def addRecord(self, ip): '''add a new connection to redis''' # set searchkey globalLog.getError().log(globalLog.DEBUG, \ "searchkey:%s"%(ip)) # get info from redis and store info into redis return True if self._addRecord(ip) >= self._maxnum else False
def _writeReject(self, data): '''write attack information into file''' # create attackfile try: if os.path.exists(BLACK_FILE) is False: open(BLACK_FILE, 'w').close() if os.path.exists(BLACK_PIPE) is False: os.mkfifo(BLACK_PIPE) except Exception as msg: globalLog.getError().log( globalLog.WARNING, '%s:Handle attack file %s.' % (msg, BLACK_FILE)) return # write info into attack file(pipe and normal file) try: # Whether existed blacklist ip with open(BLACK_FILE, 'r') as reFd: strbuf = reFd.read() if data in strbuf: return # write black into file with open(BLACK_FILE, 'a') as inFd: inFd.write(data + '\n') # write into pipe self._attackPip.write(data) self._attackPip.flush() except Exception as msg: globalLog.getError().log(globalLog.WARNING, 'Warning:replace file failed(%s)' % (msg))
def stop(self): """ Stop the daemon """ # Get the pid from the pidfile try: pf = file(self.pidfile, 'r') pid = int(pf.read().strip()) pf.close() except IOError: pid = None if not pid: message = "pidfile %s does not exist. Daemon not running?\n" globalLog.getError().log(globalLog.ERROR, message % self.pidfile) return # not an error in a restart # Try killing the daemon process try: while True: os.kill(pid, SIGTERM) time.sleep(0.1) except OSError as err: err = str(err) if err.find("No such process") > 0: if os.path.exists(self.pidfile): os.remove(self.pidfile) else: globalLog.getError().log(globalLog.ERROR, 'Daemon stop:%s' % err) sys.exit(1)
def stop(self): """ Stop the daemon """ # Get the pid from the pidfile try: pf = file(self.pidfile,'r') pid = int(pf.read().strip()) pf.close() except IOError: pid = None if not pid: message = "pidfile %s does not exist. Daemon not running?\n" globalLog.getError().log(globalLog.ERROR, message % self.pidfile) return # not an error in a restart # Try killing the daemon process try: while 1: os.kill(pid, SIGTERM) time.sleep(0.1) except OSError, err: err = str(err) if err.find("No such process") > 0: if os.path.exists(self.pidfile): os.remove(self.pidfile) else: globalLog.getError().log(globalLog.ERROR, 'Daemon stop:%s'%err) sys.exit(1)
def connectDb(self): '''connect DB''' try: self._db = MySQLdb.connect(self._address, self._user, self._passwd, self._db) self._cursor = self._db.cursor() except Exception,msg: globalLog.getError().log(globalLog.ERROR, \ 'Connect SqlDB failed, msg:%s'%(msg)) return
def _handleModuleRedis(self, len, data): '''handle redis package''' globalLog.getError().log(globalLog.DEBUG, "HandleRedis:blackip:%s" % data) #self._redisConn.addRecord(info[0], info[1]) if self._redisConn.addRecord(data): globalLog.getError().log(globalLog.INFO, "Write blacklist:%s" % data) self._writeReject(data)
def _handleModuleRedis(self, len, data): '''handle redis package''' globalLog.getError().log(globalLog.DEBUG, \ "HandleRedis:blackip:%s"%data) #self._redisConn.addRecord(info[0], info[1]) if self._redisConn.addRecord(data): globalLog.getError().log(globalLog.INFO, \ "Write blacklist:%s"%data) self._writeReject(data)
def innerFunc(*args, **kw): try: return func(*args, **kw) except Exception,msg: traceList = traceback.extract_tb(sys.exc_traceback) for (file,lineno, funcname,text) in traceList: globalLog.getError().log(globalLog.ERROR, \ "Occur error, func:%s,lineno:%s, msg:%s"%(funcname, lineno, msg)) return None
