def write_login_log(*args, **kwargs):
from audits.models import UserLoginLog
default_city = _("Unknown")
ip = kwargs.get('ip', '')
if not (ip and validate_ip(ip)):
ip = ip[:15]
city = default_city
else:
city = get_ip_city(ip) or default_city
kwargs.update({'ip': ip, 'city': city})
UserLoginLog.objects.create(**kwargs)
def write_login_log(*args, **kwargs):
from audits.models import UserLoginLog
ip = kwargs.get('ip') or ''
if not (ip and validate_ip(ip)):
ip = ip[:15]
city = DEFAULT_CITY
else:
city = get_ip_city(ip) or DEFAULT_CITY
kwargs.update({'ip': ip, 'city': city})
UserLoginLog.objects.create(**kwargs)
def check_different_city_login(user, request):
ip = get_request_ip(request) or '0.0.0.0'
if not (ip and validate_ip(ip)):
city = DEFAULT_CITY
else:
city = get_ip_city(ip) or DEFAULT_CITY
last_user_login = UserLoginLog.objects.filter(username=user.username,
status=True).first()
if last_user_login and last_user_login.city != city:
DifferentCityLoginMessage(user, ip, city).publish_async()
def check_different_city_login_if_need(user, request):
if not settings.SECURITY_CHECK_DIFFERENT_CITY_LOGIN:
return
ip = get_request_ip(request) or '0.0.0.0'
if not (ip and validate_ip(ip)):
city = DEFAULT_CITY
else:
city = get_ip_city(ip) or DEFAULT_CITY
city_white = [
'LAN',
]
if city not in city_white:
last_user_login = UserLoginLog.objects.exclude(city__in=city_white) \
.filter(username=user.username, status=True).first()
if last_user_login and last_user_login.city != city:
DifferentCityLoginMessage(user, ip, city).publish_async()
def write_login_log(*args, **kwargs):
default_city = _("Unknown")
ip = kwargs.get('ip') or ''
if not (ip and validate_ip(ip)):
ip = ip[:15]
city = default_city
else:
city = get_ip_city(ip) or default_city
if kwargs.get('type') is None or kwargs.get('type') == '':
login_type = 'T'
else:
login_type = kwargs.get('type')
# url = settings.LOG_CORE_HOST + '/v1/logs/login/'
kwargs.update({
'ip': ip,
'city': city,
'type': login_type,
'logs_type': 'login_log'
})
# connect_logs_system(*args, **kwargs)
send_sqs(*args, **kwargs)
def write_login_log(request, username=None, status=False, type=None):
from common.utils import get_request_ip
login_ip = get_request_ip(request)
agent = request.META.get('HTTP_USER_AGENT')
if not (login_ip and validate_ip(login_ip)):
login_ip = login_ip[:15]
city = 'Unknown'
else:
city = get_ip_city(login_ip)
data = {
'username': username,
'type': type,
'ip': login_ip,
'agent': agent,
'status': status,
'city': city
}
LoginLog.objects.create(**data)
def _build_query(self, fields):
Config.logger.debug("_build_query {}".format(str(fields)))
q_fields = {
'host': [],
'net': [],
'port': [],
'proto': None,
'proto-name': None,
'after-ago': None,
'before-ago': None,
'after': None,
'before': None,
}
q_fields.update(fields)
self.progress(Query.CREATED, state=Query.CREATED)
start = self.query_time + self.LONG_AGO
end = self.query_time + timedelta(minutes=1)
qry_str = []
weights = {'ip': 0, 'net': 0, 'port': 0}
for host in sorted(q_fields['host']):
Config.logger.debug("Parsing host: %s", host)
if len(host) == 0:
continue
validate_ip(host)
qry_str.append('host {}'.format(host))
weights['ip'] += 1
for net in sorted(q_fields['net']):
Config.logger.debug("Parsing net: %s", net)
if len(net) == 0:
continue
validate_net(net)
qry_str.append('net {}'.format(net))
weights['net'] += 1
for port in sorted(q_fields['port']):
Config.logger.debug("Parsing port: %s", port)
try:
if 0 < int(port) < 2**16:
qry_str.append('port {}'.format(int(port)))
weights['port'] += 1
else:
raise ValueError()
except ValueError:
raise BadRequest("Port {} out of range: 1-65535".format(port))
if q_fields['proto']:
try:
if 0 < int(q_fields['proto']) < 2**8:
qry_str.append('ip proto {}'.format(q_fields['proto']))
else:
raise ValueError()
except ValueError:
raise BadRequest(
"protocol number {} out of range 1-255".format(
q_fields['proto']))
if q_fields['proto-name']:
if q_fields['proto-name'].upper() not in ['TCP', 'UDP', 'ICMP']:
raise BadRequest(description="Bad proto-name: {}".format(
q_fields['proto-name']))
qry_str.append(q_fields['proto-name'].lower())
if q_fields['after-ago']:
dur = parse_duration(q_fields['after-ago'])
if not dur:
raise BadRequest("can't parse duration: {}".format(
q_fields['after-ago']))
start = enforce_time_window(self.query_time - dur)
if q_fields['before-ago']:
dur = parse_duration(q_fields['before-ago'])
if not dur:
raise BadRequest("can't parse duration: {}".format(
q_fields['before-ago']))
end = enforce_time_window(self.query_time - dur)
if q_fields['after']:
print "Processing 'after': {}".format(q_fields['after'])
dur = parse_duration(q_fields['after'])
print "Duration {}".format(dur)
if dur:
start = enforce_time_window(self.query_time - dur)
print "Start w/ duration: {}".format(start)
else:
start = enforce_time_window(
inputs.datetime_from_iso8601(
q_fields['after']).replace(tzinfo=None))
print "Start w/o duration: {}".format(start)
if q_fields['before']:
dur = parse_duration(q_fields['before'])
if dur:
end = enforce_time_window(self.query_time - dur)
else:
end = enforce_time_window(
inputs.datetime_from_iso8601(
q_fields['before']).replace(tzinfo=None))
end += timedelta(seconds=Config.get('TIME_WINDOW'))
# Check the request's 'weight'
if Query.WEIGHTS['enabled'] and not q_fields.get('ignore-weight'):
req_weight = (Query.WEIGHTS['total'] *
((end - start).total_seconds() /
(Query.WEIGHTS['hour'] * 3600)) / (sum(
(val * Query.WEIGHTS[k]
for k, val in weights.items())) or 1))
if req_weight > Query.WEIGHTS['limit']:
self.error(
'build_query', "Request is too heavy: {}/{}:\t{}".format(
req_weight, Query.WEIGHTS['limit'], jsonify(q_fields)))
raise BadRequest("Request parameters exceed weight: %d/%d" %
(req_weight, Query.WEIGHTS['limit']))
qry_str.append('after {}'.format(start.strftime(ISOFORMAT)))
qry_str.append('before {}'.format(end.strftime(ISOFORMAT)))
self.query = " and ".join(qry_str)
if not self.query:
Config.logger.info("Bad request: {}".format(jsonify(q_fields)))
return None
Config.logger.debug("build_query: <{}>".format(self.query))
# if we want to support limiting the query, it would require rethinking our duplicate detection
#if q_fields['sensors']:
# self.sensors = q_fields['sensors']
return self.id