import json
from sys import stdin
from DShield import DshieldSubmit
import hashlib
Message = "".join(stdin.readlines())
msg = email.message_from_string(Message)
data = {
'files': [],
'subject': msg['subject'],
'from': msg['from'],
'message-id': msg['message-id']
}
if msg.is_multipart():
for part in msg.get_payload():
filename = part.get_filename()
payload = part.get_payload(decode=True)
shahash = hashlib.sha256(payload).hexdigest()
filesize = len(payload)
filetype = part.get_content_type()
if filename:
data['files'].append({
'filename': filename,
'sha256hash': shahash,
'filesize': filesize,
'filetype': filetype
})
d = DshieldSubmit('')
data['type'] = 'email'
d.post(data)
#!/usr/bin/env python
import email
import json
from sys import stdin
from DShield import DshieldSubmit
import hashlib
Message = "".join(stdin.readlines())
msg = email.message_from_string(Message)
data = {'files': [],
'subject': msg['subject'],
'from': msg['from'],
'message-id': msg['message-id']}
if msg.is_multipart():
for part in msg.get_payload():
filename = part.get_filename()
payload=part.get_payload(decode=True)
shahash=hashlib.sha256(payload).hexdigest()
filesize=len(payload)
filetype=part.get_content_type()
if filename:
data['files'].append({'filename': filename,
'sha256hash': shahash,
'filesize': filesize,
'filetype': filetype})
d = DshieldSubmit('')
data['type'] = 'email'
d.post(data)
'CODE': 'dport',
'SPT': 'sport',
'DPT': 'dport'
}
protomap = {'UDP': 17, 'TCP': 6, 'ICMP': 1, 'ICMPv6': 58}
tcpflagmap = {
'CWR': '1',
'ECE': '2',
'URG': 'U',
'ACK': 'A',
'PSH': 'P',
'RST': 'R',
'SYN': 'S',
'FIN': 'F'
}
d = DshieldSubmit('')
def parse(logline):
linere = re.compile(
'^([A-Z][a-z]{2}'
') ([0-9 ]{2}) ([0-9:]{8}) \S+ kernel: \[[^\]]+\] \[([^\]]+)\] (.*)')
logdata = {}
m = linere.match(logline)
if m:
month = strptime(m.group(1), '%b').tm_mon
if month == 12 and now.month == 1:
year = now.year - 1
else:
year = now.year
day = m.group(2)
'AH': 51,
'ICMPv6': 58
}
tcpflagmap = {
'CWR': '1',
'ECE': '2',
'URG': 'U',
'ACK': 'A',
'PSH': 'P',
'RST': 'R',
'SYN': 'S',
'FIN': 'F'
}
# instantiate DShield Submit object (used to submit logs to DShield
d = DshieldSubmit('')
# check if we run in debug mode
args = d.getopts(argv)
debug = 1
if '-l' in args: # overwrite log file
logfile = args['-l']
if '-p' in args: # overwrite log file
pidfile = args['-p']
if '-d' in args: # debug mode
debug = 1
if os.path.isfile(logfile) is None:
sys.exit('Can not find logfile %s ' % logfile)
if os.path.isfile(pidfile):
checklock(pidfile)
'CODE': 'dport',
'SPT': 'sport',
'DPT': 'dport'
}
protomap = {'UDP': 17, 'TCP': 6, 'ICMP': 1, 'ICMPv6': 58}
tcpflagmap = {
'CWR': '1',
'ECE': '2',
'URG': 'U',
'ACK': 'A',
'PSH': 'P',
'RST': 'R',
'SYN': 'S',
'FIN': 'F'
}
d = DshieldSubmit('')
args = d.getopts(argv)
debug = 0
if '-l' in args: # overwrite log file
logfile = args['-l']
if '-d' in args: # debug mode
debug = 1
def parse(logline):
linere = re.compile('^(\d+) \S+ kernel:\[[ 0-9\.]+\]\s+DSHIELDINPUT (.*)')
logdata = {}
m = linere.match(logline)
if m:
logdata['timestamp'] = datetime.fromtimestamp(int(m.group(1)))
logdata['time'] = logdata['timestamp'].strftime('%Y-%m-%d %H:%M:%S')
# version 2019-11-17-01
import os
import sys
import sqlite3
from DShield import DshieldSubmit
from datetime import datetime
import json
# We need to collect the local IP to scrub it from any logs being submitted for anonymity, and to reduce noise/dirty data.
ipaddr = os.popen('/bin/hostname -I').read().replace(" \n", "")
pidfile = "/var/run/weblogparser.pid"
d = DshieldSubmit('')
if os.path.isfile(pidfile):
if d.check_pid(pidfile):
sys.exit('PID file found. Am I already running?')
else:
print("stale lock file.")
os.remove(pidfile)
f = open(pidfile, 'w')
f.write(str(os.getpid()))
f.close()
config = '..' + os.path.sep + 'www' + os.path.sep + 'DB' + os.path.sep + 'webserver.sqlite'
try:
conn = sqlite3.connect(config)
c = conn.cursor()
#!/usr/bin/env python
# submit logs to DShield 404 project
import os
import sys
import sqlite3
from DShield import DshieldSubmit
from datetime import datetime
import json
# We need to collect the local IP to scrub it from any logs being submitted for anonymity, and to reduce noise/dirty data.
ipaddr = os.popen('/bin/hostname -I').read().replace(" \n", "")
pidfile = "/var/run/weblogparser.pid"
d = DshieldSubmit('')
if os.path.isfile(pidfile):
if d.check_pid(pidfile):
sys.exit('PID file found. Am I already running?')
