Ejemplos de Config en Python

Ejemplo n.º 1

Archivo: feeder_dirwatcher_notifier.py Proyecto: yinpeng-cn/attack_monitor

    def run(self):
        observer_global = Observer()

        #READ MONITORED DIRECTORIES CONFIG
        conf = configer.Config()
        monitored_directories_options = conf.get_config_options(
            'monitored_directories.json')

        for options in monitored_directories_options:
            dw = DirectoryWatcher(options, conf, self.ultra_mq, self.getName())
            if dw.is_dir_valid():
                observer_global.schedule(dw,
                                         path=dw.get_dirpath(),
                                         recursive=dw.is_recursive())
            else:
                print("Invalid dirpath for monitoring: {}".format(
                    dw.get_dirpath()))

        # START WATCHING
        observer_global.start()
        observer_global.join()

Ejemplo n.º 2

Archivo: gui_code.py Proyecto: yinpeng-cn/attack_monitor

    def __init__(self, app, SHOW_MQ, TRAY_MQ, ALARM_MQ, MALWARE_MQ,
                 EXCEPTION_RULES):
        QtWidgets.QMainWindow.__init__(self)
        self.app = app
        self.some_widget = QtWidgets.QWidget()
        screen_resolution = self.app.desktop().screenGeometry()
        self.screen_width, self.screen_height = screen_resolution.width(
        ), screen_resolution.height()
        self.dialog_controls = dict()
        self.SHOW_MQ = SHOW_MQ
        self.TRAY_MQ = TRAY_MQ
        self.ALARM_MQ = ALARM_MQ
        self.MALWARE_MQ = MALWARE_MQ
        self.EXCEPTION_RULES = EXCEPTION_RULES

        # GET GUI CONFIG
        self.cc = configer.Config()
        gui_options = self.cc.get_config_single_category(
            configer.MAIN_CONFIG, "gui")
        if gui_options['learning_mode']:
            self.LEARNING_MODE = True
        else:
            self.LEARNING_MODE = False

Ejemplo n.º 3

Archivo: nicedate.py Proyecto: yinpeng-cn/attack_monitor

import pytz
from utils import configer
from datetime import datetime
from tzlocal import get_localzone

#TIMEZONE
cc = configer.Config()
CONFIG_TIMEZONE = cc.get_config_single_category("attack_monitor.cfg",
                                                "time")['timezone']

# AUTODETECT TIMEZONE
if CONFIG_TIMEZONE == "AUTODETECT":
    CONFIG_TIMEZONE = get_localzone().zone

CONFIG_TIMEZONE_PYTZ = pytz.timezone(CONFIG_TIMEZONE)
#//TIMEZONE


class NiceDate():
    @staticmethod
    def get_now():
        return datetime.now(CONFIG_TIMEZONE_PYTZ)

    @staticmethod
    def log_event_to_nice_date(er):
        (d, milliseconds) = er.get_expanded_field_time_created_tuple()
        return d.astimezone(CONFIG_TIMEZONE_PYTZ)

    @staticmethod
    def naive_datetime_localize(d):
        return CONFIG_TIMEZONE_PYTZ.localize(d)

Ejemplo n.º 4

def load_exceptions():
    cc = configer.Config()
    cc.get_config_options()

Ejemplo n.º 5

def main():
    logo()

    print()
    cc = configer.Config()
    is_user_an_admin()
    is_sysmon_installed()

    # CONFIG
    debug_enabled = cc.get_config_single_variable_from_category(
        configer.MAIN_CONFIG, "logs", "debug")

    # SHARED STRUCTURES AMONGST PROCESSESS
    MM = multiprocessing.Manager()

    # ULTRA MQ
    ULTRA_MQ = MM.Queue()

    # ALERT MQ
    ALERT_MQ = MM.Queue()

    # SHOW MQ
    SHOW_MQ = MM.Queue()

    # TRAY MQ
    TRAY_MQ = MM.Queue()

    # MALWARE MQ
    GATHERING_OPTIONS = MM.dict()
    GATHERING_OPTIONS['enabled'] = False
    GATHERING_OPTIONS['malware_dir'] = None
    GATHERING_OPTIONS['generate_report'] = False
    GATHERING_OPTIONS['report_dir'] = None
    GATHERING_OPTIONS['absolute_time'] = None
    GATHERING_OPTIONS['control_start_proc'] = 'malware_monitor_start.exe'
    GATHERING_OPTIONS[
        'control_generate_proc'] = 'malware_monitor_report_generate.exe'

    # MALWARE STORAGE
    CONTAINERS = MM.dict()
    MALWARE_MQ = MM.Queue()
    MALWARE_INTERESTING_PIDS = MM.list()
    DNS_QUERIES = MM.list()