def innerFunc(*args, **kw): try: return func(*args, **kw) except Exception as msg: traceList = traceback.extract_tb(sys.exc_info()[2]) for (file, lineno, funcname, text) in traceList: globalLog.getError().log( globalLog.ERROR, "Occur error, func:%s,lineno:%s, msg:%s" % (funcname, lineno, msg)) sys.exit(-1)
def __init__(self, host='127.0.0.1', port=6379, maxnum = 2000000): '''init''' try: self._client = redis.Redis(host, port, db=0) self._pipeline = self._client.pipeline() # transation except Exception: globalLog.getError().log(globalLog.ERROR, 'connect redis server failed!') sys.exit(-1) self._maxnum = maxnum # redis key which store black list self._attackKey = 'nginx.blacklist'
def __init__(self, host='127.0.0.1', port=6379, maxnum=2000000): '''init''' try: self._client = redis.Redis(host, port, db=0) self._pipeline = self._client.pipeline() # transation except Exception: globalLog.getError().log(globalLog.ERROR, 'connect redis server failed!') sys.exit(-1) self._maxnum = maxnum # redis key which store black list self._attackKey = 'nginx.blacklist'
def _createPipe(self, filename): '''Create a pipe''' try: if os.path.exists(filename) is False: os.mkfifo(filename) self._attackPip = open(filename, 'w') globalLog.getError().log(globalLog.DEBUG, \ 'Create pipe file successful') except (OSError, Exception), msg: globalLog.getError().log(globalLog.ERROR, \ 'Create and Open FIFO failed, %s'%msg) sys.exit(-1)
def _createPipe(self, filename): '''Create a pipe''' try: if os.path.exists(filename) is False: os.mkfifo(filename) self._attackPip = open(filename, 'w') globalLog.getError().log(globalLog.DEBUG, 'Create pipe file successful') except (OSError, Exception) as msg: globalLog.getError().log(globalLog.ERROR, 'Create and Open FIFO failed, %s' % msg) sys.exit(-1)
def _writeReject(self, data): '''write attack information into file''' # create attackfile try: if os.path.exists(BLACK_FILE) is False: open(BLACK_FILE, 'w').close() if os.path.exists(BLACK_PIPE) is False: os.mkfifo(BLACK_PIPE) except Exception,msg: globalLog.getError().log(globalLog.WARNING, \ '%s:Handle attack file %s.'%(msg, BLACK_FILE)) return
def _bindSocket(self, ip, port): '''bind socket''' address = (ip, port) try: self._sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self._sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) self._sock.bind(address) self._sock.setblocking(0) self._sock.listen(10) except Exception, msg: globalLog.getError().log(globalLog.ERROR, \ 'AgentServer:bind socket %s failed, %s'%(ip,msg)) sys.exit(-1)
def daemonize(self): """ do the UNIX double-fork magic, see Stevens' "Advanced Programming in the UNIX Environment" for details (ISBN 0201563177) """ # do first fork try: pid = os.fork() if pid > 0: sys.exit(0) except OSError, e: globalLog.getError().log(globalLog.ERROR, "fork #1 failed: %d (%s)\n" % (e.errno, e.strerror)) sys.exit(1)
def _addRecord(self, searchkey): '''add a new connection to redis''' # add command to pipe if not self._client.get(searchkey): self._pipeline.setex(searchkey, 0, 60) else: self._pipeline.incr(searchkey) self._pipeline.get(searchkey) # execute command try: return int(self._pipeline.execute()[-1]) except Exception: globalLog.getError().log( globalLog.ERROR, 'AgentServer:execute redis command failed.') return self._maxnum
def _addRecord(self, searchkey): '''add a new connection to redis''' # add command to pipe if not self._client.get(searchkey): self._pipeline.setex(searchkey, 0, 60) else: self._pipeline.incr(searchkey) self._pipeline.get(searchkey) # execute command try: return int(self._pipeline.execute()[-1]) except Exception: globalLog.getError().log(globalLog.ERROR, \ 'AgentServer:execute redis command failed.') return self._maxnum
