def set_firewall_rule_remoteips(cls, rule, ips): definitions = [cls.cmd_create_firewall_rule_remoteip_definition(ips)] cmd = cls.cmd_set_firewall_rule(rule, definitions) for l in misc.create_process_and_yield_output_lines(cmd): l = l.rstrip() if len(l) > 0: LOG.debug(l)
def get_firewall_rule_remoteips(cls, rule): cmd = cls.cmd_get_firewall_rule(rule) for l in misc.create_process_and_yield_output_lines(cmd): if re.search(u'远程 IP:', l): # TODO: ugly hacking seg = l.strip().split(' ') addr = seg[-1] ips = set([i.split('/')[0] for i in addr.split(',')]) return ips return None
def yield_login_failure_ips(cls, num_events=None, data_source=None): """ Yield one ip (string) upon each request from the data source :param num_events: :param data_source: a yield object that emits one Windows event log line upon every request; defaults to the Windows event log system. :return: """ if not data_source: cmd = cls.get_command_get_parsed_events("Security", num_events) data_source = misc.create_process_and_yield_output_lines(cmd) within = False for l in data_source: if within: if re.search('^TimeGenerated', l): within = False elif re.search(u'源网络地址', l): # TODO: ugly hacking ip = cls.search_string_for_ip_address(l) if ip: yield ip elif re.search(u'帐户登录失败。', l): within = True continue
def delete_firewall_rule(cls, rule): cmd = cls.cmd_delete_firewall_rule(rule) for l in misc.create_process_and_yield_output_lines(cmd): l = l.rstrip() if len(l) > 0: LOG.debug(l)
def create_firewall_blacklist_rule(cls, rule, ips): cmd = cls.cmd_create_firewall_remoteip_blocklist_rule(rule, ips) for l in misc.create_process_and_yield_output_lines(cmd): l = l.rstrip() if len(l) > 0: LOG.debug(l)
def clear_events(cls, category): cmd = cls.get_command_clear_events(category) for l in misc.create_process_and_yield_output_lines(cmd): l = l.rstrip() if len(l) > 0: LOG.debug(l)