def create_resources(self):
# Create Dynamo and user
dynamo_allocator = DynamoAllocator()
self.create_table()
dynamo_table = dynamo_allocator.table('Autobahn')
ec2_client = EC2Allocator().client('eu-west-1')
vpc_response = ec2_client.create_vpc(CidrBlock='10.1.0.0/24',
AmazonProvidedIpv6CidrBlock=False,
DryRun=False,
InstanceTenancy='default')
self.vpc_id = vpc_response['Vpc']['VpcId']
ec2_client.create_tags(DryRun=False,
Resources=[self.vpc_id],
Tags=[{
'Key': 'Name',
'Value': "vpc-test"
}])
acl_response = ec2_client.create_network_acl(DryRun=False,
VpcId=self.vpc_id)
self.acl_id = acl_response['NetworkAcl']['NetworkAclId']
entry_response = ec2_client.create_network_acl_entry(
CidrBlock='244.244.244.244/32',
DryRun=False,
Egress=False,
NetworkAclId=self.acl_id,
Protocol='-1',
RuleAction='deny',
RuleNumber=77)
return self.vpc_id, self.acl_id
def test_dynamo_upsert(self):
vpc_id, acl_id = self.create_resources()
ip_hash_map = {'244.244.244.244': 1}
ec2_client = EC2Allocator().client('eu-west-1')
dynamo_allocator = DynamoAllocator()
dynamo_resource = dynamo_allocator.resource()
table = dynamo_resource.Table(get_dynamo_table())
struct_time = datetime.strptime("21/11/06 16:30", "%d/%m/%y %H:%M")
epoch = UTC_time_to_epoch(struct_time)
table.put_item(
Item={
'ip': '244.244.244.244',
'last_seen': epoch,
'times_seen': 1,
'banned': True
})
DynamoUpserter().upsert_ip_in_table(dynamo_resource, '244.244.244.244')
response = table.query(
KeyConditionExpression=Key('ip').eq('244.244.244.244'))
print(response)
assert len(response['Items']) == 1
assert response['Items'][0]['banned'] == False
def test_ipbanner(self):
vpc_id, acl_id = self.create_resources()
datadog_client = DatadogClient()
ip_hash_map = {'244.244.244.244': 1}
ec2_client = EC2Allocator().client('eu-west-1')
dynamo_allocator = DynamoAllocator()
dynamo_resource = dynamo_allocator.resource()
table = dynamo_resource.Table(get_dynamo_table())
struct_time = datetime.strptime("21/11/06 16:30", "%d/%m/%y %H:%M")
epoch = UTC_time_to_epoch(struct_time)
table.put_item(
Item={
'ip': '244.244.244.244',
'last_seen': epoch,
'times_seen': 1,
'banned': False
})
ip_banner = IpBanner(ec2_client, datadog_client)
ip_banner.ban_ip('244.244.244.244', acl_id, 90)
response = table.query(
KeyConditionExpression=Key('ip').eq('244.244.244.244'))
assert response['Items'][0]['banned'] == True
def test_nacl_elector(self):
vpc_id, acl_id = self.create_resources()
ip_hash_map = {'244.244.244.244': 1}
ec2_client = EC2Allocator().client('eu-west-1')
nacl, number = VpcNaclElector(
).get_available_nacl_and_proposed_rulenumber(ec2_client, vpc_id, 100)
print(nacl)
print(acl_id)
assert nacl == self.acl_id
def test_find_vpc(self):
vpc_id = self.create_resources()
ip_hash_map = {
'244.244.244.244': 1
}
ec2_client = EC2Allocator().client('eu-west-1')
retrieved_vpc_id = VpcFinder().get_vpc(ec2_client, 'test')
assert retrieved_vpc_id == self.vpc_id
def tearDown(self):
# Create Dynamo and user
dynamo_allocator = DynamoAllocator()
dynamo_table = dynamo_allocator.table('Autobahn')
ec2_client = EC2Allocator().client('eu-west-1')
try:
acl_response = ec2_client.delete_network_acl(
DryRun=False, NetworkAclId=self.acl_id)
except:
pass
def process(event):
dynamo_db_event = DynamoDBEvent(event)
datadog_client = DatadogClient()
if dynamo_db_event.is_insert_or_update() and TimeDecision.is_recent(dynamo_db_event):
ban_ips = [dynamo_db_event.get_ip()]
for country in get_countries():
