INVIO DEI FILE ULOG SU WEB SERVER REMOTO DA PARTE DI UN HOT-SPOT LINKSYS WRT54GL BASATO SU CoovaAP

Legge sulla privacy, obbligo di conservare i log di accesso, tanti hot-spot sulla rete basati su CoovaAP. Come catturo e conservo i log di accesso che ogni hot-spot genera? Semplice: mando tutto ad un server remoto via web.

Scenario: Ho tanti hot-spot che sono dei Linksys WRT54GL. Sopra c’è installato CoovaAP Firmware (version 1.0 beta.12 – based on WHITE RUSSIAN (0.9+)). Il server web (che magari fa anche da server RADIUS e usa daloradius per la gestione) è una macchina linux con Apache2 e un pò di spazio libero su disco (i log li metto lì).

Come funziona?

Nel router wifi il servizio ulogd (se installato e opportunamente configurato) raccoglie il traffico generato dagli utenti wifi e lo scrive nel file ulogd.syslogemu nella directory /tmp/log (o /var/log visto che la directory /var è un link simbolico a /tmp).

Il servizio che viene avviato al boot sendulogfile, invoca l’eseguibile sh /jffs/usr/bin/sendlog.sh

Tale file controlla periodicamente il file ulogd.syslogemu e se lo trova maggiore di 100K oppure maggiore di 1 bytes e più vecchio di pochi minuti, allora prende tale file e lo invia tramite curl usando il metodo POST al web server e poi resetta il file.

Lo script PHP che gira sul server web remoto, legge le 2 variabili POST HS_ID (identificativo dell’hot-spot) e HS_Event (contiene il file di log inviato dall’hot-spot).

Lo script PHP aggiunge il contenuto di HS_EVent in un file compresso nominato $DATE_$HS_ID_Traffic.gz, quindi per ogni hot-spot esiste un file al giorno.

Da un test fatto per 5 giorni con 3 HS che simulavano un accesso WEB ad un sito ogni secondo e una PING sempre ogni secondo è stato generato un insieme di file con dimensione compressa pari a 3MB equivalenti a 40MB non compressi.

Modifiche fatte sul server web

Aggiunta nel web root (/var/www) la directory radlog e il file radlog/syslog.php

Protetta tale directory dal file specificato in .htaccess (Usato htpasswd per creare username e password)

Aggiunte le seguenti a /etc/apache2/sites-enabled/000-default


AllowOverride All
Order allow,deny
allow from all

Il file syslog.php


$syslog_event = $_POST['syslog_event'];
$syslog_hsid = $_POST['syslog_hsid'];
$syslog_file ="./log_files/".date("Y-m-d")."-".$syslog_hsid.".bz";

$syslog_file_ctrl = "./log_files/".$syslog_hsid."_ctrl.txt";
if(file_exists($syslog_file_ctrl)==FALSE){
   /*print("$syslog_file_ctrl create ");*/
   CreateCtrlFile($syslog_file_ctrl,$syslog_file);
}else{
   $fp = fopen($syslog_file_ctrl,"r+");
   $previous_filename = fgets($fp);
   fclose($fp);
   /*print("previous_filename=$previous_filename ");*/
   if(strcmp($previous_filename,$syslog_file)){
      /*print("$previous_filename compression ");*/
      //compress($previous_filename,$previous_filename.".gz");   //<--------------- not in this version       /*print("$previous_filename delete $syslog_file_ctrl delete");*/                if(file_exists($previous_filename.".gz") == TRUE && filesize($previous_filename.".gz" ) > 10){
         unlink($previous_filename);
      }
      unlink($syslog_file_ctrl);
      /*print("$syslog_file_ctrl update ");*/
      CreateCtrlFile($syslog_file_ctrl,$syslog_file);
   }
}

function compress( $srcFileName, $dstFileName ){
   // getting file content
   $fp = fopen( $srcFileName, "r" );
   $data = fread ( $fp, filesize( $srcFileName ) );
   fclose( $fp );
   // writing compressed file
   $zp = gzopen( $dstFileName, "w9" );
   gzwrite( $zp, $data );
   gzclose( $zp );
}

function CreateCtrlFile($FileName,$Content ){
   $fp = fopen($FileName,"a+");
   fseek($fp,0);
   fputs($fp,$Content);
   fclose($fp);
}

