Code:
/*------------------------------- daemon.c---------------------------------------------------*/
#include "baca.h"
#include "apprList.h"
#include "list.h"
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <string.h>
#define list_H
#define APPRLIST_H
#define H_LinkedListType
const int Header_Seq[3] = {610,400,503};
const int Footer_Seq[3] = {606,505,402};
const int SSH_Seq[5] = {402,504,505,402,503};
const int ftp_Seq[5] = {402,607,400,401,400};
const int maxTime = 300; //waktu ketukan harus di bawah 5 menit
char *const init1[10] = {" \0","-A\0", "INPUT\0","-p\0", "tcp\0", "--dport\0", "400:402\0", "-j\0","LOG\0",NULL};
char *const init2[10] = {" \0","-A\0", "INPUT\0","-p\0", "udp\0", "--dport\0", "400:402\0", "-j\0","LOG\0",NULL};
char *const init3[10] = {" \0","-A\0", "INPUT\0","-p\0", "tcp\0", "--dport\0", "503:505\0", "-j\0","LOG\0",NULL};
char *const init4[10] = {" \0","-A\0", "INPUT\0","-p\0", "udp\0", "--dport\0", "503:505\0", "-j\0","LOG\0",NULL};
char *const init5[10] = {" \0","-A\0", "INPUT\0","-p\0", "tcp\0", "--dport\0", "606:610\0", "-j\0","LOG\0",NULL};
char *const init6[10] = {" \0","-A\0", "INPUT\0","-p\0", "udp\0", "--dport\0", "606:610\0", "-j\0","LOG\0",NULL};
char *const drop[6] = {" \0","-A\0", "INPUT\0","-j\0", "DROP\0",NULL};
char *const flush[3] = {" \0","-F\0",NULL};
Apprlist LogApproved = NULL;
int filterLog(Log_struct filterIn)
/*mengembalikan nilai 1 apabila lolos filter dan 0 apabila tidak*/
{
time_t now;
time_t filterTemp = filterIn.waktu;
time(&now);
if (difftime(now,filterTemp)<3600)
return 1;
else
return 0;
}
void execCmd(char *cmd, char *const argv[])
{
//char *arg[1] = {"-A INPUT -p tcp --dport 400:403 -j LOG"};
/*char *arg[10] = {" \0","-A\0", "INPUT\0","-p\0", "tcp\0", "--dport\0", "400:403\0", "-j\0","LOG\0",NULL};
char *arg2[10] = {" \0","-A\0", "INPUT\0","-p\0", "udp\0", "--dport\0", "400:403\0", "-j\0","LOG\0",NULL};*/
int pid;
pid = fork();
if (pid == 0)
{
execvp (cmd,argv);
}
else
{
wait();
}
}
List readLog()
{
FILE *filein;
char *line = (char *) malloc (sizeof (char));
char *token;
Log_struct test;
List newList = NULL;
filein = fopen("/var/log/syslog","r");
while (feof(filein) == 0)
{
do
{
free (line);
line = readln(filein);
}
while ((locate(line)== 0) && (feof(filein) == 0));
if (strlen(line) > 0)
{
test = Extract(line);
if ((filterLog(test) != 0) && (SearchData(newList,test.Src_IP,test.Des_IP,test.MAC_SRC,test.MAC_DES,test.waktu,test.ID,test.Src_Port,test.Des_Port) == 0))
{
newList = InsertData
(newList,test.Src_IP,test.Des_IP,test.MAC_SRC,test.MAC_DES,test.waktu,
test.ID,test.Src_Port,test.Des_Port);
}
}
}
fclose(filein);
//PrintList(newList);
return newList;
}
int compSublArr(Sublist *SubCheck, const int ArrCheck[], int SizeArr,time_t *wktAwal, time_t *wktAkhir)
/*Mengembalikan nilai 0 bila ketukan tidak sesuai dan 1 bila sesuai*/
{
int count = 0;
int hasil = 1;
Sublist pointer = (*SubCheck);
if (panjangSublist(pointer) < SizeArr)
{
// sublist tidak cukup panjang
//printf("Sublist tidak cukup panjang\n");
(*SubCheck) = NULL;
return 0;
}
else
{
while ((hasil == 1) && (count < SizeArr))
{
if (pointer == NULL)
hasil = 0;
else
{
if (count == 1)
*wktAwal = (*pointer).Waktu;
if (count == (SizeArr-1))
*wktAkhir = (*pointer).Waktu;
//printf("%d == %d\n",(*pointer).Des_Port,ArrCheck[count]);
if((*pointer).Des_Port == ArrCheck[count])
{
count++;
pointer = (*pointer).next;
}
else
hasil = 0;
}
}
if (hasil == 1)
(*SubCheck) = pointer;
//printf("hasil CompSubArr = %d\n\n",hasil);
return hasil;
}
}
int checkSeq(Sublist *seqList, time_t *waktu_Akhir)
/*mengembalikan nilai -1 apabila sequence tidak sesuai dan nilai port bila sesuai untuk IP dan MAC
tertentu*/
{
time_t waktuAwal,waktuAkhir, awal, akhir;
Sublist FirstSeq = (*seqList);
Sublist tempFirstSeq;
while (FirstSeq != NULL)
{
//printf("Before SearchDesPort\n");
FirstSeq = SearchDesPort(FirstSeq,610);
//printf("After SearchDesPort\n");
if (FirstSeq != NULL)
{
if (compSublArr(&FirstSeq, Header_Seq, 3, &waktuAwal, &waktuAkhir) == 1)
{
//printf("Header cocok\n");
awal = waktuAwal;
tempFirstSeq = FirstSeq;
if (compSublArr(&FirstSeq, SSH_Seq, 5, &waktuAwal,&waktuAkhir) == 1)
{
//printf("SSH cocok\n");
if (compSublArr(&FirstSeq, Footer_Seq, 3, &waktuAwal,&waktuAkhir) == 1)
{
//printf("Footer cocok\n");
akhir = waktuAkhir;
if(difftime(akhir,awal) <= maxTime)
{
(*seqList) = FirstSeq;
(*waktu_Akhir) = akhir;
return 22;
}
}
}
else if (compSublArr(&tempFirstSeq, ftp_Seq, 5, &waktuAwal,&waktuAkhir) == 1)
{
//printf("ftp cocok\n");
if (compSublArr(&tempFirstSeq, Footer_Seq, 3,&waktuAwal, &waktuAkhir) == 1)
{
//printf("Footer cocok\n");
akhir = waktuAkhir;
if(difftime(akhir,awal) <= maxTime)
{
(*seqList) = tempFirstSeq;
(*waktu_Akhir) = akhir;
return 21;
}
}
FirstSeq = tempFirstSeq;
}
}
if (FirstSeq != NULL)
FirstSeq = (*FirstSeq).next;
}
}
(*seqList) = FirstSeq;
return -1;
}
void PortAction(int Action,char *IP_Act,char *MAC_Act,int Port_Act)
{
if(Action == 1)
{
if (Port_Act == 22)
{
char *openPrt22[12]={" \0","-I\0", "INPUT\0","-s\0",IP_Act,
"-p\0", "tcp\0","--dport\0", "22\0", "-j\0", "ACCEPT\0",NULL};
execCmd("iptables",openPrt22);
}
else if (Port_Act == 21)
{
char *openPrt21[12]={" \0","-I\0", "INPUT\0","-s\0",IP_Act,
"-p\0", "tcp\0","--dport\0", "21\0", "-j\0", "ACCEPT\0",NULL};
execCmd("iptables",openPrt21);
}
}
else
{
if (Port_Act == 22)
{
char *openPrt22[12]={" \0","-D\0", "INPUT\0","-s\0",IP_Act,
"-p\0", "tcp\0","--dport\0", "22\0", "-j\0", "ACCEPT\0",
NULL};
execCmd("iptables",openPrt22);
}
else if (Port_Act == 21)
{
char *openPrt21[12]={" \0","-D\0", "INPUT\0","-s\0",IP_Act,
"-p\0", "tcp\0","--dport\0", "21\0", "-j\0", "ACCEPT\0",
NULL};
execCmd("iptables",openPrt21);
}
}
}
void traceSurf(List logList)
{
List point = logList;
Sublist pointChild;
int hasil;
time_t sekarang, waktuAkhir;
while (point != NULL)
{
pointChild = (*point).child;
while (pointChild != NULL)
{
hasil = checkSeq(&pointChild,&waktuAkhir);
//printf("hasil = %d\n",hasil);
if (hasil > 0)
{
Apprlist srcRes;
if ((srcRes = SearchApprlist(LogApproved,(*point).Src_IP,(*point).Src_MAC,hasil)) == NULL)
{
printf("Buka port %d untuk IP %s \n", hasil,(*point).Src_IP);
PortAction(1,(*point).Src_IP,(*point).Src_MAC,hasil);
if (LogApproved != NULL)
InsertLastApprlist(LogApproved,createElmtApprlist(waktuAkhir,(*point).Src_IP,(*point).Src_MAC,hasil));
else
LogApproved = createElmtApprlist(waktuAkhir,(*point).Src_IP,(*point).Src_MAC,hasil);
}
else
{
//printf("waktuAkhir = %s",ctime(&waktuAkhir));
//printf("waktuApprove = %s",ctime(&((*srcRes).Waktu)));
//printf("Selisih = %f\n",difftime(waktuAkhir,(*srcRes).Waktu));
if (difftime(waktuAkhir,(*srcRes).Waktu)>0.0)
{
if ((*srcRes).Stat == 1)
{
// Port sudah dibuka, sekarang ditutup
printf("Tutup port %d untuk IP %s \n",
hasil,(*point).Src_IP);
(*srcRes).Stat = 0;
(*srcRes).Waktu = waktuAkhir;
PortAction(0,(*point).Src_IP,(*point).Src_MAC,hasil);
}
else
{
// Port sudah ditutup, sekarang dibuka kembali
printf("Buka kembali port %d untuk IP %s \n",hasil,(*point).Src_IP);
(*srcRes).Stat = 1;
(*srcRes).Waktu = waktuAkhir;
PortAction(1,(*point).Src_IP,(*point).Src_MAC,hasil);
}
}
}
}
}
point = (*point).next;
}
}
int main()
{
time_t now;
List logList = NULL;
execCmd("iptables",flush);
execCmd("iptables",init1);
execCmd("iptables",init2);
execCmd("iptables",init3);
execCmd("iptables",init4);
execCmd("iptables",init5);
execCmd("iptables",init5);
execCmd("iptables",drop);
//printf("After execCmd\n");
for (;;)
{
time(&now);
logList = readLog();
PrintList(logList);
//printf("Before trace\n");
traceSurf(logList);
printf("LogApproved\n----------------------------------------\n");
PrintApprlist(LogApproved);
//printf("Before destroy\n");
DestroyList (logList);
//printf("After destroy\n");
logList = NULL;
printf("%s----------------------------------------\n1 cycle of ReadLog\n",ctime(&now));
sleep(1);
}
return 0;
}