def sql_analysis(cls):
query_data = BaseFunction.join_query(keyword="URI",
rule_name="sql_analysis")
result = Query().query(None, data=query_data)
BaseFunction.result_dispose(
result,
index=None,
query=query_data,
none_message="========SQL注入分析未检测到威胁========")
def web_command_attack_analysis(cls):
query_data = BaseFunction.join_query(keyword="URI",
rule_name="common_web_analysis")
result = Query().query(None, data=query_data)
BaseFunction.result_dispose(
result,
index=None,
query=query_data,
none_message="========Web 通用攻击分析未检测到威胁========")
def http_method_analysis(cls):
query_data = BaseFunction.join_query(keyword="method",
rule_name="http_method_analysis")
result = Query().query(index=None, data=query_data)
BaseFunction.result_dispose(
result,
index=None,
query=query_data,
none_message="========http method 分析未检测到威胁(无不安全的http请求方法)========")
def backup_file_analysis(self, index):
"""
备份文件检测
:param index: elasticsearch 中的id
:return:
"""
# 读取config.ini配置文件中的rule
config = ConfigParser.ConfigParser()
config.read('config/config.ini')
rule = config.get('backup_file_analysis', 'rule')
elastic = Query(ip="127.0.0.1", port=9200)
result = elastic.query(index=index, data=rule)
BaseFunction.result_dispose(
result,
index=index,
query=rule,
none_message="========备份文件分析未检测到威胁========")
def make_dict(lines):
sum_counter = BaseFunction.iter_sum([Counter(line) for line in lines])
words = sorted(sum_counter.keys())
return dict(zip(words, range(len(words))))