From 3fe4beb3562b9318e00a748e9fd1cf3a11a916a7 Mon Sep 17 00:00:00 2001
From: pessoles <none>
Date: Mon, 26 Sep 2005 18:52:40 +0200
Subject: [PATCH] On remplit la base que lorsque l'ip src est une ip du crans

darcs-hash:20050926165240-6d78a-34024d15c417fa5b6b20858657d2cf7679e7712c.gz
---
 surveillance/filtrage_firewall.py | 96 ++++++++++++++++---------------
 1 file changed, 50 insertions(+), 46 deletions(-)

diff --git a/surveillance/filtrage_firewall.py b/surveillance/filtrage_firewall.py
index 395ad491..9a0a6434 100755
--- a/surveillance/filtrage_firewall.py
+++ b/surveillance/filtrage_firewall.py
@@ -20,7 +20,6 @@ import strptime
 
 # Définition de constantes :
 ############################
-
 reseau = ["138.231.136.0/21", "138.231.148.0/22"]
 
 # Ouverture de la base de données :
@@ -79,50 +78,55 @@ for log in filtre :
     resultat_p2p = motif_p2p.match(log)
     resultat_virus = motif_virus.match(log)
     resultat_flood = motif_flood.match(log)
-    if resultat_p2p :
-        date =  resultat_p2p.group(1)
-        id_p2p = int(protocole_p2p[resultat_p2p.group(2)])
-        ip_src = resultat_p2p.group(3)
-        ip_dest = resultat_p2p.group(4)
-        proto = int(protocole[resultat_p2p.group(5)]) #C'est à dire id pour la base
-        port_src = int(resultat_p2p.group(6))
-        port_dest = int(resultat_p2p.group(7))
-        date=strptime.syslog2pgsql(date)
+    
+    ip_src = resultat_p2p.group(3)
+    verif = iptools.AddrInNets (actuel["ip_src"],reseau)
+    
+    if verif :
+        if resultat_p2p :
+            date =  resultat_p2p.group(1)
+            id_p2p = int(protocole_p2p[resultat_p2p.group(2)])
+            ip_src = resultat_p2p.group(3)
+            ip_dest = resultat_p2p.group(4)
+            proto = int(protocole[resultat_p2p.group(5)]) #C'est à dire id pour la base
+            port_src = int(resultat_p2p.group(6))
+            port_dest = int(resultat_p2p.group(7))
+            date=strptime.syslog2pgsql(date)
 
-        # On remplit la base :
-        ######################
-        curseur = pgsql.cursor()
-        requete = "INSERT INTO p2p (date,ip_src,ip_dest,id_p2p,id,port_src,port_dest) VALUES ('%s','%s','%s',%d,%d,%d,%d)" % (date,ip_src,ip_dest,id_p2p,proto,port_src,port_dest)
-        curseur.execute(requete)
+            # On remplit la base :
+            ######################
+            curseur = pgsql.cursor()
+            requete = "INSERT INTO p2p (date,ip_src,ip_dest,id_p2p,id,port_src,port_dest) VALUES ('%s','%s','%s',%d,%d,%d,%d)" % (date,ip_src,ip_dest,id_p2p,proto,port_src,port_dest)
+            curseur.execute(requete)
 
-    # On teste si le log contient des virus
-    ########################################
-    elif resultat_virus :
-        date =  resultat_virus.group(1)
-        ip_src = resultat_virus.group(3)
-        ip_dest = resultat_virus.group(4)
-        proto = int(protocole[resultat_virus.group(5)]) #C'est à dire id pour la base
-        port_src = int(resultat_virus.group(6))
-        port_dest = int(resultat_virus.group(7))
-        # On remplit la base :
-        ######################
-        date=strptime.syslog2pgsql(date)
-        curseur = pgsql.cursor()
-        requete = "INSERT INTO virus (date,ip_src,ip_dest,id,port_src,port_dest) VALUES ('%s','%s','%s',%d,%d,%d)" % (date,ip_src,ip_dest,proto,port_src,port_dest)
-        curseur.execute(requete)
-
-        
-    elif resultat_flood :
-        date =  resultat_flood.group(1)
-        ip_src = resultat_flood.group(3)
-        ip_dest = resultat_flood.group(4)
-        proto = int(protocole[resultat_flood.group(5)]) #C'est à dire id pour la base
-        port_src = int(resultat_flood.group(6))
-        port_dest = int(resultat_flood.group(7))
-
-        # On remplit la base :
-        ######################
-        date=strptime.syslog2pgsql(date)
-        curseur = pgsql.cursor()
-        requete = "INSERT INTO flood (date,ip_src,ip_dest,id,port_src,port_dest) VALUES ('%s','%s','%s',%d,%d,%d)" % (date,ip_src,ip_dest,proto,port_src,port_dest)
-        curseur.execute(requete)
+        # On teste si le log contient des virus
+        ########################################
+        elif resultat_virus :
+            date =  resultat_virus.group(1)
+            ip_src = resultat_virus.group(3)
+            ip_dest = resultat_virus.group(4)
+            proto = int(protocole[resultat_virus.group(5)]) #C'est à dire id pour la base
+            port_src = int(resultat_virus.group(6))
+            port_dest = int(resultat_virus.group(7))
+            # On remplit la base :
+            ######################
+            date=strptime.syslog2pgsql(date)
+            curseur = pgsql.cursor()
+            requete = "INSERT INTO virus (date,ip_src,ip_dest,id,port_src,port_dest) VALUES ('%s','%s','%s',%d,%d,%d)" % (date,ip_src,ip_dest,proto,port_src,port_dest)
+            curseur.execute(requete)
+            
+            
+        elif resultat_flood :
+            date =  resultat_flood.group(1)
+            ip_src = resultat_flood.group(3)
+            ip_dest = resultat_flood.group(4)
+            proto = int(protocole[resultat_flood.group(5)]) #C'est à dire id pour la base
+            port_src = int(resultat_flood.group(6))
+            port_dest = int(resultat_flood.group(7))
+            
+            # On remplit la base :
+            ######################
+            date=strptime.syslog2pgsql(date)
+            curseur = pgsql.cursor()
+            requete = "INSERT INTO flood (date,ip_src,ip_dest,id,port_src,port_dest) VALUES ('%s','%s','%s',%d,%d,%d)" % (date,ip_src,ip_dest,proto,port_src,port_dest)
+            curseur.execute(requete)