def do_route(self, paras): try: args = paras.strip().split() if utils.get_device_type() == 1 or utils.get_device_type( ) == 5 or utils.get_device_type() == 11: print u"此设备不支持添加和删除路由" return if len(args) != 5: print u"输入参数数目不合法, 请参考帮助文档" return if args[4].lower() != "mgmt" and args[4].lower( ) != "mta" and args[4].lower() != "br0": print u"输入的网卡参数不合法, 应为mgmt/mta/br0中的一项" return if args[4].lower() == "mta": device_nic = "eth1" elif args[4].lower() == "br0": device_nic = "br0" else: device_nic = "eth0" if args[0] == "add-static": info = _set_route_info("static", "add", destination=args[1], netmask=args[2], gateway=args[3], device=device_nic) print info if info != "" else u"添加静态路由失败, 请联系技术支持人员" return elif args[0] == "del-static": info = _set_route_info("static", "del", destination=args[1], netmask=args[2], gateway=args[3], device=device_nic) print info if info != "" else u"删除静态路由失败, 请联系技术支持人员" return if args[0] == "add-policy": info = _set_route_info("policy", "add", destination=args[1], netmask=args[2], gateway=args[3], device=device_nic) print info if info != "" else u"添加策略路由失败, 请联系技术支持人员" return elif args[0] == "del-policy": info = _set_route_info("policy", "del", destination=args[1], netmask=args[2], gateway=args[3], device=device_nic) print info if info != "" else u"删除策略路由失败, 请联系技术支持人员" return else: print u"输入不合法, 请参考帮助文档" except Exception, e: print u"执行命令失败, 请联系技术支持人员。错误内容: " + e.message
def train(): train_set = torchvision.datasets.FashionMNIST( root='./data/FashionMNIST', train=True, download=True, transform=transforms.Compose([ transforms.ToTensor() ]) ) params = OrderedDict( lr=[0.01, 0.001], batch_size=[100, 1000], shuffle=[True, False], num_workers=[2] ) runManager = RunManager() for run in RunBuilder.get_runs(params): network = finalModel() loader = DataLoader( train_set, batch_size=run.batch_size, shuffle=run.shuffle, num_workers=run.num_workers) optimizer = optim.Adam(network.parameters(), lr=run.lr) runManager.begin_run(run, network, loader) for epoch in range(10): runManager.begin_epoch() for batch in loader: images, labels = batch # support computation based on device type images = images.to(get_device_type()) labels = labels.to(get_device_type()) preds = network(images) loss = F.cross_entropy(preds, labels) optimizer.zero_grad() loss.backward() optimizer.step() runManager.track_loss(loss) runManager.track_num_correct(preds, labels) runManager.end_epoch() runManager.end_run() runManager.save('results')
def _get_interface_info(): client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT) resp = json.loads(client.get_information(["interfaces"])) if resp["responseCode"] != 200: return "" else: ret = "名称\tip地址\t\t状态\t模式\t速度\t双工模式\n" interfaces = resp["interfaces"] for interface in interfaces: eth = str(interface["device"]) if (utils.get_device_type() == 1 or utils.get_device_type() == 5 or utils.get_device_type() == 11) and eth != "eth0": continue if eth == "eth0": ret += "Mgmt\t" elif eth == "eth1": ret += "MTA\t" elif eth == "eth2": ret += "P1\t" elif eth == "eth3": ret += "P2\t" elif eth == "br0": ret += "BR0\t" else: ret += "Other\t" if str(interface["ip"]) == "": ret += "\t\t" else: ret += str(interface["ip"]) + "\t" status = str(interface["action"]) if status == "enable": ret += "已连接\t" else: ret += "未连接\t" mode = str(interface["role"]) if mode == "monitoring": ret += "监控\t" elif mode == "bridge": ret += "桥接\t" else: ret += "网络\t" if not "unknown" in interface["speed"].lower(): ret += str(interface["speed"]) + "\t" ret += str(interface["duplex"]) + "\n" else: ret += "\t\n" return ret
