I-ProHoster > Блог > Ukuphatha > Ukuqapha okukude nokulawula kwamadivayisi asuselwa ku-Lunix/OpenWrt/Lede nge-port 80…

Ukuqapha okukude nokulawula kwamadivayisi asuselwa ku-Lunix/OpenWrt/Lede nge-port 80…

Sanibonani nonke, lokhu kuyinto yami yokuqala ku-Habré. Ngifuna ukubhala ngendlela yokuphatha imishini yenethiwekhi kunethiwekhi yangaphandle ngendlela engajwayelekile. Kusho ukuthini okungajwayelekile: ezikhathini eziningi, ukuphatha okokusebenza kunethiwekhi yangaphandle udinga:

  • Ikheli lasesizindeni se-intanethi. Hhayi-ke, noma uma okokusebenza kungemuva kwe-NAT yomuntu othile, bese kuba yi-IP yomphakathi kanye nembobo "edluliselwe phambili".
  • Umhubhe (PPTP/OpenVPN/L2TP+IPSec, njll.) oya endaweni emaphakathi lapho ezofinyeleleka khona.

Ngakho-ke, uzodinga "ibhayisikili lami" lapho izindlela ezijwayelekile zingahambisani nawe, isibonelo:

  1. Imishini itholakala ngemuva kwe-NAT futhi, ngaphandle kwe-http evamile (port 80), konke kuvaliwe. Lesi isimo esijwayelekile ngokuphelele samanethiwekhi amakhulu ezinkampani zombuso. Bangakwazi ukubhalisa amachweba, kodwa hhayi ngokushesha, hhayi ngokushesha, futhi hhayi ngawe.
  2. Isiteshi sokuxhumana esingazinzile kanye/noma “esincane”. Isivinini esiphansi, ukulahlekelwa okuqhubekayo. Ubuhlungu nokukhungatheka lapho uzama ukuhlela umhubhe.
  3. Isiteshi sokuxhumana esibizayo, lapho ngokoqobo wonke ama-megabyte ebalwa. Isibonelo, ukuxhumana ngesathelayithi. Kanye nokulibaziseka okude kanye nebhendi "encane".
  4. Isimo lapho udinga "ukuguqula" inani elikhulu lamarutha amancane, lapho, ngakolunye uhlangothi, i-OpenWrt/Lede ifakwe ukuze kwandiswe amakhono, futhi ngakolunye uhlangothi, izinsiza (inkumbulo) yomzila azanele. kukho konke.

Qaphela izikhathi zezinombolo Yini ekuvimbela ukuthi ufake i-flash drive embotsheni ye-USB yerutha futhi wandise inkumbulo yomzila?

Ezikhathini eziningi, izidingo zingezezindleko zesixazululo sisonke, kodwa ngezinye izikhathi isici sefomu sidlala indima ebalulekile. Isibonelo, kukhona i-TP-Link ML3020 esizeni, imbobo yayo kuphela ye-USB isetshenziselwa imodemu ye-2G/3G, konke lokhu kugoqwe ohlotsheni oluthile lwebhokisi lepulasitiki elincane futhi libekwe endaweni ethile phezulu, phezulu (ku-mast), kude, kude (insimu, 30 km ukusuka esiteshini esiseduze sika-opharetha weselula). Yebo, ungakwazi ukuxhuma ihabhu le-USB futhi wandise inombolo yezimbobo, kodwa ulwazi lubonisa ukuthi lokhu kunzima futhi akuthembeki.

Ngakho-ke, ngizamile ukukuchazela isimo sami esijwayelekile: “Ndaweni ethile ekude, kude, kunerutha ebaluleke kakhulu, enesizungu futhi encane esebenzisa i-Linux. Kubalulekile ukwazi okungenani kanye ngosuku ukuthi "uyaphila" futhi, uma kunesidingo, imiyalo ithunyelwa kuye, isibonelo, "uju, qala kabusha!"

Masiqhubekele ekusetshenzisweni:

I-1) Ohlangothini lwe-router, nge-cron, njalo ngemizuzu engu-5/10/1440, noma nini lapho ufuna, udinga ukuthumela isicelo se-http kuseva usebenzisa i-wget, gcina umphumela wesicelo efayeleni, wenze ifayela lisebenze. , futhi ukwenze.

Ulayini wami we-cron ubukeka kanjena:

Ifayela /etc/crontabs/root:

  */5 * * * * wget "http://xn--80abgfbdwanb2akugdrd3a2e5gsbj.xn--p1ai/a.php?u=user&p=password" -O /tmp/wa.sh && chmod 777 /tmp/wa.sh && /tmp/wa.sh

, lapho:
I-xn--80abgfbdwanb2akugdrd3a2e5gsbj.xn--p1ai isizinda seseva yami. Ake ngiphawule ngokushesha: yebo, ungacacisa ikheli elithile le-IP leseva, sasivame ukwenza lokhu kuze kube yilapho isimo sethu, ngomfutho olungile womzabalazo, ngizothi, angazi, ngivimbe ukufinyelela kwengonyama. isabelo se-DigitalOcean ne-Amazon "amafu". Uma usebenzisa isizinda esingokomfanekiso, uma kwenzeka isigameko esinjalo, ungakwazi ukuphakamisa kalula ifu eliyisipele, uqondise kabusha isizinda kuso futhi ubuyisele ukugadwa kwedivayisi.

