def _check(data, context, check_function): # Ensure checkers registration _load() is_valid = True for checker in _checkers: processed_data = check_function(checker, data, context) if processed_data is not None: data = processed_data else: attack_config = Config.get_attack_config(checker.get_attack_name()) if attack_config is None: continue if attack_config['action'] == 'ids': Alert.add_alert(alert_type=attack_config['report_type'], action_taken='LOGGED', event='Attack %s was found' % checker.get_attack_name()) elif attack_config['action'] == 'ips': Alert.add_alert(alert_type=attack_config['report_type'], action_taken='ABORTED', event='Attack %s was found' % checker.get_attack_name()) is_valid = False return data if is_valid else None
def get_attack_config(attack_name): config_json = Config.get_config() if not config_json.get(Setting.SYSTEM_MODE): Alert.add_alert( alert_type='ERROR', event='Could not find \'system_mode\' on config.json') return None elif config_json[Setting.SYSTEM_MODE] == 'no_action': return None elif config_json[Setting.SYSTEM_MODE] != 'per_attack': return { 'action': config_json['system_mode'], 'report_type': 'WARN' } elif not config_json.get('attack_types'): Alert.add_alert( alert_type='ERROR', event='Could not find \'attack_types\' on config.json') return None else: for attack_type in config_json['attack_types']: if attack_type.get('name') == attack_name: if not attack_type.get('per_attack_action'): Alert.add_alert( alert_type='ERROR', event= 'No \'per_attack_action\' found for \'%s\' on config.json' % attack_name) elif not attack_type.get('report_type'): Alert.add_alert( alert_type='ERROR', event= 'No \'report_type\' found for \'%s\' on config.json' % attack_name) elif attack_type['per_attack_action'] == 'no_action': return None else: return { 'action': attack_type['per_attack_action'], 'report_type': attack_type['report_type'] } Alert.add_alert( alert_type='ERROR', event='Could not find attack \'%s\' on config.json' % attack_name) return None
def accept_incoming_connection(self): forwarding_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) forwarding_socket.connect(self.remote_address) client_socket, client_address = self.main_socket.accept() if forwarding_socket: Alert.add_alert(event='New Connection: %s, %s' % client_address) context = {} self.sockets.append(client_socket) self.sockets.append(forwarding_socket) self.channels[client_socket] = { 'socket': forwarding_socket, 'direction': TrafficDirection.inbound, 'context': context } self.channels[forwarding_socket] = { 'socket': client_socket, 'direction': TrafficDirection.outbound, 'context': context } else: Alert.add_alert(alert_type='WARN', event='Proxy could not connect to remote, closing client connection') client_socket.close()
logging.getLogger().setLevel(logging.INFO) parser = argparse.ArgumentParser(description='Proxy Server') parser.add_argument('remote_host', type=str) parser.add_argument('--remote_port', type=int, default=80) parser.add_argument('--listen_host', type=str, default='localhost') parser.add_argument('--listen_port', type=int, default=8080) parser.add_argument('--management-port', type=int, default=5000) args = parser.parse_args() server_threads = [] try: # Preparing proxy thread event = '[PROXY] Starting to listen on %s:%s' % (args.listen_host, args.listen_port) logging.info(event) Alert.add_alert(event=event) server = ProxyServer(args.listen_host, args.listen_port, args.remote_host, args.remote_port) server_threads.append(Thread(target=server.start)) # Preparing management thread event = '[MANAGEMENT] Starting to listen on localhost:%s' % args.management_port logging.info(event) Alert.add_alert(event=event) http_server = HTTPServer(WSGIContainer(rest_api.app)) http_server.listen(args.management_port) management_server = IOLoop.instance() server_threads.append(Thread(target=management_server.start)) # Starting allx threads