def find_from_tuple(cls, link): """ Find link by providing a tuple with two ip addresses or two mac addresses :param link: tuple with two string elements indicating source and destination (ip or mac addresses) :returns: Link object """ try: a = link[0] b = link[1] except IndexError: raise ValueError('Expecting tuple with source and destination') # find interfaces if (valid_ipv4(a) and valid_ipv4(b)) or (valid_ipv6(a) and valid_ipv6(b)): try: a = Ip.objects.get(address=a).interface b = Ip.objects.get(address=b).interface except Ip.DoesNotExist as e: raise LinkDataNotFound(e) elif valid_mac(a) and valid_mac(b): try: a = Interface.objects.get(mac=a) b = Interface.objects.get(mac=b) except Interface.DoesNotExist as e: raise LinkDataNotFound(e) else: raise ValueError('Expecting valid ipv4, ipv6 or mac address') # find link with interfaces # inverse order is also ok q = Q(interface_a=a, interface_b=b) | Q(interface_a=b, interface_b=a) link = Link.objects.filter(q).first() if link is None: raise LinkNotFound('Link matching query does not exist', interface_a=a, interface_b=b) return link
def main(args): ''' Obtain necessary input to execute ping sweep: telnet-pingsweep [--version] [-v|--verbose] [-f|--file <file.yaml>] <starting-address-range> <ending-address-range> ''' parser = argparse.ArgumentParser(description='Connect to a specified router and run a ' 'command') parser.add_argument('--version', action='version', version=__version__) parser.add_argument('-v', '--verbose', action='store_true', help='display verbose output', default=False) parser.add_argument('-f', '--file', help='specify YAML file to read router info from', default=ROUTER_FILE) parser.add_argument('-o', '--output', help='specify output file to write results to') parser.add_argument('addr_start', help='starting address for sweep') parser.add_argument('addr_end', help='ending address for sweep') args = parser.parse_args() # Pre-flight checks myrouter_data = yaml_input(args.file, args.verbose) # Validate IP addresses if netaddr.valid_ipv4(args.addr_start): addr_start = netaddr.IPAddress(args.addr_start) else: sys.exit('Invalid IPv4 address: {}'.format(args.start)) if netaddr.valid_ipv4(args.addr_end): addr_end = netaddr.IPAddress(args.addr_end) else: sys.exit('Invalid IPv4 address: {}'.format(args.start)) if addr_end <= addr_start: sys.exit('Ending address must be after starting address.') if (addr_end - addr_start).value > 254: sys.exit('Largest range of addresses which may be swept is limited to 254.') addr_range = netaddr.IPRange(addr_start, addr_end) myrouter = Netinfnode(myrouter_data, TELNET_TIMEOUT) myrouter.connect(args.verbose) myrouter.nopaging(args.verbose) if args.output: output1 = open(args.output, 'w') for addr in addr_range: full_cmd = ROUTER_CMD + ' ' + str(addr) print 'Processing {}...'.format(full_cmd) output = myrouter.sendcmd(full_cmd, args.verbose) # output has extra carriage returns - remove new_output = output.replace('\r', '') result = 'Command ({}) output:\n{}\n'.format(full_cmd, new_output) if args.output: output1.write(result) output1.write('\n') else: print result # Cleanup myrouter.connection.close() if args.output: output1.close()
def validate_ip_addr(addr, version=None): """ Validates that an IP address is valid. Returns true if valid, false if not. Version can be "4", "6", None for "IPv4", "IPv6", or "either" respectively. """ if version == 4: return netaddr.valid_ipv4(addr) elif version == 6: return netaddr.valid_ipv6(addr) else: return netaddr.valid_ipv4(addr) or netaddr.valid_ipv6(addr)
def _is_ip(self, domain): ''' This extra parsing handles a variety of edge cases such as: - http://192.168.1.1 - http://192.168.1.1:81 - 192.168.1.1:81 ''' if valid_ipv4(domain): return True if urlparse(domain).scheme != '': domain = urlparse(domain).netloc if ':' in domain: domain = domain[:domain.rindex(':')] return valid_ipv4(domain)
def get_common_server(self): data = { 'public_address': None, 'private_address': None, 'service_net_name_or_ip': self.get_config_option( 'service_net_name_or_ip'), 'tenant_net_name_or_ip': self.get_config_option( 'tenant_net_name_or_ip'), } data['instance'] = self.compute_api.server_get_by_name_or_id( self.admin_context, self.get_config_option('service_instance_name_or_id')) if netaddr.valid_ipv4(data['service_net_name_or_ip']): data['private_address'] = [data['service_net_name_or_ip']] else: data['private_address'] = self._get_addresses_by_network_name( data['service_net_name_or_ip'], data['instance']) if netaddr.valid_ipv4(data['tenant_net_name_or_ip']): data['public_address'] = [data['tenant_net_name_or_ip']] else: data['public_address'] = self._get_addresses_by_network_name( data['tenant_net_name_or_ip'], data['instance']) if not (data['public_address'] and data['private_address']): raise exception.ManilaException( "Can not find one of net addresses for service instance. " "Instance: %(instance)s, " "private_address: %(private_address)s, " "public_address: %(public_address)s." % data) share_server = { 'username': self.get_config_option('service_instance_user'), 'password': self.get_config_option('service_instance_password'), 'pk_path': self.path_to_private_key, 'instance_id': data['instance']['id'], } for key in ('private_address', 'public_address'): data[key + '_v4'] = None for address in data[key]: if netaddr.valid_ipv4(address): data[key + '_v4'] = address break share_server['ip'] = data['private_address_v4'] share_server['public_address'] = data['public_address_v4'] return {'backend_details': share_server}
def _connect_tcp(self, peer_addr, conn_handler, time_out=None, bind_address=None): """Creates a TCP connection to given peer address. Tries to create a socket for `timeout` number of seconds. If successful, uses the socket instance to start `client_factory`. The socket is bound to `bind_address` if specified. """ LOG.debug('Connect TCP called for %s:%s' % (peer_addr[0], peer_addr[1])) if netaddr.valid_ipv4(peer_addr[0]): family = socket.AF_INET else: family = socket.AF_INET6 with Timeout(time_out, socket.error): sock = hub.connect(peer_addr, family=family, bind=bind_address) if sock: # Connection name for pro-active connection is made up # of local end address + remote end address conn_name = ('L: ' + str(sock.getsockname()) + ', R: ' + str(sock.getpeername())) self._asso_socket_map[conn_name] = sock # If connection is established, we call connection handler # in a new thread. self._spawn(conn_name, conn_handler, sock) return sock
def prefix_add(self, prefix, next_hop=None, route_dist=None): """ This method adds a new prefix to be advertized. ``prefix`` must be the string representation of an IP network (e.g., 10.1.1.0/24). ``next_hop`` specifies the next hop address for this prefix. This parameter is necessary for only VPNv4 and VPNv6 address families. ``route_dist`` specifies a route distinguisher value. This parameter is necessary for only VPNv4 and VPNv6 address families. """ func_name = 'network.add' networks = {} networks[PREFIX] = prefix if next_hop: networks[NEXT_HOP] = next_hop if route_dist: func_name = 'prefix.add_local' networks[ROUTE_DISTINGUISHER] = route_dist rf, p = self._check_rf_and_normalize(prefix) networks[ROUTE_FAMILY] = rf networks[PREFIX] = p if rf == vrfs.VRF_RF_IPV6 and netaddr.valid_ipv4(next_hop): # convert the next_hop to IPv4-Mapped IPv6 Address networks[NEXT_HOP] = \ str(netaddr.IPAddress(next_hop).ipv6()) call(func_name, **networks)
def neighbor_add(self, address, remote_as, enable_ipv4=DEFAULT_CAP_MBGP_IPV4, enable_vpnv4=DEFAULT_CAP_MBGP_VPNV4, enable_vpnv6=DEFAULT_CAP_MBGP_VPNV6, next_hop=None, password=None, multi_exit_disc=None): """ This method registers a new neighbor. The BGP speaker tries to establish a bgp session with the peer (accepts a connection from the peer and also tries to connect to it). ``address`` specifies the IP address of the peer. It must be the string representation of an IP address. Only IP v4 is supported now. ``remote_as`` specifies the AS number of the peer. It must be an integer between 1 and 65535. ``enable_ipv4`` enables IPv4 address family for this neighbor. The default is True. ``enable_vpnv4`` enables VPNv4 address family for this neighbor. The default is False. ``enable_vpnv6`` enables VPNv6 address family for this neighbor. The default is False. ``next_hop`` specifies the next hop IP address. If not specified, host's ip address to access to a peer is used. ``password`` is used for the MD5 authentication if it's specified. By default, the MD5 authenticaiton is disabled. ``multi_exit_disc`` specifies multi exit discriminator (MED) value. The default is None and if not specified, MED value is not sent to the neighbor. It must be an integer. """ bgp_neighbor = {} bgp_neighbor[neighbors.IP_ADDRESS] = address bgp_neighbor[neighbors.REMOTE_AS] = remote_as bgp_neighbor[PEER_NEXT_HOP] = next_hop bgp_neighbor[PASSWORD] = password # v6 advertizement is available with only v6 peering if netaddr.valid_ipv4(address): bgp_neighbor[CAP_MBGP_IPV4] = enable_ipv4 bgp_neighbor[CAP_MBGP_IPV6] = False bgp_neighbor[CAP_MBGP_VPNV4] = enable_vpnv4 bgp_neighbor[CAP_MBGP_VPNV6] = enable_vpnv6 elif netaddr.valid_ipv6(address): bgp_neighbor[CAP_MBGP_IPV4] = False bgp_neighbor[CAP_MBGP_IPV6] = True bgp_neighbor[CAP_MBGP_VPNV4] = False bgp_neighbor[CAP_MBGP_VPNV6] = False else: # FIXME: should raise an exception pass if multi_exit_disc: bgp_neighbor[MULTI_EXIT_DISC] = multi_exit_disc call('neighbor.create', **bgp_neighbor)
