def main(): print("%s (server) #v%s\n" % (NAME, VERSION)) parser = optparse.OptionParser(version=VERSION) parser.add_option("-c", dest="config_file", default=CONFIG_FILE, help="Configuration file (default: '%s')" % os.path.split(CONFIG_FILE)[-1]) options, _ = parser.parse_args() read_config(options.config_file) if config.USE_SSL: try: import OpenSSL except ImportError: msg, _ = "[!] please install pyopenssl", platform.linux_distribution( )[0].lower() for distro, install in { ("fedora", "centos"): "sudo yum install pyOpenSSL", ("debian", "ubuntu"): "sudo apt-get install python-openssl" }.items(): if _ in distro: msg += " (e.g. '%s')" % install break exit(msg) if not config.SSL_PEM or not os.path.isfile(config.SSL_PEM): hint = "openssl req -new -x509 -keyout %s -out %s -days 365 -nodes -subj '/O=%s CA/C=EU'" % ( config.SSL_PEM or "server.pem", config.SSL_PEM or "server.pem", NAME) exit( "[!] invalid configuration value for 'SSL_PEM' ('%s')\n[o] (hint: \"%s\")" % (config.SSL_PEM, hint)) def update_timer(): if config.USE_SERVER_UPDATE_TRAILS: update_trails() update_ipcat() thread = threading.Timer(config.UPDATE_PERIOD, update_timer) thread.daemon = True thread.start() if config.UDP_ADDRESS and config.UDP_PORT: start_logd(address=config.UDP_ADDRESS, port=config.UDP_PORT, join=False) try: update_timer() start_httpd(address=config.HTTP_ADDRESS, port=config.HTTP_PORT, pem=config.SSL_PEM if config.USE_SSL else None, join=True) except KeyboardInterrupt: print("\r[x] stopping (Ctrl-C pressed)")
def main(): if "-c" in sys.argv: read_config(sys.argv[sys.argv.index("-c") + 1]) try: update_trails(force=True) update_ipcat() except KeyboardInterrupt: print "\r[x] Ctrl-C pressed" else: if "-r" in sys.argv: results = [] with _fopen(TRAILS_FILE) as f: for line in f: if line and line[0].isdigit(): items = line.split(',', 2) if re.search(r"\A[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\Z", items[0]): ip = items[0] reputation = 1 lists = items[-1] if '+' in lists: reputation = 2 + lists.count(',') if "(custom)" in lists: reputation -= 1 if "(static)" in lists: reputation -= 1 reputation -= max(0, lists.count("prox") + lists.count("maxmind") + lists.count("spys.ru") + lists.count("rosinstrument") - 1) # remove duplicate proxy hits reputation -= max(0, lists.count("blutmagie") + lists.count("torproject") - 1) # remove duplicate tor hits if reputation > 0: results.append((ip, reputation)) results = sorted(results, key=lambda _: _[1], reverse=True) for result in results: sys.stderr.write("%s\t%s\n" % (result[0], result[1])) sys.stderr.flush()
def main(): print("%s (sensor) #v%s\n" % (NAME, VERSION)) parser = optparse.OptionParser(version=VERSION) parser.add_option("-c", dest="config_file", default=CONFIG_FILE, help="configuration file (default: '%s')" % os.path.split(CONFIG_FILE)[-1]) parser.add_option("-i", dest="pcap_file", help="open pcap file for offline analysis") parser.add_option("-p", dest="plugins", help="plugin(s) to be used per event") parser.add_option("--console", dest="console", action="store_true", help="print events to console (too)") options, _ = parser.parse_args() if not check_sudo(): exit("[!] please run '%s' with sudo/Administrator privileges" % __file__) read_config(options.config_file) for option in dir(options): if isinstance(getattr(options, option), (basestring, bool)) and not option.startswith('_'): config[option] = getattr(options, option) if options.pcap_file: if not os.path.isfile(options.pcap_file): exit("[!] missing pcap file '%s'" % options.pcap_file) else: print("[i] using pcap file '%s'" % options.pcap_file) try: init() monitor() except KeyboardInterrupt: print("\r[x] stopping (Ctrl-C pressed)")
def main(): """ Main function """ print "%s #v%s\n" % (NAME, VERSION) parser = optparse.OptionParser(version=VERSION) parser.add_option("-c", dest="config_file", default=CONFIG_FILE, help="Configuration file (default: '%s')" % os.path.split(CONFIG_FILE)[-1]) options, _ = parser.parse_args() if not check_sudo(): exit("[x] please run with sudo/Administrator privileges") read_config(options.config_file) init_sensor() try: start_httpd() start_sensor() except socket.error, ex: exit("[x] can't start the HTTP server ('%s')" % ex)
def main(): if "-c" in sys.argv: read_config(sys.argv[sys.argv.index("-c") + 1]) try: update_trails(force=True) update_ipcat() except KeyboardInterrupt: print("\r[x] Ctrl-C pressed") else: if "-r" in sys.argv: results = [] with _fopen(config.TRAILS_FILE, "rb" if six.PY2 else 'r', open if six.PY2 else codecs.open) as f: for line in f: if line and line[0].isdigit(): items = line.split(',', 2) if re.search(r"\A[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\Z", items[0]): ip = items[0] reputation = 1 lists = items[-1] if '+' in lists: reputation = 2 + lists.count(',') if "(custom)" in lists: reputation -= 1 if "(static)" in lists: reputation -= 1 reputation -= max(0, lists.count("prox") + lists.count("maxmind") + lists.count("spys.ru") + lists.count("rosinstrument") - 1) # remove duplicate proxy hits reputation -= max(0, lists.count("blutmagie") + lists.count("torproject") - 1) # remove duplicate tor hits if reputation > 0: results.append((ip, reputation)) results = sorted(results, key=lambda _: _[1], reverse=True) for result in results: sys.stderr.write("%s\t%s\n" % (result[0], result[1])) sys.stderr.flush()
def main(): """ Main function """ print "%s (sensor) #v%s\n" % (NAME, VERSION) parser = optparse.OptionParser(version=VERSION) parser.add_option("-c", dest="config_file", default=SENSOR_CONFIG_FILE, help="Configuration file (default: '%s')" % os.path.split(SENSOR_CONFIG_FILE)[-1]) options, _ = parser.parse_args() if not check_sudo(): exit("[x] please run with sudo/Administrator privileges") read_config(options.config_file) init_sensor() try: start_sensor() except KeyboardInterrupt: print "\r[x] stopping (Ctrl-C pressed)" except: if config.SHOW_DEBUG: traceback.print_exc() finally: os._exit(0)
def main(): print(figlet) logger.info("%s (sensor) #v%s" % (NAME, VERSION)) parser = optparse.OptionParser(version=VERSION) parser.add_option("-c", dest="config_file", default=CONFIG_FILE, help="configuration file (default: '%s')" % os.path.split(CONFIG_FILE)[-1]) parser.add_option("-i", dest="pcap_file", help="open pcap file for offline analysis") parser.add_option("--console", dest="console", action="store_true", help="print events to console (too)") parser.add_option("--no-updates", dest="no_updates", action="store_true", help="disable (online) trail updates") parser.add_option("--debug", dest="debug", action="store_true", help=optparse.SUPPRESS_HELP) options, _ = parser.parse_args() if not check_sudo(): exit("[!] please run '%s' with sudo/Administrator privileges" % __file__) read_config(options.config_file) if options.debug: config.console = True config.SHOW_DEBUG = True create_log_directory(config.LOG_DIR) logger.init_file_loggers() config.plugins = DEFAULT_PLUGINS if config.PLUGINS: config.plugins += re.split(r"[,;]", config.PLUGINS) config.triggers = [] if config.TRIGGERS: config.triggers += re.split(r"[,;]", config.TRIGGERS) for option in dir(options): if isinstance(getattr(options, option), (basestring, bool)) and not option.startswith('_'): config[option] = getattr(options, option) if options.pcap_file: if options.pcap_file == '-': logger.info("using STDIN") elif not os.path.isfile(options.pcap_file): exit("missing pcap file '%s'" % options.pcap_file) else: logger.info("using pcap file '%s'" % options.pcap_file) try: init() monitor() except KeyboardInterrupt: logger.warning("stopping (Ctrl-C pressed)")
def main(): print("%s (server) #v%s\n" % (NAME, VERSION)) parser = optparse.OptionParser(version=VERSION) parser.add_option("-c", dest="config_file", default=CONFIG_FILE, help="configuration file (default: '%s')" % os.path.split(CONFIG_FILE)[-1]) options, _ = parser.parse_args() read_config(options.config_file) if config.USE_SSL: try: import OpenSSL except ImportError: if subprocess.mswindows: exit("[!] please install 'pyopenssl' (e.g. 'pip install pyopenssl')") else: msg, _ = "[!] please install 'pyopenssl'", platform.linux_distribution()[0].lower() for distro, install in {("fedora", "centos"): "sudo yum install pyOpenSSL", ("debian", "ubuntu"): "sudo apt-get install python-openssl"}.items(): if _ in distro: msg += " (e.g. '%s')" % install break exit(msg) if not config.SSL_PEM or not os.path.isfile(config.SSL_PEM): hint = "openssl req -new -x509 -keyout %s -out %s -days 365 -nodes -subj '/O=%s CA/C=EU'" % (config.SSL_PEM or "server.pem", config.SSL_PEM or "server.pem", NAME) exit("[!] invalid configuration value for 'SSL_PEM' ('%s')\n[?] (hint: \"%s\")" % (config.SSL_PEM, hint)) def update_timer(): if config.USE_SERVER_UPDATE_TRAILS: update_trails() update_ipcat() thread = threading.Timer(config.UPDATE_PERIOD, update_timer) thread.daemon = True thread.start() if config.UDP_ADDRESS and config.UDP_PORT: if check_sudo() is False: exit("[!] please run '%s' with sudo/Administrator privileges when using 'UDP_ADDRESS' configuration value" % __file__) start_logd(address=config.UDP_ADDRESS, port=config.UDP_PORT, join=False) try: update_timer() start_httpd(address=config.HTTP_ADDRESS, port=config.HTTP_PORT, pem=config.SSL_PEM if config.USE_SSL else None, join=True) except KeyboardInterrupt: print("\r[x] stopping (Ctrl-C pressed)")
def main(): print "%s (server) #v%s\n" % (NAME, VERSION) parser = optparse.OptionParser(version=VERSION) parser.add_option("-c", dest="config_file", default=CONFIG_FILE, help="Configuration file (default: '%s')" % os.path.split(CONFIG_FILE)[-1]) options, _ = parser.parse_args() read_config(options.config_file) if config.USE_SSL: try: import OpenSSL except ImportError: exit( "[!] please install pyopenssl (e.g. 'apt-get install python-openssl')" ) if not config.SSL_PEM or not os.path.isfile(config.SSL_PEM): hint = "openssl req -new -x509 -keyout %s -out %s -days 365 -nodes -subj '/O=%s CA/C=EU'" % ( config.SSL_PEM or "server.pem", config.SSL_PEM or "server.pem", NAME) print "[!] invalid configuration value for 'ssl_pem' ('%s')" % config.SSL_PEM exit("[i] hint: \"%s\"" % hint) def update_timer(): update() thread = threading.Timer(config.UPDATE_PERIOD, update_timer) thread.daemon = True thread.start() if config.UDP_ADDRESS and config.UDP_PORT: start_logd(address=config.UDP_ADDRESS, port=config.UDP_PORT, join=False) try: update_timer() start_httpd(address=config.HTTP_ADDRESS, port=config.HTTP_PORT, pem=config.SSL_PEM if config.USE_SSL else None, join=True) except KeyboardInterrupt: print "\r[x] stopping (Ctrl-C pressed)"
def main(): print("%s (sensor) #v%s\n" % (NAME, VERSION)) parser = optparse.OptionParser(version=VERSION) parser.add_option("-c", dest="config_file", default=CONFIG_FILE, help="Configuration file (default: '%s')" % os.path.split(CONFIG_FILE)[-1]) options, _ = parser.parse_args() if not check_sudo(): exit("[!] please run with sudo/Administrator privileges") read_config(options.config_file) try: init() monitor() except KeyboardInterrupt: print("\r[x] stopping (Ctrl-C pressed)")
def main(): print("%s (sensor) #v%s\n" % (NAME, VERSION)) parser = optparse.OptionParser(version=VERSION) parser.add_option("-c", dest="config_file", default=CONFIG_FILE, help="Configuration file (default: '%s')" % os.path.split(CONFIG_FILE)[-1]) options, _ = parser.parse_args() if not check_sudo(): exit("[!] please run '%s' with sudo/Administrator privileges" % __file__) read_config(options.config_file) try: init() monitor() except KeyboardInterrupt: print("\r[x] stopping (Ctrl-C pressed)")
def main(): print("%s (server) #v%s\n" % (NAME, VERSION)) parser = optparse.OptionParser(version=VERSION) parser.add_option("-c", dest="config_file", default=CONFIG_FILE, help="Configuration file (default: '%s')" % os.path.split(CONFIG_FILE)[-1]) options, _ = parser.parse_args() read_config(options.config_file) if config.USE_SSL: try: import OpenSSL except ImportError: exit("[!] please install pyopenssl (e.g. 'apt-get install python-openssl')") if not config.SSL_PEM or not os.path.isfile(config.SSL_PEM): hint = "openssl req -new -x509 -keyout %s -out %s -days 365 -nodes -subj '/O=%s CA/C=EU'" % (config.SSL_PEM or "server.pem", config.SSL_PEM or "server.pem", NAME) exit("[!] invalid configuration value for 'SSL_PEM' ('%s')\n[i] hint: \"%s\"" % (config.SSL_PEM, hint)) def update_timer(): if config.USE_SERVER_UPDATE_TRAILS: update_trails() update_ipcat() thread = threading.Timer(config.UPDATE_PERIOD, update_timer) thread.daemon = True thread.start() if config.UDP_ADDRESS and config.UDP_PORT: start_logd(address=config.UDP_ADDRESS, port=config.UDP_PORT, join=False) try: update_timer() start_httpd(address=config.HTTP_ADDRESS, port=config.HTTP_PORT, pem=config.SSL_PEM if config.USE_SSL else None, join=True) except KeyboardInterrupt: print("\r[x] stopping (Ctrl-C pressed)")
def main(): print("%s (server) #v%s\n" % (NAME, VERSION)) parser = optparse.OptionParser(version=VERSION) parser.add_option("-c", dest="config_file", default=CONFIG_FILE, help="configuration file (default: '%s')" % os.path.split(CONFIG_FILE)[-1]) options, _ = parser.parse_args() read_config(options.config_file) if config.USE_SSL: try: import OpenSSL except ImportError: if subprocess.mswindows: exit("[!] please install 'pyopenssl' (e.g. 'pip install pyopenssl')") else: msg, _ = "[!] please install 'pyopenssl'", platform.linux_distribution()[0].lower() for distro, install in {("fedora", "centos"): "sudo yum install pyOpenSSL", ("debian", "ubuntu"): "sudo apt-get install python-openssl"}.items(): if _ in distro: msg += " (e.g. '%s')" % install break exit(msg) if not config.SSL_PEM or not os.path.isfile(config.SSL_PEM): hint = "openssl req -new -x509 -keyout %s -out %s -days 365 -nodes -subj '/O=%s CA/C=EU'" % (config.SSL_PEM or "server.pem", config.SSL_PEM or "server.pem", NAME) exit("[!] invalid configuration value for 'SSL_PEM' ('%s')\n[?] (hint: \"%s\")" % (config.SSL_PEM, hint)) def update_timer(): retries = 0 while retries < CHECK_CONNECTION_MAX_RETRIES and not check_connection(): sys.stdout.write("[!] can't update because of lack of network connection (waiting..." if not retries else '.') sys.stdout.flush() time.sleep(10) retries += 1 if retries: print(")") if retries == CHECK_CONNECTION_MAX_RETRIES: print("[x] going to continue without update") else: if config.USE_SERVER_UPDATE_TRAILS: update_trails() update_ipcat() thread = threading.Timer(config.UPDATE_PERIOD, update_timer) thread.daemon = True thread.start() if config.UDP_ADDRESS and config.UDP_PORT: if check_sudo() is False: exit("[!] please run '%s' with sudo/Administrator privileges when using 'UDP_ADDRESS' configuration value" % __file__) start_logd(address=config.UDP_ADDRESS, port=config.UDP_PORT, join=False) try: update_timer() start_httpd(address=config.HTTP_ADDRESS, port=config.HTTP_PORT, pem=config.SSL_PEM if config.USE_SSL else None, join=True) except KeyboardInterrupt: print("\r[x] stopping (Ctrl-C pressed)")
def main(): print("%s (server) #v%s\n" % (NAME, VERSION)) if "--version" in sys.argv: raise SystemExit parser = optparse.OptionParser(version=VERSION) parser.add_option("-c", dest="config_file", default=CONFIG_FILE, help="configuration file (default: '%s')" % os.path.split(CONFIG_FILE)[-1]) parser.add_option("--debug", dest="debug", action="store_true", help=optparse.SUPPRESS_HELP) options, _ = parser.parse_args() read_config(options.config_file) if options.debug: config.SHOW_DEBUG = True if config.USE_SSL: try: __import__("OpenSSL") except ImportError: if IS_WIN: exit( "[!] please install 'pyopenssl' (e.g. 