def _get_backup_networking_files(tmp_folder): ''' Get networking files need to be backup :param tmp_folder: files wiil be stored into tmp_folder :return: file name list that will be backup ''' # get networking files of backup ret_files = [] # backup hostname info into redis bk_hostname = _get_hostname() if bk_hostname != "": utils.app_command("echo %s > /tmp/hostname.backup" % _get_hostname()) utils.app_command_quiet("sudo cp /tmp/hostname.backup " + tmp_folder + "/") ret_files.append("hostname.backup") utils.app_command_quiet("sudo cp /etc/network/interfaces " + tmp_folder + "/") utils.app_command_quiet("sudo chmod 777 " + tmp_folder + "/interfaces") ret_files.append("interfaces") utils.app_command_quiet("sudo cp /etc/resolv.conf " + tmp_folder + "/") utils.app_command_quiet("sudo chmod 777 " + tmp_folder + "/resolv.conf") ret_files.append("resolv.conf") # if UCSG, also return pbr files device_type = utils.get_device_type() if device_type == 2 or device_type == 6 or device_type == 13: dir_path = "/opt/skyguard/www/app" for f in os.listdir(dir_path): if isfile(join(dir_path, f)) and f.find("pbr-") != -1: shutil.copy(join(dir_path, f), tmp_folder + "/") ret_files.append(f) return ret_files
def do_date(self, paras): ''' date <yyyymmdd> 更新日期 e.g. date 20160630 ''' try: args = paras.strip().split() if utils.get_device_type() != 1: print u"此设备不支持更新日期" return if len(args) != 1: print u"输入参数数目不合法, 请参考帮助文档" return date_str = utils.get_str_match_filter( r'(?<!\d)(?:(?:(?:1[6-9]|[2-9]\d)?\d{2})(?:(?:(?:0[13578]|1[02])31)|(?:(?:0[1,3-9]|1[0-2])(?:29|30)))|(?:(?:(?:(?:1[6-9]|[2-9]\d)?(?:0[48]|[2468][048]|[13579][26])|(?:(?:16|[2468][048]|[3579][26])00)))0229)|(?:(?:1[6-9]|[2-9]\d)?\d{2})(?:(?:0?[1-9])|(?:1[0-2]))(?:0?[1-9]|1\d|2[0-8]))(?!\d)', args[0]) if date_str == "" or len(date_str) != 8: print u"输入日期格式不合法, 格式应为yyyymmdd" return else: new_date = args[0][:4] + '-' + args[0][4:6] + '-' + args[0][-2:] ret = _set_time_info(data={"date": new_date}) print ret if ret != "" else u"更新日期失败, 请联系技术支持人员" except Exception, e: print u"执行命令失败, 请联系技术支持人员。错误内容: " + e.message
def begin_run(self, run, network, loader): self.run_start_time = time.time() self.run_params = run self.run_count += 1 self.network = network self.loader = loader self.tb = SummaryWriter(comment=f'-{run}') images, labels = next(iter(self.loader)) images = images.to(get_device_type()) labels = labels.to(get_device_type()) grid = make_grid(images) self.tb.add_image('images', grid) self.tb.add_graph(self.network, images)
def _remove_backup_networking_files(tmp_folder): os.unlink(tmp_folder + "/interfaces") os.unlink(tmp_folder + "/resolv.conf") device_type = utils.get_device_type() if os.path.exists(tmp_folder + "/hostname.backup"): os.unlink(tmp_folder + "/hostname.backup") if device_type == 2 or device_type == 6 or device_type == 13: only_files = [ f for f in listdir(tmp_folder) if isfile(join(tmp_folder, f)) ] for f in only_files: if f.find("pbr-") != -1: os.unlink(join(tmp_folder, f))
def __init__(self): super(finalModel, self).__init__() device_type = get_device_type() self.conv1 = nn.Conv2d(in_channels=1, out_channels=6, kernel_size=5).to(device=device_type) self.conv2 = nn.Conv2d(in_channels=6, out_channels=12, kernel_size=5).to(device=device_type) self.fc1 = nn.Linear(in_features=12 * 4 * 4, out_features=120).to(device=device_type) self.fc2 = nn.Linear(in_features=120, out_features=60).to(device=device_type) self.out = nn.Linear(in_features=60, out_features=10).to(device=device_type)
def do_register(self, paras): ''' register <UCSS_IP> 注册当前设备至UCSS UCSS设备无法使用此命令 ''' if utils.get_device_type() == 1: print u'UCSS设备无法使用register命令' return try: args = paras.strip().split() if len(args) != 1: print u"输入参数数目不合法, 请参考帮助文档" return if utils.get_ipAddr(args[0]) == "": print u"输入IP地址不合法, 请重新输入" return ret = os.system("/opt/skyguard/www/app/register.py %s" % args[0]) except Exception, e: print u"执行命令失败, 请联系技术支持人员。错误内容: " + e.message return