region = get_region_from_country(country)
ec2_client = EC2Allocator().client(region_name=region)
vpc = VpcFinder().get_vpc(ec2_client, country)
nacl, proposed_rulenumber = VpcNaclElector(
).get_available_nacl_and_proposed_rulenumber(ec2_client, vpc, get_nacl_rule_limit())
ip_banner = IpBanner(ec2_client=ec2_client, datadog_client=datadog_client)
ip_banner.ban_ips(ban_ips, nacl, proposed_rulenumber, vpc)
def process(event):
dynamo_db_allocator = DynamoAllocator()
dynamo_resource = dynamo_db_allocator.resource()
dynamo_client = dynamo_db_allocator.client()
unbannable_ips = DynamoGetUnbannable().get_unbannables(dynamo_client, dynamo_resource)
for country in get_countries():
region = get_region_from_country(country)
ec2_client = EC2Allocator().client(region_name=region)
ip_unbanner = IpUnbanner(ec2_client=ec2_client)
vpc_id = VpcFinder().get_vpc(ec2_client, country)
nacl, proposed_rulenumber = VpcNaclElector(
).get_available_nacl_and_proposed_rulenumber(ec2_client, vpc_id, 100)
ip_unbanner.unban_ips(unbannable_ips, nacl, vpc_id)
def test_dynamo_upsert(self):
vpc_id, acl_id = self.create_resources()
ip_hash_map = {'244.244.244.244': 1}
ec2_client = EC2Allocator().client('eu-west-1')
dynamo_allocator = DynamoAllocator()
dynamo_resource = dynamo_allocator.resource()
DynamoUpserter().upsert_ip_in_table(dynamo_resource, '244.244.244.244')
table = dynamo_resource.Table(get_dynamo_table())
response = table.query(
KeyConditionExpression=Key('ip').eq('244.244.244.244'))
print(response)
assert len(response['Items']) == 1
def test_record_processer(self):
print(__name__)
vpc_id, acl_id = self.create_resources()
self.cloudwatchfixtures()
record = {'country': 'dev', 'project': 'test'}
ip_hash_map = {'244.244.244.244': 1}
ec2_client = EC2Allocator().client('eu-west-1')
dynamo_allocator = DynamoAllocator()
dynamo_resource = dynamo_allocator.resource()
RecordProcesser().process(record)
table = dynamo_resource.Table(get_dynamo_table())
response = table.query(
KeyConditionExpression=Key('ip').eq('80.253.202.218'))
print(response)
assert len(response['Items']) == 1
def create_resources(self):
# Create Dynamo and user
dynamo_allocator = DynamoAllocator()
dynamo_resource = dynamo_allocator.resource()
self.create_table()
dynamo_table = dynamo_allocator.table('Autobahn')
ec2_client = EC2Allocator().client('eu-west-1')
vpc_response = ec2_client.create_vpc(CidrBlock='10.1.0.0/24',
AmazonProvidedIpv6CidrBlock=False,
DryRun=False,
InstanceTenancy='default')
self.vpc_id = vpc_response['Vpc']['VpcId']
ec2_client.create_tags(DryRun=False,
Resources=[self.vpc_id],
Tags=[{
'Key': 'Name',
'Value': "vpc-test"
}])
acl_response = ec2_client.create_network_acl(DryRun=False,
VpcId=self.vpc_id)
self.acl_id = acl_response['NetworkAcl']['NetworkAclId']
entry_response = ec2_client.create_network_acl_entry(
CidrBlock='244.244.244.244/32',
DryRun=False,
Egress=False,
NetworkAclId=self.acl_id,
Protocol='-1',
RuleAction='deny',
RuleNumber=77)
struct_time = datetime.strptime("21/11/06 16:30", "%d/%m/%y %H:%M")
epoch = UTC_time_to_epoch(struct_time)
table = dynamo_resource.Table('Autobahn')
table.put_item(
Item={
'ip': '244.244.244.244',
'last_seen': epoch - 99100,
'times_seen': 1,
'banned': True
})
return self.vpc_id, self.acl_id
def test_get_unbannables(self):
vpc_id, acl_id = self.create_resources()
ip_hash_map = {'244.244.244.244': 1}
ec2_client = EC2Allocator().client('eu-west-1')
dynamo_allocator = DynamoAllocator()
dynamo_resource = dynamo_allocator.resource()
dynamo_client = dynamo_allocator.client()
table = dynamo_resource.Table(get_dynamo_table())
struct_time = datetime.strptime("21/11/06 16:30", "%d/%m/%y %H:%M")
epoch = UTC_time_to_epoch(struct_time)
table.put_item(
Item={
'ip': '244.244.244.244',
'last_seen': epoch,
'times_seen': 1,
'banned': True
})
unbannables = DynamoGetUnbannable().get_unbannables(
dynamo_client, dynamo_resource)
assert '244.244.244.244' in unbannables
def create_resources(self):
# Create Dynamo and user
dynamo_allocator = DynamoAllocator()
self.create_table()
dynamo_table = dynamo_allocator.table('Autobahn')
ec2_client = EC2Allocator().client('eu-west-1')
vpc_response = ec2_client.create_vpc(CidrBlock='10.1.0.0/24',
AmazonProvidedIpv6CidrBlock=False,
DryRun=False,
InstanceTenancy='default')
self.vpc_id = vpc_response['Vpc']['VpcId']
nacls = ec2_client.describe_network_acls(
Filters=[{
'Name': 'vpc-id',
'Values': [self.vpc_id]
}])
for nacl in nacls['NetworkAcls']:
try:
ec2_client.delete_network_acl(
DryRun=False, NetworkAclId=nacl['NetworkAclId'])
except:
pass
acl_response = ec2_client.create_network_acl(DryRun=False,
VpcId=self.vpc_id)
self.acl_id = acl_response['NetworkAcl']['NetworkAclId']
entry_response = ec2_client.create_network_acl_entry(
CidrBlock='244.244.244.244/32',
DryRun=False,
Egress=False,
NetworkAclId=self.acl_id,
Protocol='-1',
RuleAction='deny',
RuleNumber=77)
return self.vpc_id
def test_unban(self):
vpc_id = self.create_resources()
ip_hash_map = {'244.244.244.244': 1}
ec2_client = EC2Allocator().client('eu-west-1')
ip_unbanner = IpUnbanner(ec2_client)
ip_unbanner.remove_nacl_entry('244.244.244.244', vpc_id)
nacls = ec2_client.describe_network_acls(
Filters=[{
'Name': 'vpc-id',
'Values': [vpc_id]
}, {
'Name': 'entry.cidr',
'Values': ["244.244.244.244/32"]
}])
for nacl in nacls['NetworkAcls']:
cidrs = [x['CidrBlock'] for x in nacl['Entries']]
match_nacl_entry = [
x['RuleNumber'] for x in nacl['Entries']
if x['CidrBlock'] == cidr
]
assert len(match_nacl_entry) == 0
def test_event_processer(self):
print(__name__)
vpc_id, acl_id = self.create_resources()
struct_time = datetime.utcnow()
epoch = UTC_time_to_epoch(struct_time)
record = {'country': 'dev', 'project': 'test'}
ip_hash_map = {'244.244.244.244': 1}
event = {
"eventID": "1",
"eventVersion": "1.0",
"dynamodb": {
"Keys": {
"ip": {
"S": "244.244.244.244"
},
"times_seen": {
"S": "244.244.244.244"
},
"last_seen": {
"N": "{}".format(epoch)
},
"banned": {
"BOOL": False
}
},
"NewImage": {
"ip": {
"S": "244.244.244.244"
},
"times_seen": {
"S": "244.244.244.244"
},
"last_seen": {
"N": "{}".format(epoch)
},
"banned": {
"BOOL": False
}
},
"StreamViewType": "NEW_AND_OLD_IMAGES",
"SequenceNumber": "111",
"SizeBytes": 26
},
"awsRegion": "eu-west-1",
"eventName": "INSERT",
"eventSourceARN": 'testarn',
"eventSource": "aws:dynamodb"
}
ec2_client = EC2Allocator().client('eu-west-1')
dynamo_allocator = DynamoAllocator()
dynamo_resource = dynamo_allocator.resource()
table = dynamo_resource.Table(get_dynamo_table())
table.put_item(
Item={
'ip': '244.244.244.244',
'last_seen': epoch,
'times_seen': 1,
'banned': False
})
EventProcesser().process(event)
response = table.query(
KeyConditionExpression=Key('ip').eq('244.244.244.244'))
datadog_client = DatadogClient()
ip_banner = IpBanner(ec2_client, datadog_client)
assert response['Items'][0]['banned'] == True
assert ip_banner.not_already_banned('244.244.244.244', vpc_id) == False