def dnx_blocked():
License.timeout_status()
# checking for domain sent by nginx that is being redirected to firewall. if domain doesnt exist (user navigated to
# this page manually) then a not authorized page will be served. If the domain is not a valid domain (regex) the request
# will be ridirected back to blocked page without a domain. NOTE: this is a crazy bit of code that should be tested much
# more as it is possible to do a sql injection here if the validations below are bypassed.
blocked_domain = request.args.get('dom', None)
if (not blocked_domain):
session.pop('username', None)
return render_template('dnx_not_authorized.html', navi=True, login_btn=True, idle_timeout=False)
try:
validate.domain(blocked_domain)
except ValidationError:
session.pop('username', None)
return render_template('dnx_not_authorized.html', navi=True, login_btn=True, idle_timeout=False)
with DBConnector() as ProxyDB:
domain_info = ProxyDB.query_blocked(domain=blocked_domain, src_ip=request.remote_addr)
if (not domain_info):
session.pop('username', None)
return render_template('dnx_not_authorized.html', navi=True, login_btn=True, idle_timeout=False)
page_settings = {
'navi': True, 'login_btn': True, 'idle_timeout': False,
'standard_error': False, 'src_ip': request.remote_addr, 'blocked': domain_info
}
return render_template('dnx_blocked.html', **page_settings)
def get_table_data(action, *, table, method, users=None):
'''will query the database by using getattr(FirewallDB, f'query_{method}') on DB Connector context.
this will return a max of 100 entries.'''
with DBConnector() as FirewallDB:
query_method = getattr(FirewallDB, f'query_{method}')
table_data = query_method(100, table=table, action=action)
return [format_row(row, users) for row in table_data]
def update_page(form):
table_type = form.get('table', 'db_time')
selected_num = {
'db_time': '1', 'db_count': '2', 'dv_time': '3', 'dv_count': '4',
'ad_time': '5', 'ad_count': '6', 'ip_hosts_time':'7' , 'ips_time':'8',
'ic_all': '9'
}
# TODO: bring validation up to speed (ensure host is valid mac format). make database raise validation error if the when removing
# a client that isnt present in the db. this means some tomfoolery happened and we should return
# invalid form error.
menu_option = selected_num.get(table_type, '1')
if ('i_client_remove' in form):
infected_client = form.get('infected_client', None)
detected_host = form.get('detected_host', None)
if (not infected_client or not detected_host):
return None # NOTE: should this be an error?
with DBConnector() as FirewallDB:
FirewallDB.infected_remove(infected_client, detected_host, table='infectedclients')
FirewallDB.commit_entries()
if (table_type in ['db_time', 'db_count']):
action = 'blocked'
elif (table_type in ['dv_time', 'dv_count']):
action = 'allowed'
elif (table_type in ['ad_time', 'ad_count']):
action = 'all'
#domains blocked, viewed, or both
if (table_type in ['db_time', 'dv_time', 'ad_time']):
return get_table_data(action, table='dnsproxy', method='last'), menu_option, '1'
#domains blocked, viewed, or both
elif (table_type in ['db_count', 'dv_count', 'ad_count']):
return get_table_data(action, table='dnsproxy', method='top'), menu_option, '1'
elif (table_type in ['ip_hosts_time']):
return get_table_data(action='all', table='ipproxy', method='last'), menu_option, '2'
elif (table_type in ['ips_time']):
return get_table_data(action='all', table='ips', method='last'), menu_option, '3'
elif (table_type in ['ic_all'] or 'i_client_remove' in form):
dhcp_server = load_configuration('dhcp_server')['dhcp_server']
users = dhcp_server['reservations']
return get_table_data(action='all', table='infectedclients', method='last', users=users), menu_option, '4'
def load_page():
with DBConnector() as ProxyDB:
domain_count = ProxyDB.unique_domain_count(table='dnsproxy',
action='blocked')
top_domains = ProxyDB.dashboard_query_top(5,
table='dnsproxy',
action='blocked')
request_count = ProxyDB.total_request_count(table='dnsproxy',
action='blocked')
inf_hosts = ProxyDB.query_last(5,
table='infectedclients',
action='all')
# TODO: see if this is a candidate for a class method
Int = Interface()
intstat = Int.bandwidth()
uptime = System.uptime()
cpu = System.cpu_usage()
ram = System.ram_usage()
dns_servers = System.dns_status()
# TODO: make this iterable
dns_proxy = Services.status('dnx-dns-proxy')
ip_proxy = Services.status('dnx-ip-proxy')
dhcp_server = Services.status('dnx-dhcp-server')
dnx_ips = Services.status('dnx-ips')
mod_status = {
'dns_proxy': dns_proxy,
'ip_proxy': ip_proxy,
'dnx_ips': dnx_ips,
'dhcp_server': dhcp_server
}
dashboard = {
'domain_count': domain_count,
'infected_hosts': inf_hosts,
'top_domains': top_domains,
'request_count': request_count,
'interfaces': intstat,
'uptime': uptime,
'cpu': cpu,
'ram': ram,
'dns_servers': dns_servers,
'module_status': mod_status
}
return dashboard
def _service_loop(self):
print('[+] Starting database log entry processing queue.')
