Python RuleSet.checkTables Beispiele

Programmiersprache: Python

Namespace / Paketname: ruleset

Klasse / Typ: RuleSet

Methode / Funktion: checkTables

Beispiele auf hotexamples.com: 1

Python RuleSet.checkTables - 1 Beispiele gefunden. Dies sind die am besten bewerteten Python Beispiele für die ruleset.RuleSet.checkTables, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Häufig verwendete Methoden

Anzeigen Verbergen

RuleSet(10)

insert(8)

addDep(6)

isCoherent(6)

addConflict(4)

extend(2)

values(2)

__init__(1)

checkTables(1)

evaluate(1)

index(1)

initializeFromExistingRuleset(1)

load_rules(1)

prune(1)

remove(1)

Beispiel #1

Datei anzeigen

Datei: portscanDetector.py Projekt: constanze/rulegen

class PortscanDetector(RuleGenerator):
    """
    PortscanDetector takes a ruleSet and tries to find portscans.
    """
    
    def __init__(self, ruleSet, proto, style, numChecksP, numChecksIP, \
                 numAnyP, numAnyIP, distanceRange, slashSize, ipsPerSlash, \
                 numPortsPortscan, numIPsPortscan):

        RuleGenerator.__init__(self, ruleSet, proto, style, numChecksP, numChecksIP, \
                               numAnyP, numAnyIP, distanceRange, \
                               slashSize, ipsPerSlash)

        self.MAX_NUM_PORTS_PORTSCAN = numPortsPortscan
        self.MAX_NUM_IPS_PORTSCAN = numIPsPortscan
        self.MAX_DIST_RANGE_SCAN = 65535
        self.portscanSet = RuleSet()

    def detectPortscans(self):
        self.generateRules()
        self._checkForPortscans()
        self.portscanSet.checkTables(self.NUM_CHECKS_P, self.MAX_DIST_RANGE_SCAN,\
                                     self.NUM_ANY_P, self.NUM_CHECKS_IP, \
                                     self.NUM_EXP, self.NUM_ANY_IP, \
                                     self.SLASH_SIZE, self.MIN_IPS_PER_SLASH)

    def _checkForPortscans(self):
        ruleList = self.ruleSet.values()
        for r in ruleList:
            if (len(r.dPorts.elements) > self.MAX_NUM_PORTS_PORTSCAN) and \
               (len(r.sIPs) == 1) or \
               (len(r.dIPs.elements) > self.MAX_NUM_IPS_PORTSCAN and \
               len(r.sIPs) == 1) and (len(r.dPorts.elements) == 1)\
               and not r.direction == "out":
                psr = PortscanRule(r.direction, r.sIPs, r.sPorts, r.dIPs, \
                                   r.dPorts, r.proto, r.interface, "block", \
                                   self.style, r.timeStamp, r.flag)
                self.portscanSet.insert(psr)
    
    def removeRulesContainingPortscanners(self, ruleSet):
        for r in ruleSet.values():
            for pr in self.portscanSet.values():
                for e in pr.sIPs.elements.values():   
                    if r.sIPs.values()[0] == e \
                       or r.dIPs.values()[0] == e:
                       try:
                           ruleSet.remove(r)
                       except KeyError:
                           #Is already removed
                           pass
                       break

    def generateRules(self):
        self.generateTables()
        del self.sortingDict
        del self.tablesDict

    def printRules(self):
        l = len(self.portscanSet)
        if l > 0:
            if l == 1:
                print "%d rule which results from traffic which looks like a portscan\n" % l
            else:
                print "%d rules which result from traffic which looks like portscans\n" % l
            print self.portscanSet 

    def generateTables(self):
        slashSizeBackup = self.SLASH_SIZE
        self.SLASH_SIZE = 32
        if not self.proto == "icmp":
            # 2. sport is the varying part
            sPort = True
            self._portsVary(sPort)

            # 3. dport is the varying part
            sPort = False
            self._portsVary(sPort)

        # 4. dIP is the varying part
        sIP = False
        self._ipsVary(sIP)
        self.SLASH_SIZE = slashSizeBackup