def __init__(self): logger.debug(u"BlackHole App Started") self.setup() self.redis_session_data = None self.build_gui() self.iohanlder = IOHandler()
class Blackhole(object): def __init__(self): logger.debug(u"BlackHole App Started") self.setup() self.redis_session_data = None self.build_gui() self.iohanlder = IOHandler() def setup(self): self.setup = Setup(settings) try: self.refresh_user() except exceptions.ObjectDoesNotExist: logger.error(u"User %s doesn't exist" % self.setup.current_user) self.user = None logger.debug(u"Setup Complete") def refresh_user(self): self.user = models.AppUser.objects.get(username=self.setup.current_user) def build_gui(self): self.gui = Window(self) if not self.user: self.gui.show_notification(u"Unknown user: %s" % self.setup.current_user) db.close_connection() def __str__(self): return u"[auth] user={0.current_user} from={0.source_ip}:{0.source_port} pid={0.pid} session_uuid={0.session_uuid}".format(self.setup) def run(self): logger.info(self) self.gui.start_ui() def get_environments(self): if self.user: return self.user.profile.get_environments() else: return [] def get_user_full_name(self): return self.user.get_full_name() if self.user else u"-" def validate_user(self, host): self.refresh_user() if not self.user.enabled: message = u"The user %s is disabled" % self.user.get_full_name() logger.debug(message) raise Exception(message) else: if self.user.time_range_enabled: now = datetime.now().time().replace(second=0) allow_connection = False if self.user.time_range_enabled_since < now: allow_connection = True if now < self.user.time_range_enabled_to: allow_connection = True else: allow_connection = False else: allow_connection = False if not allow_connection: raise Exception(u"Connections are allowed from %s to %s" % (self.user.time_range_enabled_since, self.user.time_range_enabled_to)) environments = self.user.allowed_environments.all() if environments: if host.environment not in environments: raise Exception(u"Connection to the environment %s is not allowed" % host.environment) def quit(self): logger.debug(u"Quit Application") self.gui.stop_ui() def start_connection(self, host_widget): db.close_connection() if not os.path.isdir(self.setup.log_path): logger.error(u"Logs Path not found") raise Exception(u"Logs Path not found") self.validate_user(host_widget.host_connection.host) session = self.create_session(host_widget) size = self.gui.loop.screen.get_cols_rows() self.gui.pause_screen() try: session.connect(size) except socket.timeout as e: logger.error(u"Connection Failed <{0}> [{1}]".format(e.message, host_widget.host_connection.host.name)) raise Exception(u"Connection Failed <{0}>".format(e.message)) except socket.error as e: logger.error(u"Connection Failed <{0}> [{1}]".format(e, host_widget.host_connection.host.name)) raise Exception(u"Connection Failed <{0}>".format(e)) except Exception as e: logger.error(u"Connection Failed <{0}> [{1}]".format(e, host_widget.host_connection.host.name)) raise Exception(u"Connection Failed <{0}>".format(e)) self.iohanlder.set_log_filename(session.session_log.log_file) self.iohanlder.capture() try: session.start_session() except paramiko.AuthenticationException as e: msg = u"Authentication Failed <{0}>".format(e) logger.error(msg) raise Exception(msg) except Exception as e: msg = u"ERROR <{0}>".format(e) #logger.error(msg) raise Exception(msg) finally: self.iohanlder.restore() def create_session(self, host_widget): logger.debug(u"Creating Session") if host_widget.host_connection.host.CONNECTION_TYPE == models.CONNECTION_TYPE_SSH: try: session = SecureShellSession(self, host_widget.host_connection) except: raise elif host_widget.host_connection.host.CONNECTION_TYPE == models.CONNECTION_TYPE_DB: try: session = DBSession(self, host_widget.host_connection) except: raise else: logger.error(u'Unknown Connection Type') raise Exception(u'Unknown Connection Type') session.session_log = models.SessionLog() session.session_log.session_type = host_widget.host_connection.host.CONNECTION_TYPE session.session_log.user = self.user