def _bindSocket(self, ip, port): '''bind socket''' address = (ip, port) try: self._sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self._sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) self._sock.bind(address) self._sock.setblocking(0) self._sock.listen(10) except Exception as msg: globalLog.getError().log( globalLog.ERROR, 'AgentServer:bind socket %s failed, %s' % (ip, msg)) sys.exit(-1) globalLog.getError().log(globalLog.DEBUG, 'Bind %s successful.' % ip)
def executeSql(self, sql, isReturn=False): '''execute sql command''' try: self.execute(sql) self._db.commit() if not isReturn: return results = self._cursor.fetchall() for row in results: globalLog.getError.log(globalLog.ERROR, \ 'row0=%s'%(row[0])) except Exception,msg: self._db.rollbak() globalLog.getError().log(globalLog.ERROR, \ 'Execute sql failed, sql=%s, msg:%s'%(sql, msg))
def waitConnection(self, poller, readOnly, fdToSocket, timeout): '''''' # poll timeout events = poller.poll(timeout) for fd, flag in events: # retrieve the actual socket from its file descriptor s = fdToSocket[fd] # handle inputs if (flag & (select.POLLIN | select.POLLPRI)) and \ not self._receivePackage(poller, s, fdToSocket, readOnly): poller.unregister(s) s.close() del fdToSocket[fd] elif flag & (select.POLLHUP | select.POLLERR): globalLog.getError().log(globalLog.ERROR, 'Client close connection') poller.unregister(s) s.close()
def _receivePackage(self, poller, conn, fdToSocket, readOnly): '''receive package''' try: if conn is self._sock: # add clifd to events globalLog.getError().log(globalLog.DEBUG, 'A new connection come on.') conn, cliAddr = conn.accept() conn.setblocking(0) fdToSocket[conn.fileno()] = conn poller.register(conn, readOnly) return True else: # receive data return False if not self._recvPackageFromClient(conn) else True except Exception, msg: globalLog.getError().log(globalLog.ERROR, msg) return False
def _receivePackage(self, poller, conn, fdToSocket, readOnly): '''receive package''' try: if conn is self._sock: # add clifd to events globalLog.getError().log(globalLog.DEBUG, 'A new connection come on.') conn, cliAddr = conn.accept() conn.setblocking(0) fdToSocket[conn.fileno()] = conn poller.register(conn, readOnly) return True else: # receive data return False if not self._recvPackageFromClient(conn) else True except Exception as msg: globalLog.getError().log(globalLog.ERROR, msg) return False
def handle(self): '''waitting client connection''' # commonly used flag sets timeout = 1000 readOnly = (select.POLLIN | select.POLLPRI| select.POLLHUP | select.POLLERR) # set up the poller self.poller = select.poll() self.poller.register(self._sock, readOnly) # map file descirptors to socket objects self.fdToSocket = { self._sock.fileno():self._sock, } # communicate while True: try: self.waitConnection(self.poller, readOnly, self.fdToSocket, timeout) except Exception,msg: globalLog.getError().log(globalLog.ERROR, \ 'Exception in server handle:%s'%msg);
def handle(self): '''waitting client connection''' # commonly used flag sets timeout = 1000 readOnly = (select.POLLIN | select.POLLPRI | select.POLLHUP | select.POLLERR) # set up the poller self.poller = select.poll() self.poller.register(self._sock, readOnly) # map file descirptors to socket objects self.fdToSocket = { self._sock.fileno(): self._sock, } # communicate while True: try: self.waitConnection(self.poller, readOnly, self.fdToSocket, timeout) except Exception as msg: globalLog.getError().log(globalLog.ERROR, 'Exception in server handle:%s' % msg)
def start(self): """ Start the daemon """ # Check for a pidfile to see if the daemon already runs try: pf = file(self.pidfile, 'r') pid = int(pf.read().strip()) pf.close() except IOError: pid = None # existed daemon process, quit if pid: message = "pidfile %s already exist. Daemon already running?\n" globalLog.getError().log(globalLog.ERROR, message % self.pidfile) sys.exit(1) # Start the daemon self.daemonize() # run self.run()
