def write_login_log(*args, **kwargs): from audits.models import UserLoginLog default_city = _("Unknown") ip = kwargs.get('ip', '') if not (ip and validate_ip(ip)): ip = ip[:15] city = default_city else: city = get_ip_city(ip) or default_city kwargs.update({'ip': ip, 'city': city}) UserLoginLog.objects.create(**kwargs)
def write_login_log(*args, **kwargs): from audits.models import UserLoginLog ip = kwargs.get('ip') or '' if not (ip and validate_ip(ip)): ip = ip[:15] city = DEFAULT_CITY else: city = get_ip_city(ip) or DEFAULT_CITY kwargs.update({'ip': ip, 'city': city}) UserLoginLog.objects.create(**kwargs)
def check_different_city_login(user, request): ip = get_request_ip(request) or '0.0.0.0' if not (ip and validate_ip(ip)): city = DEFAULT_CITY else: city = get_ip_city(ip) or DEFAULT_CITY last_user_login = UserLoginLog.objects.filter(username=user.username, status=True).first() if last_user_login and last_user_login.city != city: DifferentCityLoginMessage(user, ip, city).publish_async()
def check_different_city_login_if_need(user, request): if not settings.SECURITY_CHECK_DIFFERENT_CITY_LOGIN: return ip = get_request_ip(request) or '0.0.0.0' if not (ip and validate_ip(ip)): city = DEFAULT_CITY else: city = get_ip_city(ip) or DEFAULT_CITY city_white = [ 'LAN', ] if city not in city_white: last_user_login = UserLoginLog.objects.exclude(city__in=city_white) \ .filter(username=user.username, status=True).first() if last_user_login and last_user_login.city != city: DifferentCityLoginMessage(user, ip, city).publish_async()
def write_login_log(*args, **kwargs): default_city = _("Unknown") ip = kwargs.get('ip') or '' if not (ip and validate_ip(ip)): ip = ip[:15] city = default_city else: city = get_ip_city(ip) or default_city if kwargs.get('type') is None or kwargs.get('type') == '': login_type = 'T' else: login_type = kwargs.get('type') # url = settings.LOG_CORE_HOST + '/v1/logs/login/' kwargs.update({ 'ip': ip, 'city': city, 'type': login_type, 'logs_type': 'login_log' }) # connect_logs_system(*args, **kwargs) send_sqs(*args, **kwargs)
def write_login_log(request, username=None, status=False, type=None): from common.utils import get_request_ip login_ip = get_request_ip(request) agent = request.META.get('HTTP_USER_AGENT') if not (login_ip and validate_ip(login_ip)): login_ip = login_ip[:15] city = 'Unknown' else: city = get_ip_city(login_ip) data = { 'username': username, 'type': type, 'ip': login_ip, 'agent': agent, 'status': status, 'city': city } LoginLog.objects.create(**data)
def _build_query(self, fields): Config.logger.debug("_build_query {}".format(str(fields))) q_fields = { 'host': [], 'net': [], 'port': [], 'proto': None, 'proto-name': None, 'after-ago': None, 'before-ago': None, 'after': None, 'before': None, } q_fields.update(fields) self.progress(Query.CREATED, state=Query.CREATED) start = self.query_time + self.LONG_AGO end = self.query_time + timedelta(minutes=1) qry_str = [] weights = {'ip': 0, 'net': 0, 'port': 0} for host in sorted(q_fields['host']): Config.logger.debug("Parsing host: %s", host) if len(host) == 0: continue validate_ip(host) qry_str.append('host {}'.format(host)) weights['ip'] += 1 for net in sorted(q_fields['net']): Config.logger.debug("Parsing net: %s", net) if len(net) == 0: continue validate_net(net) qry_str.append('net {}'.format(net)) weights['net'] += 1 for port in sorted(q_fields['port']): Config.logger.debug("Parsing port: %s", port) try: if 0 < int(port) < 2**16: qry_str.append('port {}'.format(int(port))) weights['port'] += 1 else: raise ValueError() except ValueError: raise BadRequest("Port {} out of range: 1-65535".format(port)) if q_fields['proto']: try: if 0 < int(q_fields['proto']) < 2**8: qry_str.append('ip proto {}'.format(q_fields['proto'])) else: raise ValueError() except ValueError: raise BadRequest( "protocol number {} out of range 1-255".format( q_fields['proto'])) if q_fields['proto-name']: if q_fields['proto-name'].upper() not in ['TCP', 'UDP', 'ICMP']: raise BadRequest(description="Bad proto-name: {}".format( q_fields['proto-name'])) qry_str.append(q_fields['proto-name'].lower()) if q_fields['after-ago']: dur = parse_duration(q_fields['after-ago']) if not dur: raise BadRequest("can't parse duration: {}".format( q_fields['after-ago'])) start = enforce_time_window(self.query_time - dur) if q_fields['before-ago']: dur = parse_duration(q_fields['before-ago']) if not dur: raise BadRequest("can't parse duration: {}".format( q_fields['before-ago'])) end = enforce_time_window(self.query_time - dur) if q_fields['after']: print "Processing 'after': {}".format(q_fields['after']) dur = parse_duration(q_fields['after']) print "Duration {}".format(dur) if dur: start = enforce_time_window(self.query_time - dur) print "Start w/ duration: {}".format(start) else: start = enforce_time_window( inputs.datetime_from_iso8601( q_fields['after']).replace(tzinfo=None)) print "Start w/o duration: {}".format(start) if q_fields['before']: dur = parse_duration(q_fields['before']) if dur: end = enforce_time_window(self.query_time - dur) else: end = enforce_time_window( inputs.datetime_from_iso8601( q_fields['before']).replace(tzinfo=None)) end += timedelta(seconds=Config.get('TIME_WINDOW')) # Check the request's 'weight' if Query.WEIGHTS['enabled'] and not q_fields.get('ignore-weight'): req_weight = (Query.WEIGHTS['total'] * ((end - start).total_seconds() / (Query.WEIGHTS['hour'] * 3600)) / (sum( (val * Query.WEIGHTS[k] for k, val in weights.items())) or 1)) if req_weight > Query.WEIGHTS['limit']: self.error( 'build_query', "Request is too heavy: {}/{}:\t{}".format( req_weight, Query.WEIGHTS['limit'], jsonify(q_fields))) raise BadRequest("Request parameters exceed weight: %d/%d" % (req_weight, Query.WEIGHTS['limit'])) qry_str.append('after {}'.format(start.strftime(ISOFORMAT))) qry_str.append('before {}'.format(end.strftime(ISOFORMAT))) self.query = " and ".join(qry_str) if not self.query: Config.logger.info("Bad request: {}".format(jsonify(q_fields))) return None Config.logger.debug("build_query: <{}>".format(self.query)) # if we want to support limiting the query, it would require rethinking our duplicate detection #if q_fields['sensors']: # self.sensors = q_fields['sensors'] return self.id