예제 #1
0
def main():
    """Main controller"""
    init_logging(nav.buildconf.localstatedir + "/log/arnold/t1000.log")
    LOGGER.info("Starting t1000")

    # Fetch all mac-addresses that we have detained, check if they are
    # active somewhere else. As NAV collects arp and cam data periodically,
    # we need to give one hour slack to ensure data is correct.

    identities = Identity.objects.filter(
        last_changed__lte=datetime.now() - timedelta(hours=1),
        status__in=['disabled', 'quarantined'])

    if len(identities) <= 0:
        LOGGER.info("No detained ports in database where lastchanged > 1 "
                    "hour.")
        sys.exit(0)

    for identity in identities:
        LOGGER.info("%s is %s, checking for activity"
                    % (identity.mac, identity.status))
        try:
            candidate = find_computer_info(identity.mac)
        except NoDatabaseInformationError, error:
            LOGGER.info(error)
            continue

        # If this mac-address is active behind another port, block it.
        if candidate.endtime > datetime.now():
            if candidate.interface == identity.interface:
                LOGGER.info('Active on detained interface, will not pursue')
            else:
                pursue(identity, candidate)
        else:
            LOGGER.info("%s is not active." % candidate.mac)
예제 #2
0
파일: start_arnold.py 프로젝트: hmpf/nav
def detain(address, profile, comment=''):
    """Detain address with the given profile"""
    _logger.debug("Trying to detain %s", address)

    username = getpass.getuser()
    candidate = find_computer_info(address)

    if profile.active_on_vlans and not is_inside_vlans(
            candidate.ip, profile.active_on_vlans):
        _logger.error(
            "%s is not inside defined vlanrange for this predefined "
            "detention",
            address,
        )
        return

    duration = find_duration(candidate, profile)

    if profile.detention_type == 'disable':
        disable(candidate, profile.justification, username, comment, duration)
    else:
        quarantine(
            candidate,
            profile.quarantine_vlan,
            profile.justification,
            username,
            comment,
            duration,
        )

    return address
예제 #3
0
파일: t1000.py 프로젝트: Cloudxtreme/nav
def main():
    """Main controller"""
    init_logging(nav.buildconf.localstatedir + "/log/arnold/t1000.log")
    LOGGER.info("Starting t1000")

    # Fetch all mac-addresses that we have detained, check if they are
    # active somewhere else. As NAV collects arp and cam data periodically,
    # we need to give one hour slack to ensure data is correct.

    identities = Identity.objects.filter(
        last_changed__lte=datetime.now() - timedelta(hours=1),
        status__in=['disabled', 'quarantined'])

    if len(identities) <= 0:
        LOGGER.info("No detained ports in database where lastchanged > 1 "
                    "hour.")
        sys.exit(0)

    for identity in identities:
        LOGGER.info("%s is %s, checking for activity" %
                    (identity.mac, identity.status))
        try:
            candidate = find_computer_info(identity.mac)
        except NoDatabaseInformationError, error:
            LOGGER.info(error)
            continue

        # If this mac-address is active behind another port, block it.
        if candidate.endtime > datetime.now():
            if candidate.interface == identity.interface:
                LOGGER.info('Active on detained interface, will not pursue')
            else:
                pursue(identity, candidate)
        else:
            LOGGER.info("%s is not active." % candidate.mac)
예제 #4
0
def detain(address, profile, comment=''):
    """Detain address with the given profile"""
    LOGGER.debug("Trying to detain %s" % address)

    username = getpass.getuser()
    candidate = find_computer_info(address)

    if profile.active_on_vlans and not is_inside_vlans(
            candidate.ip, profile.active_on_vlans):
        LOGGER.error(
            "%s is not inside defined vlanrange for this predefined "
            "detention" % address)
        return

    duration = find_duration(candidate, profile)

    if profile.detention_type == 'disable':
        disable(candidate, profile.justification, username, comment, duration)
    else:
        quarantine(candidate, profile.quarantine_vlan, profile.justification,
                   username, comment, duration)

    return address