class Rule(BaseBackend):
name = "Rule"
def __init__(self):
BaseBackend.__init__(self, models.Rule)
self.sensor = Sensor()
def add(self, *args, **kwargs):
(result, sensor) = self.sensor.get(name=kwargs["sensor"])
if not result:
(result, sensor) = self.sensor.add(name=kwargs["sensor"])
if not result:
return (False, sensor)
(result, rule) = self.get(rule=kwargs["rule"])
if result:
return (False, "Rule already exists")
rule = models.Rule(rule=kwargs["rule"], sensor=sensor, pos_ip=kwargs["pos_ip"], pos_reason=kwargs["pos_reason"])
rule.save()
return (True, rule)
@transaction.commit_manually
def bulk_import(self, import_data):
t_start = mktime(datetime.now().timetuple())
data = []
failed = []
num_failed = 0
for entry in import_data:
if entry[0] == "":
num_failed += 1
failed.append(entry)
continue
tmp = {}
try:
sensor = models.Sensor.objects.get(name=entry[0])
except models.Sensor.DoesNotExist:
sensor = models.Sensor(name=entry[0])
sensor.save()
tmp["sensor"] = sensor
tmp["rule"] = entry[1]
tmp["pos_ip"] = entry[2]
tmp["pos_reason"] = entry[3]
data.append(tmp)
for entry in data:
rule = models.Rule(
rule=entry["rule"], sensor=entry["sensor"], pos_ip=entry["pos_ip"], pos_reason=entry["pos_reason"]
)
rule.save()
transaction.commit()
reset_queries()
t_end = mktime(datetime.now().timetuple())
return (t_end - t_start, num_failed, failed)
def __init__(self):
BaseBackend.__init__(self, models.Listing)
self.ip = IP()
self.sensor = Sensor()
self.host = Host()
self.reason = Reason()
self.duration = Duration()
self.user = User()
self.historylisting = HistoryListing()
self.config = Config()
self.ipcalc = IPCalc()
def __init__(self): BaseBackend.__init__(self, models.Listing) self.ip = IP() self.sensor = Sensor() self.host = Host() self.reason = Reason() self.duration = Duration() self.user = User() self.historylisting = HistoryListing() self.config = Config() self.ipcalc = IPCalc()
class Listing(BaseBackend): name = "Listing" def __init__(self): BaseBackend.__init__(self, models.Listing) self.ip = IP() self.sensor = Sensor() self.host = Host() self.reason = Reason() self.duration = Duration() self.user = User() self.historylisting = HistoryListing() self.config = Config() self.ipcalc = IPCalc() def add(self, *args, **kwargs): (result, ip) = self.ip.get(ip=kwargs['ip']) if not result: (result, ip) = self.ip.add(ip=kwargs['ip']) if not result: return (False, ip) (result, listing) = self.get(ip=ip) if result: return (False, "IP is already blacklisted") (result, sensor) = self.sensor.get(name=kwargs['sensor']) if not result: (result, sensor) = self.sensor.add(name=kwargs['sensor']) if not result: return (False, sensor) (result, sensor_host) = self.host.get(hostname=kwargs['sensor_host']) if not result: (result, sensor_host) = self.host.add(hostname=kwargs['sensor_host'], user=kwargs['reporter']) if not result: return (False, sensor_host) (result, reason) = self.reason.get(reason=kwargs['reason'], sensor=sensor) if not result: (result, reason) = self.reason.add(reason=kwargs['reason'], sensor=sensor) if not result: return (False, reason) (result, user) = self.user.get(username=kwargs['reporter']) if not result: (result, user) = self.user.add(username=kwargs['reporter']) if not result: return (False, user) (result, historylistings) = self.historylisting.filter(ip=ip) if result and len(historylistings) != 0: occurrences = len(historylistings) else: occurrences = 1 (result, duration) = self.duration.get(duration=occurrences*self.config["blacklist.multiplier"]) if not result: (result, duration) = self.duration.add(duration=occurrences*self.config["blacklist.multiplier"]) if not result: return (False, duration) listing = models.Listing( ip=ip, reason=reason, sensor=sensor, sensor_host=sensor_host, timestamp=datetime.now(), duration=duration, reporter=user, ) listing.save() historylisting = self.historylisting.add( ip=ip, reason=reason, sensor=sensor, sensor_host=sensor_host, timestamp=listing.timestamp, duration=duration, reporter=user ) return (True, listing) def delete(self, *args, **kwargs): try: return BaseBackend.delete(self, *args, **kwargs) except: (result, ip) = self.ip.get(ip=kwargs['ip']) if not result: return (False, ip) kwargs['ip'] = ip return BaseBackend.delete(self, *args, **kwargs)
