예제 #1
0
def update_page(form):
    error = None

    # action field is not required for some functions, so will not be hard validated
    action = form.get('action', DATA.MISSING)

    nat_type = form.get('nat_type', None)
    if (nat_type in ['DSTNAT', 'SRCNAT']):

        if (nat_type == 'DSTNAT'):
            error = _dnat_rules(action, form)

        elif (nat_type == 'SRCNAT'):
            error = _snat_rules(action, form)

    else:
        return INVALID_FORM, None, None

    # updating page data then returning. this is because we need to serve the content with the newly added
    # configuration item.
    page_data = {
        'dmz_dnat_rules': System.nat_rules(),
        'local_snat_rules': System.nat_rules(nat_type='SRCNAT')
    }

    # print(f'RETURNING: {page_data}')
    return error, None, page_data
예제 #2
0
def load_page(form):
    logging_settings = load_configuration('logging_client')

    log = logging_settings['logging']

    # correcting time for configured offset.
    time_offset = logging_settings['time_offset']
    system_time = System.format_date_time(fast_time())
    local_time = System.calculate_time_offset(fast_time())
    local_time = System.format_date_time(local_time)

    logging_settings = {
        'system': system_time,
        'local': local_time,
        'offset': {
            'direction': time_offset['direction'],
            'amount': time_offset['amount']
        },
        'logging': {
            'log_levels': [level.title() for level in LOG_LEVELS],
            'level': log['level'],
            'length': log['length']
        }
    }

    return logging_settings
예제 #3
0
def load_page(form):
    backups_info, current_backups = {}, System.backups()

    for backup, c_time in current_backups.items():
        c_time = System.calculate_time_offset(c_time)
        c_time = System.format_date_time(c_time).split(maxsplit=1)

        backups_info[backup] = (c_time[0], c_time[1])

    return backups_info
예제 #4
0
    def message(cls, mod_name, mtype, level, message):
        date = System.date(string=True)
        timestamp = System.format_time(fast_time())
        level = cls.convert_level(level)

        system_ip = None

        # using system/UTC time
        # 20140624|19:08:15|EVENT|DNSProxy:Informational|192.168.83.1|*MESSAGE*
        message = f'{date}|{timestamp}|{mtype.name}|{mod_name}:{level}|{system_ip}|{message}'

        return message.encode('utf-8')
예제 #5
0
def format_row(row, users):
    '''formats database data to be better displayed and managed by front end. will replace
    all '_' with ' '. If user is passed in, it will be appended before last_seen.'''
    Sys = System()

    *entries, last_seen = row

    ls_offset = Sys.calculate_time_offset(last_seen)
    last_seen = Sys.format_date_time(ls_offset)
    if (users is not None):
        entries.append(users.get(entries[0], {}).get('name', 'n/a'))

    entries.append(last_seen)
    return [str(x).lower().replace('_', ' ') for x in entries]
예제 #6
0
def load_page():
    with DBConnector(Log) as ProxyDB:
        domain_counts = (
            ProxyDB.unique_domain_count(action='blocked'),
            ProxyDB.unique_domain_count(action='allowed')
        )

        request_counts = (
            ProxyDB.total_request_count(table='dnsproxy', action='blocked'),
            ProxyDB.total_request_count(table='dnsproxy', action='allowed')
        )

        top_domains = (
            ('blocked', ProxyDB.dashboard_query_top(5, action='blocked')),
            ('allowed', ProxyDB.dashboard_query_top(5, action='allowed'))
        )

        top_countries = {}
        for action in ['blocked', 'allowed']:
            outbound = ProxyDB.query_geolocation(5, action=action, direction='OUTBOUND')
            inbound = ProxyDB.query_geolocation(5, action=action, direction='INBOUND')

            top_countries[action] = list(zip_longest(outbound, inbound, fillvalue=''))

        inf_hosts = ProxyDB.query_last(5, table='infectedclients', action='all')

    intstat = Interface.bandwidth()

    uptime = System.uptime()
    cpu = System.cpu_usage()
    ram = System.ram_usage()
    dns_servers = System.dns_status()

    mod_status = {}
    for svc in ['dns-proxy', 'ip-proxy', 'ips', 'dhcp-server']:
        status = Services.status(f'dnx-{svc}')

        mod_status[svc.replace('-', '_')] = status

    dashboard = {
        'domain_counts': domain_counts, 'dc_graph': _calculate_graphic(domain_counts),
        'request_counts': request_counts, 'rc_graph': _calculate_graphic(request_counts),
        'top_domains': top_domains, 'top_countries': top_countries,
        'infected_hosts': inf_hosts,