fail_count = 0
while True:
# NOTE: this is blocking inside dnx_queue loop decorator on _write_to_database function.
with DBConnector() as database:
self._write_to_database(
database) # pylint: disable = no-value-for-parameter
fail_count += 1
if (not fail_count % 5):
# TODO: log this as critical or something
pass
fast_sleep(ONE_SEC)
def update_page(form):
table_type = form.get('table', 'db_time')
selected_num = {
'db_time': '1',
'db_count': '2',
'dv_time': '3',
'dv_count': '4',
'ad_time': '5',
'ad_count': '6',
'ip_hosts_time': '7',
'ips_time': '8',
'ic_all': '9'
}
menu_option = selected_num.get(table_type, '1')
if ('i_client_remove' in form):
infected_client = form.get('infected_client', None)
detected_host = form.get('detected_host', None)
if (not infected_client or not detected_host):
return None # NOTE: should this be an error?
with DBConnector() as FirewallDB:
FirewallDB.infected_remove(infected_client,
detected_host,
table='infectedclients')
FirewallDB.commit_entries()
if (table_type in ['db_time', 'db_count']):
action = 'blocked'
elif (table_type in ['dv_time', 'dv_count']):
action = 'allowed'
elif (table_type in ['ad_time', 'ad_count']):
action = 'all'
#domains blocked, viewed, or both
if (table_type in ['db_time', 'dv_time', 'ad_time']):
return get_table_data(action, table='dnsproxy',
method='last'), menu_option, '1'
#domains blocked, viewed, or both
elif (table_type in ['db_count', 'dv_count', 'ad_count']):
return get_table_data(action, table='dnsproxy',
method='top'), menu_option, '1'
elif (table_type in ['ip_hosts_time']):
return get_table_data(action='all', table='ipproxy',
method='last'), menu_option, '2'
elif (table_type in ['ips_time']):
return get_table_data(action='all', table='ips',
method='last'), menu_option, '3'
elif (table_type in ['ic_all'] or 'i_client_remove' in form):
dhcp_server = load_configuration('dhcp_server')['dhcp_server']
users = dhcp_server['reservations']
return get_table_data(action='all',
table='infectedclients',
method='last',
users=users), menu_option, '4'
def clean_blocked_table(self):
# print('[+] Starting DB blocked table cleaner.')
with DBConnector() as FirewallDB:
FirewallDB.blocked_cleaner(table='blocked')
def clean_db_tables(self):
# print('[+] Starting general DB table cleaner.')
with DBConnector() as FirewallDB:
for table in ['dnsproxy', 'ipproxy', 'ips', 'infectedclients']:
FirewallDB.table_cleaner(self.log_length, table=table)
def create_database_tables(self):
with DBConnector() as database:
database.create_db_tables()
database.commit_entries()
def load_page():
with DBConnector() as ProxyDB:
domain_count = ProxyDB.unique_domain_count(table='dnsproxy',
action='blocked')
top_domains = ProxyDB.dashboard_query_top(5,
table='dnsproxy',
action='blocked')
request_count = ProxyDB.total_request_count(table='dnsproxy',
action='blocked')
inf_hosts = ProxyDB.query_last(5,
table='infectedclients',
action='all')
Int = Interface()
intstat = Int.bandwidth()
uptime = System.uptime()
cpu = System.cpu_usage()
ram = System.ram_usage()
dns_servers = System.dns_status()
#----- Services Status ------#
dns_proxy = Services.status('dnx-dns-proxy')
ip_proxy = Services.status('dnx-ip-proxy')
dhcp_server = Services.status('dnx-dhcp-server')
dnx_ips = Services.status('dnx-ips')
mod_status = {
'dns_proxy': dns_proxy,
'ip_proxy': ip_proxy,
'dnx_ips': dnx_ips,
'dhcp_server': dhcp_server
}
dnx_license = load_configuration('license')['license']
updates = load_configuration('updates')['updates']
notify = False
if (dnx_license['validated']):
system_uptodate = updates['system']['current']
domains_uptodate = updates['signature']['domain']['current']
ip_uptodate = updates['signature']['ip']['current']
if not all([system_uptodate, domains_uptodate, ip_uptodate]):
notify = 'DNX firewall has updates available. Check updates tab for more info.'
# System/Service Restart pending check
sys_restart = updates['system']['restart']
domain_restart = updates['signature']['domain']['restart']
ip_restart = updates['signature']['ip']['restart']
if (domain_restart or ip_restart):
notify = 'One or more DNX Services require a restart after signature updates. Please check the updates page for more information.'
if (sys_restart):
notify = 'DNX firewall is pending a system restart after updates.'
dashboard = {
'domain_count': domain_count,
'infected_hosts': inf_hosts,
'top_domains': top_domains,
'request_count': request_count,
'interfaces': intstat,
'uptime': uptime,
'cpu': cpu,
'ram': ram,
'dns_servers': dns_servers,
'module_status': mod_status,
'notify': notify
}
return dashboard