Пример #1
0
"""

__version__ = '$Id$'

from rpki.gui.script_util import setup
setup()

import sys

from rpki.gui.app.models import Conf
from rpki.irdb.models import ROARequest, GhostbusterRequest
from rpki.gui.app.glue import list_received_resources

for n in xrange(1, 33):
    username = '******' % n
    print 'removing objects for ' + username
    for cls in (ROARequest, GhostbusterRequest):
        cls.objects.filter(issuer__handle=username).delete()
    conf = Conf.objects.get(handle=username)
    conf.clear_alerts()
    print '... updating resource certificate cache'
    list_received_resources(sys.stdout, conf)

    # Remove delegated resources (see https://trac.rpki.net/ticket/544)
    # Note that we do not remove the parent-child relationship, just the
    # resources.
    for child in conf.children():
        child.asns.delete()
        child.address_ranges.delete()
Пример #2
0
def refresh(request):
    "Query rpkid, update the db, and redirect back to the dashboard."
    glue.list_received_resources(request.META['wsgi.errors'], request.session['handle'])
    return http.HttpResponseRedirect(reverse(dashboard))
Пример #3
0
def notify_expired(expire_days=14, from_email=None):
    """Send email notificates about impending expirations of resource
    and BPKI certificates.

    expire_days: the number of days ahead of today to warn

    from_email: set the From: address for the email
    """

    global expire_time  # so i don't have to pass it around
    global now

    now = datetime.datetime.utcnow()
    expire_time = now + datetime.timedelta(expire_days)

    # this is not exactly right, since we have no way of knowing what the
    # vhost for the web portal running on this machine is
    host = socket.getfqdn()
    if not from_email:
        from_email = 'root@' + host

    # Ensure that the rcynic and routeviews data has been updated recently
    # The QuerySet is created here so that it will be cached and reused on each
    # iteration of the loop below
    t = now - datetime.timedelta(hours=12)  # 12 hours
    stale_timestamps = Timestamp.objects.filter(ts__lte=t)

    # Warn the server admins when data may be out of date
    if stale_timestamps:
        errs = StringIO()
        errs.write('Warning!  Stale data from external sources on host %s.\n' %
                   (host, ))
        errs.write('data source    : last import\n')
        for obj in stale_timestamps:
            errs.write('%-15s: %s\n' % (obj.name, obj.ts))
        errs.write('\n')
        send_mail('stale RPKI data on ' + host, errs.getvalue(), from_email,
                  ['root@' + host])

    # if not arguments are given, query all resource holders
    qs = Conf.objects.all()

    # check expiration of certs for all handles managed by the web portal
    for h in qs:
        # Force cache update since several checks require fresh data
        try:
            list_received_resources(sys.stdout, h)
        except socket.error as e:
            raise NetworkError('Error while talking to rpkid: %s' % e)

        errs = StringIO()

        check_cert(h.handle, h, errs)

        # HostedCA is the ResourceHolderCA cross certified under ServerCA, so
        # check the ServerCA expiration date as well
        check_cert(h.handle, h.hosted_by, errs)
        check_cert(h.handle, h.hosted_by.issuer, errs)

        check_cert_list(h.handle, h.bscs.all(), errs)
        check_cert_list(h.handle, h.parents.all(), errs)
        check_cert_list(h.handle, h.children.all(), errs)
        check_cert_list(h.handle, h.repositories.all(), errs)

        check_expire(h, errs)
        check_child_certs(h, errs)

        # if there was output, display it now
        s = errs.getvalue()
        if s:
            logger.info(s)

            t = """This is an automated notice about the upcoming expiration of RPKI resources for the handle %s on %s.  You are receiving this notification because your email address is either registered in a Ghostbuster record, or as the default email address for the account.\n\n""" % (
                h.handle, host)
            h.send_alert(subject='RPKI expiration notice for %s' % h.handle,
                         message=t + s,
                         from_email=from_email,
                         severity=Alert.WARNING)
Пример #4
0
"""

