Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
72 changed files
with
4,072 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,3 @@ | |||
Henglei Li <lihenglei@secrule.com> | |||
Vindong <vindong@secrule.com> | |||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,31 @@ | |||
安装步骤 | |||
************************* | |||
|
|||
Copyright (C) 2012 Secrule co., Ltd. | |||
|
|||
|
|||
第一步,解压 | |||
tar -zxvf falcon.tar.gz | |||
|
|||
第二步,检查程序编译环境 | |||
cd Release/ | |||
./check.sh | |||
看到以下信息证明程序编译环境准备就绪 | |||
Found inotify success! | |||
Found mysql-dev environment success! | |||
|
|||
第三步,安装Falcon控制中心 | |||
vim ./falconconsole/public/config.inc.php | |||
修改配置文件中的数据库连接信息,如果控制中心与监控程序没有安装在同一台主机,请确保被监控主机能够有权访问到控制中心所在主机的Mysql数据库 | |||
运行install.php安装控制中心 | |||
|
|||
第四步,修改监控程序配置文件并编译 | |||
vim src/conf/global.conf | |||
make | |||
|
|||
第五步,后台运行监控程序 | |||
nohup ./falcon start >falcon.log 2>&1 & | |||
ps aux|grep "falcon" | |||
root 2981 0.2 0.3 9352 1848 pts/0 S 04:46 0:00 ./falcon start | |||
|
|||
程序将在当前运行目录下生成日志文件falcon.log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,8 @@ | |||
Falcon-Web服务器文件监控平台 | |||
============================ | |||
|
|||
Falcon是一款基于inotify-tools 开发的Web服务器文件监控平台 | |||
能够实时监控Web目录文件变化(新增,修改,删除),判断文件内容是否包含恶意代码,自动隔离常见Webshell,保证Web目录文件安全 | |||
|
|||
BUG反馈或建议请联系:falcon@secrule.com | |||
公司主页:www.secrule.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,18 @@ | |||
#!/bin/sh | |||
|
|||
if [ -f /usr/include/sys/inotify.h ] | |||
then | |||
echo "Found inotify success!" | |||
else | |||
echo "inotify not found!Plz update your linux kernel to 2.6.13 or later" | |||
exit 1 | |||
fi | |||
|
|||
if [ -d /usr/include/mysql ] || [ -d /usr/lib/mysql ] | |||
then | |||
echo "Found mysql-dev environment success!" | |||
else | |||
echo "Plz install mysql-dev enviroment.use 'yum install mysql-devel or apt-get install libmysqlclient15-dev'" | |||
exit 1 | |||
fi | |||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,44 @@ | |||
################################################################################ | |||
# Automatically-generated file. Do not edit! | |||
################################################################################ | |||
|
|||
-include ../makefile.init | |||
|
|||
RM := rm -rf | |||
|
|||
# All of the sources participating in the build are defined here | |||
-include sources.mk | |||
-include src/subdir.mk | |||
-include subdir.mk | |||
-include objects.mk | |||
|
|||
ifneq ($(MAKECMDGOALS),clean) | |||
ifneq ($(strip $(C_DEPS)),) | |||
-include $(C_DEPS) | |||
endif | |||
endif | |||
|
|||
-include ../makefile.defs | |||
|
|||
# Add inputs and outputs from these tool invocations to the build variables | |||
|
|||
# All Target | |||
all: falcon | |||
|
|||
# Tool invocations | |||
falcon: $(OBJS) $(USER_OBJS) | |||
@echo 'Building target: $@' | |||
@echo 'Invoking: GCC C Linker' | |||
gcc -L/usr/lib/mysql -o "falcon" $(OBJS) $(USER_OBJS) $(LIBS) | |||
@echo 'Finished building target: $@' | |||
@echo ' ' | |||
|
|||
# Other Targets | |||
clean: | |||
-$(RM) $(OBJS)$(C_DEPS)$(EXECUTABLES) falcon | |||
-@echo ' ' | |||
|
|||
.PHONY: all clean dependents | |||
.SECONDARY: | |||
|
|||
-include ../makefile.targets |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,8 @@ | |||
################################################################################ | |||
# Automatically-generated file. Do not edit! | |||
################################################################################ | |||
|
|||
USER_OBJS := | |||
|
|||
LIBS := -linotifytools -lmysqlclient -lcurl -liconv | |||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,17 @@ | |||
################################################################################ | |||
# Automatically-generated file. Do not edit! | |||
################################################################################ | |||
|
|||
O_SRCS := | |||
C_SRCS := | |||
S_UPPER_SRCS := | |||
OBJ_SRCS := | |||
ASM_SRCS := | |||
OBJS := | |||
C_DEPS := | |||
EXECUTABLES := | |||
|
|||
# Every subdirectory with source files must be described here | |||
SUBDIRS := \ | |||
src \ | |||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,33 @@ | |||
