def main():
known_formats = {
'nginx': NginxLogParser
}
known_blockers = {
'apf': ApfBlocker,
'iptables': IPTablesBlocker
}
parser = argparse.ArgumentParser(description='DDoS protection system',
formatter_class=argparse.ArgumentDefaultsHelpFormatter)
parser.add_argument("-p", dest="pidfile", required=True, metavar="pid-file", help="PID lock file")
parser.add_argument("-f", "--format", dest="log_format", choices=known_formats.keys(),
required=True, default='nginx', help="Log file format.")
parser.add_argument("-b", "--blocker", choices=known_blockers.keys(),
required=True, default='iptables', help="Use specific blocker.")
parser.add_argument("--threshold", type=int, default=35, help="Analyzer threshold.")
parser.add_argument("--dry-run", action="store_true", help="Do not block, just notify")
group1 = parser.add_argument_group('Parser parameters.')
mutex_group1 = group1.add_mutually_exclusive_group()
mutex_group1.add_argument("--stdin", dest="stdin", action='store_true', help="Data from stdin")
mutex_group1.add_argument("-l", "--log", dest="log_file", help="Log file to process.")
args = parser.parse_args()
enter_pid_lock(args.pidfile)
try:
# input
if args.stdin:
data_provider = StdInDataProvider()
else:
data_provider = FileDataProvider(args.log_file)
# dry run
dry_run = args.dry_run
# log parser
log_parser = known_formats[args.log_format](data_provider)
# select blocker
blocker = known_blockers[args.blocker]()
# select analyzer, supported only GenericDDoSAnalyzer
analyzer = GenericDDoSAnalyzer(log_parser, threshold=args.threshold)
for attacker_ip in analyzer.attacker_ip_list():
if not dry_run:
blocker.block(attacker_ip)
sys.stdout.write("IP %s blocked.\n" % attacker_ip)
finally:
exit_pid_lock(args.pidfile)
def main():
known_formats = {
'nginx': NginxLogParser
}
known_blockers = {
'apf': ApfBlocker,
'iptables': IPTablesBlocker
}
parser = argparse.ArgumentParser(description='DDoS protection system',
formatter_class=argparse.ArgumentDefaultsHelpFormatter)
parser.add_argument("-p", dest="pidfile", required=True, metavar="pid-file", help="PID lock file")
parser.add_argument("-f", "--format", dest="log_format", choices=known_formats.keys(),
required=True, default='nginx', help="Log file format.")
parser.add_argument("-b", "--blocker", choices=known_blockers.keys(),
required=True, default='iptables', help="Use specific blocker.")
parser.add_argument("--threshold", type=int, default=35, help="Analyzer threshold.")
parser.add_argument("--dry-run", action="store_true", help="Do not block, just notify")
group1 = parser.add_argument_group('Parser parameters.')
mutex_group1 = group1.add_mutually_exclusive_group()
mutex_group1.add_argument("--stdin", dest="stdin", action='store_true', help="Data from stdin")
mutex_group1.add_argument("-l", "--log", dest="log_file", help="Log file to process.")
args = parser.parse_args()
enter_pid_lock(args.pidfile)
try:
# input
if args.stdin:
data_provider = StdInDataProvider()
else:
data_provider = FileDataProvider(args.log_file)
# dry run
dry_run = args.dry_run
# log parser
log_parser = known_formats[args.log_format](data_provider)
# select blocker
blocker = known_blockers[args.blocker]()
# select analyzer, supported only GenericDDoSAnalyzer
analyzer = GenericDDoSAnalyzer(log_parser, threshold=args.threshold)
for attacker_ip in analyzer.attacker_ip_list():
if not dry_run:
blocker.block(attacker_ip)
sys.stdout.write("IP %s blocked.\n" % attacker_ip)
finally:
exit_pid_lock(args.pidfile)
def test_analyze_minilog(self):
minilog = self.TESTLOG_PATH
log_parser = NginxLogParser(FileDataProvider(minilog))
analyzer = GenericDDoSAnalyzer(log_parser, threshold=100)
block_ips = analyzer.attacker_ip_list()
self.assertEqual(5, len(block_ips))
self.assertEqual('77.106.228.178', block_ips[0])
self.assertEqual('190.195.160.2', block_ips[1])
self.assertEqual('89.21.79.68', block_ips[2])
self.assertEqual('46.118.121.72', block_ips[3])
self.assertEqual('201.254.106.234', block_ips[4])