else:
print "stale lock file."
os.remove(pidfile)
f = open(pidfile, 'w')
f.write(str(os.getpid()))
f.close()
config = '..' + os.path.sep + 'www'+os.path.sep+'DB' + os.path.sep + 'webserver.sqlite'
try :
conn = sqlite3.connect(config)
'AH': 51,
'ICMPv6': 58
}
tcpflagmap = {
'CWR': '1',
'ECE': '2',
'URG': 'U',
'ACK': 'A',
'PSH': 'P',
'RST': 'R',
'SYN': 'S',
'FIN': 'F'
}
# instantiate DShield Submit object (used to submit logs to DShield
d = DshieldSubmit('')
# check if we run in debug mode
args = d.getopts(argv)
debug = 0
if '-l' in args: # overwrite log file
logfile = args['-l']
if '-p' in args: # overwrite log file
pidfile = args['-p']
if '-d' in args: # debug mode
debug = 1
if os.path.isfile(logfile) is None:
sys.exit('Can not find logfile %s ' % logfile)
if os.path.isfile(pidfile):
checklock(pidfile)
from time import strptime
from time import mktime
from datetime import datetime
from DShield import DshieldSubmit
logfile = "/var/log/dshield.log"
pidfile = "/var/run/pifwparser.pid"
lastcount = ".lastpifw"
config = "/etc/dshield.ini"
startdate = 0
now = datetime.utcnow()
fieldmap = {'SRC': 'sip', 'DST': 'dip', 'PROTO': 'proto', 'TYPE': 'sport',
'CODE': 'dport', 'SPT': 'sport', 'DPT': 'dport'}
protomap = {'UDP': 17, 'TCP': 6, 'ICMP': 1, 'ICMPv6': 58}
tcpflagmap = {'CWR': '1', 'ECE': '2', 'URG': 'U', 'ACK': 'A', 'PSH': 'P', 'RST': 'R', 'SYN': 'S', 'FIN': 'F'}
d = DshieldSubmit('')
args = d.getopts(argv)
debug = 0
if '-l' in args: # overwrite log file
logfile = args['-l']
if '-d' in args: # debug mode
debug = 1
def parse(logline):
linere = re.compile('^(\d+) \S+ kernel:\[[ 0-9\.]+\]\s+DSHIELDINPUT (.*)')
logdata = {}
m = linere.match(logline)
if m:
logdata['timestamp'] = datetime.fromtimestamp(int(m.group(1)))
logdata['time'] = logdata['timestamp'].strftime('%Y-%m-%d %H:%M:%S');
if m.group(1) > startdate:
os.mkdir('/var/run/dshield')
# define paramters
logfile = "/var/log/dshield.log"
pidfile = "/var/run/dshield/fwparser.pid"
lastcount = "/var/run/dshield/lastfwlog"
config = "/etc/dshield.ini"
startdate = 0
now = datetime.utcnow()
fieldmap = {'SRC': 'sip', 'DST': 'dip', 'PROTO': 'proto', 'TYPE': 'sport',
'CODE': 'dport', 'SPT': 'sport', 'DPT': 'dport'}
protomap = {'ICMP': 1, 'IGMP': 2, 'TCP': 6, 'UDP': 17, 'ESP': 50, 'AH': 51, 'ICMPv6': 58}
tcpflagmap = {'CWR': '1', 'ECE': '2', 'URG': 'U', 'ACK': 'A', 'PSH': 'P', 'RST': 'R', 'SYN': 'S', 'FIN': 'F'}
# instantiate DShield Submit object (used to submit logs to DShield
d = DshieldSubmit('')
# check if we run in debug mode
args = d.getopts(argv)
debug = 0
if '-l' in args: # overwrite log file
logfile = args['-l']
if '-p' in args: # overwrite log file
pidfile = args['-p']
if '-d' in args: # debug mode
debug = 1
if os.path.isfile(logfile) is None:
sys.exit('Can not find logfile %s ' % logfile)
if os.path.isfile(pidfile):
checklock(pidfile)
from time import strptime
from time import mktime
from datetime import datetime
from DShield import DshieldSubmit
logfile = "/var/log/ufw.log"
pidfile = "/var/run/ufwparser.pid"
lastcount = ".lastufw"
config = "/etc/dshield.ini"
startdate = 0
now = datetime.utcnow()
fieldmap = {'SRC': 'sip', 'DST': 'dip', 'PROTO': 'proto', 'TYPE': 'sport',
'CODE': 'dport', 'SPT': 'sport', 'DPT': 'dport'}
protomap = {'UDP': 17, 'TCP': 6, 'ICMP': 1, 'ICMPv6': 58}
tcpflagmap = {'CWR': '1', 'ECE': '2', 'URG': 'U', 'ACK': 'A', 'PSH': 'P', 'RST': 'R', 'SYN': 'S', 'FIN': 'F'}
d = DshieldSubmit('')
def parse(logline):
linere = re.compile('^([A-Z][a-z]{2}'') ([0-9 ]{2}) ([0-9:]{8}) \S+ kernel: \[[^\]]+\] \[([^\]]+)\] (.*)')
logdata = {}
m = linere.match(logline)
if m:
month = strptime(m.group(1), '%b').tm_mon
if month == 12 and now.month == 1:
year = now.year-1
else:
year = now.year
day = m.group(2)
ltime = m.group(3)
date = "%s-%s-%s" % (year, month, day)