from abusehelper.core import events, config sanitizer = config.load_module("sanitizer") class ShadowSinkholeBotSanitizer(sanitizer.Sanitizer): def sanitize(self, event): new = events.Event() new.update("ip", event.values("ip", sanitizer.ip)) new.update("time", event.values("timestamp", sanitizer.time)) new.update("asn", event.values("asn")) new.add("source", "shadowserver") new.add("type", "sinkhole") if not new.contains("ip"): self.log.error("No valid IP for event %r", event) return [] if not new.contains("time"): self.log.error("No valid time for event %r", event) return [] self.log.info("Sinkhole Sanitizer %r", str(event)) return [new] if __name__ == "__main__": ShadowSinkholeBotSanitizer.from_command_line().execute()
import re import socket from abusehelper.core import rules from abusehelper.core.config import relative_path, load_module from abusehelper.core.runtime import Room, Session startup = load_module("startup") class Base(object): prefix = startup.Bot.service_room @classmethod def class_name(cls): return cls.__name__.lower() @classmethod def class_room(cls): return Room(cls.prefix+"."+cls.class_name()+"s") def room(self): return Room(self.prefix+"."+self.class_name()+"."+self.name) # The session pipes yielded here are collected and then run. def runtime(self): yield self.room() | Session("historian") for item in self.main(): yield item def main(self): return []
from abusehelper.core import rules from abusehelper.core.runtime import * from abusehelper.core.config import load_module startup = load_module("startup") class CriticalService(object): prefix = startup.Bot.service_room services = prefix + ".services" def __init__(self, name,**keys): self.name = name for key, value in keys.items(): setattr(self, key, value) def __iter__(self): sources_specific = self.prefix + ".services." + self.name yield (Session(self.name) | Room(sources_specific) | Session(self.name + ".sanitizer") | Room(self.services)) class Bridge(object): prefix = startup.Bot.service_room def __init__(self,name, src, dst): self.name = name self.src = src self.dst = dst
from abusehelper.core import bot, events, utils from idiokit import threado, timer from abusehelper.core.config import load_module id = load_module("../../common/id.py") class PositiumBot(bot.PollingBot): def feed_keys(self, path, **keys): return [path] @threado.stream def poll(inner, self, path): yield timer.sleep(1) self.log.info('Fetching population data from %s.' % path) try: info, fileobj = yield inner.sub(utils.fetch_url(path)) except utils.FetchUrlFailed, fuf: self.log.error("Failed to fetch %s." % path) return except ValueError: try: fileobj = open(path, "r") except IOError: self.log.error("Failed to read %s." % path) return columns = fileobj.readline().rstrip().split(",") try: code = columns.index('"LAU_CODE"')
from abusehelper.core import bot, events, utils from idiokit import threado, timer from abusehelper.core.config import load_module id = load_module("../../common/id.py") class PositiumBot(bot.PollingBot): def feed_keys(self, path, **keys): return [path] @threado.stream def poll(inner, self, path): yield timer.sleep(1) self.log.info('Fetching population data from %s.' % path) try: info, fileobj = yield inner.sub(utils.fetch_url(path)) except utils.FetchUrlFailed, fuf: self.log.error("Failed to fetch %s." % path) return except ValueError: try: fileobj = open(path, "r") except IOError: self.log.error("Failed to read %s." % path) return columns = fileobj.readline().rstrip().split(",") try: code = columns.index('"LAU_CODE"') start = columns.index('"TIME_FROM"')