__version__ = '$Id$'

from rpki.gui.script_util import setup
setup()

import sys

from rpki.gui.app.models import Conf
from rpki.irdb.models import ROARequest, GhostbusterRequest
from rpki.gui.app.glue import list_received_resources

for n in xrange(1, 33):
    username = '******' % n
    print 'removing objects for ' + username
    for cls in (ROARequest, GhostbusterRequest):
        cls.objects.filter(issuer__handle=username).delete()
    conf = Conf.objects.get(handle=username)
    conf.clear_alerts()
    print '... updating resource certificate cache'
    list_received_resources(sys.stdout, conf)

    # Remove delegated resources (see https://trac.rpki.net/ticket/544)
    # Note that we do not remove the parent-child relationship, just the
    # resources.
    for child in conf.children():
        child.asns.delete()
        child.address_ranges.delete()
Пример #5
0
def notify_expired(expire_days=14, from_email=None):
    """Send email notificates about impending expirations of resource
    and BPKI certificates.

    expire_days: the number of days ahead of today to warn

    from_email: set the From: address for the email

    """
    global expire_time  # so i don't have to pass it around
    global now

    now = datetime.datetime.utcnow()
    expire_time = now + datetime.timedelta(expire_days)

    # this is not exactly right, since we have no way of knowing what the
    # vhost for the web portal running on this machine is
    host = socket.getfqdn()
    if not from_email:
        from_email = 'root@' + host

    # Ensure that the rcynic and routeviews data has been updated recently
    # The QuerySet is created here so that it will be cached and reused on each
    # iteration of the loop below
    t = now - datetime.timedelta(hours=12)  # 12 hours
    stale_timestamps = Timestamp.objects.filter(ts__lte=t)

    # Warn the server admins when data may be out of date
    if stale_timestamps:
        errs = StringIO()
        errs.write('Warning!  Stale data from external sources on host %s.\n' % (host,))
        errs.write('data source    : last import\n')
        for obj in stale_timestamps:
            errs.write('%-15s: %s\n' % (obj.name, obj.ts))
        errs.write('\n')
        send_mail('stale RPKI data on ' + host,
                   errs.getvalue(),
                   from_email,
                   ['root@' + host])

    # if not arguments are given, query all resource holders
    qs = Conf.objects.all()

    # check expiration of certs for all handles managed by the web portal
    for h in qs:
        # Force cache update since several checks require fresh data
        try:
            list_received_resources(sys.stdout, h)
        except socket.error as e:
            raise NetworkError('Error while talking to rpkid: %s' % e)

        errs = StringIO()

        check_cert(h.handle, h, errs)

        # HostedCA is the ResourceHolderCA cross certified under ServerCA, so
        # check the ServerCA expiration date as well
        check_cert(h.handle, h.hosted_by, errs)
        check_cert(h.handle, h.hosted_by.issuer, errs)

        check_cert_list(h.handle, h.bscs.all(), errs)
        check_cert_list(h.handle, h.parents.all(), errs)
        check_cert_list(h.handle, h.children.all(), errs)
        check_cert_list(h.handle, h.repositories.all(), errs)

        check_expire(h, errs)
        check_child_certs(h, errs)

        # if there was output, display it now
        s = errs.getvalue()
        if s:
            logger.info(s)

            t = """This is an automated notice about the upcoming expiration of RPKI resources for the handle %s on %s.  You are receiving this notification because your email address is either registered in a Ghostbuster record, or as the default email address for the account.\n\n""" % (h.handle, host)
            h.send_alert(
                subject='RPKI expiration notice for %s' % h.handle,
                message=t + s,
                from_email=from_email,
                severity=Alert.WARNING
            )
Пример #6
0
def refresh(request):
    "Query rpkid, update the db, and redirect back to the dashboard."
    glue.list_received_resources(request.META['wsgi.errors'],
                                 request.session['handle'])
    return http.HttpResponseRedirect(reverse(dashboard))