crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Blacklistage sur ldap pour les virus

Browse source 
darcs-hash:20051001165455-6d78a-4c427b877e82635caf56ce7447ce6adf73365314.gz
This commit is contained in:
pessoles 2005-10-01 18:54:55 +02:00
parent 32fae7710c
commit 6729c186be
1 changed files with 40 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

50
surveillance/deconnexion.py
View file

@ -73,7 +73,7 @@ for i in range(0,len(table)) :
debut = localtime(date)
#fin = localtime(date+60*60*24*300)#test
fin = localtime(date+60*60*24)
proprio.blacklist(["%d/%d/%d %d:%d" % (debut[2],debut[1],debut[0],debut[3],debut[4]),"%d/%d/%d %d:%d" % (fin[2],fin[1],fin[0],fin[3],fin[4]),'upload',"Déconn auto. %s Mo" % elupload])
proprio.blacklist(["%d/%d/%d %d:%d" % (debut[2],debut[1],debut[0],debut[3],debut[4]),"%d/%d/%d %d:%d" % (fin[2],fin[1],fin[0],fin[3],fin[4]),'autodisc',"Déconn auto. %s Mo" % elupload])
proprio.save()
# On récupere l'adresse électronique :
@ -194,7 +194,7 @@ curseur.execute(requete)
# date = time()
# debut = localtime(date)
# fin = localtime(date+60*60*24*30)
# # proprio.blacklist(["%d/%d/%d %d:%d" % (debut[2],debut[1],debut[0],dabut[3],debut[4]),"%d/%d/%d %d:%d" % (fin[2],fin[1],fin[0],fin[3],fin[4]),'upload'," TESTS upload de %s Mo" % elupload])
# # proprio.blacklist(["%d/%d/%d %d:%d" % (debut[2],debut[1],debut[0],debut[3],debut[4]),"%d/%d/%d %d:%d" % (fin[2],fin[1],fin[0],fin[3],fin[4]),'upload'," TESTS upload de %s Mo" % elupload])
# # proprio.save()
# # MAILS
# ########
@ -215,7 +215,7 @@ curseur.execute(requete)
veroles = curseur.fetchall()
# Recuperation des infectes pour ne pas les reblacklister
requete = "SELECT ip_crans FROM avertis_virus WHERE date > timestamp 'now' - interval '1 hour'"
requete = "SELECT ip_crans FROM avertis_virus"
curseur.execute(requete)
infectes = curseur.fetchall()
ip1=str('0.0.0.0')
@ -237,16 +237,16 @@ if veroles:
# Inscription dans la table des infectes
requete="INSERT INTO avertis_virus (ip_crans,date) VALUES ('%s','now')" % ip1
curseur.execute(requete)
requete = "SELECT ip_crans FROM avertis_virus WHERE date > timestamp 'now' - interval '1 hour'"
requete = "SELECT ip_crans FROM avertis_virus"
curseur.execute(requete)
infectes = curseur.fetchall()
# Blacklistage
date = time()
debut = localtime(date)
fin = localtime(date+60*2)
proprio.blacklist(["%d/%d/%d %d:%d" % (debut[2],debut[1],debut[0],dabut[3],debut[4]),"%d/%d/%d %d:%d" % (fin[2],fin[1],fin[0],fin[3],fin[4]),'virus',"Virus (auto)"])
proprio.blacklist(["%d/%d/%d %d:%d" % (debut[2],debut[1],debut[0],debut[3],debut[4]),'-','virus',"Virus (auto)"])
proprio.save()
# Flood
########
@ -256,7 +256,7 @@ curseur.execute(requete)
veroles = curseur.fetchall()
# Recuperation des infectes pour ne pas les reblacklister
requete = "SELECT ip_crans FROM avertis_virus WHERE date > timestamp 'now' - interval '1 hour'"
requete = "SELECT ip_crans FROM avertis_virus "
curseur.execute(requete)
infectes = curseur.fetchall()
ip1=str('0.0.0.0')
@ -271,24 +271,50 @@ if veroles:
else :
N=N+1
if N >= virus.flood and [ip] not in infectes:
# Recuperation des infectes pour ne pas les reblacklister
machine = ldap.search('ipHostNumber=%s' % ip,'w' )['machine'][0]
hostname = machine.nom()
proprio = machine.proprietaire()
# Inscription dans la table des infectes
requete="INSERT INTO avertis_virus (ip_crans,date) VALUES ('%s','now')" % ip1
curseur.execute(requete)
requete = "SELECT ip_crans FROM avertis_virus WHERE date > timestamp 'now' - interval '1 hour'"
requete = "SELECT ip_crans FROM avertis_virus"
curseur.execute(requete)
infectes = curseur.fetchall()
# Blacklistage
date = time()
debut = localtime(date)
fin = localtime(date+60*2)
proprio.blacklist(["%d/%d/%d %d:%d" % (debut[2],debut[1],debut[0],dabut[3],debut[4]),"%d/%d/%d %d:%d" % (fin[2],fin[1],fin[0],fin[3],fin[4]),'virus',"Virus (auto)"])
proprio.blacklist(["%d/%d/%d %d:%d" % (debut[2],debut[1],debut[0],debut[3],debut[4]),'-','virus',"Virus_flood (auto)"])
proprio.save()
# Reconnexion si le virus a disparu
###################################
requete = "SELECT ip_crans FROM avertis_virus"
curseur.execute(requete)
infectes = curseur.fetchall()
for i in range(1,len(infectes)):
IP=infectes[i][0]
requete1="SELECT COUNT(ip_src) FROM virus where ip_src='%s' and date > timestamp 'now' - interval '1 hour'" % IP
curseur.execute(requete1)
nb_virus = curseur.fetchall()
requete2="SELECT COUNT(ip_src) FROM flood where ip_src='%s' and date > timestamp 'now' - interval '1 hour'" % IP
curseur.execute(requete2)
nb_flood = curseur.fetchall()
if nb_virus[0][0] < virus.virus and nb_flood[0][0] < virus.flood:
machine = ldap.search('ipHostNumber=%s' % IP,'w' )['machine'][0]
proprio = machine.proprietaire()
bl = proprio.blacklist()
hostname = machine.nom()
for ligne in bl:
if ',-,virus,' in ligne:
liste=ligne.split(',')
argument=[liste[0],'now',liste[2],liste[3]]
print argument,IP
index = bl.index(ligne)
proprio.blacklist((index,argument))
proprio.save()
requete="DELETE FROM avertis_virus where ip_crans='%s'"%IP
# Gestion du P2P :
@ -340,6 +366,6 @@ if pair :
debut = localtime(date)
# 7 jours
fin = localtime(date+60*60*24*7)
# proprio.blacklist(["%d/%d/%d %d:%d" % (debut[2],debut[1],debut[0],dabut[3],debut[4]),"%d/%d/%d %d:%d" % (fin[2],fin[1],fin[0],fin[3],fin[4]),'p2p',"P2P (auto)" % protocole])
# proprio.blacklist(["%d/%d/%d %d:%d" % (debut[2],debut[1],debut[0],debut[3],debut[4]),"%d/%d/%d %d:%d" % (fin[2],fin[1],fin[0],fin[3],fin[4]),'p2p',"P2P (auto)" % protocole])
# proprio.save()
mail.quit()