def do_time(self, paras): ''' time <hh:mm:ss> 更新时间 e.g. time 18:30:00 ''' try: args = paras.strip().split() if utils.get_device_type() != 1: print u"此设备不支持更新时间" return if len(args) != 1: print u"输入参数数目不合法, 请参考帮助文档" return time_str = utils.get_str_match_filter( r'^(?:(?:([01]?\d|2[0-3]):)?([0-5]?\d):)?([0-5]?\d)$', args[0]) if time_str == "": print u"输入时间格式不合法, 格式应为hh:mm:ss" return else: ret = _set_time_info(data={"time": args[0]}) print ret if ret != "" else u"更新时间失败, 请联系技术支持人员" except Exception, e: print u"执行命令失败, 请联系技术支持人员。错误内容: " + e.message
def _restore_appliance(app_filename): tmp_folder = tempfile.mkdtemp(prefix="backup.", dir="/tmp") (ret, output) = utils.app_command("tar xfvz %s -C %s" % (app_filename, tmp_folder)) current_path = os.getcwd() os.chdir(tmp_folder) app_filename = os.path.basename(app_filename) device_type = utils.get_device_type() # copy networking files to some place, _post_restore will use them cur_dir = os.getcwd() if os.path.exists(cur_dir + "/interfaces"): shutil.rmtree(temp_dir_networking, ignore_errors=True) os.makedirs(temp_dir_networking) utils.app_command_quiet("cp interfaces " + temp_dir_networking) utils.app_command_quiet("cp resolv.conf " + temp_dir_networking) utils.app_command_quiet("cp hostname.backup " + temp_dir_networking) if device_type == 2 or device_type == 6 or device_type == 13: utils.app_command_quiet("cp pbr-* " + temp_dir_networking) # restore hostname if os.path.exists(cur_dir + "/hostname.backup"): utils.app_command_quiet("cp hostname.backup " + temp_dir_networking) _restore_hostname(temp_dir_networking + "/hostname.backup") #restore pcap config file if device_type == 2: has_file = False for bro_cfg in bro_backup_filelist: if os.path.isfile(os.path.basename(bro_cfg)): has_file = True shutil.copy(os.path.basename(bro_cfg), bro_cfg) common_bro_rep_str = 'redef snaplen = 32768;\\nconst store_disk_length = 4096 \\&redef;\\nconst ftp_capture_max_file_size =100000000 \\&redef;\\nconst smb_capture_max_file_size =100000000 \\&redef;\\nconst http_capture_max_file_size =100000000 \\&redef;\\nconst smtp_capture_max_file_size =100000000 \\&redef;\\nconst imap_capture_max_file_size =100000000 \\&redef;\\nconst pop3_capture_max_file_size =100000000 \\&redef;' os.system( "sed -i ':a;N;$!ba;s/\\(.*\\)redef snaplen = 32768;\\(.*\\)/\\1%s\\2/' /usr/local/bro/share/bro/policy/protocols/spe-common/common.bro" % (common_bro_rep_str)) if has_file == True: device_mode = utils.get_device_work_mode() current_mode = utils.get_monitor_mode() restore_mode = utils.get_monitor_mode() if device_mode == 1 and not current_mode == restore_mode: utils.logger("Restore monitor mode to %s" % restore_mode) utils.app_command( "/opt/skyguard/www/app/device_work_mode.py switch force") if device_type == 2 or device_type == 4 or device_type == 6 or device_type == 8: #Restore iptables, ebtables first - in case device work doesn't change which will not refresh these tables for bk_file in app_backup_filelist: if (device_type == 4 or device_type == 8) and "ebtables" in bk_file: continue if os.path.isfile(os.path.basename(bk_file)): shutil.copy(os.path.basename(bk_file), bk_file) device_mode = utils.get_device_work_mode() # Flush ebtables if device_type == 2 or device_type == 6 and device_mode != 4: # device mode is not proxy mode utils.app_command_quiet("/sbin/ebtables -t broute -F") utils.app_command_quiet( "/bin/sh /opt/skyguard/www/app/ebtables-rules-%d" % int(device_mode)) utils.app_command_quiet( "/sbin/iptables-restore < /opt/skyguard/www/app/iptables-rules-%d" % int(device_mode)) app_restore = app_filename.replace(".tar.gz", ".conf") with open(app_restore) as config_data: config = json.load(config_data) monitor_mode = utils.get_monitor_mode() agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT) # restore device work mode if config.has_key("device_work_mode"): device_work_mode = config["device_work_mode"] device_type = utils.get_device_type() if device_type == 2 or device_type == 6: res = agent_client.set_information( {"device_work_mode": device_work_mode}) res_json = json.loads(res) if res_json["responseCode"] != 200: utils.app_logger("Restore device_work_mode encounter error", "error") return False if device_work_mode == 1: utils.app_command( "sudo /opt/skyguard/www/app/device_work_mode.py switch %s" % monitor_mode) # restore protocol settings device_work_mode = utils.get_device_work_mode() if config.has_key("protocol"): utils.app_conf_write({"protocol": config["protocol"]}) if device_work_mode == 1 and monitor_mode == "pcap" and config[ "protocol"].has_key("netObject"): try: res = agent_client.set_protocol_settings( "netObject", config["protocol"]["netObject"]) except httplib.HTTPException: agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT) res = agent_client.set_protocol_settings( "netObject", config["protocol"]["netObject"]) #restore pcap file in swg if device_type == 6: for bro_cfg in bro_backup_filelist_swg: if os.path.isfile(os.path.basename(bro_cfg)): shutil.copy(os.path.basename(bro_cfg), bro_cfg) # if bro run ,restart ret = os.system( "ps -ef |grep /usr/local/bro/bin/bro |grep -v grep > /dev/null 2>&1" ) if ret == 0: os.system("/usr/local/bro/bin/broctl deploy > /dev/null 2>&1") import time time.sleep(1) # restore global bypass if config.has_key("globalbypass"): res = utils.app_conf_write({"globalbypass": config["globalbypass"]}) #restore exception list if config.has_key("exception"): res = utils.app_conf_write({"exception": config["exception"]}) # restore backup settings if config.has_key("backup_settings"): backup_settings = config["backup_settings"] try: res = agent_client.set_backup_settings(backup_settings) except httplib.HTTPException: agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT) res = agent_client.set_backup_settings(backup_settings) res_json = json.loads(res) if res_json["responseCode"] != 200: utils.app_logger("Restore backup_settings encounter error", "error") return False # restore snmp settings if config.has_key("snmp_settings"): snmp_settings = config["snmp_settings"] try: res = agent_client.set_information( {"snmp_settings": snmp_settings}) except httplib.HTTPException: agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT) res = agent_client.set_information( {"snmp_settings": snmp_settings}) res_json = json.loads(res) if res_json["responseCode"] != 200: utils.app_logger("Restore snmp_settings encounter error", "error") return False # restore device time info if config.has_key("device_time_info"): device_time_info = config["device_time_info"] if device_time_info.has_key("ntp") and device_time_info["ntp"]: new_time_info = json.loads( agent_client.get_device_time())["device_time_info"] new_time_info["ntp"] = device_time_info["ntp"] new_time_info["ntpserver"] = device_time_info["ntpserver"] config = {} config["device_time_info"] = new_time_info try: res = agent_client.set_config(config) except httplib.HTTPException: agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT) res = agent_client.set_config(config) res_json = json.loads(res) if res_json["responseCode"] != 200: utils.app_logger("Restore device_time_info encounter error", "error") return False # restore proxy settings if config.has_key("proxy_settings"): proxy_settings = config["proxy_settings"] try: res = agent_client.set_proxy_settings(proxy_settings) except httplib.HTTPException: agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT) res = agent_client.set_proxy_settings(proxy_settings) res_json = json.loads(res) if res_json["responseCode"] != 200: utils.app_logger("Restore proxy_settings encounter error", "error") return False # restore block pages settings if config.has_key("block_page_settings"): utils.app_logger("begim to restore block_page_settings") block_page_settings = config["block_page_settings"] bps = BlockPageSettings() # first restore the backup block pages bps.delete_backup_zip() shutil.copy(os.path.basename(blockpage_backup_customized_zip), blockpage_backup_customized_zip) shutil.copy(os.path.basename(blockpage_backup_uploaded_zip), blockpage_backup_uploaded_zip) bps.restore_blockpage_dir() # then update the setting ret = bps.set_settings(block_page_settings) utils.app_command_quiet( "chown -R www-data:www-data /opt/skyguard/download/") if ret["responseCode"] == 0 or ret["responseCode"] == 1: utils.app_logger("Succeed to restore block_page_settings") else: utils.app_logger("Restore block_page_settings encounter error", "error") return False # restore device base info if config.has_key("device_base_info"): agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT) agent_client.set_information( {"device_base_info": config["device_base_info"]}) #(ret, output) = utils.app_command("sudo /opt/skyguard/www/app/device_base_info.py set %s" % "'"+json.dumps(config["device_base_info"])+"'") #if ret != 0: # utils.app_logger(str(output)) # restore forensics storage if config.has_key("forensics_storage"): forensics_storage.set_forensics_capacity( config["forensics_storage"]["capacity"]) #restore forensic file if device_type != 1: if os.path.exists("forensics"): filelist = os.listdir("forensics") if filelist != []: if not os.path.exists(forensics_dir): os.makedirs(forensics_dir) FileUtil.copyFilesToDir("forensics", forensics_dir) #for f in filelist: # shutil.copy("forensics/"+f,forensics_dir) #restore collect log dir if os.path.exists("collect_log"): filelist = os.listdir("collect_log") if filelist != []: if not os.path.exists(collect_log_dir): os.makedirs(collect_log_dir) FileUtil.copyFilesToDir("collect_log/", collect_log_dir) # Restore hybrid.conf if exist if os.path.isfile("hybrid.conf"): shutil.copy("hybrid.conf", "/opt/skyguard/www/app/hybrid.conf") # Resotre hybrid settings if (device_type == 4 or device_type == 8) and os.path.isfile("gre_info.conf"): shutil.copy("gre_info.conf", "/opt/skyguard/www/app/gre_info.conf") ''' with open("hybrid_settings.conf", "r") as hybrid_conf: hybrid_settings = json.load(hybrid_conf) agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT) agent_client.set_hybrid_config(hybrid_settings) ''' #restore synctime task setting if config.has_key("synctime_schedule_task"): redis_client = RedisClient() if redis_client.exist_key("synctime_schedule_task"): redis_client.delete_key("synctime_schedule_task") redis_client.hmset("synctime_schedule_task", config["synctime_schedule_task"]) #restore backup task setting if config.has_key("backup_schedule_task"): redis_client = RedisClient() if redis_client.exist_key("backup_schedule_task"): redis_client.delete_key("backup_schedule_task") redis_client.hmset("backup_schedule_task", config["backup_schedule_task"]) set_backup_schedule(config["backup_schedule_task"]) #restore ts setting #if config.has_key("ts_account_info"): #redis_client = RedisClient() #if redis_client.exist_key("ts"): # redis_client.delete_key("ts") #redis_client.set("ts",config["ts_account_info"]) # restore network setting bk_interface_file = temp_dir_networking + "/interfaces" if os.path.exists(bk_interface_file): import time time.sleep(5) utils.app_logger("Restore network setting...") #utils.app_command_quiet("/etc/init.d/networking stop") for nic in [ "eth0", "eth1", "eth2", "eth3", "bond0", "bond1", "bond2", "bond3", "br0" ]: _remove_old_pbr(nic) utils.app_logger("Restore /etc/network/interfaces...") shutil.copy(bk_interface_file, "/etc/network/interfaces") bk_resolv_file = temp_dir_networking + "/resolv.conf" utils.app_logger("Restore /etc/resolv.conf...") shutil.copy(bk_resolv_file, "/etc/resolv.conf") if device_type == 2 or device_type == 6 or device_type == 13: utils.app_logger("Restore /opt/skyguard/www/app/pbr-*...") for f in listdir(temp_dir_networking): if f.find("pbr-") != -1: shutil.copy(join(temp_dir_networking, f), "/opt/skyguard/www/app/") shutil.rmtree(temp_dir_networking, ignore_errors=True) #utils.app_command_quiet("/etc/init.d/networking start") utils.app_logger("Finish to restore network setting.") # notify mta to update mta ip if device_type == 2 or device_type == 6: if utils.get_bonding_status("bond1") == True: mta_ip = utils.get_ip_address("bond1") else: mta_ip = utils.get_ip_address("eth1") mtaclient = MTA_CLIENT(MTA_ADDR, MTA_PORT) mtaclient.set_mta_nics("eth1", mta_ip) os.chdir(current_path) shutil.rmtree(tmp_folder) print "Finished restore" return True
def _backup_appliance(tmp_folder, whether_backup_network=False, whether_backup_forensics=False): version = utils.app_conf_get("device_base_info")["version"] # Get current time tnow = int(time.time()) tnowst = time.localtime(tnow) timestamp = time.strftime('%Y%m%d%H%M%S', tnowst) current_path = os.getcwd() os.chdir(tmp_folder) app_filename_prefix = "Appliance" + "-" + version + "-" + timestamp device_type = utils.get_device_type() backup_content = {} agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT) if device_type == 2 or device_type == 4 or device_type == 6 or device_type == 8: if device_type == 2 or device_type == 6: # get device_work_mode info work_mode = utils.app_conf_get("device_work_mode") device_work_mode = {} backup_content["device_work_mode"] = work_mode if work_mode == 1: #backup netObject and globalbypass for pcap mode monitor_mode = utils.get_monitor_node() if monitor_mode == "pcap": global_bypass = utils.app_conf_get("globalbypass") if global_bypass != {}: backup_content["globalbypass"] = global_bypass # get protocol settings protocol_settings = utils.app_conf_get("protocol") if protocol_settings != {}: backup_content["protocol"] = protocol_settings # get block_pages setting block_page_settings = BlockPageSettings().get_settings() backup_content["block_page_settings"] = block_page_settings["data"] # get SNMP info try: res_json = json.loads(agent_client.get_SNMP_settings()) except httplib.HTTPException: agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT) res_json = json.loads(agent_client.get_SNMP_settings()) backup_content["snmp_settings"] = res_json["snmp_settings"] if device_type == 1: # get device_time_info try: res_json = json.loads(agent_client.get_device_time()) except httplib.HTTPException: agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT) res_json = json.loads(agent_client.get_device_time()) backup_content["device_time_info"] = res_json["device_time_info"] # get proxy_settings try: res_json = json.loads(agent_client.get_proxy_settings()) except httplib.HTTPException: agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT) res_json = json.loads(agent_client.get_proxy_settings()) if res_json.has_key("proxyserver"): del res_json["responseCode"] del res_json["message"] backup_content["proxy_settings"] = res_json # get backup_settings try: res_json = json.loads(agent_client.get_backup_settings()) except httplib.HTTPException: agent_client = AGENT_CLIENT(AGENT_ADDR, AGENT_PORT) res_json = json.loads(agent_client.get_backup_settings()) if res_json.has_key("locationType"): del res_json["responseCode"] del