Exemple #1
0
def main():
    known_formats = {
        'nginx': NginxLogParser
    }
    known_blockers = {
        'apf': ApfBlocker,
        'iptables': IPTablesBlocker
    }

    parser = argparse.ArgumentParser(description='DDoS protection system',
                                     formatter_class=argparse.ArgumentDefaultsHelpFormatter)

    parser.add_argument("-p", dest="pidfile", required=True, metavar="pid-file", help="PID lock file")
    parser.add_argument("-f", "--format", dest="log_format", choices=known_formats.keys(),
                        required=True, default='nginx', help="Log file format.")
    parser.add_argument("-b", "--blocker", choices=known_blockers.keys(),
                        required=True, default='iptables', help="Use specific blocker.")
    parser.add_argument("--threshold", type=int, default=35, help="Analyzer threshold.")
    parser.add_argument("--dry-run", action="store_true", help="Do not block, just notify")

    group1 = parser.add_argument_group('Parser parameters.')
    mutex_group1 = group1.add_mutually_exclusive_group()
    mutex_group1.add_argument("--stdin", dest="stdin", action='store_true', help="Data from stdin")
    mutex_group1.add_argument("-l", "--log", dest="log_file", help="Log file to process.")

    args = parser.parse_args()

    enter_pid_lock(args.pidfile)
    try:
        # input
        if args.stdin:
            data_provider = StdInDataProvider()
        else:
            data_provider = FileDataProvider(args.log_file)

        # dry run
        dry_run = args.dry_run

        # log parser
        log_parser = known_formats[args.log_format](data_provider)

        # select blocker
        blocker = known_blockers[args.blocker]()

        # select analyzer, supported only GenericDDoSAnalyzer
        analyzer = GenericDDoSAnalyzer(log_parser, threshold=args.threshold)

        for attacker_ip in analyzer.attacker_ip_list():
            if not dry_run:
                blocker.block(attacker_ip)

            sys.stdout.write("IP %s blocked.\n" % attacker_ip)

    finally:
        exit_pid_lock(args.pidfile)
Exemple #2
0
def main():
    known_formats = {
        'nginx': NginxLogParser
    }
    known_blockers = {
        'apf': ApfBlocker,
        'iptables': IPTablesBlocker
    }

    parser = argparse.ArgumentParser(description='DDoS protection system',
                                     formatter_class=argparse.ArgumentDefaultsHelpFormatter)

    parser.add_argument("-p", dest="pidfile", required=True, metavar="pid-file", help="PID lock file")
    parser.add_argument("-f", "--format", dest="log_format", choices=known_formats.keys(),
                        required=True, default='nginx', help="Log file format.")
    parser.add_argument("-b", "--blocker", choices=known_blockers.keys(),
                        required=True, default='iptables', help="Use specific blocker.")
    parser.add_argument("--threshold", type=int, default=35, help="Analyzer threshold.")
    parser.add_argument("--dry-run", action="store_true", help="Do not block, just notify")

    group1 = parser.add_argument_group('Parser parameters.')
    mutex_group1 = group1.add_mutually_exclusive_group()
    mutex_group1.add_argument("--stdin", dest="stdin", action='store_true', help="Data from stdin")
    mutex_group1.add_argument("-l", "--log", dest="log_file", help="Log file to process.")

    args = parser.parse_args()

    enter_pid_lock(args.pidfile)
    try:
        # input
        if args.stdin:
            data_provider = StdInDataProvider()
        else:
            data_provider = FileDataProvider(args.log_file)

        # dry run
        dry_run = args.dry_run

        # log parser
        log_parser = known_formats[args.log_format](data_provider)

        # select blocker
        blocker = known_blockers[args.blocker]()

        # select analyzer, supported only GenericDDoSAnalyzer
        analyzer = GenericDDoSAnalyzer(log_parser, threshold=args.threshold)

        for attacker_ip in analyzer.attacker_ip_list():
            if not dry_run:
                blocker.block(attacker_ip)

            sys.stdout.write("IP %s blocked.\n" % attacker_ip)

    finally:
        exit_pid_lock(args.pidfile)
Exemple #3
0
    def test_analyze_minilog(self):
        minilog = self.TESTLOG_PATH

        log_parser = NginxLogParser(FileDataProvider(minilog))

        analyzer = GenericDDoSAnalyzer(log_parser, threshold=100)
        block_ips = analyzer.attacker_ip_list()

        self.assertEqual(5, len(block_ips))
        self.assertEqual('77.106.228.178', block_ips[0])
        self.assertEqual('190.195.160.2', block_ips[1])
        self.assertEqual('89.21.79.68', block_ips[2])
        self.assertEqual('46.118.121.72', block_ips[3])
        self.assertEqual('201.254.106.234', block_ips[4])