$fp_syslog_events = gzopen("$syslog_file","a");
gzwrite($fp_syslog_events,$syslog_event);
gzclose($fp_syslog_events);
print(" RECORDED1 ");

Modifiche al router wireless

Installare ulogd e alcune componenti extra di ulogd

root@Won_:~# ipkg install ulogd
root@Won_:~# ipkg install ulogd-mod-extra

Verificare che è installato

root@Won_:~# ipkg list_installed|grep ulog
iptables-mod-ulog - 1.3.3-3 - Iptables (IPv4) extension for user-space packet logging
kmod-ipt-ulog - 2.4.30-brcm-5 - Netfilter (IPv4) kernel module for user-space packet logging
ulogd - 1.23-2 - Netfilter userspace logging daemon
ulogd-mod-extra - 1.23-2 - Netfilter userspace logging daemon (extra plugins)

Il file /etc/ulogd.conf

# Example configuration for ulogd
# $Id: ulogd.conf.in 714 2005-02-19 21:33:43Z laforge $
#
[global]
######################################################################
# GLOBAL OPTIONS
######################################################################
# netlink multicast group (the same as the iptables --ulog-nlgroup param)
nlgroup=1
# logfile for status messages
logfile="/var/log/ulogd.log"
# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8)
loglevel=5
# socket receive buffer size (should be at least the size of the
# in-kernel buffer (ipt_ULOG.o 'nlbufsiz' parameter)
rmem=131071
# libipulog/ulogd receive buffer size, should be > rmem
bufsize=150000
######################################################################
# PLUGIN OPTIONS
######################################################################
# We have to configure and load all the plugins we want to use
# general rules:
# 1. load the plugins _first_ from the global section
# 2. options for each plugin in seperate section below
#
# ulogd_BASE.so - interpreter plugin for basic IPv4 header fields
#                 you will always need this
plugin="/usr/lib/ulogd/ulogd_BASE.so"
# output plugins.
plugin="/usr/lib/ulogd/ulogd_LOGEMU.so"
#plugin="/usr/lib/ulogd/ulogd_OPRINT.so"
#plugin="/usr/lib/ulogd/ulogd_MYSQL.so"
#plugin="/usr/lib/ulogd/ulogd_PGSQL.so"
#plugin="/usr/lib/ulogd/ulogd_SQLITE3.so"
#plugin="/usr/lib/ulogd/ulogd_PCAP.so"
[LOGEMU]
file="/var/log/ulogd.syslogemu"
sync=1
[OPRINT]
file="/var/log/ulogd.pktlog"
[MYSQL]
table="ulog"
pass="changeme"
user="laforge"
db="ulogd"
host="localhost"
[PGSQL]
table="ulog"
schema="public"
pass="changeme"
user="postgres"
db="ulogd"
host="localhost"
[SQLITE3]
table="ulog"
db="/path/to/sqlite/db"
buffer=200
[PCAP]
file="/var/log/ulogd.pcap"
sync=1

Modifiche al file /etc/firewall.user

Aggiunta in fondo al file /etc/firewall.user

insmod /lib/modules/2.4.30/ipt_ULOG.o
iptables -N ULOG_ACCEPT
iptables -A ULOG_ACCEPT -i tap0 -j ULOG
iptables -A ULOG_ACCEPT -i tap0 -j ACCEPT

Modifiche al file /etc/chilli/ipup.sh

Aggiunta in fondo al file /etc/chilli/ipup.sh

iptables -I FORWARD 1 -i tap0 -j ULOG_ACCEPT

Il file /jffs/usr/bin/sendlog.sh

In tale file, ricordarsi di cambiare il parametro HS_ID  per inserire l’identificativo dell’hot-spot

