From 269fbc366560eea7b1e28d65f1a0067614d6012f Mon Sep 17 00:00:00 2001 From: pessoles Date: Thu, 1 Sep 2005 01:50:36 +0200 Subject: [PATCH] Distinction flood virus darcs-hash:20050831235036-6d78a-7121c53127c2171f9a6533da449a1145010afafe.gz --- surveillance/deconnexion.py | 53 ++++++++++++++++++++++++++++++++++--- 1 file changed, 49 insertions(+), 4 deletions(-) diff --git a/surveillance/deconnexion.py b/surveillance/deconnexion.py index 810b1e73..6cccf701 100755 --- a/surveillance/deconnexion.py +++ b/surveillance/deconnexion.py @@ -204,13 +204,57 @@ for i in range(0,len(sanctions)-2): # Détection de l'existence de virus ou de P2P # ############################################### +# VIRUS +######## + # Dans le table virus on sélectionne les ip_src qui appartiennent au reseau -requete = "SELECT ip_src FROM virus WHERE (ip_src<<=inet('138.231.136.0/21') or ip_src<<=inet('138.231.148.0/22')) and date > timestamp 'now' - interval '2 hours' order by ip_src" +requete = "SELECT ip_src FROM virus WHERE (ip_src<<=inet('138.231.136.0/21') or ip_src<<=inet('138.231.148.0/22')) and date > timestamp 'now' - interval '1 hour' order by ip_src" curseur.execute(requete) veroles = curseur.fetchall() # Recuperation des infectes pour ne pas les reblacklister -requete = "SELECT ip_crans FROM avertis_virus WHERE date > timestamp 'now' - interval '2 hour'" +requete = "SELECT ip_crans FROM avertis_virus WHERE date > timestamp 'now' - interval '1 hour'" +curseur.execute(requete) +infectes = curseur.fetchall() +ip1=str('0.0.0.0') +N=0 +if veroles: + ip1=veroles[0][0] + for i in range(0,len(veroles)): + ip=veroles[i][0] + if ip != ip1 : + ip1=ip + N=0 + else : + N=N+1 + if N >= virus.virus and [ip] not in infectes: + # Recuperation des infectes pour ne pas les reblacklister + machine = ldap.search('ipHostNumber=%s' % ip,'w' )['machine'][0] + hostname = machine.nom() + proprio = machine.proprietaire() + # Inscription dans la table des infectes + requete="INSERT INTO avertis_virus (ip_crans,date) VALUES ('%s','now')" % ip1 + curseur.execute(requete) + requete = "SELECT ip_crans FROM avertis_virus WHERE date > timestamp 'now' - interval '1 hour'" + curseur.execute(requete) + infectes = curseur.fetchall() + # Blacklistage + date = time() + debut = localtime(date) + fin = localtime(date+60*2) + # proprio.blacklist(["%d/%d/%d %d:%d" % (debut[2],debut[1],debut[0],dabut[3],debut[4]),"%d/%d/%d %d:%d" % (fin[2],fin[1],fin[0],fin[3],fin[4]),'virus'," TESTS Virus" ]) + + +# Flood +######## + +# Dans le table virus on sélectionne les ip_src qui appartiennent au reseau +requete = "SELECT ip_src FROM flood WHERE (ip_src<<=inet('138.231.136.0/21') or ip_src<<=inet('138.231.148.0/22')) and date > timestamp 'now' - interval '1 hour' order by ip_src" +curseur.execute(requete) +veroles = curseur.fetchall() + +# Recuperation des infectes pour ne pas les reblacklister +requete = "SELECT ip_crans FROM avertis_virus WHERE date > timestamp 'now' - interval '1 hour'" curseur.execute(requete) infectes = curseur.fetchall() ip1=str('0.0.0.0') @@ -232,7 +276,7 @@ if veroles: # Inscription dans la table des infectes requete="INSERT INTO avertis_virus (ip_crans,date) VALUES ('%s','now')" % ip1 curseur.execute(requete) - requete = "SELECT ip_crans FROM avertis_virus WHERE date > timestamp 'now' - interval '2 hour'" + requete = "SELECT ip_crans FROM avertis_virus WHERE date > timestamp 'now' - interval '1 hour'" curseur.execute(requete) infectes = curseur.fetchall() # Blacklistage @@ -241,7 +285,8 @@ if veroles: fin = localtime(date+60*2) # proprio.blacklist(["%d/%d/%d %d:%d" % (debut[2],debut[1],debut[0],dabut[3],debut[4]),"%d/%d/%d %d:%d" % (fin[2],fin[1],fin[0],fin[3],fin[4]),'virus'," TESTS Virus" ]) - + + # Gestion du P2P :