def start(self): """ Start the daemon """ # Check for a pidfile to see if the daemon already runs try: pf = file(self.pidfile,'r') pid = int(pf.read().strip()) pf.close() except IOError: pid = None # existed daemon process, quit if pid: message = "pidfile %s already exist. Daemon already running?\n" globalLog.getError().log(globalLog.ERROR, message % self.pidfile) sys.exit(1) # Start the daemon self.daemonize() # run self.run()
def daemonize(self): """ do the UNIX double-fork magic, see Stevens' "Advanced Programming in the UNIX Environment" for details (ISBN 0201563177) """ # do first fork try: pid = os.fork() if pid > 0: sys.exit(0) except OSError as e: globalLog.getError().log( globalLog.ERROR, "fork #1 failed: %d (%s)\n" % (e.errno, e.strerror)) sys.exit(1) # decouple from parent environment os.chdir("/") os.setsid() os.umask(0) # do second fork try: pid = os.fork() if pid > 0: sys.exit(0) except OSError as e: globalLog.getError().log( globalLog.ERROR, "fork #2 failed: %d (%s)\n" % (e.errno, e.strerror)) sys.exit(1) # redirect standard file descriptors sys.stdout.flush() sys.stderr.flush() si = file(self.stdin, 'r') so = file(self.stdout, 'a+') se = file(self.stderr, 'a+', 0) os.dup2(si.fileno(), sys.stdin.fileno()) os.dup2(so.fileno(), sys.stdout.fileno()) os.dup2(se.fileno(), sys.stderr.fileno()) # registrem destructor function atexit.register(self.delpid) # write pidfile try: fd = open(self.pidfile, 'w+') fd.write('%s\n' % (str(os.getpid()))) fd.close() except IOError as msg: globalLog.getError().log(globalLog.ERROR, "%s:open pidfile failed." % msg) sys.exit(1)
def addRecord(self, ip): '''add a new connection to redis''' # set searchkey globalLog.getError().log(globalLog.DEBUG, "searchkey:%s" % (ip)) # get info from redis and store info into redis return True if self._addRecord(ip) >= self._maxnum else False
def sigInt(self, signum, frame): '''SIGINT handle''' globalLog.getError().log(globalLog.ERROR, "Receive SIGINT, eixt process")
from basepackage.baselog import globalLog if __name__ == '__main__': '''test''' '''测试AgentServer通信机制''' server_address = '127.0.0.1' port = 8008 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # 连接服务器 try: sock.connect((server_address, port)) except socket.error as msg: sock.close() print(msg) globalLog.getError().log(globalLog.ERROR, '%s' % msg) # 发送报文信息 for i in range(1, 10000): client_ip = '192.168.168.168' token = '0' if i % 2010 else '20150724205220-gelgessssssjsjsjsjsjsjsjsjs%d' % ( i) data = ' '.join([client_ip, token]) ptype = '00' length = '%04d' % len(data) package = ''.join([ptype, length, data]) print('%s ----- %d' % (package, i)) try: sock.send(package) except socket.error as msg: print(msg)
def _recvPackageFromClient(self, conn): '''conmmnicate between server and client''' preLength = 8 # len(type + data_len),结构体本身的长度 #import pdb # pdb.set_trace() # receive package (hexadecimal number) data = conn.recv(preLength) if not data: globalLog.getError().log(globalLog.DEBUG, 'Received Null string, client close.') return False elif len(data) != preLength: globalLog.getError().log(globalLog.DEBUG, 'Package too small, drop package.') return True (type, totalLen) = struct.unpack('<ii', data) globalLog.getError().log( globalLog.DEBUG, "Package Type:%d, PackageLeng=%d" % (type, totalLen)) # receive package(content) data = conn.recv(totalLen) if not data: globalLog.getError().log( globalLog.ERROR, 'Received Null string, perhaps client close.') return False elif len(data) != totalLen: globalLog.getError().log(globalLog.DEBUG, 'Package too small, drop package.') return True # handle globalLog.getError().log(globalLog.DEBUG, "Pacakge Content=%s" % data) self._handleModule(type, totalLen, data) return True
si = file(self.stdin, 'r') so = file(self.stdout, 'a+') se = file(self.stderr, 'a+', 0) os.dup2(si.fileno(), sys.stdin.fileno()) os.dup2(so.fileno(), sys.stdout.fileno()) os.dup2(se.fileno(), sys.stderr.fileno()) # registrem destructor function atexit.register(self.delpid) # write pidfile try: fd = open(self.pidfile, 'w+') fd.write('%s\n'%(str(os.getpid()))) fd.close() except IOError,msg: globalLog.getError().log(globalLog.ERROR, "%s:open pidfile failed."%msg) sys.exit(1) def __del__(self): '''some handle after SIGTERM''' pass def sigInt(self, signum, frame): '''SIGINT handle''' globalLog.getError().log(globalLog.ERROR, "Receive SIGINT, eixt process") #os.kill(os.getpid(), signal.SIGTERM) def delpid(self): '''destructor function''' os.remove(self.pidfile)
from basepackage.baselog import globalLog if __name__ == '__main__': '''test''' '''测试AgentServer通信机制''' server_address = '127.0.0.1' port = 8008 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # 连接服务器 try: sock.connect((server_address, port)) except socket.error,msg: sock.close() print msg globalLog.getError().log(globalLog.ERROR, '%s'%msg) # 发送报文信息 for i in range(1,10000): client_ip = '192.168.168.168' token = '0' if i%2010 else '20150724205220-gelgessssssjsjsjsjsjsjsjsjs%d'%(i) data = ' '.join([client_ip, token]) ptype = '00' length = '%04d'%len(data) package = ''.join([ptype, length, data]) print '%s ----- %d'%(package, i) try: sock.send(package) except socket.error, msg: print msg globalLog.getError().log(globalLog.ERROR, '%s'%msg)
def _recvPackageFromClient(self, conn): '''conmmnicate between server and client''' preLength = 8# len(type + data_len),结构体本身的长度 #import pdb #pdb.set_trace() # receive package (hexadecimal number) data = conn.recv(preLength) if not data: globalLog.getError().log(globalLog.DEBUG, \ 'Received Null string, client close.') return False elif len(data) != preLength: globalLog.getError().log(globalLog.DEBUG, \ 'Package too small, drop package.') return True (type, totalLen) = struct.unpack('<ii', data) globalLog.getError().log(globalLog.DEBUG, \ "Package Type:%d, PackageLeng=%d"%(type, totalLen)) # receive package(content) data = conn.recv(totalLen) if not data: globalLog.getError().log(globalLog.ERROR, \ 'Received Null string, perhaps client close.') return False elif len(data) != totalLen: globalLog.getError().log(globalLog.DEBUG, \ 'Package too small, drop package.') return True # handle globalLog.getError().log(globalLog.DEBUG, "Pacakge Content=%s"%data) self._handleModule(type, totalLen, data) return True
sys.exit(-1) def _bindSocket(self, ip, port): '''bind socket''' address = (ip, port) try: self._sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self._sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) self._sock.bind(address) self._sock.setblocking(0) self._sock.listen(10) except Exception, msg: globalLog.getError().log(globalLog.ERROR, \ 'AgentServer:bind socket %s failed, %s'%(ip,msg)) sys.exit(-1) globalLog.getError().log(globalLog.DEBUG, 'Bind %s successful.'%ip) def _writeReject(self, data): '''write attack information into file''' # create attackfile try: if os.path.exists(BLACK_FILE) is False: open(BLACK_FILE, 'w').close() if os.path.exists(BLACK_PIPE) is False: os.mkfifo(BLACK_PIPE) except Exception,msg: globalLog.getError().log(globalLog.WARNING, \ '%s:Handle attack file %s.'%(msg, BLACK_FILE)) return # write info into attack file(pipe and normal file)