res_json["message"] backup_content["backup_settings"] = res_json # get hostname and desc hostname = utils.app_conf_get("device_base_info")["hostname"] if utils.app_conf_get("device_base_info").has_key("desc"): desc = utils.app_conf_get("device_base_info")["desc"] else: desc = "" backup_content["device_base_info"] = {"hostname": hostname, "desc": desc} # get forensics storage backup_content["forensics_storage"] = { "capacity": forensics_storage.get_forensics_capacity() } #get exception list backup_content["exception"] = utils.app_conf_get("exception") #get synctime setting redis_client = RedisClient() if redis_client.exist_key("synctime_schedule_task"): synctime_schedule_task = redis_client.hgetall("synctime_schedule_task") if synctime_schedule_task is not None: backup_content["synctime_schedule_task"] = synctime_schedule_task #get backup schedule setting redis_client = RedisClient() if redis_client.exist_key("backup_schedule_task"): backup_schedule_task = redis_client.hgetall("backup_schedule_task") if backup_schedule_task is not None: backup_content["backup_schedule_task"] = backup_schedule_task #get ts setting redis_client = RedisClient() if redis_client.exist_key("ts"): ts_res = redis_client.get("ts") if ts_res is not None: backup_content["ts_account_info"] = ts_res with open(app_filename_prefix + ".conf", "w") as bk_file: json.dump(backup_content, bk_file, indent=4) bk_file.close() if device_type == 2 or device_type == 4 or device_type == 6 or device_type == 8: bk_file_list = "" for bk_file in app_backup_filelist: if (device_type == 4 or device_type == 8) and "ebtables" in bk_file: continue shutil.copy(bk_file, "./") bk_file_list += " %s" % os.path.basename(bk_file) # backup block pages blockpage_zip_files = BlockPageSettings().backup_blockpage_dir() for bk_file in blockpage_zip_files: shutil.copy(bk_file, "./") bk_file_list += " %s" % os.path.basename(bk_file) bk_file_list += " " + app_filename_prefix + ".conf" else: bk_file_list = app_filename_prefix + ".conf" # get networking files if whether_backup_network: networking_list = _get_backup_networking_files(tmp_folder) for bk_file in networking_list: bk_file_list += " %s" % os.path.basename(bk_file) # backup hybrid.conf if exist if os.path.isfile("/opt/skyguard/www/app/hybrid.conf"): shutil.copy("/opt/skyguard/www/app/hybrid.conf", "./") bk_file_list += " hybrid.conf" if device_type == 2: for bro_cfg in bro_backup_filelist: if os.path.isfile(bro_cfg): shutil.copy(bro_cfg, "./") bk_file_list += " %s" % os.path.basename(bro_cfg) # swg pacp mode if device_type == 6: if "2.2" in version: pass else: for bro_cfg in bro_backup_filelist_swg: if os.path.isfile(bro_cfg): shutil.copy(bro_cfg, "./") bk_file_list += " %s" % os.path.basename(bro_cfg) #backup collect log if os.path.exists(collect_log_dir): filelist = os.listdir(collect_log_dir) if filelist != []: if not os.path.exists("collect_log"): os.mkdir("collect_log") FileUtil.copyFilesToDir(collect_log_dir, "collect_log/") bk_file_list += " %s" % ("collect_log/") # Backup hybrid settings if device_type == 4 or device_type == 8: shutil.copy("/opt/skyguard/www/app/gre_info.conf", "./") bk_file_list += " gre_info.conf" ''' agent_client = AGENT_CLIENT(AGENT_ADDR,AGENT_PORT) network_settings = agent_client.get_hybrid_config() ucss_external_ip = utils.get_ucss_address() # get ucss internal ip from iptables (ret, output) = utils.app_command("iptables-save | grep %s" % ucss_external_ip) if ret == 0: kv = [word.split() for word in output[0].split()] if "-d" in kv: ucss_internal_ip = kv[kv.index("-d") + 1].split("/")[0] # get ucsg public ip public_ip = utils.get_ip_address("eth1") hybrid_settings = {"network_setting" : json.dumps(network_settings), "ucss_external_ip" : ucss_external_ip, "ucss_internal_ip" : ucss_internal_ip, "public_ip" : public_ip} with