def is_ip(self, ip_addr=None): """ Return true if valid IP address return false if invalid IP address :param ip_addr: optional IP to pass. Takes from root class if not specified >>> from ipinformation import IPInformation >>> print IPInformation(ip_address='8.8.8.8').is_ip() True >>> print IPInformation(ip_address='NotAnIP').is_ip() False """ if not ip_addr: ip_addr = self.ip_address valid = True if netaddr.valid_ipv4(ip_addr): # IPv4 Address if not re.match(valid_ip_regex, ip_addr): valid = False elif netaddr.valid_ipv6(ip_addr): pass else: # print '"%s" is not a valid IP Address.' %ip_addr valid = False return valid
def take_action(self, args): configp = self.fetch_config(args) instance_root = configp.get('slapos','instance_root') master_url = urlparse(configp.get('slapos','master_url')) master_hostname = master_url.hostname # Check that we have IPv6 ready if configp.has_option('slapformat', 'ipv6_interface'): ipv6_interface = configp.get('slapformat', 'ipv6_interface') else: ipv6_interface = configp.get('slapformat', 'interface_name') _waitIpv6Ready(ipv6_interface) # Check that node can ping master if valid_ipv4(master_hostname): _test_ping(master_hostname) elif valid_ipv6(master_hostname): _test_ping6(master_hostname) else: # hostname _ping_hostname(master_hostname) app = SlapOSApp() # Make sure slapos node format returns ok while not _runFormat(app): print("[BOOT] [ERROR] Fail to format, try again in 15 seconds...") sleep(15) # Make sure slapos node bang returns ok while not _runBang(app): print("[BOOT] [ERROR] Fail to bang, try again in 15 seconds...") sleep(15) _removeTimestamp(instance_root)
def _get_address_groups(self, context, network_id, device_id, is_proxy): filters = {'network_id': [network_id], 'device_id': [device_id]} ports = self.nsxv_plugin.get_ports(context, filters=filters) subnets = self.nsxv_plugin.get_subnets(context, filters=filters) address_groups = [] for subnet in subnets: address_group = {} net = netaddr.IPNetwork(subnet['cidr']) address_group['subnetMask'] = str(net.netmask) address_group['subnetPrefixLength'] = str(net.prefixlen) for port in ports: fixed_ips = port['fixed_ips'] for fip in fixed_ips: s_id = fip['subnet_id'] ip_addr = fip['ip_address'] if s_id == subnet['id'] and netaddr.valid_ipv4(ip_addr): address_group['primaryAddress'] = ip_addr break # For Edge appliances which aren't the metadata proxy Edge # we add the metadata IP address if not is_proxy and network_id == self.internal_net: address_group['secondaryAddresses'] = { 'type': 'secondary_addresses', 'ipAddress': [METADATA_IP_ADDR]} address_groups.append(address_group) return address_groups
def create_connection(address): """ Wrapper for socket.create_connection() function. If *address* (a 2-tuple ``(host, port)``) contains a valid IPv4/v6 address, passes *address* to socket.create_connection(). If *host* is valid path to Unix Domain socket, tries to connect to the server listening on the given socket. :param address: IP address or path to Unix Domain socket. :return: Socket instance. """ host, _port = address if (netaddr.valid_ipv4(host) or netaddr.valid_ipv6(host)): return socket.create_connection(address) elif os.path.exists(host): sock = None try: sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) sock.connect(host) except socket.error as e: if sock is not None: sock.close() raise e return sock else: raise ValueError('Invalid IP address or Unix Socket: %s' % host)
def _connect_tcp(self, peer_addr, conn_handler, time_out=None, bind_address=None, password=None): """Creates a TCP connection to given peer address. Tries to create a socket for `timeout` number of seconds. If successful, uses the socket instance to start `client_factory`. The socket is bound to `bind_address` if specified. """ LOG.debug('Connect TCP called for %s:%s', peer_addr[0], peer_addr[1]) if netaddr.valid_ipv4(peer_addr[0]): family = socket.AF_INET else: family = socket.AF_INET6 with Timeout(time_out, socket.error): sock = socket.socket(family) if bind_address: sock.bind(bind_address) if password: sockopt.set_tcp_md5sig(sock, peer_addr[0], password) sock.connect(peer_addr) # socket.error exception is raised in case of timeout and # the following code is executed only when the connection # is established. # Connection name for pro-active connection is made up of # local end address + remote end address local = self.get_localname(sock)[0] remote = self.get_remotename(sock)[0] conn_name = ('L: ' + local + ', R: ' + remote) self._asso_socket_map[conn_name] = sock # If connection is established, we call connection handler # in a new thread. self._spawn(conn_name, conn_handler, sock) return sock
def get_ipv6_addr_by_EUI64(prefix, mac): """Calculate IPv6 address using EUI-64 specification. This method calculates the IPv6 address using the EUI-64 addressing scheme as explained in rfc2373. :param prefix: IPv6 prefix. :param mac: IEEE 802 48-bit MAC address. :returns: IPv6 address on success. :raises ValueError, TypeError: For any invalid input. .. versionadded:: 1.4 """ # Check if the prefix is an IPv4 address if netaddr.valid_ipv4(prefix): msg = _("Unable to generate IP address by EUI64 for IPv4 prefix") raise ValueError(msg) try: eui64 = int(netaddr.EUI(mac).eui64()) prefix = netaddr.IPNetwork(prefix) return netaddr.IPAddress(prefix.first + eui64 ^ (1 << 57)) except (ValueError, netaddr.AddrFormatError): raise ValueError(_('Bad prefix or mac format for generating IPv6 ' 'address by EUI-64: %(prefix)s, %(mac)s:') % {'prefix': prefix, 'mac': mac}) except TypeError: raise TypeError(_('Bad prefix type for generating IPv6 address by ' 'EUI-64: %s') % prefix)
def add_to_global_table(self, prefix, nexthop=None, is_withdraw=False): src_ver_num = 1 peer = None # set mandatory path attributes origin = BGPPathAttributeOrigin(BGP_ATTR_ORIGIN_IGP) aspath = BGPPathAttributeAsPath([[]]) pathattrs = OrderedDict() pathattrs[BGP_ATTR_TYPE_ORIGIN] = origin pathattrs[BGP_ATTR_TYPE_AS_PATH] = aspath net = netaddr.IPNetwork(prefix) ip = str(net.ip) masklen = net.prefixlen if netaddr.valid_ipv4(ip): _nlri = IPAddrPrefix(masklen, ip) if nexthop is None: nexthop = '0.0.0.0' p = Ipv4Path else: _nlri = IP6AddrPrefix(masklen, ip) if nexthop is None: nexthop = '::' p = Ipv6Path new_path = p(peer, _nlri, src_ver_num, pattrs=pathattrs, nexthop=nexthop, is_withdraw=is_withdraw) # add to global ipv4 table and propagates to neighbors self.learn_path(new_path)
def __init__(self, ip): """Use the avahi (zeroconfig) tools or dig to find a host name given an ip address. in: ip out: string w/ host name or 'unknown' if the host name couldn't be found """ # handle invalid ip address if not valid_ipv4(ip): print('Error: the IPv4 address {} is invalid'.format(ip)) return # handle a localhost ip address if ip == '127.0.0.1': # self.name = platform.node() self.name = socket.gethostname() return # ok, now do more complex stuff name = 'unknown' if sys.platform == 'linux' or sys.platform == 'linux2': name = self.command("avahi-resolve-address {} | awk '{print $2}'".format(ip)).rstrip().rstrip('.') elif sys.platform == 'darwin': name = self.command('dig +short -x {} -p 5353 @224.0.0.251'.format(ip)).rstrip().rstrip('.') # detect any remaining errors if name.find('connection timed out') >= 0: name = 'unknown' if name == '': name = 'unknown' self.name = name
