def checkDuplicateVMIF(self, vmName, elements): return True "checks duplication (MAC/IP) of VR network interfaces and \ validity of the IP addresssed used" result = True macs = [] ips = [] for vmIF in elements: currMAC = vmIF.mac currIP = vmIF.ip # check MAC and IP duplication if (utilities.findIndex(macs, currMAC) != -1 or utilities.findIndex(ips, currIP) != -1): print vmName + ": either MAC or IP in duplication" result = False macs.append(currMAC) ips.append(currIP) # also check validity of the IP addresses result = result and self.checkValidIPv4(vmName, currIP) for route in vmIF.routes: if not route.dest: continue if (not self.checkValidIPv4( (vmName + "-" + vmIF.name), route.dest)): result = False return result
def checkDuplicateVRIF(self, vrName, elements): return True "checks duplication (NIC/IP) of VR network interfaces and \ validity of the IP addresssed used" result = True nics = [] ips = [] for vrIF in elements: currNIC = vrIF.nic currIP = vrIF.ip # check NIC and IP duplication if (utilities.findIndex(nics, currNIC) != -1 or utilities.findIndex(ips, currIP) != -1): print vrName + ": either NIC or IP in duplication" result = False nics.append(currNIC) ips.append(currIP) # also check the validity of the IP address result = result and self.checkValidIPv4(vrName, currIP) for route in vrIF.routes: if (not self.checkValidIPv4( (vrName + "-" + vrIF.name), route.dest)): result = False return result
def checkDuplicateVMIF(self, vmName, elements): return True "checks duplication (MAC/IP) of VR network interfaces and \ validity of the IP addresssed used" result = True macs = [] ips = [] for vmIF in elements: currMAC = vmIF.mac currIP = vmIF.ip # check MAC and IP duplication if utilities.findIndex(macs, currMAC) != -1 or utilities.findIndex(ips, currIP) != -1: print vmName + ": either MAC or IP in duplication" result = False macs.append(currMAC) ips.append(currIP) # also check validity of the IP addresses result = result and self.checkValidIPv4(vmName, currIP) for route in vmIF.routes: if not route.dest: continue if not self.checkValidIPv4((vmName + "-" + vmIF.name), route.dest): result = False return result
def checkDuplicateNames(self, elemName, elements): "checking for duplicate switch names" result = True names = [] for item in elements: currName = item.name if (utilities.findIndex(names, currName) != -1): print elemName + ": Duplicate names: \"" + currName + "\"" result = False else: names.append(currName) return result
def checkDuplicateNames(self, elemName, elements): "checking for duplicate switch names" result = True names = [] for item in elements: currName = item.name if utilities.findIndex(names, currName) != -1: print elemName + ': Duplicate names: "' + currName + '"' result = False else: names.append(currName) return result
def checkDuplicatePorts(self, elements): "checking for duplicate switch names" result = True ports = [] for item in elements: currPort = item.port if (currPort): # neglect empty port specification if (utilities.findIndex(ports, currPort) != -1): print item.name + ": Duplicate ports: \"" + currPort + "\"" result = False else: ports.append(currPort) return result
def checkDuplicatePorts(self, elements): "checking for duplicate switch names" result = True ports = [] for item in elements: currPort = item.port if currPort: # neglect empty port specification if utilities.findIndex(ports, currPort) != -1: print item.name + ': Duplicate ports: "' + currPort + '"' result = False else: ports.append(currPort) return result
def checkDuplicateVRIF(self, vrName, elements): return True "checks duplication (NIC/IP) of VR network interfaces and \ validity of the IP addresssed used" result = True nics = [] ips = [] for vrIF in elements: currNIC = vrIF.nic currIP = vrIF.ip # check NIC and IP duplication if utilities.findIndex(nics, currNIC) != -1 or utilities.findIndex(ips, currIP) != -1: print vrName + ": either NIC or IP in duplication" result = False nics.append(currNIC) ips.append(currIP) # also check the validity of the IP address result = result and self.checkValidIPv4(vrName, currIP) for route in vrIF.routes: if not self.checkValidIPv4((vrName + "-" + vrIF.name), route.dest): result = False return result
def __process_analysis(config: dict, wmic: list, procmon: list): ''' This function analyzes data from collection config: configuration wmic: result from parser procmon: result from parser ''' # Config location sysPath = config['Process']['SystemFolder'] insPath = config['Process']['Installed'] userPath = config['Process']['User'] nonStandard = config['Process']['Temp'] # Sorted by operation procmonByOperation = util.sortDictOfList(procmon, 'Operation') # for counting global threadCreateList global childCreateList for item in procmonByOperation: if item['Operation'] == 'Thread Create': threadCreateList.append(item.copy()) elif item['Operation'] == 'Process Create': childCreateList.append(item.copy()) threadCount = util.countToDict(util.sortDictOfList(threadCreateList, "PID"), "PID") childCount = util.countToDict(util.sortDictOfList(childCreateList, "PID"), "PID") # Match with configuratuin for k in threadCount: if threadCount[k] >= config['Process']['MaxThreadCount']: processMaxThread.append(k) for k in childCount: if childCount[k] >= config['Process']['MaxChildrenCount']: processMaxChild.append(k) for k in childCreateList: for suspiciousChild in config['Process']['SuspiciousChild']: if suspiciousChild in k['Path']: processCallScript.append(k) for k in wmic: # Check parent if k['Name'].lower() in config['Process']['KnownParent'].keys(): # Check the known parent-child relationship index = util.findIndex(wmic, 'ProcessId', k['ParentProcessId']) # match {Child:Parent} or not, a little complicated. if index != -1 and wmic[index]['Name'].lower() != config['Process']['KnownParent'][k['Name'].lower()]: processWrongParent.append(k) # Check file location # flag: if the process belongs at least one of category flag = False # Check if in System Path for l in sysPath: if str(l).lower() in k['Path'].lower(): flag = True processInSysFolder.append(k) break if flag: continue # Check if in program files path for l in insPath: if str(l).lower() in k['Path'].lower(): processInInstalledFolder.append(k) flag = True break if flag: continue # Check if under user folder for l in userPath: if str(l).lower() in k['Path'].lower(): # Check if in non-standard for m in nonStandard: if str(m).lower() in k['Path'].lower(): flag = True processInNonStandardFolder.append(k) break else : flag = True processInUserFolder.append(k) break if flag: continue else: processInOtherFolder.append(k)