def _check(data, context, check_function):
# Ensure checkers registration
_load()
is_valid = True
for checker in _checkers:
processed_data = check_function(checker, data, context)
if processed_data is not None:
data = processed_data
else:
attack_config = Config.get_attack_config(checker.get_attack_name())
if attack_config is None:
continue
if attack_config['action'] == 'ids':
Alert.add_alert(alert_type=attack_config['report_type'],
action_taken='LOGGED',
event='Attack %s was found' % checker.get_attack_name())
elif attack_config['action'] == 'ips':
Alert.add_alert(alert_type=attack_config['report_type'],
action_taken='ABORTED',
event='Attack %s was found' % checker.get_attack_name())
is_valid = False
return data if is_valid else None
def get_attack_config(attack_name):
config_json = Config.get_config()
if not config_json.get(Setting.SYSTEM_MODE):
Alert.add_alert(
alert_type='ERROR',
event='Could not find \'system_mode\' on config.json')
return None
elif config_json[Setting.SYSTEM_MODE] == 'no_action':
return None
elif config_json[Setting.SYSTEM_MODE] != 'per_attack':
return {
'action': config_json['system_mode'],
'report_type': 'WARN'
}
elif not config_json.get('attack_types'):
Alert.add_alert(
alert_type='ERROR',
event='Could not find \'attack_types\' on config.json')
return None
else:
for attack_type in config_json['attack_types']:
if attack_type.get('name') == attack_name:
if not attack_type.get('per_attack_action'):
Alert.add_alert(
alert_type='ERROR',
event=
'No \'per_attack_action\' found for \'%s\' on config.json'
% attack_name)
elif not attack_type.get('report_type'):
Alert.add_alert(
alert_type='ERROR',
event=
'No \'report_type\' found for \'%s\' on config.json'
% attack_name)
elif attack_type['per_attack_action'] == 'no_action':
return None
else:
return {
'action': attack_type['per_attack_action'],
'report_type': attack_type['report_type']
}
Alert.add_alert(
alert_type='ERROR',
event='Could not find attack \'%s\' on config.json' %
attack_name)
return None
def accept_incoming_connection(self):
forwarding_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
forwarding_socket.connect(self.remote_address)
client_socket, client_address = self.main_socket.accept()
if forwarding_socket:
Alert.add_alert(event='New Connection: %s, %s' % client_address)
context = {}
self.sockets.append(client_socket)
self.sockets.append(forwarding_socket)
self.channels[client_socket] = {
'socket': forwarding_socket,
'direction': TrafficDirection.inbound,
'context': context
}
self.channels[forwarding_socket] = {
'socket': client_socket,
'direction': TrafficDirection.outbound,
'context': context
}
else:
Alert.add_alert(alert_type='WARN', event='Proxy could not connect to remote, closing client connection')
client_socket.close()
logging.getLogger().setLevel(logging.INFO)
parser = argparse.ArgumentParser(description='Proxy Server')
parser.add_argument('remote_host', type=str)
parser.add_argument('--remote_port', type=int, default=80)
parser.add_argument('--listen_host', type=str, default='localhost')
parser.add_argument('--listen_port', type=int, default=8080)
parser.add_argument('--management-port', type=int, default=5000)
args = parser.parse_args()
server_threads = []
try:
# Preparing proxy thread
event = '[PROXY] Starting to listen on %s:%s' % (args.listen_host, args.listen_port)
logging.info(event)
Alert.add_alert(event=event)
server = ProxyServer(args.listen_host, args.listen_port, args.remote_host, args.remote_port)
server_threads.append(Thread(target=server.start))
# Preparing management thread
event = '[MANAGEMENT] Starting to listen on localhost:%s' % args.management_port
logging.info(event)
Alert.add_alert(event=event)
http_server = HTTPServer(WSGIContainer(rest_api.app))
http_server.listen(args.management_port)
management_server = IOLoop.instance()
server_threads.append(Thread(target=management_server.start))
# Starting allx threads
