def __start_unblocking_thread(self):
self.logger.info("Starting user and IP address unblocking daemon.")
cursor = DatabaseConnection.init_db_connection().cursor()
user_blocker = UserBlocker()
address_blocker = AddressBlocker()
while True:
# self.logger.info("Executing unblocking iteration")
cursor.execute("Select blockingAccount.id, username from blockingAccount "
"join user on user.id = blockingAccount.user_id "
"where date_unblocked < NOW() and status='blocked'")
output = cursor.fetchall()
for item in output:
user_blocker.unblock_user(item[1], item[0])
cursor.execute("Select blockingAddress.id, ip_address from blockingAddress "
"join address on address.id = blockingAddress.ip_address_id "
"where date_unblocked < NOW() and status='blocked'")
output = cursor.fetchall()
for item in output:
address_blocker.unblock_address(item[1], item[0])
time.sleep(15)
def compute_metrics(self):
self.__logger.info("Search for anomalies started.")
__user_blocker = None
__address_blocker = None
connection = DatabaseConnection.init_db_connection()
c = connection.cursor()
c.execute("SELECT userData.id, fail_count, success_count, username "
"from userData "
"join user on user.id = userData.user_id "
"where metric_set=0")
user_data_to_analyse = c.fetchall()
self.__logger.info("User records to recompute: {}".format(c.rowcount))
for record in user_data_to_analyse:
c.execute("UPDATE userData set metric_set=1 where id={}".format(int(record[0])))
fail_count = record[1]
success_count = record[2]
anomaly = Anomaly(success_count, fail_count)
if anomaly.is_valid:
self.__logger.warn("Anomaly detected. Checking if existing anomaly should be updated, or new created.")
c.execute("SELECT id from anomaly where data_id = {} and type=1".format(int(record[0])))
existing_anomaly = c.fetchone()
if existing_anomaly:
self.__logger.info("Updating anomaly.")
self.__update_anomaly(existing_anomaly[0], anomaly, c)
else:
self.__logger.info("Inserting new anomaly.")
self.__insert_anomaly(record[0], anomaly, c, 1)
self.__send_alert(anomaly, record[3])
self.__logger.info("New anomaly data stored. Alert was sent according to level of anomaly")
if anomaly.level == 3 and config.user_blocking_enabled:
if not __user_blocker:
__user_blocker = UserBlocker()
__user_blocker.block_user(record[3])
c.execute("SELECT addressData.id, fail_count, success_count, ip_address "
"from addressData "
"join address on address.id = addressData.ip_address_id "
"where metric_set=0")
ip_data_to_analyse = c.fetchall()
self.__logger.info("Ip records to recompute: {}".format(c.rowcount))
for record in ip_data_to_analyse:
c.execute("UPDATE addressData set metric_set=1 where id={}".format(int(record[0])))
fail_count = record[1]
success_count = record[2]
anomaly = Anomaly(success_count, fail_count)
if anomaly.is_valid:
self.__logger.info("Anomaly detected. Checking if existing anomaly should be updated, or new created.")
c.execute("SELECT id from anomaly where data_id = {} and type=2".format(int(record[0])))
existing_anomaly = c.fetchone()
if existing_anomaly:
self.__logger.info("Updating anomaly.")
self.__update_anomaly(existing_anomaly[0], anomaly, c)
else:
self.__logger.info("Inserting new anomaly.")
self.__insert_anomaly(record[0], anomaly, c, 2)
self.__send_alert(anomaly, record[3])
self.__logger.info("New anomaly data stored. Alert was sent according to level of anomaly")
if anomaly.level == 3 and config.address_blocking_enabled:
if not __address_blocker:
__address_blocker = AddressBlocker()
__address_blocker.block_address(record[3])