Simplification par Bilou
darcs-hash:20051018194506-6d78a-8eae508674cdd8da1ef3a2bfcc180175da8bdcd1.gz
This commit is contained in:
pessoles
parent
9eb57d9a9d
commit
2ef94e1a0d
1 changed files with 65 additions and 94 deletions
|
|
@ -157,7 +157,7 @@ curseur.execute(requete)
|
|||
########
|
||||
|
||||
# Dans le table virus on sélectionne les ip_src qui appartiennent au reseau
|
||||
requete = "SELECT ip_src FROM virus WHERE (ip_src<<=inet('138.231.136.0/21') or ip_src<<=inet('138.231.148.0/22')) and date > timestamp 'now' - interval '1 hour' order by ip_src"
|
||||
requete = "SELECT ip_src,count(ip_src) FROM virus WHERE (ip_src<<=inet('138.231.136.0/21') or ip_src<<=inet('138.231.148.0/22')) and date > timestamp 'now' - interval '1 hour' group by ip_src"
|
||||
curseur.execute(requete)
|
||||
veroles = curseur.fetchall()
|
||||
|
||||
|
|
@ -165,110 +165,79 @@ veroles = curseur.fetchall()
|
|||
requete = "SELECT ip_crans FROM avertis_virus"
|
||||
curseur.execute(requete)
|
||||
infectes = curseur.fetchall()
|
||||
ip1=str('0.0.0.0')
|
||||
N=0
|
||||
if veroles:
|
||||
ip1=veroles[0][0]
|
||||
for i in range(0,len(veroles)):
|
||||
ip=veroles[i][0]
|
||||
if ip != ip1 :
|
||||
ip1=ip
|
||||
N=0
|
||||
else :
|
||||
N=N+1
|
||||
if N >= virus.virus and [ip] not in infectes:
|
||||
# Recuperation des infectes pour ne pas les reblacklister
|
||||
machine = ldap.search('ipHostNumber=%s' % ip,'w' )['machine'][0]
|
||||
hostname = machine.nom()
|
||||
proprio = machine.proprietaire()
|
||||
bl = proprio.blacklist()
|
||||
# Inscription dans la table des infectes
|
||||
requete="INSERT INTO avertis_virus (ip_crans,date) VALUES ('%s','now')" % ip1
|
||||
curseur.execute(requete)
|
||||
requete = "SELECT ip_crans FROM avertis_virus"
|
||||
curseur.execute(requete)
|
||||
infectes = curseur.fetchall()
|
||||
print "Deconnexion virus : %s" %hostname
|
||||
# Blacklistage
|
||||
for ligne in bl:
|
||||
# On réédite si possible les lignes existantes pour ne pas charger la blackliste
|
||||
if 'virus,' in ligne :
|
||||
liste=ligne.split(',')
|
||||
date = time()
|
||||
debut = localtime(date)
|
||||
argument=['now','-','virus',hostname]
|
||||
index = bl.index(ligne)
|
||||
proprio.blacklist((index,argument))
|
||||
proprio.save()
|
||||
break
|
||||
else :
|
||||
date = time()
|
||||
debut = localtime(date)
|
||||
proprio.blacklist(["%d/%d/%d %d:%d" % (debut[2],debut[1],debut[0],debut[3],debut[4]),'-','virus',hostname])
|
||||
proprio.save()
|
||||
#date = time()
|
||||
#debut = localtime(date)
|
||||
#proprio.blacklist(["%d/%d/%d %d:%d" % (debut[2],debut[1],debut[0],debut[3],debut[4]),'-','virus',hostname])
|
||||
#proprio.save()
|
||||
|
||||
|
||||
for verole in veroles:
|
||||
|
||||
ip=verole[0]
|
||||
nombre=verole[1]
|
||||
|
||||
# si le type dépasse le seuil, on le blacklist
|
||||
if nombre < virus.virus or [ip] not in infectes :
|
||||
continue
|
||||
|
||||
# lecture des infos de ldap
|
||||
machine = ldap.search('ipHostNumber=%s' % ip,'w' )['machine'][0]
|
||||
hostname = machine.nom()
|
||||
proprio = machine.proprietaire()
|
||||
blacklist = proprio.blacklist()
|
||||
|
||||
# Inscription dans la table des infectes
|
||||
requete="INSERT INTO avertis_virus (ip_crans,date) VALUES ('%s','now')" % ip
|
||||
curseur.execute(requete)
|
||||
|
||||
print "Deconnexion virus : %s" % hostname
|
||||
|
||||
# on récupère les index des lignes de bl ou il y a marqué virus
|
||||
index = [blacklist.index(x) for x in blacklist if 'virus' in x ]
|
||||
if index :
|
||||
proprio.blacklist(( index[0] , ['now','-','virus',hostname] ))
|
||||
proprio.save()
|
||||
else :
|
||||
proprio.blacklist(['now','-','virus',hostname])
|
||||
proprio.save()
|
||||
|
||||
# Flood
|
||||
########
|
||||
|
||||
# Dans le table virus on sélectionne les ip_src qui appartiennent au reseau
|
||||
requete = "SELECT ip_src FROM flood WHERE (ip_src<<=inet('138.231.136.0/21') or ip_src<<=inet('138.231.148.0/22')) and date > timestamp 'now' - interval '1 hour' order by ip_src"
