logging generic information about players https requests

2022-05-01 18:11:11 +02:00 · 2022-05-01 18:11:11 +02:00 · 2128687809
commit 2128687809
parent 359972f118
3 changed files with 232 additions and 0 deletions
--- a/nosteam_verificiation/nginx/nginx.conf
+++ b/nosteam_verificiation/nginx/nginx.conf
@ -0,0 +1,132 @@
+user nonroot;
+worker_processes auto;
+worker_cpu_affinity auto;
+pid /run/nginx.pid;
+
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+    worker_connections 4096;
+    multi_accept on;
+}
+
+http {
+    ##
+    # Basic Settings
+    ##
+    charset utf-8;
+    source_charset utf-8;
+
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    server_tokens off;
+    server_name_in_redirect off;
+    ignore_invalid_headers on;
+    recursive_error_pages on;
+    types_hash_max_size 4096;
+
+    keepalive_timeout 65;
+    client_max_body_size 150m;
+
+    ssl_protocols TLSv1.3 TLSv1.2;
+    ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS_AES_256_GCM_SHA384:TLS-AES-256-GCM-SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
+    ssl_ecdh_curve secp521r1:secp384r1;
+    ssl_prefer_server_ciphers on;
+
+    ssl_dhparam /etc/nginx/dhparam.pem;
+    ssl_buffer_size 4k;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 60m;
+    ssl_session_tickets off;
+
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s;
+    resolver_timeout 5s;
+
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    fastcgi_buffers 8 16k;
+    fastcgi_buffer_size 32k;
+    fastcgi_index index.php;
+
+    ##
+    # Logging Settings
+    ##
+	#the nginx file is just uploaded for the purpose of showing what the logging format is
+    log_format  main '[$time_local] $remote_addr ' 'status code: $status body bytes: $body_bytes_sent bytes: $bytes_sent ' 
+        'user agent: "$http_user_agent" x forwarded: "$http_x_forwarded_for" request length: $request_length request_time: $request_time'  ' request: $request ssl_protocol: $ssl_protocol ssl_cipher: $ssl_cipher';
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+    log_not_found off;
+
+    ##
+    # Gzip Settings
+    ##
+    gzip on;
+    gzip_http_version 1.1;
+    gzip_vary on;
+    gzip_comp_level 6;
+    gzip_proxied any;
+    gzip_types application/atom+xml
+               application/javascript
+               application/json
+               application/vnd.ms-fontobject
+               application/x-font-ttf
+               application/x-web-app-manifest+json
+               application/x-httpd-php
+               application/xhtml+xml
+               application/xml
+               application/xml+rss
+               font/opentype
+               image/svg+xml
+               image/x-icon
+               text/css
+               text/plain
+               text/xml;
+    gzip_buffers 16 8k;
+    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
+
+    #fancyindex_localtime on;
+    #fancyindex_exact_size off;
+    #fancyindex_name_length 100;
+
+    ##
+    # Cloudflare
+    ##
+    set_real_ip_from 103.21.244.0/22;
+    set_real_ip_from 103.22.200.0/22;
+    set_real_ip_from 103.31.4.0/22;
+    set_real_ip_from 104.16.0.0/12;
+    set_real_ip_from 108.162.192.0/18;
+    set_real_ip_from 141.101.64.0/18;
+    set_real_ip_from 162.158.0.0/15;
+    set_real_ip_from 172.64.0.0/13;
+    set_real_ip_from 173.245.48.0/20;
+    set_real_ip_from 188.114.96.0/20;
+    set_real_ip_from 190.93.240.0/20;
+    set_real_ip_from 197.234.240.0/22;
+    set_real_ip_from 198.41.128.0/17;
+    set_real_ip_from 199.27.128.0/21;
+
+    set_real_ip_from 2400:cb00::/32;
+    set_real_ip_from 2405:8100::/32;
+    set_real_ip_from 2405:b500::/32;
+    set_real_ip_from 2606:4700::/32;
+    set_real_ip_from 2803:f800::/32;
+
+    real_ip_header CF-Connecting-IP;
+
+    ##
+    # GeoIP
+    ##
+    geoip_country /usr/share/GeoIP/GeoIP.dat;
+
+    ##
+    # Virtual Host Configs
+    ##
+    include /etc/nginx/sites-enabled/default;
+    include /etc/nginx/sites/*.conf;
+}
--- a/nosteam_verificiation/python/read_access_logs.py
+++ b/nosteam_verificiation/python/read_access_logs.py
@ -0,0 +1,90 @@
+#!/home/nonroot/nginx_reader/venv/bin/python3
+from settings import get_connection
+
+def main():
+    motd_accessed = []
+    with open("/var/log/nginx/access_xenforo.log", "r") as f:
+        for l in f.readlines():
+            if 'MOTD.html' in l:
+                motd_accessed.append(l)
+    with get_connection() as conn:
+        with conn.cursor() as cur:
+            sql_statement = """
+            CREATE TABLE IF NOT EXISTS
+            `unloze_anti-spoofing`.requests_info
+            (
+                ipv4 varchar(64) not null,
+				status_code int4,
+                user_agent varchar(512),
+				x_forwarded varchar(512),
+				request_length int4,
+				request_time int4,
+                body_bytes_sent varchar(64),
+				bytes_sent varchar(64),
+				ssl_protocol varchar(256),
+				ssl_cipher varchar(256),
+                inserted_on datetime default now(),
+                primary key (ipv4)
+            )
+            """
+            cur.execute(sql_statement)
+            #print('statement: ', cur.statement)
+            sql_statement = """
+				CREATE TABLE IF NOT EXISTS
+                `unloze_anti-spoofing`.user_agent_history
+            (   
+                id BIGINT NOT NULL AUTO_INCREMENT PRIMARY KEY,
+                ipv4 varchar(64) not null,
+                user_agent varchar(512),
+                inserted_on datetime default now(),
+				FOREIGN KEY (ipv4) REFERENCES requests_info(ipv4)
+            )
+            """
+            cur.execute(sql_statement)
+            #print('statement: ', cur.statement)
+            for d in motd_accessed:
+                ipv4 = d.split("] ")[1].split(" status")[0]
+                status_code = d.split("code: ")[1].split(" body")[0]
+                user_agent = d.split('user agent: "')[1].split('" x ')[0]
+                x_forwarded = d.split('x forwarded: "')[1].split('" request length:')[0]
+                request_length = d.split("request length: ")[1].split(" request_time:")[0]
+                request_time = d.split("request_time: ")[1].split(" content length:")[0]
+                body_bites = d.split("body bytes: ")[1].split(" bytes:")[0]
+                bytes_send = d.split("bytes: ")[1].split(" user agent:")[0].strip(" ")
+                ssl_protocol = d.split("ssl_protocol: ")[1].split(" ssl_cipher:")[0]
+                ssl_cipher = motd_accessed[0].split("ssl_cipher: ")[1].split("\n")[0]
+
+                sql_statement = """
+                    INSERT IGNORE
+                        `unloze_anti-spoofing`.requests_info
+                        (ipv4, status_code, user_agent, x_forwarded, request_length, request_time, body_bytes_sent, bytes_sent,
+                        ssl_protocol, ssl_cipher)
+                    VALUES
+                        (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)
+                """
+                cur.execute(sql_statement, [ipv4, status_code, user_agent, x_forwarded, request_length, request_time, body_bites, bytes_send, ssl_protocol, ssl_cipher])
+                sql_statement = """
+					select * from `unloze_anti-spoofing`.user_agent_history
+                    WHERE ipv4 = %s and user_agent 
+                    = %s
+                """
+                cur.execute(sql_statement, [ipv4, user_agent])
+                res = cur.fetchall()
+                #print('res: ', res)
+                if not res:
+                    sql_statement = """
+                       INSERT IGNORE
+                          `unloze_anti-spoofing`.user_agent_history
+                           (ipv4, user_agent)
+                       VALUES
+                       (%s, %s)
+                    """
+                    cur.execute(sql_statement, [ipv4, user_agent])
+                    #print('statement: ', cur.statement)
+        conn.commit()
+        conn.close() #not sure if mysql supports with statement clauses or not but does not look like it tbh
+
+
+if __name__ == '__main__':
+    main()
+    print('finished')
--- a/nosteam_verificiation/systemctl/nginx_collector.service
+++ b/nosteam_verificiation/systemctl/nginx_collector.service
@ -0,0 +1,10 @@
+[Unit]
+Description=nginx logging collector
+
+[Service]
+Type=simple
+User=nonroot
+WorkingDirectory=/home/nonroot/nginx_reader
+Restart=always
+RestartSec=5
+ExecStart=/home/nonroot/nginx_reader/read_access_logs.py