def dump_data_to_regular(): #### msg, alarm_msg, advice del_array2 = [ # ["111", "系统SMB漏洞攻击", "获得系统权限、敏感数据泄露", "升级smb服务或者对系统打补丁"], ["222", "SQL注入攻击", "获取数据库数据、获得系统权限", "禁止此ip访问并修复注入点"], ["333", "网络扫描", "获取系统或web漏洞信息、获得主机权限、造成拒绝服务攻击", "禁止此ip访问或关闭不必要的端口"], ["444", "MS17-010漏洞", "获得系统权限、敏感数据泄露", "更新补丁"] ] sql_action("""delete from regular WHERE id>1;""") for x in range(len(del_array2)): params = { "sid": del_array2[x][0], "file_path": "f://own/private/res/data", "rules_type": del_array2[x][1], "attack_type": del_array2[x][1], "msg": del_array2[x][1], "alarm_msg": del_array2[x][2], "advice": del_array2[x][3], "priority": 0, "actions": 10, "status": 9, } sql = """insert into regular(sid, file_path, rules_type, attack_type,msg,alarm_msg,advice,priority,actions,status) values('{sid}', '{file_path}', '{rules_type}','{attack_type}', '{msg}','{alarm_msg}','{advice}',{priority},{actions},{status})""".format( **params) sql_action(sql) ## print("插入第 "+ str(x) +" 个成功!") get_sql_added = """select sid,file_path,alarm_msg,attack_type from regular where msg = "自己添加";"""
def delete_ip(request): sql = "delete from jtopot_jips where ip = '{}'".format(request.GET["ip"]) try: sql_action(sql) except: return HttpResponse("删除" + request.GET["ip"] + " 条目失败") return HttpResponse("已删除" + request.GET["ip"] + " 条目")
def init_user_alert(): sql_action("""delete from user_alert where id > 1;""") arr2 = [ ['222', '192.168.100.120', '47.28.90.111', "SQL注入攻击"], ['333', '192.168.100.114', '57.34.22.112', "网络扫描"], # ['44444', '192.168.100.120', '130.23.1.65', "发现MS17-010漏洞"], ] for i in range(len(arr2)): rid = arr2[i][0] src_ip = arr2[i][1] dst_ip = arr2[i][2] params = { "start_time": datetime.today() - timedelta(days=7), "end_time": datetime.today() - timedelta(minutes=15), "rule_id": rid, "flow_id": "fow_id_no_any_other_use", "alert_times": 5, "src_ip": src_ip, 'dst_ip': dst_ip, 'ip_identifi_string': "no_any_that_use", } sql = """insert into user_alert(rule_id, start_time, end_time, flow_id, alert_times, src_ip, dst_ip, ip_identifi_string) values('{rule_id}','{start_time}', '{end_time}', '{flow_id}','{alert_times}', '{src_ip}','{dst_ip}','{ip_identifi_string}')""".format( **params) sql_action(sql)
def delete_ip(request): sql = "delete from proj_ipbelongarea where ip = '{ip}' and area = '{area}'".format( ip=request.GET["ip"], area=request.session['area']) try: sql_action(sql) except: return HttpResponse("删除" + request.GET["ip"] + " 条目失败") return HttpResponse("已删除" + request.GET["ip"] + " 条目")
def connect_eid_with_vulnerid_script(uniq_ids): for vulner_id in uniq_ids: try: sql = "insert into eid_connect_cruiser_id(`vulner_id`) VALUES ({vulner_id});".format( vulner_id=vulner_id) sql_action(sql) except: pass
def init_script(request): """默认每天9点30和下午3点都有一次检查""" from datetime import time init_times = [time(9, 30, 0), time(15, 0, 0)] sql = """insert into cruiser_task_temp(task_time, task_desc, run_onday, used, created_user) values('{task_time}', '{task_desc}', '{run_onday}', {used}, 'actanble')""" for time in init_times: params = { "task_time": str(time), "task_desc": '日常', 'run_onday': "每天", "used": 1, } sql_action(sql.format(**params)) return HttpResponse("初始化成功")
def factory_jip(request, sql, opreate): params = { "ip": request.GET["ip"], "name": request.GET["name"], "belongCate": request.GET["belongCate"], "tc_text": 'undefined', "add_date": datetime.today(), "area": request.session["area"], } try: sql_action(sql.format(**params)) except: return HttpResponse(opreate + request.GET["ip"] + " 条目失败") # sql_action(sql.format(**params)) return HttpResponse("已经" + opreate + request.GET["ip"] + " 条目")
def init_aicruser_db(): sql_action("""delete from self_cruiser where id > 300;""") dt = datetime.today() - timedelta(days=20) for i in range(len(arr)): dt += timedelta(days=2) level = "普通" if arr[i][0] != "": level = "高危" params = { "start_time": str(dt), "src_ip": arr[i][2], "sport": arr[i][3], "msg": arr[i][1], "stat": "发生", "level": level, "sid": arr[i][5] } sql = """insert into self_cruiser(start_time, src_ip, sport, msg, stat, level, sid) VALUE('{start_time}','{src_ip}','{sport}','{msg}','{stat}','{level}','{sid}')""".format( **params) sql_action(sql)
def init_aicruser_db(): delete_all_data_from_selfcruiser() dt = datetime.today() - timedelta(days=20) for i in range(len(arr)): dt += timedelta(days=2) level = "普通" if arr[i][0] != "": level = "高危" params = { "start_time": str(dt), "src_ip": arr[i][2], "sport": arr[i][3], "msg": arr[i][1], "stat": "发生", "level": level } sql = """insert into self_cruiser(start_time, src_ip, sport, msg, stat, level) VALUE('{start_time}','{src_ip}','{sport}','{msg}','{stat}','{level}')""".format( **params) sql_action(sql) print("插入fffffffff" + str(i))
def init_opt(): sql = """delete from proj_eventdetail where id>1""" sql_action(sql)
def delete_all_data_from_selfcruiser(): sql = """delete from self_cruiser where id >222""" sql_action(sql)
def lots_delete_ips(request): sql_action("delete from jtopot_jips where Id > 30;") return HttpResponse("批量删除尾部系统随机记录成功!")