|
||||
requete = "SELECT ip_src,count(ip_src) FROM flood WHERE (ip_src<<=inet('138.231.136.0/21') or ip_src<<=inet('138.231.148.0/22')) and date > timestamp 'now' - interval '1 hour' group by ip_src"
|
||||
curseur.execute(requete)
|
||||
veroles = curseur.fetchall()
|
||||
|
||||
# Recuperation des infectes pour ne pas les reblacklister
|
||||
requete = "SELECT ip_crans FROM avertis_virus "
|
||||
requete = "SELECT ip_crans FROM avertis_virus"
|
||||
curseur.execute(requete)
|
||||
infectes = curseur.fetchall()
|
||||
ip1=str('0.0.0.0')
|
||||
N=0
|
||||
if veroles:
|
||||
ip1=veroles[0][0]
|
||||
for i in range(0,len(veroles)):
|
||||
ip=veroles[i][0]
|
||||
if ip != ip1 :
|
||||
ip1=ip
|
||||
N=0
|
||||
else :
|
||||
N=N+1
|
||||
if N >= virus.flood and [ip] not in infectes:
|
||||
machine = ldap.search('ipHostNumber=%s' % ip,'w' )['machine'][0]
|
||||
hostname = machine.nom()
|
||||
proprio = machine.proprietaire()
|
||||
# Inscription dans la table des infectes
|
||||
requete="INSERT INTO avertis_virus (ip_crans,date) VALUES ('%s','now')" % ip1
|
||||
curseur.execute(requete)
|
||||
requete = "SELECT ip_crans FROM avertis_virus"
|
||||
curseur.execute(requete)
|
||||
infectes = curseur.fetchall()
|
||||
bl = proprio.blacklist()
|
||||
# Blacklistage
|
||||
for ligne in bl:
|
||||
# On réédite si possible les lignes existantes pour ne pas charger la blackliste
|
||||
if 'virus,' in ligne :
|
||||
liste=ligne.split(',')
|
||||
date = time()
|
||||
debut = localtime(date)
|
||||
argument=['now','-','virus',hostname]
|
||||
index = bl.index(ligne)
|
||||
proprio.blacklist((index,argument))
|
||||
proprio.save()
|
||||
break
|
||||
else :
|
||||
date = time()
|
||||
debut = localtime(date)
|
||||
proprio.blacklist(["%d/%d/%d %d:%d" % (debut[2],debut[1],debut[0],debut[3],debut[4]),'-','virus',hostname])
|
||||
proprio.save()
|
||||
#date = time()
|
||||
#debut = localtime(date)
|
||||
#proprio.blacklist(["%d/%d/%d %d:%d" % (debut[2],debut[1],debut[0],debut[3],debut[4]),'-','virus',hostname])
|
||||
#proprio.save()
|
||||
print "Deconnexion flood %s" % hostname
|
||||
|
||||
|
||||
for verole in veroles:
|
||||
|
||||
ip=verole[0]
|
||||
nombre=verole[1]
|
||||
|
||||
# si le type dépasse le seuil, on le blacklist
|
||||
if nombre < virus.flood or [ip] not in infectes :
|
||||
continue
|
||||
|
||||
# lecture des infos de ldap
|
||||
machine = ldap.search('ipHostNumber=%s' % ip,'w' )['machine'][0]
|
||||
hostname = machine.nom()
|
||||
proprio = machine.proprietaire()
|
||||
blacklist = proprio.blacklist()
|
||||
|
||||
# Inscription dans la table des infectes
|
||||
requete="INSERT INTO avertis_virus (ip_crans,date) VALUES ('%s','now')" % ip
|
||||
curseur.execute(requete)
|
||||
|
||||
print "Deconnexion flood : %s" % hostname
|
||||
|
||||
# on récupère les index des lignes de bl ou il y a marqué virus
|
||||
index = [blacklist.index(x) for x in blacklist if 'virus' in x ]
|
||||
if index :
|
||||
proprio.blacklist(( index[0] , ['now','-','virus',hostname] ))
|
||||
proprio.save()
|
||||
else :
|
||||
proprio.blacklist(['now','-','virus',hostname])
|
||||
proprio.save()
|
||||
|
||||
# Reconnexion si le virus a disparu
|
||||
###################################
|
||||
|
|
@ -310,6 +279,7 @@ for i in range(0,len(infectes)):
|
|||
|
||||
# Gestion du P2P :
|
||||
##################
|
||||
|
||||
# Dans le table virus on sélectionne les ip_src qui appartiennent au reseau
|
||||
requete = "SELECT ip_src,id_p2p FROM p2p WHERE (ip_src<<=inet('138.231.136.0/21') or ip_src<<=inet('138.231.148.0/22')) and date > timestamp 'now' - interval '1 day' order by ip_src"
|
||||
curseur.execute(requete)
|
||||
|
|
@ -318,6 +288,7 @@ pair = curseur.fetchall()
|
|||
requete = "SELECT ip_crans FROM avertis_p2p WHERE date > timestamp 'now' - interval '1 day'"
|
||||
curseur.execute(requete)
|
||||
avertisp2p = curseur.fetchall()
|
||||
N=0
|
||||
|
||||
ip1=str('0.0.0.0')
|
||||
if pair :
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue