def get_blackbox_logs_count_from_es(level, time_filter):
"""
从es中读取某一个级别的trustFile日志数量
:param level: 日志级别
:return: 该级别的日志总条数result['hits']['total']
"""
jc = JsonConfiguration() # share.json
es = Elasticsearch(jc.es_server_ip_port) # 连接ES
index_list = []
body = {
"query": {
"bool": {
"must": [
{
"match_phrase": {
"_type": "trustLog"
}
}, # 必须匹配规则
{
"match_phrase": {
"message": "[" + level + "]"
}
} # 必须匹配规则
],
"filter": {
"range": {
"@timestamp": {
"gte": "now-%ds" % time_filter,
"lte": "now"
}
}
} # 时间过滤器
}
},
"size": 1,
}
index_list.append(jc.trustlog_index)
try:
result = es.search(index=index_list,
body=body,
ignore_unavailable=True) # 从es中读取
except Exception as e:
logger.error(e)
return 0
return result['hits']['total']
def __init__(self, invoke_addr):
"""
构造方法
:param invoke_addr: RPC Server得治
"""
super(ClamavRPCClient, self).__init__()
config = JsonConfiguration()
self.ip = invoke_addr
self.port = config.used_ports['clamav_rpc']
try:
# socket连接
self.socket = TSocket.TSocket(self.ip, self.port)
# 传输类,TFramedTransport使用非阻塞方式,按块的大小,进行传输
self.transport = TTransport.TFramedTransport(self.socket)
# 协议类,二进制编码格式进行数据传输
self.protocol = TBinaryProtocol.TBinaryProtocol(self.transport)
# 客户端
self.client = ClamavRPCService.Client(self.protocol)
# 开启传输
self.transport.open()
except Exception as e:
logger.error(e)
"""
报警系统的前端接口
author:YangZe
"""
import json
import redis
from django.http.response import HttpResponse
from app_fuzhou.views_utils.localconfig import JsonConfiguration
from app_fuzhou.views_utils.logger import logger
from app_fuzhou.models import WarningList
from app_fuzhou.views_utils.service.warningservice.send_mail import \
clear_mail_to_list_cache
jc = JsonConfiguration()
SESSION_TIMEOUT_REDIS_KEY = 'octa_web_session_timeout'
def add_warninglist(request):
"""
添加警报名单
:param request:
:return:
"""
try:
phone = request.POST.get("phone")
email = request.POST.get("email")
WarningList.objects.create(phone=phone, email=email, enabled=1)
clear_mail_to_list_cache() # 清除redis缓存
此模块的功能主要是提供给前段相应的接口,实现扫描病毒的相关功能
"""
import json
import os
import threading
from app_fuzhou.views_utils.logger import logger
from app_fuzhou.views_utils.localconfig import JsonConfiguration
from app_fuzhou.util import mysql_base_api
from app_fuzhou.views_utils.rpc.clamav.clamav_rpc_client import ClamavRPCClient
from app_fuzhou.views_utils.scheduler_single_instance import SchedulerSingleInstance
from app_fuzhou.models import AppFuzhouGroupIp, ClamavTaskID, TaskGroupIp, ClamavTask
from app_fuzhou.views.v1.antivirus import Scan
from app_fuzhou.models import AppFuzhouGroupIp, AppFuzhouGroup, MachineList
CONFIG = JsonConfiguration()
TYPE = "clamav"
class FileScanDetail(object):
"""
ClamAV扫描文件的信息
"""
def __init__(self, file="", status="", flag=0):
"""
:param file: 文件全限定名
:param status: 文件状态
:param flag: 通信状态码,0表示正在扫描中,1表示扫描结束,2表示终止扫描,3表示初始化
"""
self.file = file
self.status = status
"""
本例用来从ElasticSearch中每15秒读取一次waf,将新的攻击数目记录到mysql,线程运行
Author YangZe
Date 2017-5-18
"""
import time
import datetime
import threading
from elasticsearch import Elasticsearch
from app_fuzhou.views_utils.localconfig import JsonConfiguration
from app_fuzhou.views_utils.logger import logger
from app_fuzhou.util import mysql_base_api
LOCAL_CONFIG = JsonConfiguration() # share.json
# Lock = threading.Lock()
INDEX = 'filebeat'
TIME_INTERVAL = 15
def read_waf_from_es():
"""
从es中读取wafLog记录,存到mysql中
:return:
"""
hosts = LOCAL_CONFIG.client_audit_hosts # 从share.json中读取client的ip
index_list = []
body = {
"query": {
此模块提供接收防火墙的攻击IP信息、查询攻击IP地址查询的功能
Author: Jing Qingyun
"""
import time
import zmq
import MySQLdb
import json
import datetime
import random
from app_fuzhou.views_utils.logger import logger
from app_fuzhou.views_utils.localconfig import JsonConfiguration
from app_fuzhou.views_utils.security import RSACrypto
GLOBAL_CONFIG = JsonConfiguration()
SERVER_ADDRESS = 'tcp://*:%s' % GLOBAL_CONFIG.used_ports['attack_ip']
RECV_TIMEWAIT = 0.1
TYPE_COLORS = {
"http-defense": [228, 78, 143],
"dos-attack": [159, 60, 222],
"web-attack": [52, 182, 225],
"sensitive-data-tracking": [67, 197, 142],
"identification-error": [222, 213, 60]
}
HEAD = {
"id": "document",
"name": "CZML Geometries: test node data",
from django.http import JsonResponse
from app_fuzhou.views_utils.utils_home import *
from app_fuzhou.views_utils import utils_home
from app_fuzhou.util.metricbeat import *
from app_fuzhou.views.v1.chain import __chain_node_count
from app_fuzhou.models import WhiteList, BlackboxHost, TrustLog
from app_fuzhou.views_utils.utils_attack_server import _get_watcherlab_count_info, string2time, get_watcherlab_info_limit
from app_fuzhou.views_utils import utils_waf
from elasticsearch import Elasticsearch
from app_fuzhou.views_utils.localconfig import JsonConfiguration
from app_fuzhou.views_utils.utils_waf import get_state_info_dict
from app_fuzhou.views_utils.utils_attack_server import get_server_status
jc = JsonConfiguration() # share.json
server_ip = jc.server_ip
es = Elasticsearch(jc.es_server_ip_port) # 连接ES
# 初始化常量类
GLOBAL_CONFIG = GlobalConf()
BUG_WEIGHT = 1
FULL_SCORE = 100
def index_score(request):
"""
主页的分数
:param request:
:return json.dumps(return_dic):
"""
@author: long
"""
'''
#SDK演示类
#1. 新增人脸到数据库
#2. 基于存档人脸的实时视频流下的人脸识别和标记
'''
import numpy as np
import datetime
import time
import cv2
# from app_fuzhou.views_utils.InsightEye import insightconfig
from app_fuzhou.views_utils.InsightEye import insightdb, insightface, insightvideo
from app_fuzhou.views_utils.localconfig import JsonConfiguration
local_config = JsonConfiguration()
inface = insightface.insightface()
# conf=insightconfig.insighconfig('app_fuzhou/views_utils/InsightEye/insightconfig.ini')
# invideo = insightvideo.insightvideo(conf.conf_dict)
# video_stream = invideo.getvideostream(video='video',mysql='mysql',
# scale_ratio='scale_ratio_2',
# knn='knn_3',tolerance='tolerance_1',
# model_detection = 'model_detection_1')
# conf_data = video_stream.conf_dict
conf_data = {
'video': {
'addr': local_config.face['addr'],
'type': local_config.face['type'],
'size': local_config.face['size']
},