def _handle_host_snat_ip(self, host_snat_ips): for hsi in host_snat_ips: LOG.debug(_("Auto-allocated host SNAT IP: %s"), hsi) es = hsi.get('external_segment_name') if not es: continue nh = self.ext_seg_next_hop.setdefault(es, ExtSegNextHopInfo(es)) if nh.from_config: continue # ignore auto-allocation if manually set ip = hsi.get('host_snat_ip') gw = ("%s/%s" % (hsi['gateway_ip'], hsi['prefixlen']) if (hsi.get('gateway_ip') and hsi.get('prefixlen')) else None) updated = False if netaddr.valid_ipv4(ip): if ip != nh.ip_start or gw != nh.ip_gateway: nh.ip_start = ip nh.ip_gateway = gw updated = True elif netaddr.valid_ipv6(ip): if ip != nh.ip6_start or gw != nh.ip6_gateway: nh.ip6_start = ip nh.ip6_gateway = gw updated = True else: LOG.info(_("Ignoring invalid auto-allocated SNAT IP %s"), ip) if updated: # Clear the interface so that SNAT iptables will be # re-created as required; leave MAC as is so that it will # be re-used nh.next_hop_iface = None LOG.info(_("Add/update SNAT info: %s"), nh)
def validate_config(options): config = ConfigParser.ConfigParser() config.readfp(options.config) if not config.has_section(options.env): error("Environment {} does not exist in file {}".format(options.env, options.config.name)) env = dict(config.items(options.env)) if not valid_mac(env["fuel_mac"]): error("Wrong MAC address for Fuel node: {}".format(env["fuel_mac"])) for key in ["fuel_ip", "fuel_netmask", "fuel_gw", "fuel_control_ip"]: if not valid_ipv4(env[key]): error("Wrong IP address ({}) for {} parameter".format(env[key], key)) ip = IPNetwork(env["fuel_ip"] + "/" + env["fuel_netmask"]) gw = IPAddress(env["fuel_gw"]) if gw not in ip: error("Gateway address is not within network range") for path in [ env["image_mount_dir"], env["ks_files_dir"], env["ks_patch"], env["pxe_config_dir"], env["esxi_private_key_file"], ]: if not os.path.exists(path): error("Path {} does not exist or is not accessible".format(path)) env["pxe_config_file"] = os.path.join(env["pxe_config_dir"], "01-{}".format(env["fuel_mac"].replace(":", "-"))) return env
def create_bgp_peer(self, context, bgp_peer): bgp_peer = bgp_peer['bgp_peer'] remote_ip = bgp_peer['peer_ip'] if not netaddr.valid_ipv4(remote_ip): err_msg = _("NSXv BGP does not support for IPv6") raise n_exc.InvalidInput(error_message=err_msg) self._validate_bgp_configuration_on_peer_esg(bgp_peer)
def __init__(self, iface, mode, ip=None, netmask="255.255.255.0", network=None, broadcast=None, gateway=None, nameserver=None, options=None): """ Creates a new interface object :param iface: The name of the interface (lo, br0, eth0, eth1) :param mode: can bee loopback, manual, dhcp, static :param ip: The IP Address of the interface :type ip: basestring :param netmask: The netmask of the interface :param network: The network of the interface. If omitted it will be calculated from IP and netmask :param broadcast: The broadcast of the interface. If omitted it will be calculated from UP and netmask :param gateway: The gateway :param nameserver: list of nameserver :type param: basestring :return: an interface object """ self.options = options or [] self.iface = iface self.mode = mode if self.mode not in ["auto", "manual", "dhcp", "static"]: raise Exception("No valid mode. Valid modes are 'auto', " "'manual', 'dhcp' or 'static'.") self.ip = ip self.netmask = netmask self.network = network self.broadcast = broadcast self.gateway = gateway self.nameserver = (nameserver or "").split() if ip and netmask: if not netaddr.valid_ipv4(ip): raise Exception("IP no valid IPv4 address.") network_object = netaddr.IPNetwork("%s/%s" % (ip, netmask)) self.ip = ip self.netmask = netmask self.broadcast = self.broadcast or str(network_object.broadcast) self.network = self.network or str(network_object.network) if self.gateway: if not netaddr.valid_ipv4(self.gateway): raise Exception("Gateway no valid IPv4 address") for ns in self.nameserver: if not netaddr.valid_ipv4(ns): raise Exception("Nameserver no valid IPv4 address")
def validate_ip_addr(ip_addr): if netaddr.valid_ipv4(ip_addr): return lib_consts.IP_VERSION_4 elif netaddr.valid_ipv6(ip_addr): return lib_consts.IP_VERSION_6 else: raise bgp_driver_exc.InvalidParamType(param=ip_addr, param_type='ip-address')
def is_valid_ip_address(ip_address, ip_version): if int(ip_version) == 4: return netaddr.valid_ipv4(ip_address) elif int(ip_version) == 6: return netaddr.valid_ipv6(ip_address) else: raise exception.ManilaException( _("Provided improper IP version '%s'.") % ip_version)
def isIP(ip): try: if netaddr.valid_ipv4(ip,flags=netaddr.INET_PTON) or netaddr.valid_ipv6(ip,flags=netaddr.INET_PTON): return True else: return False except: return False
def updateMongoWithESEvents(mozdefdb, results): attackers = mozdefdb["attackers"] for r in results: if "sourceipaddress" in r["_source"]["details"]: if netaddr.valid_ipv4(r["_source"]["details"]["sourceipaddress"]): sourceIP = netaddr.IPNetwork(r["_source"]["details"]["sourceipaddress"]) # expand it to a /24 CIDR # todo: lookup ipwhois for asn_cidr value # potentially with a max mask value (i.e. asn is /8, limit attackers to /24) sourceIP.prefixlen = 24 if not sourceIP.ip.is_loopback() and not sourceIP.ip.is_private() and not sourceIP.ip.is_reserved(): esrecord = dict( documentid=r["_id"], documenttype=r["_type"], documentindex=r["_index"], documentsource=r["_source"], ) logger.debug("searching for " + str(sourceIP)) # attacker = attackers.find_one({'events.details.sourceipaddress': str(sourceIP.ip)}) attacker = attackers.find_one({"indicators.ipv4address": str(sourceIP)}) if attacker is None: # new attacker # generate a meteor-compatible ID # save the ES document type, index, id # and add a sub list for future events logger.debug("new attacker") newAttacker = genNewAttacker() # expand the source ip to a /24 for the indicator match. sourceIP.prefixlen = 24 # str sourceIP to get the ip/cidr rather than netblock cidr. newAttacker["indicators"].append(dict(ipv4address=str(sourceIP))) newAttacker["events"].append(esrecord) newAttacker["eventscount"] = len(newAttacker["events"]) attackers.insert(newAttacker) updateAttackerGeoIP(mozdefdb, newAttacker["_id"], esrecord["documentsource"]) else: # if event not present in this attackers events # append this to the list of events # todo: trim the list at X (i.e. last 100 events) matchingevent = attackers.find_one( { "_id": attacker["_id"], "events.documentid": r["_id"], "events.documenttype": r["_type"], "events.documentindex": r["_index"], } ) if matchingevent is None: attacker["events"].append(esrecord) attacker["eventscount"] = len(attacker["events"]) logger.debug("new event found for matching attacker") attacker["lastseentimestamp"] = attacker["events"][-1]["documentsource"]["utctimestamp"] attackers.save(attacker) # geo ip could have changed, update it updateAttackerGeoIP(mozdefdb, attacker["_id"], esrecord["documentsource"])
def handle(self, *args, **options): print '=====SPARCS SSO USER INSPECTION TOOL=====' print 'OPTIONS: uid=%s, sid=%s, email=%s, ip=%s' \ % (options['uid'], options['sid'], options['email'], options['ip']) print '' if options['ip']: ip = options['ip'] print '> INSPECT LOG WHERE IP=%s' % ip if not netaddr.valid_ipv4(ip, netaddr.INET_PTON): print '>> INVAILD IP' return target = '(' + ip + ',' elif options['uid'] or options['sid'] or options['email']: if options['uid']: print '> FIND USER WHERE uid=%s' % options['uid'] users = User.objects.filter(username__contains=options['uid']) elif options['sid']: print '> FIND USER WHERE sid=%s' % options['sid'] users = User.objects.filter(services__sid__contains=options['sid']) elif options['email']: print '> FIND USER WHERE email=%s' % options['email'] users = User.objects.filter(email__contains=options['email']) if len(users) > 100: print '>> TOO MANY USER' return elif not users: print '>> NO USER' return for user in users: print '>> USER: uid=%s, first_name=%s, last_name=%s, email=%s' \ % (user.username, user.first_name, user.last_name, user.email) if len(users) != 1: return user = users[0] print '> INSPECT LOG EXACT uid=%s' % user.username target = user.username + ')' else: print '> NO TARGET SPECIFIED' return log_base = settings.LOGGING['handlers']['file']['filename'] log_ext = ['5', '4', '3', '2', '1', ''] for ext in log_ext: log_name = log_base + ext if not os.path.isfile(log_name): continue with open(log_name, 'r') as f: for line in f: if target in line: print line.strip()