################################################################################ | |||
# Automatically-generated file. Do not edit! | |||
################################################################################ | |||
|
|||
# Add inputs and outputs from these tool invocations to the build variables | |||
C_SRCS += \ | |||
../src/config_file.c \ | |||
../src/db_mgr.c \ | |||
../src/falcon.c \ | |||
../src/nw_mgr.c | |||
|
|||
OBJS += \ | |||
./src/config_file.o \ | |||
./src/db_mgr.o \ | |||
./src/falcon.o \ | |||
./src/nw_mgr.o | |||
|
|||
C_DEPS += \ | |||
./src/config_file.d \ | |||
./src/db_mgr.d \ | |||
./src/falcon.d \ | |||
./src/nw_mgr.d | |||
|
|||
|
|||
# Each subdirectory must supply rules for building sources it contributes | |||
src/%.o: ../src/%.c | |||
@echo 'Building file: $<' | |||
@echo 'Invoking: GCC C Compiler' | |||
gcc -O3 -Wall -c -fmessage-length=0 -MMD -MP -MF"$(@:%.o=%.d)" -MT"$(@:%.o=%.d)" -o "$@" "$<" | |||
@echo 'Finished building: $<' | |||
@echo ' ' | |||
|
|||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,15 @@ | |||
<?php | |||
require_once('./public/config.inc.php'); | |||
require_once('./public/mysql_class.php'); | |||
require_once('./public/page.php'); | |||
date_default_timezone_set("PRC"); | |||
|
|||
$DB_site = new DB_Sql_vb; | |||
$DB_site -> database = $dbname; | |||
$DB_site -> server = $dbhost; | |||
$DB_site -> user = $dbuser; | |||
$DB_site -> password = $dbpass; | |||
$DB_site -> reporterror = 0; | |||
$DB_site -> connect(); | |||
$error = $DB_site -> errno; | |||
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,31 @@ | |||
<!DOCTYPE html> | |||
<html> | |||
<head> | |||
<meta charset="utf-8" /> | |||
<title>Falcon Installer</title> | |||
<link rel="stylesheet" type="text/css" href="html/style.css" /> | |||
</head> | |||
<body> | |||
<div class="wrap"> | |||
<div class="step4"> | |||
<?php | |||
require "base.php"; | |||
if(isset($_POST['login'])&&ctype_alnum($_POST['username'])){ | |||
$username = empty($_POST['username'])?'':trim($_POST['username']); | |||
$password = empty($_POST['password'])?'':trim($_POST['password']); | |||
$sql = "insert into $table1(username,password)values('$username','$password')"; | |||
$DB_site ->query($sql); | |||
if(mysql_affected_rows()>0){ | |||
$_SESSION['username'] = $sid; | |||
echo "<b>恭喜,安装成功!</b>"; | |||
echo "<a class=\"btn4\" href='login.php'>安装成功,请点击登录</a>"; | |||
} | |||
} | |||
?> | |||
</div> | |||
<?php | |||
include "footer.php" ; | |||
?> | |||
</div> | |||
</body> | |||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,8 @@ | |||
<div class="footer"> | |||
<div class="inner"> | |||
<div class="info"> | |||
Copyright © 2012 <a href="http://www.secrule.com">Secrule</a> Co.,Ltd. All Rights Reserved. | |||
</div | |||
</div> | |||
</div> | |||
<div> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,6 @@ | |||
<table width="100%" border="0" cellspacing="0" cellpadding="0"> | |||
<tr> | |||
<td> <img src='imgall.php?countnew={countkeyword+countvirus}&countdel={countdel}&countmodify={countmodify}'></td> | |||
<td> <img src='imgcount.php?countNew={countnew}&countKeywords={countkeyword}&countVirus={countvirus}'></td> | |||
</tr> | |||
</table> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,33 @@ | |||
<h3>当天被删除文件数:<font color=#D9773A>{countdel}</font></h3> | |||
<table class="mtable" width="100%" border="0" cellspacing="0" cellpadding="0"> | |||
<thead> | |||
<tr> | |||
<td width="102">ID</td> | |||
<td width="140">服务器IP</td> | |||
<td width="130">报警内容</td> | |||
<td width="80">危险等级</td> | |||
<td width="80">处理结果</td> | |||
<td width="130">监控时间</td> | |||
<td>文件详情</td> | |||
</tr> | |||
</thead> | |||
{foreach:all,rowscountdel} | |||
<tr> | |||
<td class="ftd">{rowscountdel['id']}</td> | |||
<td>{rowscountdel['ip']}</td> | |||
<td>{rowscountdel['content']}</td> | |||
<td>{rowscountdel['level']}</td> | |||
{if:rowscountdel['remove']=="已处理"} | |||
<td><font color=#D9773A>{color}{rowscountdel['remove']}</font></td> | |||
{else} | |||
<td>{rowscountdel['remove']}</td> | |||
{end:} | |||
<td>{rowscountdel['date']}</td> | |||
<td><a href="javascript:;" class="viewbtn" onClick="showdiv('div_{rowscountdel['id']}');">查看源代码</a></td> | |||
</tr> | |||
<tr id="div_{rowscountdel['id']}" style="display:none;"> | |||
<td class="ftd" colspan="7"><div class="codebox">{htmlspecialchars(rowscountdel['source'])}</div></td> | |||
</tr> | |||
{end} | |||
|
|||
</table> |
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,7 @@ | |||
<frameset rows="70,*" frameborder="yes" framespacing="30" bordercolor="#cccccc" > | |||
<frame src="top.html" name="topframe" scrolling="no" noresize /> | |||
<frame src="left.html" name="leftFrame" id="leftFrame" frameborder="0" scrolling="yes" noresize /> | |||
<frame src="main.html" name="mainFrame" id="mainFrame" frameborder="0" /> | |||
</frameset> | |||
</frameset> | |||
<noframes></noframes> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,33 @@ | |||
<h3>当天发现新增可疑文件数:<font color=#D9773A>{countkeyword}</font></h3> | |||
<table class="mtable" width="100%" border="0" cellspacing="0" cellpadding="0"> | |||
<thead> | |||
<tr> | |||
<td width="102">ID</td> | |||
<td width="140">服务器IP</td> | |||
<td width="130">报警内容</td> | |||
<td width="80">危险等级</td> | |||
<td width="80">处理结果</td> | |||
<td width="130">监控时间</td> | |||
<td>文件详情</td> | |||
</tr> | |||
</thead> | |||
{foreach:all,rowskeyword} | |||
<tr> | |||
<td class="ftd">{rowskeyword['id']}</td> | |||
<td>{rowskeyword['ip']}</td> | |||
<td>{rowskeyword['content']}</td> | |||
<td>{rowskeyword['level']}</td> | |||
{if:rowskeyword['remove']=="已处理"} | |||
<td><font color=#D9773A>{color}{rowskeyword['remove']}</font></td> | |||
{else} | |||
<td>{rowskeyword['remove']}</td> | |||
{end:} | |||
<td>{rowskeyword['date']}</td> | |||
<td><a href="javascript:;" class="viewbtn" onClick="showdiv('div_{rowskeyword['id']}');">查看源代码</a></td> | |||
</tr> | |||
<tr id="div_{rowskeyword['id']}" style="display:none;"> | |||
<td class="ftd" colspan="7"><div class="codebox">{htmlspecialchars(rowskeyword['source'])}</div></td> | |||
</tr> | |||
{end} | |||
|
|||
</table> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,44 @@ | |||
<div class="menu" id="menu"> | |||
<div class="mtop"></div> | |||
<ul> | |||
|
|||
<?php if(trim($_GET['action']) ==''){?> | |||
<li class="on"><span>监控主页</span></li> | |||
<?php }else{ ?> | |||
<li><a href="index.php"><span>监控主页</span></a></li> | |||
<?php }?> | |||
|
|||
<?php if(trim($_GET['action']) =='count'){?> | |||
<li class="on"><span>监控统计图</span></li> | |||
<?php }else{ ?> | |||
<li><a href="?action=count"><span>监控统计图</span></a></li> | |||
<?php }?> | |||
|
|||
<?php if(trim($_GET['action']) =='virus'){?> | |||
<li class="on"><span>查看后门文件</span></li> | |||
<?php }else{ ?> | |||
<li><a href="?action=virus"><span>查看后门文件</span></a></li> | |||
<?php }?> | |||
|
|||
<?php if(trim($_GET['action']) =='keyword'){?> | |||
<li class="on"<span>查看可疑文件</span></li> | |||
<?php }else{ ?> | |||
<li><a href="?action=keyword"><span>查看可疑文件</span></a></li> | |||
<?php }?> | |||
|
|||
<?php if(trim($_GET['action']) =='countdel'){?> | |||
<li class="on"<span>查看被删除文件</span></li> | |||
<?php }else{ ?> | |||
<li><a href="?action=countdel"><span>查看被删除文件</span></a></li> | |||
<?php }?> | |||
|
|||
<?php if(trim($_GET['action']) =='countmodify'){?> | |||
<li class="on"<span>查看被修改文件</span></li> | |||
<?php }else{ ?> | |||
<li><a href="?action=countmodify"><span>查看被修改文件</span></a></li> | |||
<?php }?> | |||
|
|||
<li><a href="?action=exit"><span>退 出</a></span></li> | |||
</ul> | |||
<div class="mbtm"></div> | |||
</div> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,24 @@ | |||
<!DOCTYPE html> | |||
<html> | |||
<head> | |||
<meta charset="utf-8"> | |||
<title>Falcon-用户登录</title> | |||
<link rel="stylesheet" type="text/css" href="html/style.css" /> | |||
</head> | |||
<body> | |||
<div class="wrap"> | |||
<form action="./login.php" method="POST"> | |||
<div class="loginbox"> | |||
<div class="name"> | |||
<input type="text" name="username" id="username"/> | |||
</div> | |||
<div class="pass"> | |||
<input type="password" name="password" id="password"/> | |||
</div> | |||
<div class="login"> | |||
<input type="submit" name="submit" value="登陆" id="sub"/> | |||
<input type="reset" name="reset" value="重置" id="ret"/> | |||
</div> | |||
</div> | |||
</form> | |||
<div class="loginfo">{message}</div> |
Oops, something went wrong.