i-a.php igama lesikripthi sohlangothi lweseva. Yebo, ngiyazi ukuthi akulungile ukusho okuguquguqukayo namagama wamafayela anohlamvu olufanayo... Ngiphakamisa ukuthi ngale ndlela silondoloze amabhayithi ambalwa lapho sithumela isicelo :)
u - igama lomsebenzisi, ukungena kwehadiwe
p - iphasiwedi
I-“-O /tmp/wa.sh” iyifayela kurutha ekude lapho impendulo yeseva, isibonelo umyalo wokuqalisa kabusha, izogcinwa khona.

Qaphela inombolo yesibili: Ahhh, kungani sisebenzisa i-wget hhayi i-curl, ngoba nge-curl ungathumela izicelo ze-https hhayi nge-GET, kodwa nge-POST? Ahhh ngoba, njengasehlayeni elidala elithi “NE ugibela embizeni!” i-curl ihlanganisa amalabhulali okubhala ngemfihlo angaba ngu-2MB ngobukhulu futhi ngenxa yalokhu mancane amathuba okuthi ukwazi ukuhlanganisa isithombe se-TP-LINK ML3020 encane, isibonelo. Futhi nge-wget - sicela.

2) Ohlangothini lweseva (nginobuntu) sizosebenzisa i-Zabbix. Kungani: Ngifuna ibe yinhle (namagrafu) futhi ibe lula (thumela imiyalo ngemenyu yokuqukethwe). I-Zabbix inento emangalisayo njenge-ejenti ye-zabbix. Nge-ejenti, sizobiza iskripthi se-PHP kuseva, esizobuyisela ulwazi mayelana nokuthi umzila wethu ubhalisiwe yini phakathi nesikhathi esidingekayo. Ukugcina ulwazi mayelana nesikhathi sokubhalisa, imiyalo yamadivayisi, ngisebenzisa i-MySQL, abasebenzisi betafula abahlukene abanezinkambu cishe ezilandelayo:

		CREATE TABLE `users` (
		  `id` varchar(25) NOT NULL,
		  `passwd` varchar(25) NOT NULL,
		  `description` varchar(150) NOT NULL,
		  `category` varchar(30) NOT NULL,
		  `status` varchar(10) NOT NULL,
		  `last_time` varchar(20) NOT NULL, // время последнего соединения
		  `last_ip` varchar(20) NOT NULL, // IP последнего соединения 
		  `last_port` int(11) NOT NULL, // порт последнего соединения
		  `task` text NOT NULL, // задача которую получает роутер
		  `reg_task` varchar(150) NOT NULL, // "регулярная" задача, если мы захотим чтобы задача выполнялась всегда при регистрации
		  `last_task` text NOT NULL, // лог задач
		  `response` text NOT NULL, // сюда пишется ответ устройства
		  `seq` int(11) NOT NULL
		) ENGINE=InnoDB DEFAULT CHARSET=utf8;

Yonke imithombo ingalandwa endaweni yokugcina ye-Git ku: https://github.com/BazDen/iotnet.online.git
Manje imibhalo ye-PHP ibekwe ohlangothini lweseva (ukuze kube lula, ingafakwa kufolda /usr/share/zabbix/):

ifayela le-a.php:

<?php
// Получаем входные параметры: имя пользователя, пароль и сообщение от удаленного роутера
// Зачем нужен message ? Это способ ответа роутера, например если вы захотите посмотреть содержимое файла роутера
	$user=$_REQUEST['u'];
	$password=$_REQUEST['p'];
	$message=$_REQUEST['m'];
	
	// Подключаемся к нашей базе данных (MySQL)
	$conn=new mysqli("localhost","db_login","db_password","DB_name");
	if (mysqli_connect_errno()) {
		exit();
	}
	$conn->set_charset("utf8");
	// здесь ищем наш роутер в таблице базы данных
	$sql_users=$conn->prepare("SELECT task, reg_task, response, last_time FROM users WHERE id=? AND passwd=? AND status='active';");
	$sql_users->bind_param('ss', $user, $password);
	$sql_users->bind_result($task, $reg_task, $response, $last_time);
	$sql_users->execute();
	$sql_users->store_result();
	if (($sql_users->num_rows)==1){
		$sql_users->fetch();
		// здесь мы роутеру отправляем его задачи
		echo $task;
		echo "n";
		echo $reg_task;
		// вот здесь мы пишем время ответа и сам ответ роутера
		$response_history="[".date("Y-m-d H:i")."] ".$message;
		// задачу отправили, теперь надо ее удалить,а после удаления отметить в логах, что такая-то задача выполнена
		$last_ip=$_SERVER["REMOTE_ADDR"];
		$last_port=$_SERVER["REMOTE_PORT"];
		$ts_last_conn_time=$last_time;
		$sql_users=$conn->prepare("UPDATE users SET task='', seq=1 WHERE (id=?);");
		$sql_users->bind_param('s', $user);
		$sql_users->execute();
		if (strlen($message)>1){
			$sql_users=$conn->prepare("UPDATE users SET response=?, seq=1 WHERE (id=?);");
			$sql_users->bind_param('ss', $response_history, $user);
			$sql_users->execute();
		}
		// теперь надо сохранить время регистрации пользователя, его айпи и сообщение от него. Пока только сообщение
		$ts_now=time();
		$sql_users=$conn->prepare("UPDATE users SET last_time=?, last_ip=?, last_port=? WHERE (id=?);");
		$sql_users->bind_param('ssss', $ts_now, $last_ip, $last_port, $user);
		$sql_users->execute();
	}
	// если мы не нашли роутер в нашей базе данных, или его статус "неактивный", то ему ... будет отправлена команда reboot....
	// Почему так жестоко ? Потому что роутеры иногда пропадают, а это маленький способ проучить "новых владельцев". 
	else
	{
	echo "reboot";
	}
	$sql_users->close();
	?>

