admin/SafeLine
1
0
Fork 0
mirror of https://github.com/chaitin/SafeLine.git synced 2026-01-31 13:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: init v1.0.0

Browse Source
This commit is contained in:
zclaiqcc
2023-04-11 14:22:23 +08:00
commit 99bfa5a65e
6 changed files with 265 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
CHANGELOG.md Normal file
View File

@@ -0,0 +1,18 @@
SAFELINE-CE CHANGELOG
===
## [Unreleased]
- 仪表盘
- 自定义规则
- 告警
## [1.0.0] - 2023-04-13
- 站点配置
## [0.9.0] - 2023-03-20
- OTP 登录
- 攻击检测日志
- 默认防护策略

21
LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 Chaitin Tech
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

88
README.md Normal file
View File

@@ -0,0 +1,88 @@
<p align="center">
<img src="https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_logo.png" width="120">
</p>
<h1 align="center">雷池 SafeLine 社区版</h1>
<h3 align="center">不让黑客越雷池半步</h3>
<br>
<p align="center">
<img src="https://img.shields.io/badge/SafeLine-BEST_WAF-blue">
<img src="https://img.shields.io/github/release/chaitin/safeline.svg?color=blue" />
<img src="https://img.shields.io/github/release-date/chaitin/safeline.svg?color=blue&label=update" />
<img src="https://img.shields.io/docker/v/chaitinops/safeline-mgt-api?color=blue">
<img src="https://img.shields.io/github/license/chaitin/safeline?color=blue">
<img src="https://img.shields.io/github/stars/chaitin/safeline?style=social">
</p>
一款简单、好用的 WAF 工具。基于长亭科技王牌的 🤖️智能语义分析算法🤖️ 打造,专为社区设计。
## ✨ Demo
![](https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_detect_log.gif)
![](https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_website.gif)
## 🚀 安装
### 1. 确保机器上正确安装 [Docker](https://docs.docker.com/engine/install/) 和 [Compose V2](https://docs.docker.com/compose/install/)
```
docker info
docker compose version
```
### 2. 安装产品镜像
```shell
# 下载安装脚本文件
wget https://github.com/chaitin/safeline/releases/download/v1.0.0/safeline.zip -O safeline.zip
unzip safeline.zip
cd safeline
# 首次部署需执行 `./safeline-ce.sh` 生成初始化配置,默认安装在 `/data/safeline-ce/` 目录下
./safeline-ce.sh
# 运行
sudo docker compose up -d
```
## 🕹️ 快速使用
### 1. 登录
浏览器打开后台管理页面 `https://<waf-ip>:9443`。根据界面提示,使用 **支持 TOPT 的认证软件** 扫描二维码,然后输入动态口令登录:
![safeline_login.gif](https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_login.gif)
### 2. 添加站点
![safeline_website.gif](https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_website.gif)
<font color=grey>💡 TIPS: 添加后,执行 `curl -H "Host: <域名>" http://<WAF IP>:<端口>` 应能获取到业务网站的响应。</font>
### 3. 将网站流量切到雷池
- 若网站通过域名访问,则可将域名的 DNS 解析指向雷池所在设备
- 若网站前有 nginx 、负载均衡等代理设备,则可将雷池部署在代理设备和业务服务器之间,然后将代理设备的 upstream 指向雷池
### 4. 开始防护👌
试试这些攻击方式:
- 浏览器访问 `http://<IP或域名>:<端口>/webshell.php`
- 浏览器访问 `http://<IP或域名>:<端口>/?id=1%20AND%201=1`
- 浏览器访问 `http://<IP或域名>:<端口>/?a=<script>alert(1)</script>`
## 📖 FAQ
Q: 添加站点后,执行 `curl -H "Host: <域名>" http://<WAF IP>:<端口>` 无法访问到业务服务器。
—— A: 请检查雷池和业务服务器之间的网络连接
## 🏘️ 联系我们
1. 您可以通过 GitHub Issue 直接进行 Bug 反馈和功能建议。
2. 扫描下方二维码可以加入雷池社区版用户讨论群进行详细讨论
<img src="https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_wx_light.jpg" width="30%" />
<img src="https://ctstack-oss.oss-cn-beijing.aliyuncs.com/veinmind/safeline-assets/safeline_qq_light.jpg" width="30%" />
## ✨ CTStack
<img src="https://ctstack-oss.oss-cn-beijing.aliyuncs.com/CT%20Stack-2.png" width="30%" />
雷池 SafeLine 现已加入 [CTStack](https://stack.chaitin.com/tool/detail?id=174) 社区

