Exemple #1
0
def is_country_ok(cc):
    """Return True if this country is in one of the configured "OK" countries(like the US)
       If the CC is unknown or the CC is NOT US, return False"""
    ok_countries = config.get("blocking","ok_countries").split(",")
    if not cc or cc in ok_countries:
        return True
    return False
Exemple #2
0
    def get_records(self):

#       don't verify SSL certificates
        http_options = {"verify": False}
        host = config.get("cif","host")
        apikey = config.get("cif","apikey")
        confidence = config.get("cif", "confidence") # 85 or so

        c = cif_http_client.Client(host, apikey,
            http_options,
            confidence=confidence,
            nolog=True
        )

        records = []

        for feed in 'infrastructure/malware', 'infrastructure/botnet', 'infrastructure/scan':
            records.extend(c.search(q=feed))
        return records
Exemple #3
0
    def get_records(self):

        #       don't verify SSL certificates
        http_options = {"verify": False}
        host = config.get("cif", "host")
        apikey = config.get("cif", "apikey")
        confidence = config.get("cif", "confidence")  # 85 or so

        c = cif_http_client.Client(host,
                                   apikey,
                                   http_options,
                                   confidence=confidence,
                                   nolog=True)

        records = []

        for feed in 'infrastructure/malware', 'infrastructure/botnet', 'infrastructure/scan':
            records.extend(c.search(q=feed))
        return records
Exemple #4
0
import datetime
import time

from ipblocker.config import config
from ipblocker import util

import random
import IPy

#HACK
if sqlalchemy.__version__.startswith("0.4"):
    kwargs = {'transactional': False}
else:
    kwargs = {'autocommit': True}
dburi = config.get("db","uri")
engine = create_engine(dburi)
Session = scoped_session(sessionmaker(autoflush=True, bind=engine, **kwargs))
metadata = MetaData(bind=engine)


from sqlalchemy.orm import mapper as sqla_mapper

def session_mapper(scoped_session):
    def mapper(cls, *arg, **kw):
        if cls.__init__ is object.__init__:
            def __init__(self, **kwargs):
                for key, value in kwargs.items():
                    setattr(self, key, value)
            cls.__init__ = __init__
        sqla_mapper(cls, *arg, **kw)
Exemple #5
0
#!/usr/bin/env python 
from snort import snortdb
from ipblocker import is_reblockable, is_fishy, ok_to_block
from ipblocker.config import config
from ipblocker.util import groupby, subnet
from operator import itemgetter

import os
import csv
import datetime

from ipblocker.source_blocker import SourceBlocker

rule_file       = config.get("snort", "rule_filename")
MINIMUM         = int(config.get("snort", "minimum"))
SUBNET_MINIMUM  = int(config.get("snort", "subnet_minimum"))
BLOCK_TIME      = config.get("snort", "block_time")

class SnortBlocker(SourceBlocker):
    blocker = "snort"
    must_exist_in_source = False
    flag_traffic = False


    def read_rules(self):
        f = csv.DictReader(open(rule_file))
        rules = []
        for x in f:
            x['minimum']        = int(x['minimum'] or  MINIMUM)
            x['subnet_minimum'] = int(x['subnet_minimum'] or  SUBNET_MINIMUM)
            x['block_time']     = x['block_time'] or  BLOCK_TIME
Exemple #6
0
def wakeup_backend():
    return False
    wakeup_host = config.get('db', 'host')
    import tcpsleep
    return tcpsleep.client.wakeup(host=host, port=11112)
Exemple #7
0
 def remove_US(self, ips):
     g=pygeoip.GeoIP(config.get("geoip","path"))
     ok = [ip for ip in ips if g.country_code_by_addr(ip) != 'US']
     skipped = len(ips) - len(ok)
     logger.debug("removed %d US ips" % skipped)
     return ok
Exemple #8
0
def wakeup_backend():
    return False
    wakeup_host = config.get('db','host')
    import tcpsleep
    return tcpsleep.client.wakeup(host=host, port=11112)
Exemple #9
0
#!/usr/bin/env python
from snort import snortdb
from ipblocker import is_reblockable, is_fishy, ok_to_block
from ipblocker.config import config
from ipblocker.util import groupby, subnet
from operator import itemgetter

import os
import csv
import datetime

from ipblocker.source_blocker import SourceBlocker

rule_file = config.get("snort", "rule_filename")
MINIMUM = int(config.get("snort", "minimum"))
SUBNET_MINIMUM = int(config.get("snort", "subnet_minimum"))
BLOCK_TIME = config.get("snort", "block_time")


class SnortBlocker(SourceBlocker):
    blocker = "snort"
    must_exist_in_source = False
    flag_traffic = False

    def read_rules(self):
        f = csv.DictReader(open(rule_file))
        rules = []
        for x in f:
            x['minimum'] = int(x['minimum'] or MINIMUM)
            x['subnet_minimum'] = int(x['subnet_minimum'] or SUBNET_MINIMUM)
            x['block_time'] = x['block_time'] or BLOCK_TIME