diff --git a/.gitignore b/.gitignore index d8fcb03f..258671f1 100644 --- a/.gitignore +++ b/.gitignore @@ -60,6 +60,7 @@ mibs/ src/ # Dossiers de fichiers générés var/ +monit squid/errors/ surveillance/mac_prises/output/ diff --git a/gestion/annuaires_pg_test.py b/gestion/annuaires_pg_test.py new file mode 120000 index 00000000..7be308ea --- /dev/null +++ b/gestion/annuaires_pg_test.py @@ -0,0 +1 @@ +annuaires_pg.py \ No newline at end of file diff --git a/gestion/config_srv.py b/gestion/config_srv.py new file mode 100644 index 00000000..3ae27ad1 --- /dev/null +++ b/gestion/config_srv.py @@ -0,0 +1,9 @@ +# -*- python -*- +# -*- coding: utf-8 -*- + +# Généré par gestion/extractionbcfg2.py sur bcfg2, à partir de Metadata/groups.xml +# Fichier obsolète (backward comp ftw) + +adm_only = [] + +role = {'zamok': ['adherents-server'], 'dyson': ['sniffer'], 'titanic': ['failover-proxy'], 'komaz': ['wifi-router', 'appt-proxy', 'main-router'], 'dhcp': ['appt-proxy'], 'ovh': ['externe'], 'routeur': ['appt-proxy']} diff --git a/gestion/ldap_crans_test.py b/gestion/ldap_crans_test.py new file mode 120000 index 00000000..6c3b34a0 --- /dev/null +++ b/gestion/ldap_crans_test.py @@ -0,0 +1 @@ +ldap_crans.py \ No newline at end of file diff --git a/impression/digicode_server.py b/impression/digicode_server.py new file mode 100755 index 00000000..59508e0f --- /dev/null +++ b/impression/digicode_server.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python + +import time +import os +import sys +import SocketServer + +CODES = "/var/impression/codes" +PIDFILE = "/var/run/digicode.pid" +HOST, PORT = "zamok.adm.crans.org", 1200 + +def log(message = "", logfile = "/var/log/crans/digicode.log"): + """Log a message to the default logfile""" + log = open(logfile, "a") + if message: + log.write("%s %s\n" % (time.strftime("%b %d %H:%M:%S"), message)) + log.flush() + log.close() + +def runme(): + os.chdir(CODES) + + #lpadmin + os.setegid(108) + #freerad + os.seteuid(120) + + log("Starting server!") + server = SocketServer.UDPServer((HOST, PORT), VigileHandler) + server.serve_forever() + + +class VigileHandler(SocketServer.BaseRequestHandler): + """Handler class for SocketServers, answering to door requests""" + def handle(self): + """Handle the request the door sent us""" + data = self.request[0].lower() + socket = self.request[1] + log("%s wrote: %s" % (self.client_address[0], data)) + + # if data starts with o, opened door validation, else should + # be a code + if not data.startswith("o"): + valide, contents = self.check_code(data) + if valide: + socket.sendto("passoir,o=1", self.client_address) + log("valid code! (%s)" % contents.strip()) + + def check_code(self, data): + """Check the given code against the available codes list.""" + path = os.path.join(CODES, data) + if os.path.exists(path): + contents = open(path).read() + os.remove(path) + return True, contents + return False, "" + +if __name__ == "__main__": + # do the UNIX double-fork magic, see Stevens' "Advanced + # Programming in the UNIX Environment" for details (ISBN 0201563177) + try: + pid = os.fork() + if pid > 0: + # exit first parent + sys.exit(0) + except OSError, e: + print >>sys.stderr, "fork #1 failed: %d (%s)" % (e.errno, e.strerror) + sys.exit(1) + + # decouple from parent environment + os.chdir("/") #don't prevent unmounting.... + os.setsid() + os.umask(0) + + # do second fork + try: + pid = os.fork() + if pid > 0: + # exit from second parent, print eventual PID before + #print "Daemon PID %d" % pid + open(PIDFILE,'w').write("%d"%pid) + sys.exit(0) + except OSError, e: + print >>sys.stderr, "fork #2 failed: %d (%s)" % (e.errno, e.strerror) + sys.exit(1) + + # start the daemon main loop + runme() diff --git a/surveillance/comptes_inactifs/comptes_inactifs.3.txt b/surveillance/comptes_inactifs/comptes_inactifs.3.txt new file mode 120000 index 00000000..524dfde3 --- /dev/null +++ b/surveillance/comptes_inactifs/comptes_inactifs.3.txt @@ -0,0 +1 @@ +comptes_inactifs.2.txt \ No newline at end of file diff --git