Beispiel #1
0
    def match_source(self, address):
        try:
            address = parse_address(address)
        except ValueError:
            return False

        return self.tokens.match_source(address)
Beispiel #2
0
    def match_source(self, address):
        try:
            address = parse_address(address)
        except ValueError:
            return False

        return self.tokens.match_source(address)
Beispiel #3
0
    def __match_login__(self, entry):
        for matcher in SSH_LOGINS:
            m = matcher.match(entry.message)
            if m:
                details = m.groupdict()
                if 'port' in details:
                    details['port'] = int(details['port'])
                details['address'] = parse_address(details['address'])
                entry.update_message_fields(details)
                return True

        return False
Beispiel #4
0
    def __match_login__(self, entry):
        for matcher in SSH_LOGINS:
            m = matcher.match(entry.message)
            if m:
                details = m.groupdict()
                if 'port' in details:
                    details['port'] = int(details['port'])
                details['address'] = parse_address(details['address'])
                entry.update_message_fields(details)
                return True

        return False
Beispiel #5
0
    def add_token(self, token):
        """Add token

        Add a token to iptables log entry

        """
        key = None
        for separator in ('=', ':'):
            try:
                key, value = [x.strip() for x in token.split(separator, 1)]
                break
            except ValueError:
                pass

        for matcher in RE_BYTECOUNT:
            m = matcher.match(token)
            if m:
                key = 'bytes'
                value = m.groupdict()['bytes']
                break

        if key is None:
            return token

        if key in INTEGER_FIELDS:
            value = int(value)

        if key in ADDRESS_FIELDS:
            value = parse_address(value)

        key = key.lower()
        if key in self:
            if 'proto' in self:
                if self['proto'] == 'UDP' and key == 'len':
                    key = 'udp_eln'
                    return

            else:
                raise ValueError('Duplicate key %s' % key)

        self[key] = value

        return None
Beispiel #6
0
    def add_token(self, token):
        """Add token

        Add a token to iptables log entry

        """
        key = None
        for separator in ('=', ':'):
            try:
                key, value = [x.strip() for x in token.split(separator, 1)]
                break
            except ValueError:
                pass

        for matcher in RE_BYTECOUNT:
            m = matcher.match(token)
            if m:
                key = 'bytes'
                value = m.groupdict()['bytes']
                break

        if key is None:
            return token

        if key in INTEGER_FIELDS:
            value = int(value)

        if key in ADDRESS_FIELDS:
            value = parse_address(value)

        key = key.lower()
        if key in self:
            if 'proto' in self:
                if self['proto'] == 'UDP' and key == 'len':
                    key = 'udp_eln'
                    return

            else:
                raise ValueError('Duplicate key %s' % key)

        self[key] = value

        return None