[deconnexion, ipt, surveillance] On compte l'upload ipv6 par adresses mac à partir de la correspondance fournie par la parssage des logs du firewall par mac_ip. On affiche un avertissement si on trouve deux mac avec le même ip sur les 3 derniers jours
This commit is contained in:
Valentin Samir
parent
fee4e88908
commit
15c518cc17
3 changed files with 91 additions and 20 deletions
|
|
@ -75,16 +75,27 @@ class machines(gen_config) :
|
||||||
pgsql = psycopg2.connect(database='filtrage', user='crans')
|
pgsql = psycopg2.connect(database='filtrage', user='crans')
|
||||||
curseur = pgsql.cursor()
|
curseur = pgsql.cursor()
|
||||||
curseur.execute("DELETE FROM machines;")
|
curseur.execute("DELETE FROM machines;")
|
||||||
|
|
||||||
|
ipv6_vu={}
|
||||||
|
def ipv6_already_set(ipv6):
|
||||||
|
ret = ipv6_vu.get(ipv6, False)
|
||||||
|
ipv6_vu[ipv6] = True
|
||||||
|
return ret
|
||||||
|
|
||||||
# ajout des entrée
|
# ajout des entrée
|
||||||
for m in machines:
|
for m in machines:
|
||||||
if m.proprietaire().__class__ == Club:
|
if m.proprietaire().__class__ == Club:
|
||||||
curseur.execute("INSERT INTO machines (ip, type, id) VALUES (inet'%s','club',%s);"%(m.ip(),m.proprietaire().id()))
|
curseur.execute("INSERT INTO machines (ip, type, id) VALUES (inet'%s','club',%s);"%(m.ip(),m.proprietaire().id()))
|
||||||
|
if not ipv6_already_set(m.ipv6()):
|
||||||
|
curseur.execute("INSERT INTO machines (ip, type, id) VALUES (inet'%s','club',%s);"%(m.ipv6(),m.proprietaire().id()))
|
||||||
elif m.proprietaire().__class__ == Adherent:
|
elif m.proprietaire().__class__ == Adherent:
|
||||||
curseur.execute("INSERT INTO machines (ip, type, id) VALUES (inet'%s','adherent',%s);"%(m.ip(),m.proprietaire().id()))
|
curseur.execute("INSERT INTO machines (ip, type, id) VALUES (inet'%s','adherent',%s);"%(m.ip(),m.proprietaire().id()))
|
||||||
|
if not ipv6_already_set(m.ipv6()):
|
||||||
|
curseur.execute("INSERT INTO machines (ip, type, id) VALUES (inet'%s','adherent',%s);"%(m.ipv6(),m.proprietaire().id()))
|
||||||
elif m.proprietaire().__class__ == AssociationCrans:
|
elif m.proprietaire().__class__ == AssociationCrans:
|
||||||
curseur.execute("INSERT INTO machines (ip, type, id) VALUES (inet'%s','crans',%s);"%(m.ip(),m.id()))
|
curseur.execute("INSERT INTO machines (ip, type, id) VALUES (inet'%s','crans',%s);"%(m.ip(),m.id()))
|
||||||
|
if not ipv6_already_set(m.ipv6()):
|
||||||
|
curseur.execute("INSERT INTO machines (ip, type, id) VALUES (inet'%s','crans',%s);"%(m.ipv6(),m.id()))
|
||||||
# on commit
|
# on commit
|
||||||
pgsql.commit()
|
pgsql.commit()
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -440,9 +440,25 @@ def check_ip_proto(ip_proto):
|
||||||
def ipv6_addr(mac, net):
|
def ipv6_addr(mac, net):
|
||||||