def __init__(self, buildout, name, options): slap = slapos.slap.slap() slap.initializeConnection( options['url'], options.get('key'), options.get('cert'), ) computer_partition = slap.registerComputerPartition( options['computer'], options['partition'], ) parameter_dict = computer_partition.getInstanceParameterDict() options['instance-state'] = computer_partition.getState() # XXX: those are not partition parameters, strictly speaking. # Make them available as individual section keys. for his_key in ( 'slap_software_type', 'slap_computer_partition_id', 'slap_computer_id', 'slap_software_release_url', 'slave_instance_list', 'timestamp', ): try: value = parameter_dict.pop(his_key) except KeyError: pass else: options[his_key.replace('_', '-')] = value ipv4_set = set() v4_add = ipv4_set.add ipv6_set = set() v6_add = ipv6_set.add tap_set = set() tap_add = tap_set.add for tap, ip in parameter_dict.pop('ip_list'): tap_add(tap) if valid_ipv4(ip): v4_add(ip) elif valid_ipv6(ip): v6_add(ip) # XXX: emit warning on unknown address type ? options['ipv4'] = ipv4_set options['ipv6'] = ipv6_set # also export single ip values for those recipes that don't support sets. if ipv4_set: options['ipv4-random'] = list(ipv4_set)[0].encode('UTF-8') if ipv6_set: options['ipv6-random'] = list(ipv6_set)[0].encode('UTF-8') options['tap'] = tap_set parameter_dict = self._expandParameterDict(options, parameter_dict) match = self.OPTCRE_match for key, value in parameter_dict.iteritems(): if match(key) is not None: continue options['configuration.' + key] = value
def general_info(self): """ Return IP in bits, ip_type (ie: private, multicast, loopback,etc..), time updated/returned and version for an IP Address >>> from ipinformation import IPInformation >>> from pprint import pprint >>> pprint( IPInformation(ip_address='8.8.8.8').general_info() ) {'general': {'bits': '00001000000010000000100000001000', 'type': 'public', 'updated': datetime.datetime(2016, 1, 16, 18, 7, 4, 288512), 'version': '4'}} >>> pprint( IPInformation(ip_address='127.0.0.1').general_info() ) {'general': {'bits': '01111111000000000000000000000001', 'type': 'loopback', 'updated': datetime.datetime(2016, 1, 16, 18, 10, 6, 729149), 'version': '4'}} """ data = {"general": {"bits": None, "type": None, "updated": None, "version": None}} if not self.ISIP: # print '"%s" is not a valid IP Address.' %self.ip_address # logging_file.error( '"{0}" is not a valid IP Address.'.format(self.ip_address) ) return data if netaddr.valid_ipv4(self.ip_address): # IPv4 Address ip_version = "4" data["general"].update({"version": ip_version}) ip_bits = ( netaddr.IPAddress(self.ip_address).bits().replace(".", "") ) # Set the IP bits for searching by subnet data["general"].update({"bits": ip_bits}) ip_addr = netaddr.IPAddress(self.ip_address) if ip_addr.is_private(): ip_type = "private" elif ip_addr.is_multicast(): ip_type = "multicast" elif ip_addr.is_loopback(): ip_type = "loopback" elif ip_addr.is_netmask(): ip_type = "netmask" elif ip_addr.is_reserved(): ip_type = "reserved" elif ip_addr.is_link_local(): ip_type = "link_local" elif ip_addr.is_unicast(): ip_type = "public" else: # Unknown Type ip_type = "unknown" logging_file.error('"{0}" is an unknown IP Address.'.format(self.ip_address)) elif netaddr.valid_ipv6(self.ip_address): # IPv6 Address#TODO:Finish IPv6 ip_version = "6" print "Is IPv6" return False data["general"].update({"type": ip_type}) data["general"].update({"updated": datetime.utcnow()}) return data
def _set_password(self, address, password): if netaddr.valid_ipv4(address): family = socket.AF_INET else: family = socket.AF_INET6 for sock in self.listen_sockets.values(): if sock.family == family: sockopt.set_tcp_md5sig(sock, address, password)
def _parse_hosts(self, hosts): """Parses the list of hosts and creates corresponding objects.""" ip_list = [str(ip) for ip in list(netaddr.IPNetwork(hosts))] if netaddr.valid_ipv4(ip_list[0]): self.inet = socket.AF_INET elif netaddr.valid_ipv6(ip_list[0]): self.inet = socket.AF_INET6 return [Host(ip, self.ports) for ip in ip_list]
def check_host(host, allow_localhost=config.ALLOW_CONNECT_LOCALHOST, allow_private=config.ALLOW_CONNECT_PRIVATE): """Check if a given host is a valid DNS name or IPv4 address""" try: ipaddr = socket.gethostbyname(host) except UnicodeEncodeError: raise MistError('Please provide a valid DNS name') except socket.gaierror: raise MistError("Not a valid IP address or resolvable DNS name: '%s'." % host) if host != ipaddr: msg = "Host '%s' resolves to '%s' which" % (host, ipaddr) else: msg = "Host '%s'" % host if not netaddr.valid_ipv4(ipaddr): raise MistError(msg + " is not a valid IPv4 address.") forbidden_subnets = { '0.0.0.0/8': "used for broadcast messages to the current network", '100.64.0.0/10': ("used for communications between a service provider " "and its subscribers when using a " "Carrier-grade NAT"), '169.254.0.0/16': ("used for link-local addresses between two hosts " "on a single link when no IP address is otherwise " "specified"), '192.0.0.0/24': ("used for the IANA IPv4 Special Purpose Address " "Registry"), '192.0.2.0/24': ("assigned as 'TEST-NET' for use solely in " "documentation and example source code"), '192.88.99.0/24': "used by 6to4 anycast relays", '198.18.0.0/15': ("used for testing of inter-network communications " "between two separate subnets"), '198.51.100.0/24': ("assigned as 'TEST-NET-2' for use solely in " "documentation and example source code"), '203.0.113.0/24': ("assigned as 'TEST-NET-3' for use solely in " "documentation and example source code"), '224.0.0.0/4': "reserved for multicast assignments", '240.0.0.0/4': "reserved for future use", '255.255.255.255/32': ("reserved for the 'limited broadcast' " "destination address"), } if not allow_localhost: forbidden_subnets['127.0.0.0/8'] = ("used for loopback addresses " "to the local host") if not allow_private: for cidr in ('10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16'): forbidden_subnets[cidr] = ("used for local communications " "within a private network") cidr = netaddr.smallest_matching_cidr(ipaddr, forbidden_subnets.keys()) if cidr: raise MistError("%s is not allowed. It belongs to '%s' " "which is %s." % (msg, cidr, forbidden_subnets[str(cidr)]))
def all_link_data(self, flags: MessageFlags = MessageFlags.NONE ) -> List[LinkData]: """ Build link data objects for this network. Each link object describes a link between this network and a node. :param flags: message type :return: list of link data """ all_links = [] # build a link message from this network node to each node having a # connected interface for netif in self.netifs(sort=True): if not hasattr(netif, "node"): continue linked_node = netif.node uni = False if linked_node is None: # two layer-2 switches/hubs linked together via linknet() if not hasattr(netif, "othernet"): continue linked_node = netif.othernet if linked_node.id == self.id: continue netif.swapparams("_params_up") upstream_params = netif.getparams() netif.swapparams("_params_up") if netif.getparams() != upstream_params: uni = True unidirectional = 0 if uni: unidirectional = 1 interface2_ip4 = None interface2_ip4_mask = None interface2_ip6 = None interface2_ip6_mask = None for address in netif.addrlist: ip, _sep, mask = address.partition("/") mask = int(mask) if netaddr.valid_ipv4(ip): interface2_ip4 = ip interface2_ip4_mask = mask else: interface2_ip6 = ip interface2_ip6_mask = mask link_data = LinkData( message_type=flags, node1_id=self.id, node2_id=linked_node.id, link_type=self.linktype, unidirectional=unidirectional, interface2_id=linked_node.getifindex(netif), interface2_mac=netif.hwaddr, interface2_ip4=interface2_ip4, interface2_ip4_mask=interface2_ip4_mask, interface2_ip6=interface2_ip6, interface2_ip6_mask=interface2_ip6_mask, delay=netif.getparam("delay"), bandwidth=netif.getparam("bw"), dup=netif.getparam("duplicate"), jitter=netif.getparam("jitter"), per=netif.getparam("loss"), ) all_links.append(link_data) if not uni: continue netif.swapparams("_params_up") link_data = LinkData( message_type=MessageFlags.NONE, node1_id=linked_node.id, node2_id=self.id, link_type=self.linktype, unidirectional=1, delay=netif.getparam("delay"), bandwidth=netif.getparam("bw"), dup=netif.getparam("duplicate"), jitter=netif.getparam("jitter"), per=netif.getparam("loss"), ) netif.swapparams("_params_up") all_links.append(link_data) return all_links
def regexIP(self, ip): if valid_ipv4(str(ip)): return True return False
