???????    Sysadmin  ??????????????  ????? ? ?????  ??????????  ???????????? ???????  ?????????????  ? ???????  ? ???????????  ???????? ? ??????  ???????????  ??????????? ???????  ???????? ????? ?????? ?????? ???????? ??????????  ??????  ??????  ?????? ?????? 1924-1994  ??????? ?? ??????  ???? ? ???????  ????? ??????????  ?????????

??????? ??????? ????? ??????? ???? ????? ??????? ??????????? ????? ????????????? ?????????? ??? ?? Linux; ???????????? ???????? ????????? ???????????? ??? ???????? ????????? ? ???; ?????? ? ??????? ?????? ????????? ? ???? ??????, ? ????? ?????? ?? ? ???????? ??????? ??? ?????? ????? ???????????? MySQL. ????? ??????? <fedorov@vadim.org.ua> www.vadim.org.ua ? ?????? ?????????? ????????? ??????????????? ????? ????? ??????, ? ??? ???????????? ??????? ????? ???????? ? ????????? ????????? ?? ??????????? ?? ?????? ??????? ? ?????????. ? ?????? ?????? ?????? ?? ?????????? ??????? ??????? ????? ???????, ??????? ?????? ????? ???????? ?????????? ??????????????: * ???? ????? ??????? ??????????? ????? ????????????? ?????????? ??? ?? Linux; * ???????????? ???????? ????????? ???????????? ??? ???????? ????????? ? ???; * ?????? ? ??????? ?????? ????????? ? ???? ??????, ? ????? ?????? ?? ? ???????? ??????? ??? ?????? ????? ???????????? MySQL. ? ??????????????? ??????? ????? ???????, ??? ??? IP ?????? ? ????? ???? ????????. ?????? ? ???????? ????????????????? ?????, ??????? ??? billing.conf. ????? ?? ????? ????????? ???: <******* billing.conf **************> # ????????? ?????? IP ??????? ????? ??? ?????, ??? ??????? ?? ????? ??????? # ?????? # ??????? ????? WS1="192.168.0.1" # Ce?? ?????? ??????? NET="192.168.1.0/24" # ????????? ????????? ??? ???? ? ?????? ? ???? ??????. ALLNETS="$WS1 $NET" <**********************************> ? ???????? ??????????? ?????? ??? ??????? ?????? ??? ???? ??? ?????????????, ?.?. ??????????????? ??????? ?????????? ?????? ?????? ALLNETS, ?????? ??? ????? ???????????? ? ?????? ???? ??? ????? ????? ???????????? ?????????? ? ?????? ????????????. ?????? ???????????????? ???? ???????? ?????? ??? ???? ????? ???????, ????????? ??? ??????? ?? ???? ????????: * ????????? ???????????? ?????? ????? ??? firewall, ? ?????????????? iptables; * ????????? ?????? ??????????; * ????????? ??????????? ??????????; ?????????? ????????? ???????????? ?????? ????? ??? firewall, ????????? ? ????? ?????? rc.firewall, ??????? ????? ????? ???????? ? ???? ?? ??????, ??????? ????? ??????????? ??? ???????? ???????. ??? ?????? ??????? ??????, ? ????? Linux ????? 2.4.X ???????????? firewall NetFilter ??????????? ? ???????? ???????? ????????? iptables. ? NetFilter c???????? ????????? ???????: INPUT - ??? ???????? ??????, ???????????? ??????????????, OUTPUT - ??? ????????? ?? ?????????????? ??????, FORWARD - ??? ??????????? ??????????????? ?????? ?? ??????? ????. <******* rc.firewall **************> #!/bin/bash # ?????????? ???????????????? ???? . /etc/lbiling.conf IPTABLES="/sbin/iptables" # ?????? ???? ? ????????? iptables ################################### # ???? ??????? ################################### # ??????? ??? ???????? ??????? ????? addrule(){ $IPTABLES -N ACCT_IN_$1 # ??????? ??????? ??? ????? ????????? ??????? $IPTABLES -N ACCT_OUT_$1 # ??????? ??????? ??? ????? ?????????? ??????? $IPTABLES -F ACCT_IN_$1 # ??????? ?????????? ??????? $IPTABLES -F ACCT_OUT_$1 $IPTABLES -A INPUT -j ACCT_IN_$1 # ??????? ???? ?? ???????? $IPTABLES -A FORWARD -j ACCT_IN_$1 $IPTABLES -A FORWARD -j ACCT_OUT_$1 $IPTABLES -A OUTPUT -j ACCT_OUT_$1 $IPTABLES -A ACCT_IN_$1 -s $2 # ??????? ???????? ?????? ? ???????? ???????? # ????? $2 $IPTABLES -A ACCT_OUT_$1 -d $2 # ??????? ????????? ?????? ? ???????? ?????????? # ????? $2 } # ??????? ??????? ??? ????? ??????? for NET in $ALLNETS; do # ??? ???? ????? ? ?????? $ALLNET ??????? ??????? ????? ??????? addrule $NET $NET done <**********************************> ????? ?????????? ????? ????????? rc.firewall, ?????? ? ???????: # iptables -L ?? ?????? ?????? ??????? ????? ????????: Chain INPUT (policy ACCEPT) target prot opt source destination ACCT_IN_192.168.0.1 all -- anywhere anywhere ACCT_IN_192.168.1.0/24 all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCT_IN_192.168.0.1 all -- anywhere anywhere ACCT_OUT_192.168.0.1 all -- anywhere anywhere ACCT_IN_192.168.1.0/24 all -- anywhere anywhere ACCT_OUT_192.168.1.0/24 all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCT_OUT_192.168.0.1 all -- anywhere anywhere ACCT_OUT_192.168.1.0/24 all -- anywhere anywhere Chain ACCT_IN_192.168.0.1 (2 references) target prot opt source destination all -- 192.168.0.1 anywhere Chain ACCT_IN_192.168.1.0/24 (2 references) target prot opt source destination all -- 192.168.1.0/24 anywhere Chain ACCT_OUT_192.168.0.1 (2 references) target prot opt source destination all -- anywhere 192.168.0.1 Chain ACCT_OUT_192.168.1.0/24 (2 references) target prot opt source destination all -- anywhere 192.168.1.0/24 ???????? ???? ?????? ? MySQL ? ????????? trafficbd, ??? ????? ?????????? ????? ????????? ????????? SQL ?????? (??? ??? ??????? ?? ?????? ? ????? ????? ??????, ?????????? ? ???????????? MySQL): <********* ???? ?????? trafficbd.sql *****> CREATE DATABASE IF NOT EXISTS trafficbd; use trafficbd; # # ????????? ??????? `traffic` # CREATE TABLE traffic ( id int(11) NOT NULL auto_increment, date datetime NOT NULL default '0000-00-00 00:00:00', ip varchar(20) NOT NULL default '', inb int(11) NOT NULL default '0', outb int(11) NOT NULL default '0', KEY id (id) ) TYPE=MyISAM; <**********************************> ????, ???????? ?????, ?? ??????? ???? ??????, ???????? ??????? ????? ???????, ?????? ??? ???? ???????? ?????????, ??????? ?? ??????? ?????????? ??????????, ???????? ?&#9574; ? ?????????? ? ????? ????? ???????? ?? ????????. ???? ???????? ?????? ????? ?????????, ?&#9574; ????? ????????? ? CRON ? ???????? ? ????????? ????????. <**********************************> #!/usr/bin/perl # ??????? ???????????? ?????? ? ????????? ?????? ? ??. sub account{ $name=$_[0]; # ??? ??????? $IP_IN=0; # ????????????? ????????? $IP_OUT=0; # ????????? ?????? MySQL ??? ???????? ?????? ? ???????. $mysqlcommand="/usr/bin/mysql -hlocalhost trafficbd -e"; # ?????? ?????? ?? ???????? ????????? ??????? ? ??????? $ipstuff=`/sbin/iptables -L -Z ACCT_IN_$name -v -x`; # ??????? ?? ?????? ?????????? ??????? ???????? ???????? @IPTBMASS=split(/n/,$ipstuff); chomp $IPTBMASS[2]; $string=$IPTBMASS[2]; $string=~ s/s{1,}/ /g; @INFOMASS=split(/ /,$string); $IP_IN=$INFOMASS[2]; # ?????? ?????? ?? ???????? ?????????? ??????? ? ??????? $ipstuff=`/sbin/iptables -L -Z ACCT_OUT_$name -v -x`; # ??????? ?? ?????? ?????????? ??????? ???????? ???????? @IPTBMASS=split(/n/,$ipstuff); $string=$IPTBMASS[2]; $string=~ s/s{1,}/ /g; @INFOMASS2=split(/ /,$string); $IP_OUT=$INFOMASS2[2]; # ??????? ??????? ????? ($min, $hours, $day, $mounth,$year) = (localtime)[1,2,3,4,5]; $time=$hours.":".$min.":00"; $mounth=$mounth+1; $year=$year+1900; $date=$year."-".$mounth."-".$day; # ????????? SQL ?????? $sql="insert into traffic values('','".$date." ".$time."','".$name."','".$IP_IN."','".$IP_OUT."');"; # ????????? ??? `$mysqlcommand "$sql"`; } # ?? ???? ??????? account ?????????????:) # ??????? ????????? $config=`./lconfreader.sh`; # ????????? ???????????????? ????. # ???? ?????????? ????? ??????? lconfreader.sh: # #!/bin/bash # . ./lbiling.conf # ???????? ???????????????? ???? # echo $ALLNETS # ??????? ? stdout ?????? ???? ?????, ????????? ??????? ????. # chomp $config; @NETMASS=split(/ /,$config); foreach $nets(@NETMASS) { # ??? ??????? ???????? ??????, ????????? ??????? account account $nets; } <**********************************> ??? ?????????? ? ??? ??????????? ???????:) © Vadim Fedorov <fedorov@vadim.org.ua> 2003