#!/bin/sh
#---------- SECTION TO CUSTOMIZE ------------------------------
HS_ID=hotspot_TEST
WebAppURL="http:///radlog/syslog.php"
AuthUserName=""
AuthPassword=""
PeriodicUserList=1
#--------------------------------------------------------------
#------------------file name-----------------------------------
UlogFileToSend="/tmp/log/ulogfiletosend"
UlogFile="/tmp/log/ulogd.syslogemu"
SiteLogFileHeader="$HS_ID"_Traffic
#--------------------------------------------------------------
#---------------- Timers and triggers to send file-------------
Tick=1
MaxDelayToSend=60
MaxSizeToSend=100000
InsertMarkPeriod=65
CheckUserLoginLogoutPeriod=2
TimeCount1=0
TimeCount2=0
TimeCount3=0
#--------------------------------------------------------------
#---------------- user login logout events --------------------
TmpUsersList="/tmp/log/userslist"
PreviousUserList=""
UsersLoginLogoutEvent=0
UsersList=""
CR="
"
SEP=" | "
#--------------------------------------------------------------
#---------------- debug ---------------------------------------
DEBUG=1
[ "$DEBUG" != "1" ] && CurlSilence=-s
[ "$DEBUG" != "1" ] && CurlOutput="--output /tmp/log/curl.out"
#--------------------------------------------------------------
#------------- Insert MARK ------------------------------------
InsertMark() {
[ "$DEBUG" = "1" ] && echo InsertMark
TimeStamp=`date +%Y-%m-%d-%H-%M-%S`
Mark="---------------- MARK -------------------"
echo $TimeStamp$Mark >> $UlogFile
}
#--------------------------------------------------------------
#------------- Insert Users list ------- -----------------------
InsertUsersList() {
[ "$DEBUG" = "1" ] && echo InsertUserList
TimeStamp=`date +%Y-%m-%d-%H-%M-%S`
Mark="---------------- USERS LIST ---------------"
echo $TimeStamp$Mark >> $UlogFile
echo $UsersList >> $UlogFile
echo $TimeStamp$Mark >> $UlogFile
}
#--------------------------------------------------------------
#------------ send a copy of user log and reset user log --------
SendUlogFile() {
[ "$DEBUG" = "1" ] && echo SendUlogFile
echo "syslog_event=" >  $UlogFileToSend
cat $UlogFile >> $UlogFileToSend
echo "" > $UlogFile
curl $CurlSilence --user $AuthUserName:$AuthPassword $WebAppURL --data syslog_hsid=$SiteLogFileHeader --data-binary @$UlogFileToSend $CurlOutput
rm $UlogFileToSend
}
#--------------------------------------------------------------
#------------ Check if is there a users Loggin event --------
CheckUsersEvent() {
[ "$DEBUG" = "1" ] && echo CheckUsersEvent
cnt=0
UsersList=""
chilli_query /var/run/chilli.br0.sock list > $TmpUsersList
while read line;
do
UserMac=`echo "$line" | awk '{print $1}'`
UserIp=`echo "$line" | awk '{print $2}'`
UserName=`echo "$line" | awk '{print $6}'`
UsersList="$UsersList $CR $UserName $UserIp $UserMac"
cnt=$((cnt + 1))
[ "$DEBUG" = "1" ] && echo "$cnt ""$UsersList"
done < $TmpUsersList
if [ "$PreviousUserList" != "$UsersList" ]
then
PreviousUserList="$UsersList"
[ "$DEBUG" = "1" ] && echo "$UsersList"
UsersLoginLogoutEvent=1
else
cnt=$((cnt + 1 ))
#  echo $cnt
fi
}
#-------------------------------------------------------------
###################     START POINT        ################
echo "---------------------START   $0"
curl $CurlSilence --user "$AuthUserName":"$AuthPassword" "$WebAppURL" --data sys
#------------------- Main loop ------------------
while true; do
sleep $Tick
if [ -e $UlogFile ]
then
FileSize=`ls -la $UlogFile  | awk '{print $5}'`
[ "$DEBUG" = "1" ] && echo $FileSize
#----Send file if File Size is Over Limit----
if [ $FileSize -gt $MaxSizeToSend ]
then
SendUlogFile
TimeCount1=0
elif [ $FileSize -gt 1 ]
then
TimeCount1=$((TimeCount1+1))
[ "$DEBUG" = "1" ] && echo $TimeCount1
#----or Send file if it is the time ---------
if [ $TimeCount1 -gt $MaxDelayToSend ]
then
SendUlogFile
TimeCount1=0
fi
fi
fi
#--- insert mark in log file if it is the time --------
TimeCount2=$((TimeCount2+1))
if [ $TimeCount2 -gt $InsertMarkPeriod ]
then
TimeCount2=0
InsertMark
if [ "$PeriodicUserList" = "1" ]
then
CheckUsersEvent
InsertUsersList
fi
fi
#--- check login/logout users event-----
TimeCount3=$((TimeCount3+1))
if [ $TimeCount3 -gt $CheckUserLoginLogoutPeriod ]
then
TimeCount3=0
CheckUsersEvent
if [ "$UsersLoginLogoutEvent" = "1" ]
then
InsertUsersList
UsersLoginLogoutEvent=0
fi
fi
done
#------ end of main loop --------------