''' Renvoie l'adresse ipv6 d'auto-configuration de la mac sur le réseau '''
|
''' Renvoie l'adresse ipv6 d'auto-configuration de la mac sur le réseau '''
|
||||||
mac_s = mac.split(':')
|
mac_s = mac.split(':')
|
||||||
eui = '2'+':'.join(mac_s[1:3])+'ff:fe'+':'.join(mac_s[3:5])+mac_s[5]
|
eui = hex(int(mac_s[0],16) ^ 0x02)[2:] + ':'.join(mac_s[1:3]) + 'ff:fe' + ':'.join(mac_s[3:5]) + mac_s[5]
|
||||||
return re.sub(':/64', eui , prefix[dprefix[net]][0])
|
return re.sub(':/64', eui , prefix[dprefix[net]][0])
|
||||||
|
|
||||||
|
def mac_addr(ipv6):
|
||||||
|
''' Renvoie l'adresse mac de l'ipv6 d'auto-configuration '''
|
||||||
|
ipv6_s= ipv6.split(':')[4:]
|
||||||
|
mac=''
|
||||||
|
if ipv6_s[1].endswith('ff') and ipv6_s[2].startswith('fe'):
|
||||||
|
elt = "%04x" % int(ipv6_s[0], 16)
|
||||||
|
mac += "%02x" % (int(elt[0:2],16) ^ 0x02) + ':' + elt[2:]
|
||||||
|
elt = "%04x" % int(ipv6_s[1], 16)
|
||||||
|
mac += ':' + elt[0:2]
|
||||||
|
elt = "%04x" % int(ipv6_s[2], 16)
|
||||||
|
mac += ':' + elt[2:]
|
||||||
|
elt = "%04x" % int(ipv6_s[3], 16)
|
||||||
|
mac += ':' + elt[0:2] + ':' + elt[2:]
|
||||||
|
return mac
|
||||||
|
return None
|
||||||
|
|
||||||
# TODO Fusionner les deux fonctions.
|
# TODO Fusionner les deux fonctions.
|
||||||
def iface(net):
|
def iface(net):
|
||||||
'''Retourne l'interface réseau associée à un certain type de réseau
|
'''Retourne l'interface réseau associée à un certain type de réseau
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,7 @@ import sys
|
||||||
import psycopg2
|
import psycopg2
|
||||||
sys.path.append('/usr/scripts/gestion')
|
sys.path.append('/usr/scripts/gestion')
|
||||||
from config import upload, virus, p2p, NETs
|
from config import upload, virus, p2p, NETs
|
||||||
|
import ipt
|
||||||
import smtplib
|
import smtplib
|
||||||
from ldap_crans import crans_ldap
|
from ldap_crans import crans_ldap
|
||||||
from ldap_crans import MachineWifi
|
from ldap_crans import MachineWifi
|
||||||
|
|
@ -95,27 +96,59 @@ def reperage_chambre(mac):
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
# upload par entité (adhérent/club/machine crans)
|
# upload par entité (adhérent/club/machine crans)
|
||||||
|
upload4="""SELECT
|
||||||
|
'upload', sum(upload)/1024/1024 AS total, ip_crans
|
||||||
|
FROM
|
||||||
|
upload
|
||||||
|
WHERE
|
||||||
|
upload > download
|
||||||
|
AND date > timestamp 'now' - interval '1 day'
|
||||||
|
AND date < 'now'
|
||||||
|
AND NOT EXISTS
|
||||||
|
(
|
||||||
|
SELECT 1
|
||||||
|
FROM exemptes
|
||||||
|
WHERE upload.ip_crans <<= exemptes.ip_crans
|
||||||
|
AND upload.ip_ext <<= exemptes.ip_dest
|
||||||
|
)
|
||||||
|
GROUP BY
|
||||||
|
ip_crans
|
||||||
|
"""
|
||||||
|
upload6 = """SELECT
|
||||||
|
'upload', sum(upload)/1024/1024 AS total, ip_crans
|
||||||
|
FROM
|
||||||
|
(
|
||||||
