def startFirewall(self):
"""
Setup netfilterqueue and start
processing packets in the queue.
Args:
None
Raises:
None
Returns:
None
"""
input_command = 'iptables -I INPUT -j NFQUEUE --queue-num 0'
output_command = 'iptables -I OUTPUT -j NFQUEUE --queue-num 0'
resp = utils.excecute_command(input_command)
if resp[1]:
self.logger.log(resp[1], logtype="error")
resp = utils.excecute_command(output_command)
if resp[1]:
self.logger.log(resp[1], logtype="error")
try:
queue = netfilterqueue.NetfilterQueue()
queue.bind(0, self.process_packet)
queue.run()
except KeyboardInterrupt:
# Restore iptables state
self.restore_state()
def startMonitoring(self):
"""
Start firewall monitoring.
Args:
None
Returns:
None
Raises:
None
"""
current_time, error = utils.excecute_command('date')
if error:
self.logger.log(
"Time error: " + str(error),
logtype="error"
)
if current_time:
self.logger.log(
"Time: " + str(current_time),
logtype="info"
)
os_details, error = utils.excecute_command('uname -a')
if error:
self.logger.log(
"OS Detail error: " + str(error),
logtype="error"
)
if os_details:
self.logger.log(
"OS Details: " + str(os_details),
logtype="info"
)
while True:
# Wait for the required sleep seconds
time.sleep(self._SLEEP)
# Monitor process
self.check_process()
# Monitor network usage
self.network_usage()
# Monitor open ports
self.check_open_ports()
# Monitor running services
self.check_services()
def check_open_ports(self):
"""
Scan for open ports and add to the open
port list.
Args:
None
Returns:
None
Raises:
None
"""
result, error = utils.excecute_command('netstat -anp')
if error:
self.logger.log("Scanning for open ports failed: " + str(error),
logtype="error")
if result:
open_ports = re.findall(r'(LISTENING|CONNECTED)\s+(\d+)(\s.*)',
result)
for port in open_ports:
if port[1] not in self.open_ports:
self.open_ports.append(port[1])
self.logger.log("Open ports: " + str(', '.join(self.open_ports)),
logtype="info")
def check_services(self):
"""
Scan for active services.
Args:
None
Returns:
None
Raises:
None
"""
result, error = utils.excecute_command('service --status-all')
if error:
self.logger.log("Scanning for servcies failed: " + str(error),
logtype="error")
if result:
services = re.findall(r'\[\s\+\s\]\s*([a-zA-Z0-9\-\_]*)', result)
for service in services:
if service not in self.services_list:
self.services_list.append(service)
self.logger.log("Services: " + str(', '.join(self.services_list)),
logtype="info")
def check_process(self):
"""
Check the currently running process.
Args:
None
Returns:
None
Raises:
None
"""
output, error = utils.excecute_command('ps -ef')
if error:
self.logger.log("Scanning for active process failed: " +
str(error),
logtype="error")
if output:
process_details = re.findall(
r'(\d{2}:\d{2})\s*?.*((\[|/)[a-zA-Z0-9\-/\]:_]*)', output)
for process in process_details:
temp_dict = {process[0]: process[1].strip('/[]')}
self.process_list.append(temp_dict)
self.logger.log("Active process: " + str(self.process_list),
logtype="info")
def restore_state():
"""
Restore the iptables state.
Args:
None
Raises:
None
Returns:
None
"""
resp = utils.excecute_command('iptables --flush')
if resp[1]:
self.logger.log(resp[1], logtype="error")