        'interfaces': intstat, 'uptime': uptime, 'cpu': cpu,
        'ram': ram, 'dns_servers': dns_servers, 'module_status': mod_status
    }

    return dashboard
예제 #7
0
def load_page(form):
    whitelist = load_configuration('whitelist')

    for info in whitelist['time_based'].values():
        st_offset = System.calculate_time_offset(info['time'])

        info['time'] = System.format_date_time(st_offset)

    whitelist_settings = {
        'time_based': whitelist['time_based'],
        'pre_proxy': whitelist['pre_proxy'],
        'ip_bypass': whitelist['ip_bypass']
    }

    return whitelist_settings
예제 #8
0
    def message(self, system_ip, module, msg_type, msg_level, message):
        epoch = time.time()

        date = ''.join(self.System.date())
        timestamp = System.format_time(epoch)
        msg_type = self._convert_type(msg_type)
        msg_level = self._convert_level(msg_level)

        # using system/UTC time
        # 20140624|19:08:15|EVENT|DNSProxy:Informational|192.168.83.1|*MESSAGE*
        message = f'{date}|{timestamp}|{msg_type}|{module}:{msg_level}|{system_ip}|{message}'

        return message.encode('utf-8')
예제 #9
0
    def geo_input(self, _, log):
        month = ','.join(System.date()[:2])

        # if this is the first time this country has been seen in the current month, it will be inserted with
        # counts zerod out
        if not self._geo_entry_check(log, month):
            self._c.execute(f'insert into geolocation values (?, ?, ?, ?, ?)',
                            (month, log.country, log.direction, 0, 0))

        # incremented count of the actions specified in the log.
        self._c.execute(
            f'update geolocation set {log.action}={log.action}+1 where month=? and country=? and direction=?',
            (month, log.country, log.direction))
예제 #10
0
def load_page(form):
    dhcp_server = load_configuration('dhcp_server')

    dhcp_settings = dhcp_server['interfaces']

    leases = []
    for ip, (status, handout_time, mac, hostname) in dhcp_server['leases'].items():
        # ensuring only leased status entries get included
        if (status != -4): continue

        offset_time = System.calculate_time_offset(handout_time)
        handout_time = System.format_date_time(offset_time)

        leases.append((ip, handout_time, mac_str(mac), hostname))

    leases.sort()

    dhcp_settings.update({
        'reservations': [(mac_str(mac), info) for mac, info in dhcp_server['reservations'].items()],
        'leases': leases
    })

    return dhcp_settings
예제 #11
0
    def organize(self):
        # print('[+] Starting organize operation.')
        log_entries = []

        date = str_join(System.date())
        for module in self._log_modules:
            module_entries = self._combine_logs(module, date)
            if (module_entries):
                log_entries.extend(module_entries)

        sorted_log_entries = sorted(log_entries)
        if (sorted_log_entries):
            self._write_combined_logs(sorted_log_entries, date)

        del log_entries  # to reclaim system memory
예제 #12
0
def get_log_entries(file_path):
    log_files = reversed(sorted(os.listdir(file_path))[:-1])

    temp_logs = []
    for file in log_files:
        temp_logs.extend(tail_file(f'{file_path}/{file}', line_count=100))

        if len(temp_logs) >= 100:
            break

    combined_logs = []
    combined_logs_append = combined_logs.append
    for log_entry in temp_logs[:100]:

        # skipping over empty lines.
        if not log_entry.strip('\n'): continue

        epoch, *log_entry = log_entry.split('|', 3)
        date_time = System.calculate_time_offset(int(epoch))
        date_time = System.format_log_time(date_time)

        combined_logs_append((date_time, *log_entry))

    return combined_logs
예제 #13
0
    def _clear_ip_tables(self):
        expired_hosts = System.ips_passively_blocked(
            block_length=self.IPS.block_length)
        if (not expired_hosts):
            return

        with IPTablesManager() as iptables:
            for host, timestamp in expired_hosts:
                iptables.proxy_del_rule(host,
                                        timestamp,
                                        table='raw',
                                        chain='IPS')