def searchMongoAlerts(mozdefdb): attackers = mozdefdb['attackers'] alerts = mozdefdb['alerts'] # search the last X alerts for IP addresses # aggregated by CIDR mask/24 # aggregate IPv4 addresses in the most recent alerts # to find common attackers. ipv4TopHits = alerts.aggregate([ { "$sort": { "utcepoch": -1 } }, # reverse sort the current alerts { "$limit": 100 }, #most recent 100 { "$match": { "events.documentsource.details.sourceipaddress": { "$exists": True } } }, # must have an ip address { "$match": { "attackerid": { "$exists": False } } }, # must not be already related to an attacker { "$group": { "_id": { "ipaddress": "$events.documentsource.details.sourceipaddress" } } }, # grab ip address from the events { "$unwind": "$_id.ipaddress" }, # separate all ips from their alerts { "$group": { "_id": "$_id.ipaddress", "hitcount": { "$sum": 1 } } }, # count by ip { "$match": { "hitcount": { "$gt": 10 } } }, # limit to those with 10 observances { "$sort": SON([("hitcount", -1), ("_id", -1)]) }, # sort { "$limit": 10 } # top 10 ]) for ip in ipv4TopHits['result']: if netaddr.valid_ipv4(ip['_id']): ipcidr = netaddr.IPNetwork(ip['_id']) # expand it to a /24 CIDR # todo: lookup ipwhois for asn_cidr value # potentially with a max mask value (i.e. asn is /8, limit attackers to /24) ipcidr.prefixlen = 24 # append to or create attacker. # does this match an existing attacker's indicators if not ipcidr.ip.is_loopback() and not ipcidr.ip.is_private( ) and not ipcidr.ip.is_reserved(): logger.debug('searching for alert ip ' + str(ipcidr)) attacker = attackers.find_one( {'indicators.ipv4address': str(ipcidr)}) if attacker is None: # new attacker # generate a meteor-compatible ID # save the ES document type, index, id # and add a sub list for future events logger.debug('new attacker from alerts') newAttacker = genNewAttacker() # str to get the ip/cidr rather than netblock cidr. # i.e. '1.2.3.4/24' not '1.2.3.0/24' newAttacker['indicators'].append( dict(ipv4address=str(ipcidr))) matchingalerts = alerts.find({ "events.documentsource.details.sourceipaddress": str(ipcidr.ip), }) if matchingalerts is not None: # update list of alerts this attacker matched. for alert in matchingalerts: newAttacker['alerts'].append( dict(alertid=alert['_id'])) # update alert with attackerID alert['attackerid'] = newAttacker['_id'] alerts.save(alert) #add the events from this alert: #add the events from this alert: for e in alert['events']: newAttacker['events'].append(e) newAttacker['alertscount'] = len(newAttacker['alerts']) newAttacker['eventscount'] = len(newAttacker['events']) if newAttacker['eventscount'] > 0: newAttacker['lastseentimestamp'] = toUTC( newAttacker['events'][-1]['documentsource'] ['utctimestamp'], 'UTC') attackers.insert(newAttacker) #upate geoIP info latestGeoIP = [ a['events'] for a in alerts.find({ "events.documentsource.details.sourceipaddress": str(ipcidr.ip), }) ][-1][0]['documentsource'] updateAttackerGeoIP(mozdefdb, newAttacker['_id'], latestGeoIP) else: logger.debug('found existing attacker in alerts') # if alert not present in this attackers list # append this to the list # todo: trim the list at X (i.e. last 100) # search alerts without attackerid matchingalerts = alerts.find({ "events.documentsource.details.sourceipaddress": str(ipcidr.ip), "attackerid": { "$exists": False } }) if matchingalerts is not None: #attacker['eventscount'] = len(attacker['events']) logger.debug('matched alert with attacker') # update list of alerts this attacker matched. for alert in matchingalerts: attacker['alerts'].append( dict(alertid=alert['_id'])) # update alert with attackerID alert['attackerid'] = attacker['_id'] alerts.save(alert) #add the events from this alert: for e in alert['events']: attacker['events'].append(e) # geo ip could have changed, update it # to the latest updateAttackerGeoIP( mozdefdb, attacker['_id'], alert['events'][-1]['documentsource']) # update last seen time attacker['lastseentimestamp'] = toUTC( attacker['events'][-1]['documentsource'] ['utctimestamp'], 'UTC') # update counts attacker['alertscount'] = len(attacker['alerts']) attacker['eventscount'] = len(attacker['events']) attackers.save(attacker)
def click_add_ip4(self) -> None: ip4 = self.ip4_entry.get() if not ip4 or not netaddr.valid_ipv4(ip4): messagebox.showerror("IPv4 Error", f"Invalid IPv4 {ip4}") else: self.ip4_listbox.listbox.insert(tk.END, ip4)
def is_valid_ipv4(address): """Verify that address represents a valid IPv4 address.""" try: return netaddr.valid_ipv4(address) except Exception: return False
def valid_ip_address(addr): if not netaddr.valid_ipv4(addr) and not netaddr.valid_ipv6(addr): return False return True
def check(self, args): """Validate that all fields have valid values and sanity checks.""" # Get field information responses = dict() self.parent.footer.set_text("Checking data...") for index, fieldname in enumerate(self.fields): if fieldname == "blank" or fieldname == "ifname": pass elif fieldname == "bootproto": rb_group = self.edits[index].rb_group if rb_group[0].state: responses["bootproto"] = "none" else: responses["bootproto"] = "dhcp" elif fieldname == "onboot": rb_group = self.edits[index].rb_group if rb_group[0].state: responses["onboot"] = "yes" else: responses["onboot"] = "no" else: responses[fieldname] = self.edits[index].get_edit_text() # Validate each field errors = [] # Check for the duplicate IP provided for k, v in six.iteritems(self.netsettings): if (k != self.activeiface and responses["ipaddr"] != '' and responses["ipaddr"] == v.get('addr')): errors.append("The same IP address {0} is assigned for " "interfaces '{1}' and '{2}'.".format( responses["ipaddr"], k, self.activeiface)) break if responses["onboot"] == "no": numactiveifaces = 0 for iface in self.netsettings: if self.netsettings[iface]['addr'] != "": numactiveifaces += 1 if numactiveifaces < 2 and \ self.netsettings[self.activeiface]['addr'] != "": # Block user because puppet l23network fails if all interfaces # are disabled. errors.append("Cannot disable all interfaces.") elif responses["bootproto"] == "dhcp": self.parent.footer.set_text("Scanning for DHCP servers. " "Please wait...") self.parent.refreshScreen() try: dhcptimeout = 5 dhcp_server_data = network.search_external_dhcp( self.activeiface, dhcptimeout) except network.NetworkException: self.log.warning("dhcp_checker failed to check on %s" % self.activeiface) dhcp_server_data = [] if len(dhcp_server_data) < 1: errors.append("No DHCP servers found. Cannot enable DHCP") # Check ipaddr, netmask, gateway only if static elif responses["bootproto"] == "none": try: if netaddr.valid_ipv4(responses["ipaddr"]): if not netaddr.IPAddress(responses["ipaddr"]): raise BadIPException("Not a valid IP address") else: raise BadIPException("Not a valid IP address") except (BadIPException, Exception): errors.append("Not a valid IP address: %s" % responses["ipaddr"]) try: if netaddr.valid_ipv4(responses["netmask"]): netmask = netaddr.IPAddress(responses["netmask"]) if netmask.is_netmask is False: raise BadIPException("Not a valid IP address") else: raise BadIPException("Not a valid IP address") except (BadIPException, Exception): errors.append("Not a valid netmask: %s" % responses["netmask"]) try: if len(responses["gateway"]) > 0: # Check if gateway is valid if netaddr.valid_ipv4(responses["gateway"]) is False: raise BadIPException("Gateway IP address is not valid") # Check if gateway is in same subnet if network.inSameSubnet(responses["ipaddr"], responses["gateway"], responses["netmask"]) is False: raise BadIPException("Gateway IP is not in same " "subnet as IP address") except (BadIPException, Exception) as e: errors.append(e) self.parent.footer.set_text("Scanning for duplicate IP address..") if len(responses["ipaddr"]) > 0: if self.netsettings[self.activeiface]['link'].upper() != "UP": try: network.upIface(self.activeiface) except NetworkException as e: errors.append("Cannot activate {0} to check for " "duplicate IP.".format(self.activeiface)) # Bind arping to requested IP if it's already assigned assigned_ips = [ v.get('addr') for v in self.netsettings.itervalues() ] arping_bind = responses["ipaddr"] in assigned_ips if network.duplicateIPExists(responses["ipaddr"], self.activeiface, arping_bind): errors.append("Duplicate host found with IP {0}.".format( responses["ipaddr"])) if len(errors) > 0: self.log.error("Errors: %s %s" % (len(errors), errors)) ModuleHelper.display_failed_check_dialog(self, errors) return False else: self.parent.footer.set_text("No errors found.") return responses