open("hybrid_settings.conf", "w") as hybrid_conf: json.dump(hybrid_settings, hybrid_conf, indent=4) ''' # Backup #backup forensics whether_backup_forensics = 0 if whether_backup_forensics: if device_type != 1: if os.path.exists(forensics_dir): filelist = os.listdir(forensics_dir) if filelist != []: os.mkdir("forensics") for f in filelist: shutil.copy(forensics_dir + f, "forensics/") # generate backup tgz utils.app_command_quiet("tar cfvz %s %s" % (app_filename_prefix + ".tar.gz", bk_file_list)) # remove tmp files os.unlink(app_filename_prefix + ".conf") if os.path.isfile("hybrid.conf"): os.unlink("hybrid.conf") if os.path.isfile("gre_info.conf"): os.unlink("gre_info.conf") if device_type == 2 or device_type == 4 or device_type == 6 or device_type == 8: for bk_file in app_backup_filelist: if (device_type == 4 or device_type == 8) and "ebtables" in bk_file: continue os.unlink(os.path.basename(bk_file)) BlockPageSettings().delete_backup_zip() for bk_file in blockpage_zip_files: os.unlink(os.path.basename(bk_file)) if device_type == 2: for bro_cfg in bro_backup_filelist: if os.path.isfile(os.path.basename(bro_cfg)): os.unlink(os.path.basename(bro_cfg)) if device_type == 6: for bro_cfg in bro_backup_filelist_swg: if os.path.isfile(os.path.basename(bro_cfg)): os.unlink(os.path.basename(bro_cfg)) if whether_backup_network: _remove_backup_networking_files(tmp_folder) os.chdir(current_path) return app_filename_prefix + ".tar.gz"
def do_help(self, arg): if arg: # XXX check arg syntax try: func = getattr(self, 'help_' + arg) except AttributeError: try: doc = getattr(self, 'do_' + arg).__doc__ if doc: self.stdout.write("%s\n" % str(doc)) return except AttributeError: pass self.stdout.write("%s\n" % str(self.nohelp % (arg, ))) return func() else: device_type = utils.get_device_type() if device_type == 1: print u'SkyGuard UCSS统一内容安全管理平台控制台命令列表' elif device_type == 2: print u'SkyGuard UCSG统一内容安全网关控制台命令列表' elif device_type == 5: print u'SkyGuard UCSS Lite统一内容安全扩展服务器控制台命令列表' elif device_type == 7: print u'SkyGuard WebService Inspector控制台命令列表' elif device_type == 6: print u'SkyGuard SWG统一内容安全网关控制台命令列表' elif device_type == 11: print u'SkyGuard MAG统一内容安全网关控制台命令列表' print u"通过help <command>查看使用帮助" print "==============================" print u"activeOCR 激活OCR" print u"backup 备份当前设备配置" print u"coredump 开启/关闭/清除coredump" print u"date <yyyymmdd> 更新日期" print u"disableBonding 关闭网卡绑定" #print u"factoryReset 恢复出厂设置" print u"firstboot 运行初始化脚本" print u"history 查看历史命令" print u"hostname <主机名称> 更新主机名称" print u"mtu <网卡> <MTU值> 更新网卡的MTU" print u"nc 执行系统nc命令" print u"nslookup 执行系统nslookup命令" print u"ping 执行系统ping命令" print u"quit 退出命令行控制界面" print u"reboot 重启主机" print u"register <UCSS_IP> 注册当前设备至UCSS (注:UCSS设备无法使用此命令)" print u"restore 从备份列表中恢复设备配置" print u"route add-policy|del-policy <destination> <netmask> <gateway> <device_type>\t 添加|删除策略路由" print u"route add-static|del-static <destination> <netmask> <gateway> <device_type>\t 添加|删除静态路由" print u"services 查看/启动/停止DLP服务" print u"show cpu 显示CPU使用率" print u"show date 显示当前日期" print u"show device-id 显示设备ID" print u"show disk 显示硬盘使用率" print u"show dns 显示DNS" print u"show gateway 显示网关" print u"show hostname 显示主机名" print u"show interface 显示管理口IP, 网关等信息" print u"show memory 显示内存使用率" print u"show model 显示设备型号" print u"show mtu 显示网卡的MTU" print u"show route 显示路由信息" print u"show time 显示当前时间" print u"show timezone 显示当前时区" print u"show version 显示系统版本" print u"shutdown 关闭主机" print u"telnet 执行系统telnet命令" print u"time <hh:mm:ss> 更新时间" print u"traceroute 执行系统traceroute命令" print u"ts <enable>|<disable> 启用|禁用技术支持帐户" print u"cleartrustip 删除所有授信地址" print u"collectlog 收集日志" print u"synctime 立即同步时间"