def checkDuplicateVMIF(self, vmName, elements):
return True
"checks duplication (MAC/IP) of VR network interfaces and \
validity of the IP addresssed used"
result = True
macs = []
ips = []
for vmIF in elements:
currMAC = vmIF.mac
currIP = vmIF.ip
# check MAC and IP duplication
if (utilities.findIndex(macs, currMAC) != -1
or utilities.findIndex(ips, currIP) != -1):
print vmName + ": either MAC or IP in duplication"
result = False
macs.append(currMAC)
ips.append(currIP)
# also check validity of the IP addresses
result = result and self.checkValidIPv4(vmName, currIP)
for route in vmIF.routes:
if not route.dest:
continue
if (not self.checkValidIPv4(
(vmName + "-" + vmIF.name), route.dest)):
result = False
return result
def checkDuplicateVRIF(self, vrName, elements):
return True
"checks duplication (NIC/IP) of VR network interfaces and \
validity of the IP addresssed used"
result = True
nics = []
ips = []
for vrIF in elements:
currNIC = vrIF.nic
currIP = vrIF.ip
# check NIC and IP duplication
if (utilities.findIndex(nics, currNIC) != -1
or utilities.findIndex(ips, currIP) != -1):
print vrName + ": either NIC or IP in duplication"
result = False
nics.append(currNIC)
ips.append(currIP)
# also check the validity of the IP address
result = result and self.checkValidIPv4(vrName, currIP)
for route in vrIF.routes:
if (not self.checkValidIPv4(
(vrName + "-" + vrIF.name), route.dest)):
result = False
return result
def checkDuplicateVMIF(self, vmName, elements):
return True
"checks duplication (MAC/IP) of VR network interfaces and \
validity of the IP addresssed used"
result = True
macs = []
ips = []
for vmIF in elements:
currMAC = vmIF.mac
currIP = vmIF.ip
# check MAC and IP duplication
if utilities.findIndex(macs, currMAC) != -1 or utilities.findIndex(ips, currIP) != -1:
print vmName + ": either MAC or IP in duplication"
result = False
macs.append(currMAC)
ips.append(currIP)
# also check validity of the IP addresses
result = result and self.checkValidIPv4(vmName, currIP)
for route in vmIF.routes:
if not route.dest:
continue
if not self.checkValidIPv4((vmName + "-" + vmIF.name), route.dest):
result = False
return result
def checkDuplicateNames(self, elemName, elements):
"checking for duplicate switch names"
result = True
names = []
for item in elements:
currName = item.name
if (utilities.findIndex(names, currName) != -1):
print elemName + ": Duplicate names: \"" + currName + "\""
result = False
else:
names.append(currName)
return result
def checkDuplicateNames(self, elemName, elements):
"checking for duplicate switch names"
result = True
names = []
for item in elements:
currName = item.name
if utilities.findIndex(names, currName) != -1:
print elemName + ': Duplicate names: "' + currName + '"'
result = False
else:
names.append(currName)
return result
def checkDuplicatePorts(self, elements):
"checking for duplicate switch names"
result = True
ports = []
for item in elements:
currPort = item.port
if (currPort):
# neglect empty port specification
if (utilities.findIndex(ports, currPort) != -1):
print item.name + ": Duplicate ports: \"" + currPort + "\""
result = False
else:
ports.append(currPort)
return result
def checkDuplicatePorts(self, elements):
"checking for duplicate switch names"
result = True
ports = []
for item in elements:
currPort = item.port
if currPort:
# neglect empty port specification
if utilities.findIndex(ports, currPort) != -1:
print item.name + ': Duplicate ports: "' + currPort + '"'
result = False
else:
ports.append(currPort)
return result
def checkDuplicateVRIF(self, vrName, elements):
return True
"checks duplication (NIC/IP) of VR network interfaces and \
validity of the IP addresssed used"
result = True
nics = []
ips = []
for vrIF in elements:
currNIC = vrIF.nic
currIP = vrIF.ip
# check NIC and IP duplication
if utilities.findIndex(nics, currNIC) != -1 or utilities.findIndex(ips, currIP) != -1:
print vrName + ": either NIC or IP in duplication"
result = False
nics.append(currNIC)
ips.append(currIP)
# also check the validity of the IP address
result = result and self.checkValidIPv4(vrName, currIP)
for route in vrIF.routes:
if not self.checkValidIPv4((vrName + "-" + vrIF.name), route.dest):
result = False
return result
def __process_analysis(config: dict, wmic: list, procmon: list):
'''
This function analyzes data from collection
config: configuration
wmic: result from parser
procmon: result from parser
'''
# Config location
sysPath = config['Process']['SystemFolder']
insPath = config['Process']['Installed']
userPath = config['Process']['User']
nonStandard = config['Process']['Temp']
# Sorted by operation
procmonByOperation = util.sortDictOfList(procmon, 'Operation')
# for counting
global threadCreateList
global childCreateList
for item in procmonByOperation:
if item['Operation'] == 'Thread Create':
threadCreateList.append(item.copy())
elif item['Operation'] == 'Process Create':
childCreateList.append(item.copy())
threadCount = util.countToDict(util.sortDictOfList(threadCreateList, "PID"), "PID")
childCount = util.countToDict(util.sortDictOfList(childCreateList, "PID"), "PID")
# Match with configuratuin
for k in threadCount:
if threadCount[k] >= config['Process']['MaxThreadCount']:
processMaxThread.append(k)
for k in childCount:
if childCount[k] >= config['Process']['MaxChildrenCount']:
processMaxChild.append(k)
for k in childCreateList:
for suspiciousChild in config['Process']['SuspiciousChild']:
if suspiciousChild in k['Path']:
processCallScript.append(k)
for k in wmic:
# Check parent
if k['Name'].lower() in config['Process']['KnownParent'].keys():
# Check the known parent-child relationship
index = util.findIndex(wmic, 'ProcessId', k['ParentProcessId'])
# match {Child:Parent} or not, a little complicated.
if index != -1 and wmic[index]['Name'].lower() != config['Process']['KnownParent'][k['Name'].lower()]:
processWrongParent.append(k)
# Check file location
# flag: if the process belongs at least one of category
flag = False
# Check if in System Path
for l in sysPath:
if str(l).lower() in k['Path'].lower():
flag = True
processInSysFolder.append(k)
break
if flag:
continue
# Check if in program files path
for l in insPath:
if str(l).lower() in k['Path'].lower():
processInInstalledFolder.append(k)
flag = True
break
if flag:
continue
# Check if under user folder
for l in userPath:
if str(l).lower() in k['Path'].lower():
# Check if in non-standard
for m in nonStandard:
if str(m).lower() in k['Path'].lower():
flag = True
processInNonStandardFolder.append(k)
break
else :
flag = True
processInUserFolder.append(k)
break
if flag:
continue
else:
processInOtherFolder.append(k)
