def dump_data_to_regular():
#### msg, alarm_msg, advice
del_array2 = [
# ["111", "系统SMB漏洞攻击", "获得系统权限、敏感数据泄露", "升级smb服务或者对系统打补丁"],
["222", "SQL注入攻击", "获取数据库数据、获得系统权限", "禁止此ip访问并修复注入点"],
["333", "网络扫描", "获取系统或web漏洞信息、获得主机权限、造成拒绝服务攻击", "禁止此ip访问或关闭不必要的端口"],
["444", "MS17-010漏洞", "获得系统权限、敏感数据泄露", "更新补丁"]
]
sql_action("""delete from regular WHERE id>1;""")
for x in range(len(del_array2)):
params = {
"sid": del_array2[x][0],
"file_path": "f://own/private/res/data",
"rules_type": del_array2[x][1],
"attack_type": del_array2[x][1],
"msg": del_array2[x][1],
"alarm_msg": del_array2[x][2],
"advice": del_array2[x][3],
"priority": 0,
"actions": 10,
"status": 9,
}
sql = """insert into regular(sid, file_path, rules_type, attack_type,msg,alarm_msg,advice,priority,actions,status)
values('{sid}', '{file_path}', '{rules_type}','{attack_type}',
'{msg}','{alarm_msg}','{advice}',{priority},{actions},{status})""".format(
**params)
sql_action(sql)
## print("插入第 "+ str(x) +" 个成功!")
get_sql_added = """select sid,file_path,alarm_msg,attack_type from regular where msg = "自己添加";"""
def delete_ip(request):
sql = "delete from jtopot_jips where ip = '{}'".format(request.GET["ip"])
try:
sql_action(sql)
except:
return HttpResponse("删除" + request.GET["ip"] + " 条目失败")
return HttpResponse("已删除" + request.GET["ip"] + " 条目")
def init_user_alert():
sql_action("""delete from user_alert where id > 1;""")
arr2 = [
['222', '192.168.100.120', '47.28.90.111', "SQL注入攻击"],
['333', '192.168.100.114', '57.34.22.112', "网络扫描"],
# ['44444', '192.168.100.120', '130.23.1.65', "发现MS17-010漏洞"],
]
for i in range(len(arr2)):
rid = arr2[i][0]
src_ip = arr2[i][1]
dst_ip = arr2[i][2]
params = {
"start_time": datetime.today() - timedelta(days=7),
"end_time": datetime.today() - timedelta(minutes=15),
"rule_id": rid,
"flow_id": "fow_id_no_any_other_use",
"alert_times": 5,
"src_ip": src_ip,
'dst_ip': dst_ip,
'ip_identifi_string': "no_any_that_use",
}
sql = """insert into user_alert(rule_id, start_time, end_time, flow_id, alert_times, src_ip, dst_ip, ip_identifi_string)
values('{rule_id}','{start_time}', '{end_time}', '{flow_id}','{alert_times}',
'{src_ip}','{dst_ip}','{ip_identifi_string}')""".format(
**params)
sql_action(sql)
def delete_ip(request):
sql = "delete from proj_ipbelongarea where ip = '{ip}' and area = '{area}'".format(
ip=request.GET["ip"], area=request.session['area'])
try:
sql_action(sql)
except:
return HttpResponse("删除" + request.GET["ip"] + " 条目失败")
return HttpResponse("已删除" + request.GET["ip"] + " 条目")
def connect_eid_with_vulnerid_script(uniq_ids):
for vulner_id in uniq_ids:
try:
sql = "insert into eid_connect_cruiser_id(`vulner_id`) VALUES ({vulner_id});".format(
vulner_id=vulner_id)
sql_action(sql)
except:
pass
def init_script(request):
"""默认每天9点30和下午3点都有一次检查"""
from datetime import time
init_times = [time(9, 30, 0), time(15, 0, 0)]
sql = """insert into cruiser_task_temp(task_time, task_desc, run_onday, used, created_user)
values('{task_time}', '{task_desc}', '{run_onday}', {used}, 'actanble')"""
for time in init_times:
params = {
"task_time": str(time),
"task_desc": '日常',
'run_onday': "每天",
"used": 1,
}
sql_action(sql.format(**params))
return HttpResponse("初始化成功")
def factory_jip(request, sql, opreate):
params = {
"ip": request.GET["ip"],
"name": request.GET["name"],
"belongCate": request.GET["belongCate"],
"tc_text": 'undefined',
"add_date": datetime.today(),
"area": request.session["area"],
}
try:
sql_action(sql.format(**params))
except:
return HttpResponse(opreate + request.GET["ip"] + " 条目失败")
# sql_action(sql.format(**params))
return HttpResponse("已经" + opreate + request.GET["ip"] + " 条目")
def init_aicruser_db():
sql_action("""delete from self_cruiser where id > 300;""")
dt = datetime.today() - timedelta(days=20)
for i in range(len(arr)):
dt += timedelta(days=2)
level = "普通"
if arr[i][0] != "":
level = "高危"
params = {
"start_time": str(dt),
"src_ip": arr[i][2],
"sport": arr[i][3],
"msg": arr[i][1],
"stat": "发生",
"level": level,
"sid": arr[i][5]
}
sql = """insert into self_cruiser(start_time, src_ip, sport, msg, stat, level, sid) VALUE('{start_time}','{src_ip}','{sport}','{msg}','{stat}','{level}','{sid}')""".format(
**params)
sql_action(sql)
def init_aicruser_db():
delete_all_data_from_selfcruiser()
dt = datetime.today() - timedelta(days=20)
for i in range(len(arr)):
dt += timedelta(days=2)
level = "普通"
if arr[i][0] != "":
level = "高危"
params = {
"start_time": str(dt),
"src_ip": arr[i][2],
"sport": arr[i][3],
"msg": arr[i][1],
"stat": "发生",
"level": level
}
sql = """insert into self_cruiser(start_time, src_ip, sport, msg, stat, level) VALUE('{start_time}','{src_ip}','{sport}','{msg}','{stat}','{level}')""".format(
**params)
sql_action(sql)
print("插入fffffffff" + str(i))
def init_opt():
sql = """delete from proj_eventdetail where id>1"""
sql_action(sql)
def delete_all_data_from_selfcruiser():
sql = """delete from self_cruiser where id >222"""
sql_action(sql)
def lots_delete_ips(request):
sql_action("delete from jtopot_jips where Id > 30;")
return HttpResponse("批量删除尾部系统随机记录成功!")
