def get_records(self):
h = httplib2.Http(cache=os.path.expanduser("~/.httplib2_cache"), ca_certs='/etc/ssl/certs/ca-bundle.trust.crt')
logger.debug("Fetching IP list from the zeus tracker")
resp, content = h.request("https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist")
ips = content.split("\n\n")[1].split()
ips = self.remove_US(ips)
records = [{'ip': ip} for ip in ips]
return records
def get_connection(self):
if self.connection:
return self.connection
logger.debug("Logging into router")
conn = self.cisco.login(self.ip)
if not conn:
logger.error("Unable to login to router")
raise Exception("Unable to login to router")
logger.debug("Done logging into router")
self.connection = conn
return conn
def get_connection(self):
if self.connection:
return self.connection
logger.debug("Logging into router")
conn = self.cisco.login(self.ip)
if not conn:
logger.error("Unable to login to router")
raise Exception("Unable to login to router")
logger.debug("Done logging into router")
self.connection = conn
return conn
def get_records(self):
h = httplib2.Http(os.path.expanduser("~/.httplib2_cache"))
logger.debug("Fetching IP list from spamhaus")
resp, content = h.request("http://www.spamhaus.org/drop/drop.lasso")
records = []
for line in content.splitlines():
ip, comment = line.split(";")
ip = ip.strip()
comment = comment.strip()
if ip:
records.append({'ip': ip, 'comment': comment})
return records
def block(self):
"""call get_records() and block each record returned. If must_exist_in_source
is True, unblock any addresses that were previously blocked, but are no longer
in the source"""
all = self.get_records()
logger.debug("Got %d ips" % len(all))
all_ips = set(self.get_ip_from_record(r) for r in all)
if self.must_exist_in_source:
for b in self.model.get_all_that_should_be_blocked():
if b.who == self.blocker and b.ip not in all_ips:
self.model.unblock_ip(b.ip, forced=False)
logger.info("DB-unblocking %s" % b.ip)
for r in all:
msg = self.serialize_record(r)
ip = self.get_ip_from_record(r)
duration = self.get_duration_from_record(r)
flag_traffic = self.get_flag_from_record(r)
if not self.model.ok_to_block(ip):
logger.debug("Not DB-blocking %s" % ip)
continue
block_record = self.model.get_blocked_ip(ip)
if self.reblockable or not block_record:
if block_record:
logger.debug("DB-re-blocking %s" % ip)
else:
logger.info("DB-blocking %s" % ip)
self.model.block_ip(ip=ip, who=self.blocker, comment=msg, duration=duration,flag_traffic=flag_traffic)
if self.model.get_block_pending() or self.model.get_unblock_pending():
util.wakeup_backend()
self.model.disconnect()
def block(self):
"""call get_records() and block each record returned. If must_exist_in_source
is True, unblock any addresses that were previously blocked, but are no longer
in the source"""
all = self.get_records()
logger.debug("Got %d ips" % len(all))
all_ips = set(self.get_ip_from_record(r) for r in all)
if self.must_exist_in_source:
for b in self.model.get_all_that_should_be_blocked():
if b.who == self.blocker and b.ip not in all_ips:
self.model.unblock_ip(b.ip, forced=False)
logger.info("DB-unblocking %s" % b.ip)
for r in all:
msg = self.serialize_record(r)
ip = self.get_ip_from_record(r)
duration = self.get_duration_from_record(r)
flag_traffic = self.get_flag_from_record(r)
if not self.model.ok_to_block(ip):
logger.debug("Not DB-blocking %s" % ip)
continue
block_record = self.model.get_blocked_ip(ip)
if self.reblockable or not block_record:
if block_record:
logger.debug("DB-re-blocking %s" % ip)
else:
logger.info("DB-blocking %s" % ip)
self.model.block_ip(ip=ip,
who=self.blocker,
comment=msg,
duration=duration,
flag_traffic=flag_traffic)
if self.model.get_block_pending() or self.model.get_unblock_pending():
util.wakeup_backend()
self.model.disconnect()
current = set(c.nullroute_list())
for b in block_pending:
if IP(b.ip) in current:
b.set_blocked()
else:
logger.error("error blocking %s" % b.ip)
def manage(self):
self.model.Session.expunge_all()
try:
self.unblock()
except Exception, e:
logger.error("error unblocking %s" % e)
try:
self.block()
except Exception, e:
logger.error("error blocking %s" % e)
if self.connection:
logger.debug("Logging out of router")
self.connection.logout()
host = config.get("blocking","memcache_host")
if memcache and host:
mc = memcache.Client([host])
mc.set("ipblocker:last_manager_runtime", time.ctime())
self.model.disconnect()
c.nullroute_add_many(batch)
current = set(c.nullroute_list())
for b in block_pending:
if IP(b.ip) in current:
b.set_blocked()
else:
logger.error("error blocking %s" % b.ip)
def manage(self):
self.model.Session.expunge_all()
try:
self.unblock()
except Exception, e:
logger.error("error unblocking %s" % e)
try:
self.block()
except Exception, e:
logger.error("error blocking %s" % e)
if self.connection:
logger.debug("Logging out of router")
self.connection.logout()
host = config.get("blocking", "memcache_host")
if memcache and host:
mc = memcache.Client([host])
mc.set("ipblocker:last_manager_runtime", time.ctime())
self.model.disconnect()
def remove_US(self, ips):
g=pygeoip.GeoIP(config.get("geoip","path"))
ok = [ip for ip in ips if g.country_code_by_addr(ip) != 'US']
skipped = len(ips) - len(ok)
logger.debug("removed %d US ips" % skipped)
return ok