def _unblock(self):
for li in DB_Conn("ddos").select("select target,connections from block where time <= now() - %s" % (self.avr['blockTimeIP'])):
self._unblock_act(li['target'])
try:
DB_Conn("ddos").delete("delete from block where target = '%s'" % li['target'])
except Exception, e:
save_log('ERROR',"'CC_unblock' Exception: %s" %(e))
def _block(self, ttls):
print ttls
if self.avr['montInterface']:
ttls.insert(2, self.avr['montInterface'])
else:
ttls.insert(2, "")
json_body = [{
"measurement": "block_ttl",
"tags": {
"ttl": ttls[0],
"interface": ttls[2]
},
"fields": {
"counts": float(ttls[1])
}
}]
if str(self.avr['monlisten']) == "false":
try:
if not list(
DB_Conn('ddos').select(
"select * from block_ttl where ttl = '%s'" %
ttls[0])):
DB_Conn('ddos').insert(json_body)
self._block_act(ttls)
if self.avr['adminEmail']:
self._sendmail(ttls)
except Exception, e:
save_log('ERROR', "'Sniff_block' Exception: %s" % (e))
def _unblock(self):
for li in DB_Conn("ddos").select(
"select * from block_ttl where time <= now() - %s" %
(self.avr['blockTimeTTL'])):
self._unblock_act([li['ttl'], li['counts'], li['interface']])
try:
DB_Conn("ddos").delete(
"delete from block_ttl where ttl = '%s'" % li['ttl'])
except Exception, e:
save_log('ERROR', "'Sniff_unblock' Exception: %s" % (e))
def _dstat(self):
net = Dstat().net()
load = Dstat().loadavg()
json_body = [{
"measurement": "dstat",
"tags": {"1m":load['1m'],"recv":net['recv']},
"fields":{"1m":load['1m'], "5m":load['5m'], "15m":load['15m'], "recv":net['recv'], "send":net['send']}
}]
try:
if not list(DB_Conn("system").select("select * from dstat where time >= now() - 1m")):
DB_Conn("system").insert(json_body)
except Exception, e:
save_log('ERROR',"'CC_dstat' Exception: %s" %(e))
def _block(self, ips):
json_body = [{
"measurement": "block",
"tags": {"target":ips[1], "locaddr":ips[2], "port":ips[3]},
"fields":{"connections":float(ips[0])}
}]
if str(self.avr['monlisten']) == "false":
try:
if not list(DB_Conn('ddos').select("select * from block where target = '%s'" % ips[1])):
DB_Conn('ddos').insert(json_body)
self._block_act(ips)
if self.avr['adminEmail']:
self._sendmail(ips)
except Exception, e:
save_log('ERROR',"'CC_block' Exception: %s" %(e))
def _collect_current(self, data):
if len(data)>0:
for line in data.strip().split("\n"):
line = line.strip().split(' ')
if int(line[0]) < 1:
continue
json_body = [{
"measurement":"current",
"tags":{"foreaddr":line[3], "locaddr":line[1], "port":line[2], "state":line[4]},
"fields":{"connections":int(line[0])}
}]
try:
if not list(DB_Conn("connect").select("select * from current where foreaddr = '%s' and time >= now() - 1m" % line[3])):
DB_Conn("connect").insert(json_body)
except Exception, e:
save_log('ERROR',"'CC_collect_current' Exception: %s" %(e))
def _reblock_act(self):
try:
d = commands.getoutput("/sbin/iptables -nL INPUT|grep ^DROP|awk '{print $4}'")
for li in DB_Conn("ddos").select("select target,connections from block"):
if not li['target'] in d.split('\n'):
os.system('/sbin/iptables -I INPUT -s %s -j DROP' % li['target'])
save_log('REBL','%s reload in iptables Success.' % li['target'])
except Exception,e:
save_log('ERROR',"'CC_reblock_act' Exception: %s" %(e))
def _reblock_act(self):
try:
d = commands.getoutput(
"/sbin/iptables -nL INPUT|grep ^DROP|awk '{print $NF}'")
for li in DB_Conn("ddos").select("select * from block_ttl"):
if not li['ttl'] in d.split('\n'):
if not li['interface']:
os.system(
'/sbin/iptables -I INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m ttl --ttl-eq %s -j DROP'
% li['ttl'])
else:
os.system(
'/sbin/iptables -I INPUT -i %s -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m ttl --ttl-eq %s -j DROP'
% (li['interface'], li['ttl']))
save_log('REBL',
'TTL:%s reload in iptables Success.' % li['ttl'])
except Exception, e:
save_log('ERROR', "'Sniff_reblock_act' Exception: %s" % (e))