1
VERSION.TXT Normal file
View File

@@ -0,0 +1 @@
1.0.0

94
compose.yaml Normal file
View File

@@ -0,0 +1,94 @@
networks:
safeline-ce:
name: safeline-ce
driver: bridge
ipam:
driver: default
config:
- gateway: 169.254.0.1
subnet: 169.254.0.0/24
driver_opts:
com.docker.network.bridge.name: safeline-ce
services:
postgres:
container_name: safeline-postgres
restart: always
image: postgres:15.2
volumes:
- ${HOST_RESOURCES_DIR}/postgres/data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=safeline-ce
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
networks:
safeline-ce:
ipv4_address: 169.254.0.2
cap_drop:
- net_raw
command: [postgres, -c, max_connections=200]
management:
container_name: safeline-mgt-api
restart: always
image: chaitinops/safeline-mgt-api:${IMAGE_TAG}
volumes:
- ${HOST_RESOURCES_DIR}/management:/resources/management
- ${HOST_RESOURCES_DIR}/nginx:/resources/nginx
- ${HOST_LOGS_DIR}:/logs
- /etc/localtime:/etc/localtime:ro
ports:
- 9443:1443
environment:
- MANAGEMENT_RESOURCES_DIR=/resources/management
- NGINX_RESOURCES_DIR=/resources/nginx
- DATABASE_URL=postgres://safeline-ce:${POSTGRES_PASSWORD}@127.0.0.1/safeline-ce
- MANAGEMENT_LOGS_DIR=/logs/management
networks:
safeline-ce:
ipv4_address: 169.254.0.4
cap_drop:
- net_raw
detector:
container_name: safeline-detector
restart: always
image: chaitinops/safeline-detector:${IMAGE_TAG}
volumes:
- ${HOST_RESOURCES_DIR}/detector:/resources/detector
- ${HOST_LOGS_DIR}/detector:/logs/detector
environment:
- LOG_DIR=/logs/detector
networks:
safeline-ce:
ipv4_address: 169.254.0.5
cap_drop:
- net_raw
mario:
container_name: safeline-mario
restart: always
image: chaitinops/safeline-mario:${IMAGE_TAG}
volumes:
- ${HOST_RESOURCES_DIR}/mario:/resources/mario
- ${HOST_LOGS_DIR}/mario:/logs/mario
environment:
- LOG_DIR=/logs/mario
- GOGC=100
- DATABASE_URL=postgres://safeline-ce:${POSTGRES_PASSWORD}@169.254.0.2/safeline-ce
networks:
safeline-ce:
ipv4_address: 169.254.0.6
cap_drop:
- net_raw
tengine:
container_name: safeline-tengine
restart: always
image: chaitinops/safeline-tengine:${IMAGE_TAG}
volumes:
- ${HOST_RESOURCES_DIR}/nginx:/etc/nginx
- ${HOST_RESOURCES_DIR}/management:/resources/management
- ${HOST_RESOURCES_DIR}/detector:/resources/detector
- ${HOST_LOGS_DIR}/nginx:/var/log/nginx
- /etc/localtime:/etc/localtime:ro
- ${HOST_RESOURCES_DIR}/cache:/usr/local/nginx/cache
- /etc/resolv.conf:/etc/resolv.conf
ulimits:
nofile: 131072
network_mode: host

43
safeline-ce.sh Executable file
View File

@@ -0,0 +1,43 @@
#! /bin/bash
set -eE
installer_path=$1
version_file="VERSION.TXT"
if [[ ! -f $version_file ]]; then
echo "Error: VERSION.TXT not found!"
exit 1
fi
version=$(cat VERSION.TXT)
if [ -z "$installer_path" ];then
installer_path="/data/safeline-ce"
fi
if [[ ! -e $installer_path ]]; then
echo "WAF will be installed at $installer_path, y/N"
read answer
if [ "$answer" != "${answer#[Yy]}" ] ; then
echo "Start installing..."
else
echo "End"
exit 1
fi
elif [[ ! -d $installer_path ]]; then
echo "Error: $installer_path already exists but is not a directory"
exit 1
fi
env_file=".env"
if [[ ! -f $env_file ]]; then
echo -n "POSTGRES_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)
HOST_RESOURCES_DIR=$installer_path/resources
HOST_LOGS_DIR=$installer_path/logs
IMAGE_TAG=$version
COMPOSE_PROJECT_NAME=safeline-ce
COMPOSE_FILE=compose.yaml" > $env_file
fi
mkdir -p $installer_path