Ifayela le-agent.php (lesi iskripthi somenzeli we-zabbix esibizwa):

<?php
	// файл агента Zabbix. Данный скрипт обращается к таблице users и получает "1" если устройство регистрировалось с момента последнего обращения
	// user и password - учетные данные оборудования
	$user = $argv[1];
	$password = $argv[2];
	
	// подключаемся к нашей базе данных
	$conn=new mysqli("localhost","db_user","db_password","db_name");
	if (mysqli_connect_errno()) {
		exit();
		}
	$conn->set_charset("utf8");
	$sql_users=$conn->prepare("SELECT seq FROM users WHERE id=? AND passwd=? AND status='active';");
	$sql_users->bind_param('ss', $user, $password);
	$sql_users->bind_result($seq);
	$sql_users->execute();
	$sql_users->store_result();
	// обмен данными происходит через поле seq. При регистрации железка ставит данное поле в "1"
	if (($sql_users->num_rows)==1){
		$sql_users->fetch();
		echo $seq;
	}
		
	// обнуляем $seq. 
	$sql_users=$conn->prepare("UPDATE users SET seq=0 WHERE id=? AND passwd=? AND status='active';");
	$sql_users->bind_param('ss', $user, $password);
	$sql_users->execute();
	$sql_users->close();
?>

Nokho, isigaba sokugcina: ukubhalisa i-ejenti nokwengeza amashejuli.

Uma ungakayifaki i-ejenti ye-zabbix, khona-ke: 

apt-get install zabbix-agent

Hlela ifayela /etc/zabbix/zabbix_agentd.conf.

Engeza umugqa:

UserParameter=test,php /usr/share/zabbix/agent.php user password

, lapho:
test igama le-ejenti yethu
“php /usr/share/zabbix/agent.php iphasiwedi yomsebenzisi” - iskripthi esibizwa esibonisa idatha yokubhaliswa kwedivayisi.

Ukwengeza amashadi: vula i-zabbix web interface, khetha kumenyu:
Izilungiselelo -> Amanodi enethiwekhi -> Dala indawo yenethiwekhi. Lapha kwanele ukucacisa igama lomsingathi wenethiwekhi, iqembu lakhe, kanye nesixhumi esibonakalayo se-ejenti esizenzakalelayo:

Ukuqapha okukude nokulawula kwamadivayisi asuselwa ku-Lunix/OpenWrt/Lede nge-port 80…

Manje sidinga ukwengeza i-elementi yedatha yale nodi yenethiwekhi. Naka izinkambu ezimbili: “ukhiye” - lena kanye ipharamitha esiyibhale kufayela /etc/zabbix/zabbix_agentd.conf (kithi isivivinyo), kanye “nesikhathi sokubuyekeza” - ngiyibeke kumaminithi angu-5 , ngoba futhi imishini ibuye ibhaliswe kuseva kanye njalo ngemizuzu emihlanu.

Ukuqapha okukude nokulawula kwamadivayisi asuselwa ku-Lunix/OpenWrt/Lede nge-port 80…

Awu, ake sengeze igrafu. Ngincoma ukukhetha okuthi "Gcwalisa" njengesitayela sokunikeza.

Ukuqapha okukude nokulawula kwamadivayisi asuselwa ku-Lunix/OpenWrt/Lede nge-port 80…

Okukhiphayo kuyinto e-laconic kakhulu, isibonelo kanje:

Ukuqapha okukude nokulawula kwamadivayisi asuselwa ku-Lunix/OpenWrt/Lede nge-port 80…

Embuzweni onengqondo: "ingabe bekufanelekile?", Ngizophendula: kahle, bheka, "izizathu zokudala ibhayisikili" ekuqaleni kwalesi sihloko.

Uma isipiliyoni sami sokuqala se-graphomaniac sivusa isithakazelo sabafundi, khona-ke ezihlokweni ezilandelayo ngifuna ukuchaza indlela yokuthumela imiyalo kumishini ekude. Siphinde sakwazi ukusebenzisa lonke uhlelo lwamadivayisi asekelwe ku-RouterOS (Mikrotik).

Source: www.habr.com

Engeza amazwana