                # removing host from ips tracker/ suppression dictionary
                self.IPS.fw_rules.pop(IPv4Address(host),
                                      None)  # should never return None
예제 #14
0
    def query_geolocation(self, count, *, action, direction):
        month = ','.join(System.date()[:2])

        # adds an extra space to results for 'NONE' which is more common than normal since the geolocation db is not yet complete
        count += 1

        self._c.execute(
            f'select country, {action} from geolocation where month=? and direction=? '
            f'order by {action} desc limit {count}', (month, direction))

        # filtering out entries with no hits in the specified action. if those are returned, they have hits on the
        # opposite action. currently filtering out 'NONE' since the geolocation database is not yet complete.
        return [
            x[0].replace('_', ' ') for x in self._c.fetchall()
            if x[1] and x[0] != 'NONE'
        ]
예제 #15
0
    def _calculate_times(self):
        restriction_start, restriction_length, offset = self._load_restriction(
        )

        now = fast_time() + offset
        c_d = [int(i) for i in System.date(now)]  # current date
        r_start = [int(i) for i in restriction_start.split(':')]

        restriction_start = datetime(c_d[0], c_d[1], c_d[2], r_start[0],
                                     r_start[1]).timestamp()
        restriction_end = restriction_start + restriction_length

        if (self.is_active):
            restriction_end = load_configuration('ip_proxy_timer')['end']

        else:
            self._write_end_time(restriction_end)

        return restriction_start, restriction_end, now
예제 #16
0
def load_page():
    return {
        'dmz_dnat_rules': System.nat_rules(),
        'local_snat_rules': System.nat_rules(nat_type='SRCNAT')
    }
예제 #17
0
 def _load_passive_blocking(self):
     self.IPS.fw_rules = dict(System.ips_passively_blocked())
예제 #18
0
def load_page(form):
    ips = load_configuration('ips.json')

    passive_block_ttl = ips['passive_block_ttl']
    ids_mode = ips['ids_mode']

    # ddos settings
    ddos_enabled = ips['ddos']['enabled']
    tcp_src_limit = ips['ddos']['limits']['source']['tcp']
    udp_src_limit = ips['ddos']['limits']['source']['udp']
    icmp_src_limit = ips['ddos']['limits']['source']['icmp']
    ddos_settings = {
        'enabled': ddos_enabled,
        'tcp': tcp_src_limit,
        'udp': udp_src_limit,
        'icmp': icmp_src_limit
    }

    # converting standard timestamp to front end readable string format
    passively_blocked_hosts = []
    pbh = System.ips_passively_blocked()
    for host, timestamp in pbh:
        passively_blocked_hosts.append(
            (host, timestamp, System.offset_and_format(timestamp)))

    # portscan settings
    portscan_prevention = ips['port_scan']['enabled']
    portscan_reject = ips['port_scan']['reject']
    portscan_settings = {
        'enabled': portscan_prevention,
        'reject': portscan_reject
    }

    # ips host/ configured dns server whitelist
    ip_whitelist = ips['whitelist']['ip_whitelist']
    dns_server_whitelist = ips['whitelist']['dns_servers']

    ips_enabled = ddos_enabled or portscan_prevention

    # TODO: clean this shit up.
    tcp_nat = ips['open_protocols']['tcp']
    udp_nat = ips['open_protocols']['udp']

    nats_configured = tcp_nat or udp_nat
    ddos_notify = False if ddos_enabled or nats_configured else True
    ps_notify = False if portscan_prevention or nats_configured else True

    ips_settings = {
        'enabled': ips_enabled,
        'length': passive_block_ttl,
        'ids_mode': ids_mode,
        'ddos': ddos_settings,
        'port_scan': portscan_settings,
        'ddos_notify': ddos_notify,
        'ps_notify': ps_notify,
        'ip_whitelist': ip_whitelist,
        'dns_server_whitelist': dns_server_whitelist,
        'passively_blocked_hosts': passively_blocked_hosts
    }

    return ips_settings