def all_link_data(self, flags: MessageFlags = MessageFlags.NONE ) -> List[LinkData]: """ Build CORE API TLVs for a point-to-point link. One Link message describes this network. :param flags: message flags :return: list of link data """ all_links = [] if len(self._netif) != 2: return all_links if1, if2 = self._netif.values() unidirectional = 0 if if1.getparams() != if2.getparams(): unidirectional = 1 interface1_ip4 = None interface1_ip4_mask = None interface1_ip6 = None interface1_ip6_mask = None for address in if1.addrlist: ip, _sep, mask = address.partition("/") mask = int(mask) if netaddr.valid_ipv4(ip): interface1_ip4 = ip interface1_ip4_mask = mask else: interface1_ip6 = ip interface1_ip6_mask = mask interface2_ip4 = None interface2_ip4_mask = None interface2_ip6 = None interface2_ip6_mask = None for address in if2.addrlist: ip, _sep, mask = address.partition("/") mask = int(mask) if netaddr.valid_ipv4(ip): interface2_ip4 = ip interface2_ip4_mask = mask else: interface2_ip6 = ip interface2_ip6_mask = mask link_data = LinkData( message_type=flags, node1_id=if1.node.id, node2_id=if2.node.id, link_type=self.linktype, unidirectional=unidirectional, delay=if1.getparam("delay"), bandwidth=if1.getparam("bw"), per=if1.getparam("loss"), dup=if1.getparam("duplicate"), jitter=if1.getparam("jitter"), interface1_id=if1.node.getifindex(if1), interface1_name=if1.name, interface1_mac=if1.hwaddr, interface1_ip4=interface1_ip4, interface1_ip4_mask=interface1_ip4_mask, interface1_ip6=interface1_ip6, interface1_ip6_mask=interface1_ip6_mask, interface2_id=if2.node.getifindex(if2), interface2_name=if2.name, interface2_mac=if2.hwaddr, interface2_ip4=interface2_ip4, interface2_ip4_mask=interface2_ip4_mask, interface2_ip6=interface2_ip6, interface2_ip6_mask=interface2_ip6_mask, ) all_links.append(link_data) # build a 2nd link message for the upstream link parameters # (swap if1 and if2) if unidirectional: link_data = LinkData( message_type=MessageFlags.NONE, link_type=self.linktype, node1_id=if2.node.id, node2_id=if1.node.id, delay=if2.getparam("delay"), bandwidth=if2.getparam("bw"), per=if2.getparam("loss"), dup=if2.getparam("duplicate"), jitter=if2.getparam("jitter"), unidirectional=1, interface1_id=if2.node.getifindex(if2), interface2_id=if1.node.getifindex(if1), ) all_links.append(link_data) return all_links
def get_private_ipv4(instance): for addr in instance.networks['private']: if netaddr.valid_ipv4(addr): return addr
def parse(self, inventory, loader, path, cache=True): # Plugin interface (2) super(InventoryModule, self).parse(inventory, loader, path) if not HAS_REQUESTS: raise AnsibleParserError( 'Please install "requests" Python module as this is required' ' for ServiceNow dynamic inventory plugin.') self._read_config_data(path) self.cache_key = self.get_cache_key(path) self.use_cache = self.get_option('cache') and cache self.update_cache = self.get_option('cache') and not cache selection = self.get_option('selection_order') fields = self.get_option('fields') table = self.get_option('table') filter_results = self.get_option('filter_results') options = "?sysparm_exclude_reference_link=true&sysparm_display_value=true" enhanced = self.get_option('enhanced') enhanced_groups = False if enhanced: path = '/api/snc/ansible_inventory' + options + \ "&sysparm_fields=" + ','.join(fields) + \ "&sysparm_query=" + filter_results + \ "&table=" + table enhanced_groups = self.get_option('enhanced_groups') else: path = '/api/now/table/' + table + options + \ "&sysparm_fields=" + ','.join(fields) + \ "&sysparm_query=" + filter_results content = self.invoke('GET', path, None) strict = self.get_option('strict') for record in content['result']: target = None # select name for host for k in selection: if k in record: if record[k] != '': target = record[k] if target is not None: break if target is None: continue # add host to inventory if netaddr.valid_ipv4(target) or netaddr.valid_ipv6(target): host_name = self.inventory.add_host(target) else: host_name = self.inventory.add_host(to_safe_group_name(target)) # set variables for host for k in record.keys(): self.inventory.set_variable(host_name, 'sn_%s' % k, record[k]) # add relationship based groups if enhanced and enhanced_groups: for item in record['child_relationships']: ci = to_safe_group_name(item['ci']) ci_rel_type = to_safe_group_name( item['ci_rel_type'].split('__')[0]) ci_type = to_safe_group_name(item['ci_type']) if ci != '' and ci_rel_type != '' and ci_type != '': child_group = "%s_%s" % (ci, ci_rel_type) self.inventory.add_group(child_group) self.inventory.add_child(child_group, host_name) for item in record['parent_relationships']: ci = to_safe_group_name(item['ci']) ci_rel_type = to_safe_group_name( item['ci_rel_type'].split('__')[-1]) ci_type = to_safe_group_name(item['ci_type']) if ci != '' and ci_rel_type != '' and ci_type != '': child_group = "%s_%s" % (ci, ci_rel_type) self.inventory.add_group(child_group) self.inventory.add_child(child_group, host_name) self._set_composite_vars( self.get_option('compose'), self.inventory.get_host(host_name).get_vars(), host_name, strict) self._add_host_to_composed_groups(self.get_option('groups'), dict(), host_name, strict) self._add_host_to_keyed_groups(self.get_option('keyed_groups'), dict(), host_name, strict)
def _check_ipv4(self, address): if not netaddr.valid_ipv4(address, netaddr.core.INET_PTON): raise ValueError("%s is not an IPv4 address" % address)
def extract_ipv4s(self, ips): ipv4s = [str(ip) for ip in ips if netaddr.valid_ipv4(ip)] if not ipv4s: self.fail("No IPV4 ip found") return ipv4s
def valid_ip(self): if valid_ipv4(self.targetname): self.type = "IPv4" return True return False
def check(self, args): """Validates all fields have valid values and some sanity checks.""" self.parent.footer.set_text("Checking data...") self.parent.refreshScreen() # Refresh networking to make sure IP matches self.getNetwork() # Get field information responses = dict() for index, fieldname in enumerate(self.fields): if fieldname != "blank" and "label" not in fieldname: responses[fieldname] = self.edits[index].get_edit_text() # Validate each field errors = [] # Set internal_{ipaddress,netmask,interface} responses["ADMIN_NETWORK/interface"] = self.activeiface responses["ADMIN_NETWORK/netmask"] = self.netsettings[ self.activeiface]["netmask"] responses["ADMIN_NETWORK/mac"] = self.netsettings[ self.activeiface]["mac"] responses["ADMIN_NETWORK/ipaddress"] = self.netsettings[ self.activeiface]["addr"] # ensure management interface is valid if responses["ADMIN_NETWORK/interface"] not in self.netsettings.keys(): errors.append("Management interface not valid") else: self.parent.footer.set_text("Scanning for DHCP servers. \ Please wait...") self.parent.refreshScreen() try: dhcptimeout = 5 dhcp_server_data = network.search_external_dhcp( self.activeiface, dhcptimeout) except network.NetworkException: log.warning('DHCP scan failed.') dhcp_server_data = [] num_dhcp = len(dhcp_server_data) if num_dhcp == 0: log.debug("No DHCP servers found") else: # Problem exists, but permit user to continue log.error("%s foreign DHCP server(s) found: %s" % (num_dhcp, dhcp_server_data)) # Build dialog elements dhcp_info = [] dhcp_info.append( urwid.Padding(urwid.Text(("header", "!!! WARNING !!!")), "center")) dhcp_info.append( widget.TextLabel("You have selected an \ interface that contains one or more DHCP servers. This will impact \ provisioning. You should disable these DHCP servers before you continue, or \ else deployment will likely fail.")) dhcp_info.append(widget.TextLabel("")) for index, dhcp_server in enumerate(dhcp_server_data): dhcp_info.append( widget.TextLabel("DHCP Server #%s:" % (index + 1))) dhcp_info.append( widget.TextLabel("IP address: %-10s" % dhcp_server['server_ip'])) dhcp_info.append( widget.TextLabel("MAC address: %-10s" % dhcp_server['mac'])) dhcp_info.append(widget.TextLabel("")) dialog.display_dialog( self, urwid.Pile(dhcp_info), "DHCP Servers Found on %s" % self.activeiface) # Ensure pool start and end are on the same subnet as mgmt_if # Ensure mgmt_if has an IP first if len(self.netsettings[responses["ADMIN_NETWORK/interface"]] ["addr"]) == 0: errors.append("Go to Interfaces to configure management \ interface first.") else: # Ensure ADMIN_NETWORK/interface is not running DHCP if self.netsettings[responses["ADMIN_NETWORK/interface"]][ "bootproto"] == "dhcp": errors.append("%s is running DHCP. Change it to static " "first." % self.activeiface) # Ensure DHCP Pool Start and DHCP Pool are valid IPs try: if netaddr.valid_ipv4( responses["ADMIN_NETWORK/dhcp_pool_start"]): dhcp_start = netaddr.IPAddress( responses["ADMIN_NETWORK/dhcp_pool_start"]) if not dhcp_start: raise BadIPException("Not a valid IP address") else: raise BadIPException("Not a valid IP address") except Exception: errors.append("Invalid IP address for DHCP Pool Start") try: if netaddr.valid_ipv4( responses["ADMIN_NETWORK/dhcp_gateway"]): dhcp_gateway = netaddr.IPAddress( responses["ADMIN_NETWORK/dhcp_gateway"]) if not dhcp_gateway: raise BadIPException("Not a valid IP address") else: raise BadIPException("Not a valid IP address") except Exception: errors.append("Invalid IP address for DHCP Gateway") try: if netaddr.valid_ipv4( responses["ADMIN_NETWORK/dhcp_pool_end"]): dhcp_end = netaddr.IPAddress( responses["ADMIN_NETWORK/dhcp_pool_end"]) if not dhcp_end: raise BadIPException("Not a valid IP address") else: raise BadIPException("Not a valid IP address") except Exception: errors.append("Invalid IP address for DHCP Pool end") # Ensure pool start and end are in the same # subnet of each other netmask = self.netsettings[ responses["ADMIN_NETWORK/interface"]]["netmask"] if not network.inSameSubnet( responses["ADMIN_NETWORK/dhcp_pool_start"], responses["ADMIN_NETWORK/dhcp_pool_end"], netmask): errors.append("DHCP Pool start and end are not in the " "same subnet.") # Ensure pool start and end are in the right netmask mgmt_if_ipaddr = self.netsettings[ responses["ADMIN_NETWORK/interface"]]["addr"] if network.inSameSubnet( responses["ADMIN_NETWORK/dhcp_pool_start"], mgmt_if_ipaddr, netmask) is False: errors.append("DHCP Pool start does not match management" " network.") if network.inSameSubnet( responses["ADMIN_NETWORK/dhcp_pool_end"], mgmt_if_ipaddr, netmask) is False: errors.append("DHCP Pool end does not match management " "network.") if network.inSameSubnet( responses["ADMIN_NETWORK/dhcp_gateway"], mgmt_if_ipaddr, netmask) is False: errors.append("DHCP Gateway does not match management " "network.") self.parent.footer.set_text("Scanning for duplicate IP address" "es. Please wait...") # Bind arping to mgmt_if_ipaddr if it assigned assigned_ips = [ v.get('addr') for v in self.netsettings.itervalues() ] arping_bind = mgmt_if_ipaddr in assigned_ips if network.duplicateIPExists(mgmt_if_ipaddr, self.activeiface, arping_bind): errors.append("Duplicate host found with IP {0}.".format( mgmt_if_ipaddr)) # Extra checks for post-deployment changes if utils.is_post_deployment(): settings = self.parent.settings # Admin interface cannot change if self.activeiface != settings["ADMIN_NETWORK"]["interface"]: errors.append("Cannot change admin interface after deployment") # PXE network range must contain previous PXE network range old_range = network.range( settings["ADMIN_NETWORK"]["dhcp_pool_start"], settings["ADMIN_NETWORK"]["dhcp_pool_end"]) new_range = network.range( responses["ADMIN_NETWORK/dhcp_pool_start"], responses["ADMIN_NETWORK/dhcp_pool_end"]) if old_range[0] not in new_range: errors.append("DHCP range must contain previous values.") if old_range[-1] not in new_range: errors.append("DHCP range can only be increased after " "deployment.") if len(errors) > 0: log.error("Errors: %s %s" % (len(errors), errors)) ModuleHelper.display_failed_check_dialog(self, errors) return False else: self.parent.footer.set_text("No errors found.") return responses
def neighbor_add(self, address, remote_as, enable_ipv4=DEFAULT_CAP_MBGP_IPV4, enable_vpnv4=DEFAULT_CAP_MBGP_VPNV4, enable_vpnv6=DEFAULT_CAP_MBGP_VPNV6, next_hop=None, password=None, multi_exit_disc=None, site_of_origins=None, is_route_server_client=False, is_next_hop_self=False, local_address=None, local_port=None, connect_mode=DEFAULT_CONNECT_MODE): """ This method registers a new neighbor. The BGP speaker tries to establish a bgp session with the peer (accepts a connection from the peer and also tries to connect to it). ``address`` specifies the IP address of the peer. It must be the string representation of an IP address. Only IP v4 is supported now. ``remote_as`` specifies the AS number of the peer. It must be an integer between 1 and 65535. ``enable_ipv4`` enables IPv4 address family for this neighbor. The default is True. ``enable_vpnv4`` enables VPNv4 address family for this neighbor. The default is False. ``enable_vpnv6`` enables VPNv6 address family for this neighbor. The default is False. ``next_hop`` specifies the next hop IP address. If not specified, host's ip address to access to a peer is used. ``password`` is used for the MD5 authentication if it's specified. By default, the MD5 authenticaiton is disabled. ``multi_exit_disc`` specifies multi exit discriminator (MED) value. The default is None and if not specified, MED value is not sent to the neighbor. It must be an integer. ``site_of_origins`` specifies site_of_origin values. This parameter must be a list of string. ``is_route_server_client`` specifies whether this neighbor is a router server's client or not. ``is_next_hop_self`` specifies whether the BGP speaker announces its own ip address to iBGP neighbor or not as path's next_hop address. ``connect_mode`` specifies how to connect to this neighbor. CONNECT_MODE_ACTIVE tries to connect from us. CONNECT_MODE_PASSIVE just listens and wait for the connection. CONNECT_MODE_BOTH use both methods. The default is CONNECT_MODE_BOTH ``local_address`` specifies Loopback interface address for iBGP peering. ``local_port`` specifies source TCP port for iBGP peering. """ bgp_neighbor = {} bgp_neighbor[neighbors.IP_ADDRESS] = address bgp_neighbor[neighbors.REMOTE_AS] = remote_as bgp_neighbor[PEER_NEXT_HOP] = next_hop bgp_neighbor[PASSWORD] = password bgp_neighbor[IS_ROUTE_SERVER_CLIENT] = is_route_server_client bgp_neighbor[IS_NEXT_HOP_SELF] = is_next_hop_self bgp_neighbor[CONNECT_MODE] = connect_mode # v6 advertizement is available with only v6 peering if netaddr.valid_ipv4(address): bgp_neighbor[CAP_MBGP_IPV4] = enable_ipv4 bgp_neighbor[CAP_MBGP_IPV6] = False bgp_neighbor[CAP_MBGP_VPNV4] = enable_vpnv4 bgp_neighbor[CAP_MBGP_VPNV6] = enable_vpnv6 elif netaddr.valid_ipv6(address): bgp_neighbor[CAP_MBGP_IPV4] = False bgp_neighbor[CAP_MBGP_IPV6] = True bgp_neighbor[CAP_MBGP_VPNV4] = False bgp_neighbor[CAP_MBGP_VPNV6] = False else: # FIXME: should raise an exception pass if multi_exit_disc: bgp_neighbor[MULTI_EXIT_DISC] = multi_exit_disc if site_of_origins: bgp_neighbor[SITE_OF_ORIGINS] = site_of_origins if local_address: bgp_neighbor[LOCAL_ADDRESS] = local_address if local_port: bgp_neighbor[LOCAL_PORT] = local_port call('neighbor.create', **bgp_neighbor)
def get_public_ipv4(instance): for addr in instance.networks['public']: if netaddr.valid_ipv4(addr): return addr
def _check_both_versions(self, address): if not (netaddr.valid_ipv4(address, netaddr.core.INET_PTON) or netaddr.valid_ipv6(address, netaddr.core.INET_PTON)): raise ValueError("%s is not IPv4 or IPv6 address" % address)
def updateMongoWithESEvents(mozdefdb, results): attackers = mozdefdb['attackers'] for r in results: if 'sourceipaddress' in r['_source']['details']: if netaddr.valid_ipv4(r['_source']['details']['sourceipaddress']): sourceIP = netaddr.IPNetwork( r['_source']['details']['sourceipaddress']) # expand it to a /24 CIDR # todo: lookup ipwhois for asn_cidr value # potentially with a max mask value (i.e. asn is /8, limit attackers to /24) sourceIP.prefixlen = 24 if not sourceIP.ip.is_loopback( ) and not sourceIP.ip.is_private( ) and not sourceIP.ip.is_reserved(): esrecord = dict(documentid=r['_id'], documenttype=r['_type'], documentindex=r['_index'], documentsource=r['_source']) logger.debug('searching for ' + str(sourceIP)) #attacker = attackers.find_one({'events.details.sourceipaddress': str(sourceIP.ip)}) attacker = attackers.find_one( {'indicators.ipv4address': str(sourceIP)}) if attacker is None: # new attacker # generate a meteor-compatible ID # save the ES document type, index, id # and add a sub list for future events logger.debug('new attacker') newAttacker = genNewAttacker() #expand the source ip to a /24 for the indicator match. sourceIP.prefixlen = 24 # str sourceIP to get the ip/cidr rather than netblock cidr. newAttacker['indicators'].append( dict(ipv4address=str(sourceIP))) newAttacker['events'].append(esrecord) newAttacker['eventscount'] = len(newAttacker['events']) attackers.insert(newAttacker) updateAttackerGeoIP(mozdefdb, newAttacker['_id'], esrecord['documentsource']) else: # if event not present in this attackers events # append this to the list of events # todo: trim the list at X (i.e. last 100 events) matchingevent = attackers.find_one({ '_id': attacker['_id'], 'events.documentid': r['_id'], 'events.documenttype': r['_type'], 'events.documentindex': r['_index'] }) if matchingevent is None: attacker['events'].append(esrecord) attacker['eventscount'] = len(attacker['events']) logger.debug( 'new event found for matching attacker') attacker['lastseentimestamp'] = attacker['events'][ -1]['documentsource']['utctimestamp'] attackers.save(attacker) # geo ip could have changed, update it updateAttackerGeoIP(mozdefdb, attacker['_id'], esrecord['documentsource'])