session.session_log.login_date = datetime.now(pytz.timezone(self.setup.timezone)) session.session_log.session_id = self.setup.session_uuid session.session_log.source_ip = self.setup.source_ip session.session_log.host = host_widget.host_connection.host.name session.session_log.user_identity = host_widget.host_connection.get_connection_user(self.user) session.session_log.log_file = session.session_log.get_log_filename(os.path.join(self.setup.log_path, self.user.username)) logger.debug("session log: %s", session.session_log.log_file) session.session_log.save() return session def session_started_handler(self, session): logger.debug("Start session handler") json_data = {'session_id': str(self.setup.session_uuid), 'host': session.session_log.host, 'session_type': session.session_log.session_type, 'real_user': self.setup.current_user, 'session_user': session.session_log.user_identity, 'source_ip': self.setup.source_ip, 'login_date': str(session.session_log.login_date), 'pid': self.setup.pid, 'id': session.session_log.id} self.redis_session_data = json.dumps(json_data) self.add_to_redis() def session_ended_handler(self, session): logger.debug("Stop session handler") db.close_connection() session.session_log.logout_date = datetime.now(pytz.timezone(self.setup.timezone)) session.session_log.save_duration() session.session_log.save() self.remove_from_redis() def add_to_redis(self): try: redis_server = redis.Redis(self.setup.redis_server) redis_server.sadd(REDIS_SET_NAME, self.redis_session_data) logger.debug("Session added to redis") except redis.exceptions.ConnectionError as e: logger.error("Redis Connection <{0}>".format(e)) raise except Exception as e: logger.error("Redis Unknown <{0}>".format(e)) raise def remove_from_redis(self): try: redis_server = redis.Redis(self.setup.redis_server) redis_server.srem(REDIS_SET_NAME, self.redis_session_data) self.redis_session_data = None logger.debug("Session removed from redis") except redis.exceptions.ConnectionError as e: logger.error("Redis Connection <{0}>".format(e)) raise except Exception as e: logger.error("Redis Unknown <{0}>".format(e)) raise
class Blackhole(object): def __init__(self): logger.debug(u"BlackHole App Started") self.setup() self.redis_session_data = None self.build_gui() self.iohanlder = IOHandler() def setup(self): self.setup = Setup(settings) try: self.refresh_user() except exceptions.ObjectDoesNotExist: logger.error(u"User %s doesn't exist" % self.setup.current_user) self.user = None logger.debug(u"Setup Complete") def refresh_user(self): self.user = models.AppUser.objects.get( username=self.setup.current_user) def build_gui(self): self.gui = Window(self) if not self.user: self.gui.show_notification(u"Unknown user: %s" % self.setup.current_user) db.close_connection() def __str__(self): return u"[auth] user={0.current_user} from={0.source_ip}:{0.source_port} pid={0.pid} session_uuid={0.session_uuid}".format( self.setup) def run(self): logger.info(self) self.gui.start_ui() def get_environments(self): if self.user: return self.user.profile.get_environments() else: return [] def get_user_full_name(self): return self.user.get_full_name() if self.user else u"-" def validate_user(self, host): self.refresh_user() if not self.user.enabled: message = u"The user %s is disabled" % self.user.get_full_name() logger.debug(message) raise Exception(message) else: if self.user.time_range_enabled: now = datetime.now().time().replace(second=0) allow_connection = False if self.user.time_range_enabled_since < now: allow_connection = True if now < self.user.time_range_enabled_to: allow_connection = True else: allow_connection = False else: allow_connection = False if not allow_connection: raise Exception(u"Connections are allowed from %s to %s" % (self.user.time_range_enabled_since, self.user.time_range_enabled_to)) environments = self.user.allowed_environments.all() if environments: if host.environment not in environments: raise Exception( u"Connection to the environment %s is not allowed" % host.environment) def quit(self): logger.debug(u"Quit Application") self.gui.stop_ui() def start_connection(self, host_widget): db.close_connection() if not os.path.isdir(self.setup.log_path): logger.error(u"Logs Path not found") raise Exception(u"Logs Path not found") self.validate_user(host_widget.host_connection.host) session = self.create_session(host_widget) size = self.gui.loop.screen.get_cols_rows() self.gui.pause_screen() try: session.connect(size) except socket.timeout as e: logger.error(u"Connection Failed <{0}> [{1}]".format( e.message, host_widget.host_connection.host.name)) raise Exception(u"Connection Failed <{0}>".format(e.message)) except socket.error as e: logger.error(u"Connection Failed <{0}> [{1}]".format( e, host_widget.host_connection.host.name)) raise Exception(u"Connection Failed <{0}>".format(e)) except Exception as e: logger.error(u"Connection Failed <{0}> [{1}]".format( e, host_widget.host_connection.host.name)) raise Exception(u"Connection Failed <{0}>".format(e)) self.iohanlder.set_log_filename(session.session_log.log_file) self.iohanlder.capture() try: session.start_session() except paramiko.AuthenticationException as e: msg = u"Authentication Failed <{0}>".format(e) logger.error(msg) raise Exception(msg) except Exception as e: msg = u"ERROR <{0}>".format(e) #logger.error(msg) raise Exception(msg) finally: self.iohanlder.restore() def create_session(self, host_widget): logger.debug(u"Creating Session") if host_widget.host_connection.host.CONNECTION_TYPE == models.CONNECTION_TYPE_SSH: try: session = SecureShellSession(self, host_widget.host_connection) except: raise elif host_widget.host_connection.host.CONNECTION_TYPE == models.CONNECTION_TYPE_DB: try: session = DBSession(self, host_widget.host_connection) except: raise else: logger.error(u'Unknown Connection Type') raise Exception(u'Unknown Connection Type') session.session_log = models.SessionLog() session.session_log.session_type = host_widget.host_connection.host.CONNECTION_TYPE session.session_log.user = self.user session.session_log.login_date = datetime.now( pytz.timezone(self.setup.timezone)) session.session_log.session_id = self.setup.session_uuid session.session_log.source_ip = self.setup.source_ip session.session_log.host = host_widget.host_connection.host.name session.session_log.user_identity = host_widget.host_connection.get_connection_user( self.user) session.session_log.log_file = session.session_log.get_log_filename( os.path.join(self.setup.log_path, self.user.username)) logger.debug("session log: %s", session.session_log.log_file) session.session_log.save() return session def session_started_handler(self, session): logger.debug("Start session handler") json_data = { 'session_id': str(self.setup.session_uuid), 'host': session.session_log.host, 'session_type': session.session_log.session_type, 'real_user': self.setup.current_user, 'session_user': session.session_log.user_identity, 'source_ip': self.setup.source_ip, 'login_date': str(session.session_log.login_date), 'pid': self.setup.pid, 'id': session.session_log.id } self.redis_session_data = json.dumps(json_data) self.add_to_redis() def session_ended_handler(self, session): logger.debug("Stop session handler") db.close_connection() session.session_log.logout_date = datetime.now( pytz.timezone(self.setup.timezone)) session.session_log.save_duration() session.session_log.save() self.remove_from_redis() def add_to_redis(self): try: redis_server = redis.Redis(self.setup.redis_server) redis_server.sadd(REDIS_SET_NAME, self.redis_session_data) logger.debug("Session added to redis") except redis.exceptions.ConnectionError as e: logger.error("Redis Connection <{0}>".format(e)) raise except Exception as e: logger.error("Redis Unknown <{0}>".format(e)) raise def remove_from_redis(self): try: redis_server = redis.Redis(self.setup.redis_server) redis_server.srem(REDIS_SET_NAME, self.redis_session_data) self.redis_session_data = None logger.debug("Session removed from redis") except redis.exceptions.ConnectionError as e: logger.error("Redis Connection <{0}>".format(e)) raise except Exception as e: logger.error("Redis Unknown <{0}>".format(e)) raise