    # AGGREGATE
    CONTAINERS['MALWARE_INTERESTING_PIDS'] = MALWARE_INTERESTING_PIDS
    CONTAINERS['DNS_QUERIES'] = DNS_QUERIES

    # SHARED DATA / MALWARE REPORT
    PROCESS_TREE = MM.dict()

    # EXCEPTIONS
    EXCEPTION_RULES = MM.list()

    # LOGGING OUTPUT
    DEBUG_MQ = MM.Queue()
    if not debug_enabled:
        DEBUG_MQ = None
    ALARM_MQ = MM.Queue()

    # GENERATE REPLACE VARIABLES - %%%
    generate_env_variables(cc.get_replace_variables_path())
    load_initial_exception_rules(cc, EXCEPTION_RULES)

    # GUI PROCESS
    gp = gui_process.GUI_Process(SHOW_MQ, TRAY_MQ, ALARM_MQ, MALWARE_MQ,
                                 EXCEPTION_RULES)
    gp.start()

    # -------------------------------------------
    # ACTIVE PROCESSING START - BEYOND THIS POINT
    # ACTIVE PROCESSING START - BEYOND THIS POINT
    # -------------------------------------------

    if debug_enabled:
        dlog = debug.LoggerDebug()
        dlog.set_input_queqe(DEBUG_MQ)
        dlog.start()

    # ALARMS ONLY LOGGER (MAIN ONE)
    alog = alarm.LoggerAlarm()
    alog.set_input_queqe(ALARM_MQ)
    alog.start()

    # ENHANCERS
    enhancer_config = cc.get_config_single_category(configer.MAIN_CONFIG,
                                                    "enhancers")
    for enhancer in Enhancer.__subclasses__():
        enhancer_instance = enhancer()

        # SPECIFIC FOR PROCESS TREE
        if isinstance(enhancer_instance,
                      enhancer_process_tree.enhancer_process_tree):
            enhancer_instance.setStorage(PROCESS_TREE)

        enhancer_instance.name = enhancer_instance.getName()

        # IS ENABLED
        if enhancer_config[enhancer_instance.name]:
            enhancer_instance.start()
            print("Enhancer: {} started".format(enhancer_instance.getName()))
        else:
            print("[Disabled in config] Enhancer: {} started".format(
                enhancer_instance.getName()))

    # FEEDERS
    feeders_active = []
    feeders_config = cc.get_config_single_category(configer.MAIN_CONFIG,
                                                   "feeders")

    for feeder in Feeder.__subclasses__():
        feeder_instance = feeder()
        feeder_instance.name = feeder_instance.getName()

        # IS ENABLED
        if feeders_config[feeder_instance.name]:
            feeder_instance.set_ultra_mq(ULTRA_MQ)
            feeder_instance.set_config_options(
                cc.get_options_for_feeder(feeder_instance.getName()))
            feeder_instance.start()
            print("Feeder: {} started".format(feeder_instance.getName()))
        else:
            print("Feeder: {} [Disabled in config]".format(
                feeder_instance.getName()))

    # INTEGRATORS
    INTEGRATORS_COUNT = 3

    for i in range(0, INTEGRATORS_COUNT):
        inor = Integrator(ULTRA_MQ, ALERT_MQ, DEBUG_MQ, GATHERING_OPTIONS,
                          PROCESS_TREE)
        inor.name = "INTEGRATOR_{}".format(i)
        inor.start()
        print("{} started".format(inor.name))

    # EXCEPTION ENGINE
    EXCEPTION_ENGINE_COUNT = 2
    for i in range(0, EXCEPTION_ENGINE_COUNT):
        eengine = ExceptionFilter(ALERT_MQ, SHOW_MQ, EXCEPTION_RULES)
        eengine.name = "EXCEPTION_ENGINE_{}".format(i)
        eengine.start()
        print("{} started".format(eengine.name))

    # GATHERERS - MALWARE REPORTING
    GATHERERS_COUNT = 1

    for i in range(0, GATHERERS_COUNT):
        gath = Gatherer(GATHERING_OPTIONS, MALWARE_MQ, CONTAINERS,
                        PROCESS_TREE)
        gath.name = "GATHERER_{}".format(i)
        gath.start()
        print("{} started".format(gath.name))

    # WAIT FOR GUI END
    gp.join()

Ejemplo n.º 6

 def __init__(self, EXCEPTION_RULES):
     self.EXCEPTION_RULES = EXCEPTION_RULES
     self.cc = configer.Config()
     self.REPLACE_VARIABLES = self.load_replace_variables(self.cc)
     self.EXCEPTION_BASEDIR = self.cc.get_exception_files_basedir()

Ejemplo n.º 7

Archivo: reporting.py Proyecto: yinpeng-cn/attack_monitor

    def load_font(self):
        cc = configer.Config()

        freeserif_font = cc.get_font_path()
        pdfmetrics.registerFont(TTFont("freeserif", freeserif_font))