class Rule(BaseBackend):
name = "Rule"
def __init__(self):
BaseBackend.__init__(self, models.Rule)
self.sensor = Sensor()
def add(self, *args, **kwargs):
(result, sensor) = self.sensor.get(name=kwargs["sensor"])
if not result:
(result, sensor) = self.sensor.add(name=kwargs["sensor"])
if not result:
return (False, sensor)
(result, rule) = self.get(rule=kwargs["rule"])
if result:
return (False, "Rule already exists")
rule = models.Rule(
rule=kwargs["rule"],
sensor=sensor,
pos_ip=kwargs["pos_ip"],
pos_reason=kwargs["pos_reason"],
)
rule.save()
return (True, rule)
@transaction.commit_manually
def bulk_import(self, import_data):
t_start = mktime(datetime.now().timetuple())
data = []
failed = []
num_failed = 0
for entry in import_data:
if entry[0] == "":
num_failed += 1
failed.append(entry)
continue
tmp = {}
try:
sensor = models.Sensor.objects.get(name=entry[0])
except models.Sensor.DoesNotExist:
sensor = models.Sensor(name=entry[0])
sensor.save()
tmp["sensor"] = sensor
tmp["rule"] = entry[1]
tmp["pos_ip"] = entry[2]
tmp["pos_reason"] = entry[3]
data.append(tmp)
for entry in data:
rule = models.Rule(
rule=entry["rule"],
sensor=entry["sensor"],
pos_ip=entry["pos_ip"],
pos_reason=entry["pos_reason"],
)
rule.save()
transaction.commit()
reset_queries()
t_end = mktime(datetime.now().timetuple())
return (t_end - t_start, num_failed, failed)
def __init__(self):
BaseBackend.__init__(self, models.Rule)
self.sensor = Sensor()
class Listing(BaseBackend):
name = "Listing"
def __init__(self):
BaseBackend.__init__(self, models.Listing)
self.ip = IP()
self.sensor = Sensor()
self.host = Host()
self.reason = Reason()
self.duration = Duration()
self.user = User()
self.historylisting = HistoryListing()
self.config = Config()
self.ipcalc = IPCalc()
def add(self, *args, **kwargs):
(result, ip) = self.ip.get(ip=kwargs['ip'])
if not result:
(result, ip) = self.ip.add(ip=kwargs['ip'])
if not result:
return (False, ip)
(result, listing) = self.get(ip=ip)
if result:
return (False, "IP is already blacklisted")
(result, sensor) = self.sensor.get(name=kwargs['sensor'])
if not result:
(result, sensor) = self.sensor.add(name=kwargs['sensor'])
if not result:
return (False, sensor)
(result, sensor_host) = self.host.get(hostname=kwargs['sensor_host'])
if not result:
(result,
sensor_host) = self.host.add(hostname=kwargs['sensor_host'],
user=kwargs['reporter'])
if not result:
return (False, sensor_host)
(result, reason) = self.reason.get(reason=kwargs['reason'],
sensor=sensor)
if not result:
(result, reason) = self.reason.add(reason=kwargs['reason'],
sensor=sensor)
if not result:
return (False, reason)
(result, user) = self.user.get(username=kwargs['reporter'])
if not result:
(result, user) = self.user.add(username=kwargs['reporter'])
if not result:
return (False, user)
(result, historylistings) = self.historylisting.filter(ip=ip)
if result and len(historylistings) != 0:
occurrences = len(historylistings)
else:
occurrences = 1
(result,
duration) = self.duration.get(duration=occurrences *
self.config["blacklist.multiplier"])
if not result:
(result,
duration) = self.duration.add(duration=occurrences *
self.config["blacklist.multiplier"])
if not result:
return (False, duration)
listing = models.Listing(
ip=ip,
reason=reason,
sensor=sensor,
sensor_host=sensor_host,
timestamp=datetime.now(),
duration=duration,
reporter=user,
)
listing.save()
historylisting = self.historylisting.add(ip=ip,
reason=reason,
sensor=sensor,
sensor_host=sensor_host,
timestamp=listing.timestamp,
duration=duration,
reporter=user)
return (True, listing)
def delete(self, *args, **kwargs):
try:
return BaseBackend.delete(self, *args, **kwargs)
except:
(result, ip) = self.ip.get(ip=kwargs['ip'])
if not result:
return (False, ip)
kwargs['ip'] = ip
return BaseBackend.delete(self, *args, **kwargs)
def __init__(self):
BaseBackend.__init__(self, models.Rule)
self.sensor = Sensor()
