[deconnexion, ipt, surveillance] On compte l'upload ipv6 par adresses mac à partir de la correspondance fournie par la parssage des logs du firewall par mac_ip. On affiche un avertissement si on trouve deux mac avec le même ip sur les 3 derniers jours
This commit is contained in:
parent
fee4e88908
commit
15c518cc17
3 changed files with 91 additions and 20 deletions
|
@ -21,6 +21,7 @@ import sys
|
|||
import psycopg2
|
||||
sys.path.append('/usr/scripts/gestion')
|
||||
from config import upload, virus, p2p, NETs
|
||||
import ipt
|
||||
import smtplib
|
||||
from ldap_crans import crans_ldap
|
||||
from ldap_crans import MachineWifi
|
||||
|
@ -95,27 +96,59 @@ def reperage_chambre(mac):
|
|||
################################################################################
|
||||
|
||||
# upload par entité (adhérent/club/machine crans)
|
||||
upload4="""SELECT
|
||||
'upload', sum(upload)/1024/1024 AS total, ip_crans
|
||||
FROM
|
||||
upload
|
||||
WHERE
|
||||
upload > download
|
||||
AND date > timestamp 'now' - interval '1 day'
|
||||
AND date < 'now'
|
||||
AND NOT EXISTS
|
||||
(
|
||||
SELECT 1
|
||||
FROM exemptes
|
||||
WHERE upload.ip_crans <<= exemptes.ip_crans
|
||||
AND upload.ip_ext <<= exemptes.ip_dest
|
||||
)
|
||||
GROUP BY
|
||||
ip_crans
|
||||
"""
|
||||
upload6 = """SELECT
|
||||
'upload', sum(upload)/1024/1024 AS total, ip_crans
|
||||
FROM
|
||||
(
|
||||
SELECT DISTINCT * FROM
|
||||
(
|
||||
SELECT
|
||||
upload6.date, mac_ip.ip AS ip_crans, upload6.ip_ext, upload6.id, upload6.port_crans, upload6.port_ext, upload6.download, upload6.upload
|
||||
FROM mac_ip,upload6
|
||||
WHERE
|
||||
upload6.ip_crans = mac_ip.ip
|
||||
AND upload6.date > mac_ip.date
|
||||
AND upload6.date - interval '1 day' < mac_ip.date
|
||||
AND upload6.date > timestamp 'now' - interval '1 day'
|
||||
AND upload6.date < 'now'
|
||||
AND upload6.upload > upload6.download
|
||||
AND NOT EXISTS
|
||||
(
|
||||
SELECT 1
|
||||
FROM exemptes
|
||||
WHERE upload6.ip_crans <<= exemptes.ip_crans
|
||||
AND upload6.ip_ext <<= exemptes.ip_dest
|
||||
)
|
||||
) AS upload
|
||||
) AS upload
|
||||
WHERE
|
||||
upload > download
|
||||
GROUP BY
|
||||
ip_crans
|
||||
"""
|
||||
requete = """SELECT
|
||||
round(total) AS total, machines.type AS type, machines.id AS id
|
||||
FROM
|
||||
(
|
||||
SELECT
|
||||
'upload', sum(upload)/1024/1024 AS total, ip_crans
|
||||
FROM
|
||||
upload
|
||||
WHERE
|
||||
upload > download
|
||||
AND date > timestamp 'now' - interval '1 day'
|
||||
AND date < 'now'
|
||||
AND NOT EXISTS
|
||||
(
|
||||
SELECT 1
|
||||
FROM exemptes
|
||||
WHERE upload.ip_crans <<= exemptes.ip_crans
|
||||
AND upload.ip_ext <<= exemptes.ip_dest
|
||||
)
|
||||
GROUP BY
|
||||
ip_crans
|
||||
(%s) UNION (%s)
|
||||
)
|
||||
AS
|
||||
upload
|
||||
|
@ -127,10 +160,21 @@ WHERE
|
|||
total >= 250
|
||||
GROUP BY
|
||||
total, type, id
|
||||
;"""
|
||||
;""" % (upload4, upload6)
|
||||
curseur.execute(requete)
|
||||
uploadeurs = curseur.fetchall()
|
||||
|
||||
|
||||
# On regarde s'il y a deux ipv6 identiques avec des mac non identiques
|
||||
collision_mac_ip_request = "SELECT DISTINCT (a.*) FROM mac_ip as a, mac_ip as b where a.ip=b.ip AND a.mac != b.mac AND a.date >= b.date AND a.date - b.date < interval '3 day' ORDER BY a.date;"
|
||||
curseur.execute(collision_mac_ip_request)
|
||||
collision_mac_ip = curseur.fetchall()
|
||||
|
||||
if collision_mac_ip != []:
|
||||
print "Collision d'addresses ipv6 : "
|
||||
for (date, mac, ip) in collision_mac_ip:
|
||||
print "%s %s %s" % (date, ipt.mac_addr(mac), ip)
|
||||
|
||||
# Table des avertis
|
||||
###################
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue