class IpsManager:
# Ips Manager: calls necessary managers and utilities to generate parameters for sql.
#
validPortNumbers = ()
def __init__(self):
self.g_config = GlobalConfig()
self.valid_port_numbers = self.g_config.get_ports()
self.date_time_field = self.g_config.get_db_datetime_name()
self.log = Logger().get('reportserver.manager.IpsManager.py')
def get_data(self, ipaddress, uom, unit):
self.log.info("Retrieving ipaddress data: " + str(ipaddress) + " uom: " + uom + " size: " + str(unit))
port_data = []
for port in self.valid_port_numbers:
results = self.get_json_by_ip(port, ipaddress, uom, unit)
items = utilities.process_data(results)
port_data.append({port:items})
port_json = {
'ipaddress': str(ipaddress),
'timespan': uom + "=" + str(unit),
'ports':port_data
}
return port_json
def get_json_by_ip(self, portnumber, ipaddress, uom, units):
begin_date_iso = dateTimeUtility.get_begin_date_iso(uom, units)
table_name = self.g_config.get_plugin_config(portnumber)['table']
date_time_field = self.g_config.get_db_datetime_name()
# query = query_db("SELECT * FROM %s where (datetime > '%s')" % (tableName, query_date_iso))
queryString = "SELECT * FROM %s where %s >= '%s' and peerAddress = '%s' order by id, %s" % (
table_name, date_time_field, begin_date_iso, ipaddress, date_time_field)
# args = (tableName, date_time_field, begin_date_iso)
self.log.info("queryString is: " + str(queryString))
# print ("args to use: " + str(args))
results = DatabaseHandler().query_db(queryString)
self.log.debug("results: " + str(results))
return results
class PortManager:
# Port Manager: calls necessary managers and utilities to generate parameters for sql.
# List of valid ports it can receive is taken from the Configuration setup.
#
validPortNumbers = ()
def __init__(self):
self.g_config = GlobalConfig()
self.validPortNumbers = self.g_config.get_ports()
self.date_time_field = self.g_config.get_db_datetime_name()
self.log = Logger().get('reportserver.manager.PortManager.PortManager')
def isPortValid(self, port_number):
if (port_number in self.validPortNumbers):
return True
else:
return False
def getPort(self, port_number, uom, unit):
self.log.info("Retrieving port:" + str(port_number) + "uom:" + uom + " size: " + str(unit))
items = []
if self.isPortValid(port_number):
results = DatabaseHandler().get_json_by_time(port_number, uom, unit)
items = utilities.process_data(results)
port_json = {
'port': str(port_number),
'timespan': uom + "=" + str(unit),
'items':items
}
return port_json
def get_port_attack_count(self, tablename, unit, uom):
fromDate = dateTimeUtility.get_begin_date_iso(unit, uom)
sql = "select count(distinct session) as total_attacks from %s where %s >= '%s' " %(tablename, self.date_time_field, fromDate)
self.log.debug("sql is:" + sql)
result = DatabaseHandler().query_db(sql)[0]
return int(result['total_attacks'])
def get_unique_ips(self, tablename, unit, uom):
fromDate = dateTimeUtility.get_begin_date_iso(unit, uom)
sql = "select count(distinct peerAddress) as unique_ips from %s where %s >= '%s' " % (tablename, self.date_time_field, fromDate)
self.log.debug("sql is:" + sql)
result = DatabaseHandler().query_db(sql)[0]
return int(result['unique_ips'])
class DatabaseHandler:
def __init__(self):
self.global_config = GlobalConfig()
self.db_path = self.global_config['Database']['path']
self.log = Logger().get('reportserver.dao.DatabaseHandler.DatabaseHandler')
# Connect to given database.
# Defaults to the honeypot db, but another path can be passed in (mainly for testing).
# Database needs to exist first.
def connect(self, database_name):
if (database_name == None):
database_name = self.db_path
if not os.path.exists(database_name):
self.log.error("Database does not exist in path: " + database_name)
return None
try:
conn = sqlite3.connect(database_name)
except sqlite3.OperationalError as oe:
self.log.error("****Problem connecting to database*** at: " + database_name)
self.log.error(oe)
else:
return conn
# Query DB and return JSON
def query_db(self, query, args=(), one=False, db=None):
#print ("#debug args are: " +str(args))
cur = self.connect(db).cursor()
cur.execute(query, args)
r = [dict((cur.description[i][0], value) \
for i, value in enumerate(row)) for row in cur.fetchall()]
cur.connection.close()
return (r[0] if r else None) if one else r
# Unit of Measure could be "weeks", "days", "hours", "minutes".
# Return all data from the DB within that measure of time as JSON.
def get_json_by_time(self, portnumber, uom, units):
begin_date_iso = dateTimeUtility.get_begin_date_iso(uom, units)
tableName = self.global_config.get_plugin_config(portnumber)['table']
date_time_field = self.global_config.get_db_datetime_name()
# query = query_db("SELECT * FROM %s where (datetime > '%s')" % (tableName, query_date_iso))
queryString = "SELECT * FROM %s where %s >= '%s' order by id, %s" % (tableName, date_time_field, begin_date_iso, date_time_field)
#args = (tableName, date_time_field, begin_date_iso)
self.log.info("queryString is: " + str(queryString))
#print ("args to use: " + str(args))
results = self.query_db(queryString)
self.log.debug("results: " + str(results))
return results
