def clear_old_records():
days_for_keeping = int(minutes_to_keep_feed())
lock.acquire()
current_date = make_date_time(seconds_to_subtract=days_for_keeping * 60)
feeds = get_feeds()
blocked = get_blocked_by_ip()
n_blocked = get_blocked_by_network()
warned = get_warned_by_ip()
n_warned = get_warned_by_network()
to_delete = feeds.find({"time.observation": {"$lt": current_date}})
with open(os.path.join(os.getcwd(), "backup.txt"), "a+",
encoding="utf-8") as f:
tmp = []
for x in to_delete:
del x['_id']
tmp.append(x)
f.write(json.dumps(tmp, ensure_ascii=False))
f.close()
blocked.delete_many({"time.observation": {"$lt": current_date}})
n_blocked.delete_many({"time.observation": {"$lt": current_date}})
warned.delete_many({"time.observation": {"$lt": current_date}})
n_warned.delete_many({"time.observation": {"$lt": current_date}})
feeds.delete_many(
{"time.observation": {
"$lt": parser.parse(current_date).isoformat()
}})
lock.release()
def warn_all(ips=None, networks=None):
"""
:param ips :{as format: [{document}, {document}...]}
:param networks :{as format: [{document}, {document}...]}
:rtype: object
"""
if ips is None:
ips = []
if networks is None:
networks = []
if not ips and not networks:
return
lock.acquire()
blocked_collection = get_blocked_by_ip()
warning_collection = get_warned_by_ip()
n_blocked_collection = get_blocked_by_network()
n_warning_collection = get_warned_by_network()
if ips:
for threat in ips:
ip = threat['source_ip']
network = threat['source_network']
if ip:
if '_id' in threat:
del threat['_id']
b = blocked_collection.find_one({
"source_ip": ip,
"source_network": network
})
if not b:
warning_collection.find_one_and_update(
{
"source_ip": ip,
"source_network": network
}, {"$set": threat},
upsert=True)
if networks:
for threat in networks:
ip = threat['source_ip']
network = threat['source_network']
if ip:
if '_id' in threat:
del threat['_id']
b = n_blocked_collection.find_one({
"source_ip": ip,
"source_network": network
})
if not b:
n_warning_collection.find_one_and_update(
{
"source_ip": ip,
"source_network": network
}, {"$set": threat},
upsert=True)
lock.release()
def auto_redirection():
lock.acquire()
count = redirection_count()
doms = get_domains()
records = doms.find({"count": {"$gte": count}})
lock.release()
if records and len(records) > 0:
save_domains(list(records))
def auto_unblocking():
lock.acquire()
unblocking_mins = minutes_before_ip_is_unblocked()
blocked = get_blocked_by_ip()
n_blocked = get_blocked_by_network()
current_date = make_date_time(seconds_to_subtract=(unblocking_mins * 60))
records = blocked.find({"block_date": {"$lte": current_date}})
data = []
if records:
for record in records:
data.append({record['source_ip'], record['source_network']})
records_2 = n_blocked.find({"block_date": {"$lte": current_date}})
if records_2:
for record in records_2:
data.append({record['source_ip'], record['source_network']})
lock.release()
unblock_all(ips=data)
def block_all(ips=None, networks=None, by_country=None):
"""
:param by_country: string eg 'US'
:param ips :{as format: [{document}, {document}...]}
:param networks :{as format: [{document}, {document}...]}
:rtype: object
"""
if ips is None:
ips = []
if networks is None:
networks = []
if not ips and not networks and not by_country:
return
lock.acquire()
blocked_collection = get_blocked_by_ip()
warning_collection = get_warned_by_ip()
n_blocked_collection = get_blocked_by_network()
n_warning_collection = get_warned_by_network()
if ips:
for threat in ips:
ip = threat['source_ip'] or None
network = threat['source_network'] or None
if ip:
if '_id' in threat:
del threat['_id']
threat['block_date'] = make_date_time()
threat['unblock_date'] = ""
blocked_collection.find_one_and_update(
{
"source_ip": ip,
"source_network": network
}, {"$set": threat},
upsert=True)
warning_collection.find_one_and_delete({
"source_ip":
ip,
"source_network":
network