|
SELECT DISTINCT * FROM
|
||||||
|
(
|
||||||
|
SELECT
|
||||||
|
upload6.date, mac_ip.ip AS ip_crans, upload6.ip_ext, upload6.id, upload6.port_crans, upload6.port_ext, upload6.download, upload6.upload
|
||||||
|
FROM mac_ip,upload6
|
||||||
|
WHERE
|
||||||
|
upload6.ip_crans = mac_ip.ip
|
||||||
|
AND upload6.date > mac_ip.date
|
||||||
|
AND upload6.date - interval '1 day' < mac_ip.date
|
||||||
|
AND upload6.date > timestamp 'now' - interval '1 day'
|
||||||
|
AND upload6.date < 'now'
|
||||||
|
AND upload6.upload > upload6.download
|
||||||
|
AND NOT EXISTS
|
||||||
|
(
|
||||||
|
SELECT 1
|
||||||
|
FROM exemptes
|
||||||
|
WHERE upload6.ip_crans <<= exemptes.ip_crans
|
||||||
|
AND upload6.ip_ext <<= exemptes.ip_dest
|
||||||
|
)
|
||||||
|
) AS upload
|
||||||
|
) AS upload
|
||||||
|
WHERE
|
||||||
|
upload > download
|
||||||
|
GROUP BY
|
||||||
|
ip_crans
|
||||||
|
"""
|
||||||
requete = """SELECT
|
requete = """SELECT
|
||||||
round(total) AS total, machines.type AS type, machines.id AS id
|
round(total) AS total, machines.type AS type, machines.id AS id
|
||||||
FROM
|
FROM
|
||||||
(
|
(
|
||||||
SELECT
|
(%s) UNION (%s)
|
||||||
'upload', sum(upload)/1024/1024 AS total, ip_crans
|
|
||||||
FROM
|
|
||||||
upload
|
|
||||||
WHERE
|
|
||||||
upload > download
|
|
||||||
AND date > timestamp 'now' - interval '1 day'
|
|
||||||
AND date < 'now'
|
|
||||||
AND NOT EXISTS
|
|
||||||
(
|
|
||||||
SELECT 1
|
|
||||||
FROM exemptes
|
|
||||||
WHERE upload.ip_crans <<= exemptes.ip_crans
|
|
||||||
AND upload.ip_ext <<= exemptes.ip_dest
|
|
||||||
)
|
|
||||||
GROUP BY
|
|
||||||
ip_crans
|
|
||||||
)
|
)
|
||||||
AS
|
AS
|
||||||
upload
|
upload
|
||||||
|
|
@ -127,10 +160,21 @@ WHERE
|
||||||
total >= 250
|
total >= 250
|
||||||
GROUP BY
|
GROUP BY
|
||||||
total, type, id
|
total, type, id
|
||||||
;"""
|
;""" % (upload4, upload6)
|
||||||
curseur.execute(requete)
|
curseur.execute(requete)
|
||||||
uploadeurs = curseur.fetchall()
|
uploadeurs = curseur.fetchall()
|
||||||
|
|
||||||
|
|
||||||
|
# On regarde s'il y a deux ipv6 identiques avec des mac non identiques
|
||||||
|
collision_mac_ip_request = "SELECT DISTINCT (a.*) FROM mac_ip as a, mac_ip as b where a.ip=b.ip AND a.mac != b.mac AND a.date >= b.date AND a.date - b.date < interval '3 day' ORDER BY a.date;"
|
||||||
|
curseur.execute(collision_mac_ip_request)
|
||||||
|
collision_mac_ip = curseur.fetchall()
|
||||||
|
|
||||||
|
if collision_mac_ip != []:
|
||||||
|
print "Collision d'addresses ipv6 : "
|
||||||
|
for (date, mac, ip) in collision_mac_ip:
|
||||||
|
print "%s %s %s" % (date, ipt.mac_addr(mac), ip)
|
||||||
|
|
||||||
# Table des avertis
|
# Table des avertis
|
||||||
###################
|
###################
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue