def get_blackbox_logs_count_from_es(level, time_filter): """ 从es中读取某一个级别的trustFile日志数量 :param level: 日志级别 :return: 该级别的日志总条数result['hits']['total'] """ jc = JsonConfiguration() # share.json es = Elasticsearch(jc.es_server_ip_port) # 连接ES index_list = [] body = { "query": { "bool": { "must": [ { "match_phrase": { "_type": "trustLog" } }, # 必须匹配规则 { "match_phrase": { "message": "[" + level + "]" } } # 必须匹配规则 ], "filter": { "range": { "@timestamp": { "gte": "now-%ds" % time_filter, "lte": "now" } } } # 时间过滤器 } }, "size": 1, } index_list.append(jc.trustlog_index) try: result = es.search(index=index_list, body=body, ignore_unavailable=True) # 从es中读取 except Exception as e: logger.error(e) return 0 return result['hits']['total']
def __init__(self, invoke_addr): """ 构造方法 :param invoke_addr: RPC Server得治 """ super(ClamavRPCClient, self).__init__() config = JsonConfiguration() self.ip = invoke_addr self.port = config.used_ports['clamav_rpc'] try: # socket连接 self.socket = TSocket.TSocket(self.ip, self.port) # 传输类,TFramedTransport使用非阻塞方式,按块的大小,进行传输 self.transport = TTransport.TFramedTransport(self.socket) # 协议类,二进制编码格式进行数据传输 self.protocol = TBinaryProtocol.TBinaryProtocol(self.transport) # 客户端 self.client = ClamavRPCService.Client(self.protocol) # 开启传输 self.transport.open() except Exception as e: logger.error(e)
""" 报警系统的前端接口 author:YangZe """ import json import redis from django.http.response import HttpResponse from app_fuzhou.views_utils.localconfig import JsonConfiguration from app_fuzhou.views_utils.logger import logger from app_fuzhou.models import WarningList from app_fuzhou.views_utils.service.warningservice.send_mail import \ clear_mail_to_list_cache jc = JsonConfiguration() SESSION_TIMEOUT_REDIS_KEY = 'octa_web_session_timeout' def add_warninglist(request): """ 添加警报名单 :param request: :return: """ try: phone = request.POST.get("phone") email = request.POST.get("email") WarningList.objects.create(phone=phone, email=email, enabled=1) clear_mail_to_list_cache() # 清除redis缓存
此模块的功能主要是提供给前段相应的接口,实现扫描病毒的相关功能 """ import json import os import threading from app_fuzhou.views_utils.logger import logger from app_fuzhou.views_utils.localconfig import JsonConfiguration from app_fuzhou.util import mysql_base_api from app_fuzhou.views_utils.rpc.clamav.clamav_rpc_client import ClamavRPCClient from app_fuzhou.views_utils.scheduler_single_instance import SchedulerSingleInstance from app_fuzhou.models import AppFuzhouGroupIp, ClamavTaskID, TaskGroupIp, ClamavTask from app_fuzhou.views.v1.antivirus import Scan from app_fuzhou.models import AppFuzhouGroupIp, AppFuzhouGroup, MachineList CONFIG = JsonConfiguration() TYPE = "clamav" class FileScanDetail(object): """ ClamAV扫描文件的信息 """ def __init__(self, file="", status="", flag=0): """ :param file: 文件全限定名 :param status: 文件状态 :param flag: 通信状态码,0表示正在扫描中,1表示扫描结束,2表示终止扫描,3表示初始化 """ self.file = file self.status = status
""" 本例用来从ElasticSearch中每15秒读取一次waf,将新的攻击数目记录到mysql,线程运行 Author YangZe Date 2017-5-18 """ import time import datetime import threading from elasticsearch import Elasticsearch from app_fuzhou.views_utils.localconfig import JsonConfiguration from app_fuzhou.views_utils.logger import logger from app_fuzhou.util import mysql_base_api LOCAL_CONFIG = JsonConfiguration() # share.json # Lock = threading.Lock() INDEX = 'filebeat' TIME_INTERVAL = 15 def read_waf_from_es(): """ 从es中读取wafLog记录,存到mysql中 :return: """ hosts = LOCAL_CONFIG.client_audit_hosts # 从share.json中读取client的ip index_list = [] body = { "query": {
此模块提供接收防火墙的攻击IP信息、查询攻击IP地址查询的功能 Author: Jing Qingyun """ import time import zmq import MySQLdb import json import datetime import random from app_fuzhou.views_utils.logger import logger from app_fuzhou.views_utils.localconfig import JsonConfiguration from app_fuzhou.views_utils.security import RSACrypto GLOBAL_CONFIG = JsonConfiguration() SERVER_ADDRESS = 'tcp://*:%s' % GLOBAL_CONFIG.used_ports['attack_ip'] RECV_TIMEWAIT = 0.1 TYPE_COLORS = { "http-defense": [228, 78, 143], "dos-attack": [159, 60, 222], "web-attack": [52, 182, 225], "sensitive-data-tracking": [67, 197, 142], "identification-error": [222, 213, 60] } HEAD = { "id": "document", "name": "CZML Geometries: test node data",
from django.http import JsonResponse from app_fuzhou.views_utils.utils_home import * from app_fuzhou.views_utils import utils_home from app_fuzhou.util.metricbeat import * from app_fuzhou.views.v1.chain import __chain_node_count from app_fuzhou.models import WhiteList, BlackboxHost, TrustLog from app_fuzhou.views_utils.utils_attack_server import _get_watcherlab_count_info, string2time, get_watcherlab_info_limit from app_fuzhou.views_utils import utils_waf from elasticsearch import Elasticsearch from app_fuzhou.views_utils.localconfig import JsonConfiguration from app_fuzhou.views_utils.utils_waf import get_state_info_dict from app_fuzhou.views_utils.utils_attack_server import get_server_status jc = JsonConfiguration() # share.json server_ip = jc.server_ip es = Elasticsearch(jc.es_server_ip_port) # 连接ES # 初始化常量类 GLOBAL_CONFIG = GlobalConf() BUG_WEIGHT = 1 FULL_SCORE = 100 def index_score(request): """ 主页的分数 :param request: :return json.dumps(return_dic): """
@author: long """ ''' #SDK演示类 #1. 新增人脸到数据库 #2. 基于存档人脸的实时视频流下的人脸识别和标记 ''' import numpy as np import datetime import time import cv2 # from app_fuzhou.views_utils.InsightEye import insightconfig from app_fuzhou.views_utils.InsightEye import insightdb, insightface, insightvideo from app_fuzhou.views_utils.localconfig import JsonConfiguration local_config = JsonConfiguration() inface = insightface.insightface() # conf=insightconfig.insighconfig('app_fuzhou/views_utils/InsightEye/insightconfig.ini') # invideo = insightvideo.insightvideo(conf.conf_dict) # video_stream = invideo.getvideostream(video='video',mysql='mysql', # scale_ratio='scale_ratio_2', # knn='knn_3',tolerance='tolerance_1', # model_detection = 'model_detection_1') # conf_data = video_stream.conf_dict conf_data = { 'video': { 'addr': local_config.face['addr'], 'type': local_config.face['type'], 'size': local_config.face['size'] },