment, "DPT=")){ | |
| if(isIncoming){ | |
| // grep value | |
| char *tmpPointer; | |
| char *tmp = strtok_r(strdup(segment), valueSeperator, &tmpPointer); | |
| // move pointer to get actual value | |
| tmp = strtok_r(NULL, valueSeperator, &tmpPointer); | |
| while(tmp != NULL){ | |
| strcpy(valDestport, tmp); | |
| tmp = strtok_r(NULL, valueSeperator, &tmpPointer); | |
| } | |
| }else{ | |
| // outgoing traffic, we only want incoming ports. | |
| } | |
| } | |
| // continue to next segment | |
| segment = strtok_r(NULL, segmentSeperator, &segmentPointer); | |
| } | |
| if(!isAllow){ | |
| return -1; | |
| } | |
| bool trafficIsLoopback = (!strcmp(valIncomingInt, "lo") || !strcmp(valOutgoingInt, "lo")); | |
| if(isLoopback && !trafficIsLoopback){ | |
| return -1; | |
| }else if(!isLoopback && trafficIsLoopback){ | |
| return -1; | |
| } | |
| int currentPort = -1; | |
| if(isIncoming){ | |
| currentPort = atoi(valDestport); | |
| }else if(isOutgoing){ | |
| currentPort = atoi(valSrcPort); | |
| } | |
| // printf("%d \n", collector(currentPort, false)); | |
| collector(currentPort, false); | |
| if(isVerbose){ | |
| if(isIncoming){ | |
| printf("Incoming Interface: %s \n", valIncomingInt); | |
| printf("Incoming to Port: %s \n", valDestport); | |
| }else if(isOutgoing){ | |
| // usually we don't care about outgoing | |
| // printf("Incoming Interface: %s \n", valIncomingInt); | |
| printf("Outgoing Interface: %s \n", valOutgoingInt); | |
| printf("Outgoing from Port: %s \n", valSrcPort); | |
| } | |
| if(isIncoming || isOutgoing){ | |
| printf("Source Address: %s \n", valSrc); | |
| printf("Destination Address: %s \n", valDest); | |
| printf("\n"); | |
| } | |
| } | |
| return 0; | |
| } | |
| int analyzer(){ | |
| printf(" +---------------------+ \n"); | |
| printf(" | A N A L Y S I S | \n"); | |
| printf(" +---------------------+ \n"); | |
| for(int i = 0; i < maxPortCount; i++){ | |
| int currentPort = i; | |
| int currentHistory = portsHistory[currentPort].count; | |
| if(currentHistory < 1){ | |
| continue; | |
| } | |
| printf(" > "); | |
| printf("[Port %5d]: %d \n", currentPort, currentHistory); | |
| } | |
| printf("\n"); | |
| printf(" +- COMPLETE. ---------+ \n"); | |
| return 0; | |
| } | |
| int main(int argc, char *argv[]){ | |
| printf("\n"); | |
| // print our (my) beautiful (ugly) banner (rubbish) | |
| printBanner(version); | |
| //printf("\n"); | |
| // initialize log file | |
| FILE *fileIn = NULL; | |
| if (fileInit(argc, argv, &fileIn)) { | |
| printf(" <e> ufw.log not found. \n"); | |
| return -1; | |
| } | |
| printf(" ---------------------------------- \n"); | |
| // reading every line of the file | |
| /// it must be larger than 255 because the line appearently, too long lol. | |
| /// it will not fail, but the line will be cut. | |
| char fileBuf[1024]; | |
| while (fgets(fileBuf, sizeof(fileBuf), fileIn) != NULL) { | |
| // Google: pointer copy string c | |
| // https://stackoverflow.com/questions/5408871/copy-of-a-string-pointer | |
| // https://www.geeksforgeeks.org/strdup-strdndup-functions-c/ | |
| char *currentLine = strdup(fileBuf); | |
| // skip if line is empty | |
| if(strlen(currentLine)){ | |
| decryptor(strdup(currentLine)); | |
| } | |
| } | |
| fclose(fileIn); | |
| analyzer(); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment