diff --git a/nosteam_verificiation/nginx/nginx.conf b/nosteam_verificiation/nginx/nginx.conf new file mode 100644 index 00000000..3ed7f8ce --- /dev/null +++ b/nosteam_verificiation/nginx/nginx.conf @@ -0,0 +1,132 @@ +user nonroot; +worker_processes auto; +worker_cpu_affinity auto; +pid /run/nginx.pid; + +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 4096; + multi_accept on; +} + +http { + ## + # Basic Settings + ## + charset utf-8; + source_charset utf-8; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + server_tokens off; + server_name_in_redirect off; + ignore_invalid_headers on; + recursive_error_pages on; + types_hash_max_size 4096; + + keepalive_timeout 65; + client_max_body_size 150m; + + ssl_protocols TLSv1.3 TLSv1.2; + ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS_AES_256_GCM_SHA384:TLS-AES-256-GCM-SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; + ssl_ecdh_curve secp521r1:secp384r1; + ssl_prefer_server_ciphers on; + + ssl_dhparam /etc/nginx/dhparam.pem; + ssl_buffer_size 4k; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 60m; + ssl_session_tickets off; + + ssl_stapling on; + ssl_stapling_verify on; + resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; + resolver_timeout 5s; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + fastcgi_buffers 8 16k; + fastcgi_buffer_size 32k; + fastcgi_index index.php; + + ## + # Logging Settings + ## + #the nginx file is just uploaded for the purpose of showing what the logging format is + log_format main '[$time_local] $remote_addr ' 'status code: $status body bytes: $body_bytes_sent bytes: $bytes_sent ' + 'user agent: "$http_user_agent" x forwarded: "$http_x_forwarded_for" request length: $request_length request_time: $request_time' ' request: $request ssl_protocol: $ssl_protocol ssl_cipher: $ssl_cipher'; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + log_not_found off; + + ## + # Gzip Settings + ## + gzip on; + gzip_http_version 1.1; + gzip_vary on; + gzip_comp_level 6; + gzip_proxied any; + gzip_types application/atom+xml + application/javascript + application/json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/x-httpd-php + application/xhtml+xml + application/xml + application/xml+rss + font/opentype + image/svg+xml + image/x-icon + text/css + text/plain + text/xml; + gzip_buffers 16 8k; + gzip_disable "MSIE [1-6]\.(?!.*SV1)"; + + #fancyindex_localtime on; + #fancyindex_exact_size off; + #fancyindex_name_length 100; + + ## + # Cloudflare + ## + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 104.16.0.0/12; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 172.64.0.0/13; + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + set_real_ip_from 199.27.128.0/21; + + set_real_ip_from 2400:cb00::/32; + set_real_ip_from 2405:8100::/32; + set_real_ip_from 2405:b500::/32; + set_real_ip_from 2606:4700::/32; + set_real_ip_from 2803:f800::/32; + + real_ip_header CF-Connecting-IP; + + ## + # GeoIP + ## + geoip_country /usr/share/GeoIP/GeoIP.dat; + + ## + # Virtual Host Configs + ## + include /etc/nginx/sites-enabled/default; + include /etc/nginx/sites/*.conf; +} diff --git a/nosteam_verificiation/python/read_access_logs.py b/nosteam_verificiation/python/read_access_logs.py new file mode 100644 index 00000000..a6c1aa9d --- /dev/null +++ b/nosteam_verificiation/python/read_access_logs.py @@ -0,0 +1,90 @@ +#!/home/nonroot/nginx_reader/venv/bin/python3 +from settings import get_connection + +def main(): + motd_accessed = [] + with open("/var/log/nginx/access_xenforo.log", "r") as f: + for l in f.readlines(): + if 'MOTD.html' in l: + motd_accessed.append(l) + with get_connection() as conn: + with conn.cursor() as cur: + sql_statement = """ + CREATE TABLE IF NOT EXISTS + `unloze_anti-spoofing`.requests_info + ( + ipv4 varchar(64) not null, + status_code int4, + user_agent varchar(512), + x_forwarded varchar(512), + request_length int4, + request_time int4, + body_bytes_sent varchar(64), + bytes_sent varchar(64), + ssl_protocol varchar(256), + ssl_cipher varchar(256), + inserted_on datetime default now(), + primary key (ipv4) + ) + """ + cur.execute(sql_statement) + #print('statement: ', cur.statement) + sql_statement = """ + CREATE TABLE IF NOT EXISTS + `unloze_anti-spoofing`.user_agent_history + ( + id BIGINT NOT NULL AUTO_INCREMENT PRIMARY KEY, + ipv4 varchar(64) not null, + user_agent varchar(512), + inserted_on datetime default now(), + FOREIGN KEY (ipv4) REFERENCES requests_info(ipv4) + ) + """ + cur.execute(sql_statement) + #print('statement: ', cur.statement) + for d in motd_accessed: + ipv4 = d.split("] ")[1].split(" status")[0] + status_code = d.split("code: ")[1].split(" body")[0] + user_agent = d.split('user agent: "')[1].split('" x ')[0] + x_forwarded = d.split('x forwarded: "')[1].split('" request length:')[0] + request_length = d.split("request length: ")[1].split(" request_time:")[0] + request_time = d.split("request_time: ")[1].split(" content length:")[0] + body_bites = d.split("body bytes: ")[1].split(" bytes:")[0] + bytes_send = d.split("bytes: ")[1].split(" user agent:")[0].strip(" ") + ssl_protocol = d.split("ssl_protocol: ")[1].split(" ssl_cipher:")[0] + ssl_cipher = motd_accessed[0].split("ssl_cipher: ")[1].split("\n")[0] + + sql_statement = """ + INSERT IGNORE + `unloze_anti-spoofing`.requests_info + (ipv4, status_code, user_agent, x_forwarded, request_length, request_time, body_bytes_sent, bytes_sent, + ssl_protocol, ssl_cipher) + VALUES + (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s) + """ + cur.execute(sql_statement, [ipv4, status_code, user_agent, x_forwarded, request_length, request_time, body_bites, bytes_send, ssl_protocol, ssl_cipher]) + sql_statement = """ + select * from `unloze_anti-spoofing`.user_agent_history + WHERE ipv4 = %s and user_agent + = %s + """ + cur.execute(sql_statement, [ipv4, user_agent]) + res = cur.fetchall() + #print('res: ', res) + if not res: + sql_statement = """ + INSERT IGNORE + `unloze_anti-spoofing`.user_agent_history + (ipv4, user_agent) + VALUES + (%s, %s) + """ + cur.execute(sql_statement, [ipv4, user_agent]) + #print('statement: ', cur.statement) + conn.commit() + conn.close() #not sure if mysql supports with statement clauses or not but does not look like it tbh + + +if __name__ == '__main__': + main() + print('finished') diff --git a/nosteam_verificiation/systemctl/nginx_collector.service b/nosteam_verificiation/systemctl/nginx_collector.service new file mode 100644 index 00000000..2866580a --- /dev/null +++ b/nosteam_verificiation/systemctl/nginx_collector.service @@ -0,0 +1,10 @@ +[Unit] +Description=nginx logging collector + +[Service] +Type=simple +User=nonroot +WorkingDirectory=/home/nonroot/nginx_reader +Restart=always +RestartSec=5 +ExecStart=/home/nonroot/nginx_reader/read_access_logs.py