'pip install pyopenssl')" ) else: msg = "[!] please install 'pyopenssl'" for distros, install in { ("fedora", "centos"): "sudo yum install pyOpenSSL", ("debian", "ubuntu"): "sudo apt-get install python-openssl" }.items(): for distro in distros: if distro in (platform.uname()[3] or "").lower(): msg += " (e.g. '%s')" % install break exit(msg) if not config.SSL_PEM or not os.path.isfile(config.SSL_PEM): hint = "openssl req -new -x509 -keyout %s -out %s -days 365 -nodes -subj '/O=%s CA/C=EU'" % ( config.SSL_PEM or "server.pem", config.SSL_PEM or "server.pem", NAME) exit( "[!] invalid configuration value for 'SSL_PEM' ('%s')\n[?] (hint: \"%s\")" % (config.SSL_PEM, hint)) def update_timer(): retries = 0 while retries < CHECK_CONNECTION_MAX_RETRIES and not check_connection( ): sys.stdout.write( "[!] can't update because of lack of Internet connection (waiting..." if not retries else '.') sys.stdout.flush() time.sleep(10) retries += 1 if retries: print(")") if retries == CHECK_CONNECTION_MAX_RETRIES: print("[x] going to continue without online update") _ = update_trails(offline=True) else: _ = update_trails() update_ipcat() thread = threading.Timer(config.UPDATE_PERIOD, update_timer) thread.daemon = True thread.start() if config.UDP_ADDRESS and config.UDP_PORT: if config.UDP_PORT <= 1024 and not config.DISABLE_CHECK_SUDO and check_sudo( ) is False: exit( "[!] please run '%s' with root privileges when using 'UDP_ADDRESS' configuration value" % __file__) create_log_directory() start_logd(address=config.UDP_ADDRESS, port=config.UDP_PORT, join=False) try: if config.USE_SERVER_UPDATE_TRAILS: update_timer() start_httpd(address=config.HTTP_ADDRESS, port=config.HTTP_PORT, pem=config.SSL_PEM if config.USE_SSL else None, join=True) except KeyboardInterrupt: print("\r[x] stopping (Ctrl-C pressed)")
def main(): print("%s (server) #v%s\n" % (NAME, VERSION)) parser = optparse.OptionParser(version=VERSION) parser.add_option("-c", dest="config_file", default=CONFIG_FILE, help="configuration file (default: '%s')" % os.path.split(CONFIG_FILE)[-1]) options, _ = parser.parse_args() read_config(options.config_file) if config.USE_SSL: try: import OpenSSL except ImportError: if subprocess.mswindows: exit("[!] please install 'pyopenssl' (e.g. 'pip install pyopenssl')") else: msg, _ = "[!] please install 'pyopenssl'", platform.linux_distribution()[0].lower() for distro, install in {("fedora", "centos"): "sudo yum install pyOpenSSL", ("debian", "ubuntu"): "sudo apt-get install python-openssl"}.items(): if _ in distro: msg += " (e.g. '%s')" % install break exit(msg) if not config.SSL_PEM or not os.path.isfile(config.SSL_PEM): hint = "openssl req -new -x509 -keyout %s -out %s -days 365 -nodes -subj '/O=%s CA/C=EU'" % (config.SSL_PEM or "server.pem", config.SSL_PEM or "server.pem", NAME) exit("[!] invalid configuration value for 'SSL_PEM' ('%s')\n[?] (hint: \"%s\")" % (config.SSL_PEM, hint)) def update_timer(): retries = 0 while retries < CHECK_CONNECTION_MAX_RETRIES and not check_connection(): sys.stdout.write("[!] can't update because of lack of Internet connection (waiting..." if not retries else '.') sys.stdout.flush() time.sleep(10) retries += 1 if retries: print(")") if retries == CHECK_CONNECTION_MAX_RETRIES: print("[x] going to continue without online update") _ = update_trails(offline=True) else: _ = update_trails() update_ipcat() thread = threading.Timer(config.UPDATE_PERIOD, update_timer) thread.daemon = True thread.start() if config.UDP_ADDRESS and config.UDP_PORT: if config.UDP_PORT <= 1024 and not config.DISABLE_CHECK_SUDO and check_sudo() is False: exit("[!] please run '%s' with sudo/Administrator privileges when using 'UDP_ADDRESS' configuration value" % __file__) create_log_directory() start_logd(address=config.UDP_ADDRESS, port=config.UDP_PORT, join=False) try: if config.USE_SERVER_UPDATE_TRAILS: update_timer() start_httpd(address=config.HTTP_ADDRESS, port=config.HTTP_PORT, pem=config.SSL_PEM if config.USE_SSL else None, join=True) except KeyboardInterrupt: print("\r[x] stopping (Ctrl-C pressed)")