def check(self, args): """Validate that all fields have valid values through sanity checks.""" self.parent.footer.set_text("Checking data...") self.parent.refreshScreen() #Get field information responses = dict() for index, fieldname in enumerate(self.fields): if fieldname == "blank": pass else: responses[fieldname] = self.edits[index].get_edit_text() ###Validate each field errors = [] #hostname must be under 60 chars if len(responses["HOSTNAME"]) >= 60: errors.append("Hostname must be under 60 chars.") #hostname must not be empty if len(responses["HOSTNAME"]) == 0: errors.append("Hostname must not be empty.") #hostname needs to have valid chars if re.search('[^a-z0-9-]', responses["HOSTNAME"]): errors.append( "Hostname must contain only alphanumeric and hyphen.") #domain must be under 180 chars if len(responses["DNS_DOMAIN"]) >= 180: errors.append("Domain must be under 180 chars.") #domain must not be empty if len(responses["DNS_DOMAIN"]) == 0: errors.append("Domain must not be empty.") #domain needs to have valid chars if re.match('[^a-z0-9-.]', responses["DNS_DOMAIN"]): errors.append( "Domain must contain only alphanumeric, period and hyphen.") #ensure external DNS is valid if len(responses["DNS_UPSTREAM"]) == 0: #We will allow empty if user doesn't need external networking #and present a strongly worded warning msg = "If you continue without DNS, you may not be able to access"\ + " external data necessary for installation needed for " \ + "some OpenStack Releases." dialog.display_dialog(self, widget.TextLabel(msg), "Empty DNS Warning") else: #external DNS must contain only numbers, periods, and commas #Needs more serious ip address checking if re.match('[^0-9.,]', responses["DNS_UPSTREAM"]): errors.append( "External DNS must contain only IP addresses and commas.") #ensure test DNS name isn't empty if len(responses["TEST_DNS"]) == 0: errors.append("Test DNS must not be empty.") #Validate first IP address try: if netaddr.valid_ipv4(responses["DNS_UPSTREAM"].split(",")[0]): DNS_UPSTREAM = responses["DNS_UPSTREAM"].split(",")[0] else: errors.append( "Not a valid IP address for External DNS: %s" % responses["DNS_UPSTREAM"]) #Try to resolve with first address if not self.checkDNS(DNS_UPSTREAM): #Warn user that DNS resolution failed, but continue msg = "Unable to resolve %s.\n\n" % responses['TEST_DNS']\ + "Possible causes for DNS failure include:\n"\ + "* Invalid DNS server\n"\ + "* Invalid gateway\n"\ + "* Other networking issue\n\n"\ + "Fuel Setup can save this configuration, but "\ + "you may want to correct your settings." dialog.display_dialog(self, widget.TextLabel(msg), "DNS Failure Warning") self.parent.refreshScreen() except Exception: errors.append("Not a valid IP address for External DNS: %s" % responses["DNS_UPSTREAM"]) if len(errors) > 0: self.parent.footer.set_text("Error: %s" % (errors[0])) log.error("Errors: %s %s" % (len(errors), errors)) return False else: self.parent.footer.set_text("No errors found.") return responses
def _add_floating_ip(self, req, id, body): """Associate floating_ip to an instance.""" context = req.environ['nova.context'] authorize(context) try: address = body['addFloatingIp']['address'] except TypeError: msg = _("Missing parameter dict") raise webob.exc.HTTPBadRequest(explanation=msg) except KeyError: msg = _("Address not specified") raise webob.exc.HTTPBadRequest(explanation=msg) instance = common.get_instance(self.compute_api, context, id) cached_nwinfo = compute_utils.get_nw_info_for_instance(instance) if not cached_nwinfo: LOG.warning( _LW('Info cache is %r during associate') % instance.info_cache, instance=instance) msg = _('No nw_info cache associated with instance') raise webob.exc.HTTPBadRequest(explanation=msg) fixed_ips = cached_nwinfo.fixed_ips() if not fixed_ips: msg = _('No fixed ips associated to instance') raise webob.exc.HTTPBadRequest(explanation=msg) fixed_address = None if self.ext_mgr.is_loaded('os-extended-floating-ips'): if 'fixed_address' in body['addFloatingIp']: fixed_address = body['addFloatingIp']['fixed_address'] for fixed in fixed_ips: if fixed['address'] == fixed_address: break else: msg = _('Specified fixed address not assigned to instance') raise webob.exc.HTTPBadRequest(explanation=msg) if not fixed_address: try: fixed_address = next(ip['address'] for ip in fixed_ips if netaddr.valid_ipv4(ip['address'])) except StopIteration: msg = _('Unable to associate floating ip %(address)s ' 'to any fixed IPs for instance %(id)s. ' 'Instance has no fixed IPv4 addresses to ' 'associate.') % ( {'address': address, 'id': id}) raise webob.exc.HTTPBadRequest(explanation=msg) if len(fixed_ips) > 1: LOG.warning(_LW('multiple fixed_ips exist, using the first ' 'IPv4 fixed_ip: %s'), fixed_address) try: self.network_api.associate_floating_ip(context, instance, floating_address=address, fixed_address=fixed_address) except exception.FloatingIpAssociated: msg = _('floating ip is already associated') raise webob.exc.HTTPBadRequest(explanation=msg) except exception.NoFloatingIpInterface: msg = _('l3driver call to add floating ip failed') raise webob.exc.HTTPBadRequest(explanation=msg) except exception.FloatingIpNotFoundForAddress: msg = _('floating ip not found') raise webob.exc.HTTPNotFound(explanation=msg) except exception.Forbidden as e: raise webob.exc.HTTPForbidden(explanation=e.format_message()) except Exception as e: msg = _('Unable to associate floating ip %(address)s to ' 'fixed ip %(fixed_address)s for instance %(id)s. ' 'Error: %(error)s') % ( {'address': address, 'fixed_address': fixed_address, 'id': id, 'error': e}) LOG.exception(msg) raise webob.exc.HTTPBadRequest(explanation=msg) return webob.Response(status_int=202)
def _get_address(instance_id): result = instance_info.dbaas_admin.mgmt.instances.show(instance_id) try: return next(str(ip) for ip in result.ip if netaddr.valid_ipv4(ip)) except StopIteration: fail("No IPV4 ip found")
def _validate_ipv4(name, value): """Check if router_id value is valid""" if not netaddr.valid_ipv4(value): raise wsme.exc.ClientSideError( _("Parameter '%s' must be a valid router_id." % name))
def main(): if options.output=='syslog': logger.addHandler(SysLogHandler(address=(options.sysloghostname,options.syslogport))) else: sh=logging.StreamHandler(sys.stderr) sh.setFormatter(formatter) logger.addHandler(sh) logger.debug('started') #logger.debug(options) try: es = ElasticsearchClient((list('{0}'.format(s) for s in options.esservers))) s = requests.Session() s.headers.update({'Accept': 'application/json'}) s.headers.update({'Content-type': 'application/json'}) s.headers.update({'Authorization':'SSWS {0}'.format(options.apikey)}) #capture the time we start running so next time we catch any events created while we run. state = State(options.state_file) lastrun = toUTC(datetime.now()).isoformat() #in case we don't archive files..only look at today and yesterday's files. yesterday=date.strftime(datetime.utcnow()-timedelta(days=1),'%Y/%m/%d') today = date.strftime(datetime.utcnow(),'%Y/%m/%d') r = s.get('https://{0}/api/v1/events?startDate={1}&limit={2}'.format( options.oktadomain, toUTC(state.data['lastrun']).strftime('%Y-%m-%dT%H:%M:%S.000Z'), options.recordlimit )) if r.status_code == 200: oktaevents = json.loads(r.text) for event in oktaevents: if 'published' in event.keys(): if toUTC(event['published']) > toUTC(state.data['lastrun']): try: mozdefEvent = dict() mozdefEvent['utctimestamp']=toUTC(event['published']).isoformat() mozdefEvent['receivedtimestamp']=toUTC(datetime.now()).isoformat() mozdefEvent['category'] = 'okta' mozdefEvent['tags'] = ['okta'] if 'action' in event.keys() and 'message' in event['action'].keys(): mozdefEvent['summary'] = event['action']['message'] mozdefEvent['details'] = event # Actor parsing # While there are various objectTypes attributes, we just take any attribute that matches # in case Okta changes it's structure around a bit # This means the last instance of each attribute in all actors will be recorded in mozdef # while others will be discarded # Which ends up working out well in Okta's case. if 'actors' in event.keys(): for actor in event['actors']: if 'ipAddress' in actor.keys(): if netaddr.valid_ipv4(actor['ipAddress']): mozdefEvent['details']['sourceipaddress'] = actor['ipAddress'] if 'login' in actor.keys(): mozdefEvent['details']['username'] = actor['login'] if 'requestUri' in actor.keys(): mozdefEvent['details']['source_uri'] = actor['requestUri'] # We are renaming action to activity because there are # currently mapping problems with the details.action field mozdefEvent['details']['activity'] = mozdefEvent['details']['action'] mozdefEvent['details'].pop('action') jbody=json.dumps(mozdefEvent) res = es.save_event(doc_type='okta',body=jbody) logger.debug(res) except Exception as e: logger.error('Error handling log record {0} {1}'.format(r, e)) continue else: logger.error('Okta event does not contain published date: {0}'.format(event)) state.data['lastrun'] = lastrun state.write_state_file() else: logger.error('Could not get Okta events HTTP error code {} reason {}'.format(r.status_code, r.reason)) except Exception as e: logger.error("Unhandled exception, terminating: %r"%e)
def valid_ip(addr): return netaddr.valid_ipv4(addr) or netaddr.valid_ipv6(addr)