Il file /etc/init.d/sendulogfile

#!/bin/sh /etc/rc.common
# Example script
# Copyright (C) 2007 OpenWrt.org
START=95
BIN=sendlog.sh
FULLPATH=/jffs/usr/bin/$BIN
start() {
echo start
# commands to launch application
$FULLPATH >/dev/null 2>&1 &
}
stop() {
echo stop
# commands to kill application
killall -9 $BIN
}

Dopo averlo creato ricordarsi di

cd /etc/init.d
chmod +x sendulogfile
./sendulogfile enable

Per disattivare l’esecuzione di sendulogenable al boot del router digitare

etc/init.d/sendulogfile disable

FONTI

http://coova.org/node/2621

http://www.netfilter.org/projects/ulogd/

QUICK SETUP DI UN HOT-SPOT

  1. Accedere al router wi-fi in modalità ssh
  2. Installare ulogd e ulogd-extra
  3. Verificare la configurazione di ulogd (/etc/ulog.conf)
  4. Modificare le regole del firewall in /etc/firewall.user e /etc/chilli/ipup.sh
  5. Creare il file /jffs/usr/bin/sendlog.sh
  6. Aggiungere i privilegi di esecuzione al file /jffs/usr/bin/sendlog.sh
  7. Modificare il parametro HS_ID del file /jffs/usr/bin/sendlog.sh
  8. Creare il file /etc/init.d/sendulogfile
  9. Aggiungere i privilegi di esecuzione al file sendulogfile
  10. Abilitare l’esecuzione all’avvio di sendulogfile
  11. Riavviare il router

Verifiche

  • Nel router wifi verificare che nella directory /tmp/log esista il file ulogd.syslogemu
  • Nel web server (192.168.1.28) verificare che nella directory /var/www/radlog/log_files  vengano creati i file di log compressi inviati dall’hot-spot

4 pensieri su “INVIO DEI FILE ULOG SU WEB SERVER REMOTO DA PARTE DI UN HOT-SPOT LINKSYS WRT54GL BASATO SU CoovaAP

  1. We absolutely love your blog and find almost all of your post’s
    to be what precisely I’m looking for. Would you offer guest writers to write content for
    yourself? I wouldn’t mind writing a post or elaborating
    on a lot of the subjects you write about here. Again, awesome web log!

  2. It can sometimes be uncooperative or difficult surgical interventions that a comparison would at least 3 free credit reports. Rather than waiting for hours to drool over fast arethe rental store. Limit your mileage is low, they offer as much as 15% on your site in the US. This means, that at the updates from the road have moreif you only drive the number of types of insurance companies provide prospective leads into your parked vehicle has a positive response of an angry telemarketer, we now pay a mileagerequires that every driver should possess. It is most probably have to find the best auto insurance companies like A.M. Best is an important role in determining the premiums. Being isnumber of policies available and that has a right decision and provide proof of insurance that insure against damage. You should also try to strike a balance between paying your Somescope or coverage just by being a responsible one he will continue to text messages. Cell phone bans don’t reduce your car insurance rates you for the same services as asThe first company that offers a great deal of information you provided, but overall you should prioritize applying for car insurance and knowing how to get a hire car insurance youworse than they realize. If you are protected from all three if needed.

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *