def update_page(form):
error = None
# action field is not required for some functions, so will not be hard validated
action = form.get('action', DATA.MISSING)
nat_type = form.get('nat_type', None)
if (nat_type in ['DSTNAT', 'SRCNAT']):
if (nat_type == 'DSTNAT'):
error = _dnat_rules(action, form)
elif (nat_type == 'SRCNAT'):
error = _snat_rules(action, form)
else:
return INVALID_FORM, None, None
# updating page data then returning. this is because we need to serve the content with the newly added
# configuration item.
page_data = {
'dmz_dnat_rules': System.nat_rules(),
'local_snat_rules': System.nat_rules(nat_type='SRCNAT')
}
# print(f'RETURNING: {page_data}')
return error, None, page_data
def load_page(form):
logging_settings = load_configuration('logging_client')
log = logging_settings['logging']
# correcting time for configured offset.
time_offset = logging_settings['time_offset']
system_time = System.format_date_time(fast_time())
local_time = System.calculate_time_offset(fast_time())
local_time = System.format_date_time(local_time)
logging_settings = {
'system': system_time,
'local': local_time,
'offset': {
'direction': time_offset['direction'],
'amount': time_offset['amount']
},
'logging': {
'log_levels': [level.title() for level in LOG_LEVELS],
'level': log['level'],
'length': log['length']
}
}
return logging_settings
def load_page(form):
backups_info, current_backups = {}, System.backups()
for backup, c_time in current_backups.items():
c_time = System.calculate_time_offset(c_time)
c_time = System.format_date_time(c_time).split(maxsplit=1)
backups_info[backup] = (c_time[0], c_time[1])
return backups_info
def message(cls, mod_name, mtype, level, message):
date = System.date(string=True)
timestamp = System.format_time(fast_time())
level = cls.convert_level(level)
system_ip = None
# using system/UTC time
# 20140624|19:08:15|EVENT|DNSProxy:Informational|192.168.83.1|*MESSAGE*
message = f'{date}|{timestamp}|{mtype.name}|{mod_name}:{level}|{system_ip}|{message}'
return message.encode('utf-8')
def format_row(row, users):
'''formats database data to be better displayed and managed by front end. will replace
all '_' with ' '. If user is passed in, it will be appended before last_seen.'''
Sys = System()
*entries, last_seen = row
ls_offset = Sys.calculate_time_offset(last_seen)
last_seen = Sys.format_date_time(ls_offset)
if (users is not None):
entries.append(users.get(entries[0], {}).get('name', 'n/a'))
entries.append(last_seen)
return [str(x).lower().replace('_', ' ') for x in entries]
def load_page():
with DBConnector(Log) as ProxyDB:
domain_counts = (
ProxyDB.unique_domain_count(action='blocked'),
ProxyDB.unique_domain_count(action='allowed')
)
request_counts = (
ProxyDB.total_request_count(table='dnsproxy', action='blocked'),
ProxyDB.total_request_count(table='dnsproxy', action='allowed')
)
top_domains = (
('blocked', ProxyDB.dashboard_query_top(5, action='blocked')),
('allowed', ProxyDB.dashboard_query_top(5, action='allowed'))
)
top_countries = {}
for action in ['blocked', 'allowed']:
outbound = ProxyDB.query_geolocation(5, action=action, direction='OUTBOUND')
inbound = ProxyDB.query_geolocation(5, action=action, direction='INBOUND')
top_countries[action] = list(zip_longest(outbound, inbound, fillvalue=''))
inf_hosts = ProxyDB.query_last(5, table='infectedclients', action='all')
intstat = Interface.bandwidth()
uptime = System.uptime()
cpu = System.cpu_usage()
ram = System.ram_usage()
dns_servers = System.dns_status()
mod_status = {}
for svc in ['dns-proxy', 'ip-proxy', 'ips', 'dhcp-server']:
status = Services.status(f'dnx-{svc}')
mod_status[svc.replace('-', '_')] = status
dashboard = {
'domain_counts': domain_counts, 'dc_graph': _calculate_graphic(domain_counts),
'request_counts': request_counts, 'rc_graph': _calculate_graphic(request_counts),
'top_domains': top_domains, 'top_countries': top_countries,
'infected_hosts': inf_hosts,
'interfaces': intstat, 'uptime': uptime, 'cpu': cpu,
'ram': ram, 'dns_servers': dns_servers, 'module_status': mod_status
}
return dashboard
def load_page(form):
whitelist = load_configuration('whitelist')
for info in whitelist['time_based'].values():
st_offset = System.calculate_time_offset(info['time'])
info['time'] = System.format_date_time(st_offset)
whitelist_settings = {
'time_based': whitelist['time_based'],
'pre_proxy': whitelist['pre_proxy'],
'ip_bypass': whitelist['ip_bypass']
}
return whitelist_settings
def message(self, system_ip, module, msg_type, msg_level, message):
epoch = time.time()
date = ''.join(self.System.date())
timestamp = System.format_time(epoch)
msg_type = self._convert_type(msg_type)
msg_level = self._convert_level(msg_level)
# using system/UTC time
# 20140624|19:08:15|EVENT|DNSProxy:Informational|192.168.83.1|*MESSAGE*
message = f'{date}|{timestamp}|{msg_type}|{module}:{msg_level}|{system_ip}|{message}'
return message.encode('utf-8')
def geo_input(self, _, log):
month = ','.join(System.date()[:2])
# if this is the first time this country has been seen in the current month, it will be inserted with
# counts zerod out
if not self._geo_entry_check(log, month):
self._c.execute(f'insert into geolocation values (?, ?, ?, ?, ?)',
(month, log.country, log.direction, 0, 0))
# incremented count of the actions specified in the log.
self._c.execute(
f'update geolocation set {log.action}={log.action}+1 where month=? and country=? and direction=?',
(month, log.country, log.direction))
def load_page(form):
dhcp_server = load_configuration('dhcp_server')
dhcp_settings = dhcp_server['interfaces']
leases = []
for ip, (status, handout_time, mac, hostname) in dhcp_server['leases'].items():
# ensuring only leased status entries get included
if (status != -4): continue
offset_time = System.calculate_time_offset(handout_time)
handout_time = System.format_date_time(offset_time)
leases.append((ip, handout_time, mac_str(mac), hostname))
leases.sort()
dhcp_settings.update({
'reservations': [(mac_str(mac), info) for mac, info in dhcp_server['reservations'].items()],
'leases': leases
})
return dhcp_settings
def organize(self):
# print('[+] Starting organize operation.')
log_entries = []
date = str_join(System.date())
for module in self._log_modules:
module_entries = self._combine_logs(module, date)
if (module_entries):
log_entries.extend(module_entries)
sorted_log_entries = sorted(log_entries)
if (sorted_log_entries):
self._write_combined_logs(sorted_log_entries, date)
del log_entries # to reclaim system memory
def get_log_entries(file_path):
log_files = reversed(sorted(os.listdir(file_path))[:-1])
temp_logs = []
for file in log_files:
temp_logs.extend(tail_file(f'{file_path}/{file}', line_count=100))
if len(temp_logs) >= 100:
break
combined_logs = []
combined_logs_append = combined_logs.append
for log_entry in temp_logs[:100]:
# skipping over empty lines.
if not log_entry.strip('\n'): continue
epoch, *log_entry = log_entry.split('|', 3)
date_time = System.calculate_time_offset(int(epoch))
date_time = System.format_log_time(date_time)
combined_logs_append((date_time, *log_entry))
return combined_logs
def _clear_ip_tables(self):
expired_hosts = System.ips_passively_blocked(
block_length=self.IPS.block_length)
if (not expired_hosts):
return
with IPTablesManager() as iptables:
for host, timestamp in expired_hosts:
iptables.proxy_del_rule(host,
timestamp,
table='raw',
chain='IPS')
# removing host from ips tracker/ suppression dictionary
self.IPS.fw_rules.pop(IPv4Address(host),
None) # should never return None
def query_geolocation(self, count, *, action, direction):
month = ','.join(System.date()[:2])
# adds an extra space to results for 'NONE' which is more common than normal since the geolocation db is not yet complete
count += 1
self._c.execute(
f'select country, {action} from geolocation where month=? and direction=? '
f'order by {action} desc limit {count}', (month, direction))
# filtering out entries with no hits in the specified action. if those are returned, they have hits on the
# opposite action. currently filtering out 'NONE' since the geolocation database is not yet complete.
return [
x[0].replace('_', ' ') for x in self._c.fetchall()
if x[1] and x[0] != 'NONE'
]
def _calculate_times(self):
restriction_start, restriction_length, offset = self._load_restriction(
)
now = fast_time() + offset
c_d = [int(i) for i in System.date(now)] # current date
r_start = [int(i) for i in restriction_start.split(':')]
restriction_start = datetime(c_d[0], c_d[1], c_d[2], r_start[0],
r_start[1]).timestamp()
restriction_end = restriction_start + restriction_length
if (self.is_active):
restriction_end = load_configuration('ip_proxy_timer')['end']
else:
self._write_end_time(restriction_end)
return restriction_start, restriction_end, now
def load_page():
return {
'dmz_dnat_rules': System.nat_rules(),
'local_snat_rules': System.nat_rules(nat_type='SRCNAT')
}
def _load_passive_blocking(self):
self.IPS.fw_rules = dict(System.ips_passively_blocked())
def load_page(form):
ips = load_configuration('ips.json')
passive_block_ttl = ips['passive_block_ttl']
ids_mode = ips['ids_mode']
# ddos settings
ddos_enabled = ips['ddos']['enabled']
tcp_src_limit = ips['ddos']['limits']['source']['tcp']
udp_src_limit = ips['ddos']['limits']['source']['udp']
icmp_src_limit = ips['ddos']['limits']['source']['icmp']
ddos_settings = {
'enabled': ddos_enabled,
'tcp': tcp_src_limit,
'udp': udp_src_limit,
'icmp': icmp_src_limit
}
# converting standard timestamp to front end readable string format
passively_blocked_hosts = []
pbh = System.ips_passively_blocked()
for host, timestamp in pbh:
passively_blocked_hosts.append(
(host, timestamp, System.offset_and_format(timestamp)))
# portscan settings
portscan_prevention = ips['port_scan']['enabled']
portscan_reject = ips['port_scan']['reject']
portscan_settings = {
'enabled': portscan_prevention,
'reject': portscan_reject
}
# ips host/ configured dns server whitelist
ip_whitelist = ips['whitelist']['ip_whitelist']
dns_server_whitelist = ips['whitelist']['dns_servers']
ips_enabled = ddos_enabled or portscan_prevention
# TODO: clean this shit up.
tcp_nat = ips['open_protocols']['tcp']
udp_nat = ips['open_protocols']['udp']
nats_configured = tcp_nat or udp_nat
ddos_notify = False if ddos_enabled or nats_configured else True
ps_notify = False if portscan_prevention or nats_configured else True
ips_settings = {
'enabled': ips_enabled,
'length': passive_block_ttl,
'ids_mode': ids_mode,
'ddos': ddos_settings,
'port_scan': portscan_settings,
'ddos_notify': ddos_notify,
'ps_notify': ps_notify,
'ip_whitelist': ip_whitelist,
'dns_server_whitelist': dns_server_whitelist,
'passively_blocked_hosts': passively_blocked_hosts
}
return ips_settings