})
threading.Thread(target=__do_the_actual_blocking,
kwargs={
'ip': ip
},
daemon=True).start()
if networks:
for threat in networks:
ip = threat['source_ip']
network = threat['source_network']
if network:
if '_id' in threat:
del threat['_id']
threat['block_date'] = make_date_time()
threat['unblock_date'] = ""
n_blocked_collection.find_one_and_update(
{
"source_ip": ip,
"source_network": network
}, {"$set": threat},
upsert=True)
n_warning_collection.find_one_and_delete({
"source_ip":
ip,
"source_network":
network
})
threading.Thread(target=__do_the_actual_blocking,
kwargs={
'network': network
},
daemon=True).start()
if by_country:
records = blocked_collection.find(
{"source_geolocation_cc": by_country})
if not records:
records_2 = warning_collection.find(
{"source_geolocation_cc": by_country})
if records_2:
for rec in records_2:
if '_id' in rec:
del rec['_id']
rec['block_date'] = make_date_time()
rec['unblock_date'] = ""
blocked_collection.insert_one(rec)
threading.Thread(target=__do_the_actual_blocking,
kwargs={
'ip': rec['source_ip']
},
daemon=True).start()
warning_collection.delete_many(
{"source_geolocation_cc": by_country})
records_1 = n_blocked_collection.find(
{"source_geolocation_cc": by_country})
if not records_1:
records_2 = n_warning_collection.find(
{"source_geolocation_cc": by_country})
if records_2:
for rec in records_2:
if '_id' in rec:
del rec['_id']
rec['block_date'] = make_date_time()
rec['unblock_date'] = ""
n_blocked_collection.insert_one(rec)
threading.Thread(target=__do_the_actual_blocking,
kwargs={
'network': rec['source_network']
},
daemon=True).start()
n_warning_collection.delete_many(
{"source_geolocation_cc": by_country})
lock.release()
def unblock_all(ips=None, by_country=None):
"""
:param by_country: country name/geolocation to unblock eg 'US'
:param ips :{as format: [{source_ip, source_network}, ...]}
:rtype: object
"""
if not ips and not by_country:
return
lock.acquire()
blocked_collection = get_blocked_by_ip()
warning_collection = get_warned_by_ip()
n_blocked_collection = get_blocked_by_network()
n_warning_collection = get_warned_by_network()
if ips:
for ip in ips:
i_p = ip['source_ip']
net = ip['source_network']
record = blocked_collection.find_one_and_delete({
"source_ip":
i_p,
"source_network":
net
})
if record:
if '_id' in record:
del record['_id']
record['block_date'] = ""
record['unblock_date'] = make_date_time()
warning_collection.find_one_and_update({"source_ip": i_p},
{"$set": record},
upsert=True)
threading.Thread(target=__do_the_actual_unblocking,
kwargs={
'ip': i_p
},
daemon=True).start()
else:
record = n_blocked_collection.find_one_and_delete({
"source_ip":
i_p,
"source_network":
net
})
if record:
if '_id' in record:
del record['_id']
record['block_date'] = ""
record['unblock_date'] = make_date_time()
n_warning_collection.find_one_and_update(
{"source_network": net}, {"$set": record}, upsert=True)
threading.Thread(target=__do_the_actual_unblocking,
kwargs={
'network': net
},
daemon=True).start()
if by_country:
records = blocked_collection.find(
{"source_geolocation_cc": by_country})
if records:
for rec in records:
if '_id' in rec:
del rec['_id']
rec['block_date'] = ""
rec['unblock_date'] = make_date_time()
warning_collection.insert_one(rec)
threading.Thread(target=__do_the_actual_unblocking,
kwargs={
'ip': rec['source_ip']
},
daemon=True).start()
blocked_collection.delete_many(
{"source_geolocation_cc": by_country})
records_1 = n_blocked_collection.find(
{"source_geolocation_cc": by_country})
if records_1:
for rec in records_1:
if '_id' in rec:
del rec['_id']
rec['block_date'] = ""
rec['unblock_date'] = make_date_time()
n_warning_collection.insert_one(rec)
threading.Thread(target=__do_the_actual_unblocking,
kwargs={
'network': rec['source_network']
},
daemon=True).start()
n_blocked_collection.delete_many(
{"source_geolocation_cc": by_country})
lock.release()