def run(self): time.sleep(60) while 1: log.debug('FG-INFO: Downloading daily blacklists') # Clearing old intel self.all_ips.clear() self.all_domains.clear() with lock: # Clearing old intel for threat in homenet.bad_ips.keys(): del homenet.bad_ips[threat][:] for threat in homenet.bad_domains.keys(): del homenet.bad_domains[threat][:] # Retrieving intel from local sources self.retrieve_bad_ips() self.retrieve_bad_domains() # Retrieving intel from FalconGate public API if homenet.fg_intel_key: self.retrieve_fg_intel() for threat in homenet.bad_ips.keys(): for ip in homenet.bad_ips[threat]: if ip not in homenet.user_whitelist: self.all_ips.add(ip) for threat in homenet.bad_domains.keys(): for domain in homenet.bad_domains[threat]: if domain not in homenet.user_domain_whitelist: self.all_domains.add(domain) # Adding user blacklisted domains for entry in homenet.user_domain_blacklist: if entry not in homenet.user_domain_whitelist: self.all_domains.add(entry) # Adding user blacklisted IP addresses utils.flush_ipset_list('blacklist-user') for ip in homenet.user_blacklist: if ip not in homenet.user_whitelist: utils.add_ip_ipset_blacklist(ip, 'blacklist-user') # Reconfiguring ipset and dnsmasq with the new block lists # Blocking IP addresses from threat intel open sources it's disabled by default. Remove the comment in the line below to enable at your own risk :) #self.configure_ipset() self.configure_dnsmasq() time.sleep(14400)
def host_response(): if not request.json: abort(400) action = str(request.json['action']) target = request.json['target'] if action == 'blacklist': utils.flush_ipset_list('blacklist-user') for ip in target: with lock: if (len(ip) >= 7) and (ip not in homenet.user_blacklist) and ( ip not in homenet.user_whitelist): homenet.user_blacklist.append(ip) utils.add_ip_ipset_blacklist(ip, 'blacklist-user') log.debug('FG-INFO: IP ' + ip + 'added to user blacklist') resp = Response() resp.status_code = 200 return resp elif action == 'unblock': for ip in target: with lock: if (len(ip) >= 7) and (ip in homenet.user_blacklist): utils.del_ip_ipset_blacklist(ip, 'blacklist-user') resp = Response() resp.status_code = 200 return resp elif action == 'whitelist': for ip in target: if len(ip) >= 7: utils.del_ip_ipset_blacklist(ip, 'blacklist') utils.del_ip_ipset_blacklist(ip, 'blacklist-user') with lock: if ip not in homenet.user_whitelist: homenet.user_whitelist.append(ip) resp = Response() resp.status_code = 200 return resp elif action == 'list': data = utils.list_ipset_blacklist(target) data = {'content': data[7:-1]} data = json.dumps(data) resp = Response() resp.data = data resp.status_code = 200 resp.mimetype = "application/json" return resp else: abort(400)