a/surveillance/comptes_inactifs/comptes_inactifs.7.txt b/surveillance/comptes_inactifs/comptes_inactifs.7.txt new file mode 120000 index 00000000..1f80f9bf --- /dev/null +++ b/surveillance/comptes_inactifs/comptes_inactifs.7.txt @@ -0,0 +1 @@ +comptes_inactifs.6.txt \ No newline at end of file diff --git a/surveillance/filtrage_netacct.py b/surveillance/filtrage_netacct.py deleted file mode 100755 index b3fcc777..00000000 --- a/surveillance/filtrage_netacct.py +++ /dev/null @@ -1,135 +0,0 @@ -#! /usr/bin/env python -# -*- encoding: iso-8859-15 -*- - -########################### -# Import des commmandes : # -########################### - -import commands -import os -#import pg # Import des commandes de postgres -import sys -sys.path.append('/usr/scripts/gestion') -import iptools -import psycopg2 -from time import strftime, localtime -sys.path.append('/usr/scripts/surveillance') -import strptime, config - -# définition des tables -####################### -from socket import gethostname -hostname = gethostname().split(".")[0] - -# Définition de constantes : -############################ -reseau = config.NETs['all'] - -# Ouverture de la base de données : -################################### -pgsql = PgSQL.connect(host='pgsql.adm.crans.org', database='filtrage', user='crans') -# Il faudra remplacer la ligne ci-dessous par pgsql.set_session(autocommit=True) sous wheezy -pgsql.set_isolation_level(0) - -# Récupération de la table de protocoles : -########################################## -requete = "SELECT id from protocole" -curseur = pgsql.cursor() -curseur.execute(requete) -curseur.fetchall -tableau = curseur.fetchall() -protocole = [] -for cellule in tableau: - protocole.append(cellule[0]) - - -# Fonction de commit : -###################### -def commit(act, prec={'donnees':0}): - # act = communication actuelle - # prec = communication précédente si elle existe - - # Vérification de l'IP : - verif = iptools.AddrInNets(act["ip_src"],reseau) - if verif: - crans = "src" - ext = "dest" - upload = int(act["donnees"]) - download = int(prec["donnees"]) - port_src=int(act['port_src']) - port_dest=int(act['port_dest']) - else : - crans = "dest" - ext = "src" - upload = int(prec["donnees"]) - download = int(act["donnees"]) - port_src=int(act['port_dest']) - port_dest=int(act['port_src']) - - proto = int(act["proto"]) - ip_crans = act["ip_%s" % crans] - ip_ext = act["ip_%s" % ext] - port_crans = int(act["port_%s" % crans]) - port_ext = int(act["port_%s" % ext]) - - if proto not in protocole: - proto = -1 - - # Traitement dans la base SQL - date = strptime.syslog2pgsql(strftime("%b %d %H:%M:%S",localtime(int(act["date"])))) - curseur = pgsql.cursor() - requete = "INSERT INTO upload (ip_crans,ip_ext,port_crans,port_ext,download,upload,date,id) VALUES ('%s','%s',%d,%d,%d,%d,'%s',%d)" % (ip_crans, ip_ext, port_crans, port_ext, download, upload, date, proto) - curseur.execute(requete) - - -################################################################## -# Parser les logs de net-acct : /var/log/net-acct/net-acct.log : # -################################################################## - -# On récupère en continu les log de net-account -netacct = os.popen("sh -c 'tail -F /var/log/net-acct/net-acct.log 2> /dev/null'") - -# Sélectionner le couple de ligne qui va bien (port_src_i=port_dest_i+1 et ip_src_i=ip_dest_i+1 -# Création d'un dictionnaire pour matcher les conversations -precedent = {"ip_src":"0","ip_dest":"0","port_src":"0","port_dest":"0","date":"0"} - -# Marqueur pour ne pas enregistrer deux fois la même conversation -precedent_commite = True - -for log in netacct : - - # Découpage du log - date,proto,ip_src,port_src,ip_dest,port_dest,donnees = log.split("\t")[0:-2] - - # Si on change de date, on analyse le dump et on commite - if precedent["date"] != date: - print 'dump (%s=>%s)'%(precedent["date"],date) - #os.system('/usr/scripts/surveillance/filtrage_dump.py') - print 'done' - - # Création d'un dictionnaire pour matcher les conversations - actuel = {} - actuel["date"] = date - actuel["proto"] = proto - actuel["ip_src"]=ip_src - actuel["port_src"]=port_src - actuel["ip_dest"]=ip_dest - actuel["port_dest"]=port_dest - actuel["donnees"]=donnees - actuel["date"]=date - - # On regarde si c'est le retour de la connexion du dessus - print actuel - if (actuel["ip_src"]==precedent["ip_dest"] - and actuel["ip_dest"]==precedent["ip_src"] - and actuel["port_src"]==precedent["port_dest"] - and actuel["port_dest"]==precedent["port_src"]): - commit(actuel, precedent) - precedent_commite = True - elif not precedent_commite: - # On commite le précédent avant de l'écraser - commit(precedent) - else: - precedent_commite = False - - precedent=actuel diff --git a/surveillance/outils/virus.py b/surveillance/outils/virus.py new file mode 100644 index 00000000..b02f992f --- /dev/null +++ b/surveillance/outils/virus.py @@ -0,0 +1,50 @@ +#! /usr/bin/env python +# -*- coding: iso-8859-15 -*- + +########################### +# Import des commmandes : # +########################### + +import commands +import sys +import psycopg2 +sys.path.append('/usr/scripts/gestion') +from config import upload, virus, p2p +import smtplib +from ldap_crans import crans_ldap +from time import * + + + +# Connections : +############### +pgsql = psycopg2.connect(database='filtrage', user='crans') +# Il faudra remplacer la ligne ci-dessous par pgsql.set_session(autocommit=True) +pgsql.set_isolation_level(0) +mail = smtplib.SMTP('localhost') +ldap = crans_ldap() +curseur=pgsql.cursor() + + +requete="SELECT ip_crans FROM avertis_virus" +curseur.execute(requete) +virus=curseur.fetchall() +for i in range(0,len(virus)) : + IP=virus[i][0] + print IP + requete="SELECT COUNT(ip_src) from virus where ip_src='%s' and date > timestamp 'now' - interval '1 hour'"%IP + curseur.execute(requete) + resultv=curseur.fetchall() + requete="SELECT COUNT(ip_src) from flood where ip_src='%s' and date > timestamp 'now' - interval '1 hour'"%IP + curseur.execute(requete) + resultf=curseur.fetchall() + machine = ldap.search('ipHostNumber=%s' % IP,'w' )['machine'][0] + hostname=machine.nom() + proprio=machine.proprietaire() + bl=proprio.blacklist() + for ligne in bl: + if '-,virus,' in ligne: + print hostname,resultv[0][0],resultf[0][0],ligne + break + #else : + # print hostname,resultv[0][0],resultf[0][0],'PAS DE BL' diff --git a/surveillance/ra.py b/surveillance/ra.py new file mode 100755 index 00000000..f4096193 --- /dev/null +++ b/surveillance/ra.py @@ -0,0 +1,52 @@ +#! /usr/bin/env python +# -*- coding: utf-8 -*- + +""" +Script pour placer les gens qui font du routeur advertisement sur le vlan +isolement +© Olivier Huber +License : GPLv2 +""" + +import os +import sys +sys.stdout = open('/tmp/badboys', 'a') +sys.stderr = open('/tmp/badboys', 'a') +import time +sys.path.append('/usr/scripts/gestion') +from ldap_crans import crans_ldap, is_actif +sys.path.append('/usr/scripts/utils') +from chambre_on_off import chambre_on_off +from time import sleep +if __name__ == '__main__': + Mac_ra = os.getenv('SOURCE_MAC') + print Mac_ra + with open('/tmp/badboys', 'a') as f: + print >>f, Mac_ra + Ldap = crans_ldap() + try: + Machine = Ldap.search('mac=%s' % Mac_ra, 'w' )['machine'][0] + except IndexError: + print u"La machine avec la mac %s n'est pas declarée !" % Mac_ra + sys.exit(1) + + Host = Machine.nom() + Prop = Machine.proprietaire() + Bl = Prop.blacklist() + Bl_ipv6 = [ x for x in Bl if 'ipv6_ra' in x ] + for bl in Bl_ipv6: + if is_actif(bl): + # L'adhérent est déjà blacklisté + print "déjà blacklisté !!!!" + sys.exit(1) + else: + # L'adhérent n'est pas encore blacklisté + Prop.blacklist(['now', '-', 'ipv6_ra', Host]) + print "ur a bad guy" + Prop.save() + Chbre = Machine.proprietaire().chbre() + chambre_on_off(Chbre, 'off') + time.sleep(5) + chambre_on_off(Chbre, 'on') + print str(Host), str(Prop), Machine.proprietaire().chbre() + sys.exit(0) diff --git a/surveillance/strptime.py b/surveillance/strptime.py new file mode 100644 index 00000000..c455587c --- /dev/null +++ b/surveillance/strptime.py @@ -0,0 +1,27 @@ +#! /usr/bin/env python + +months = { 'Jan': 1, + 'Feb': 2, + 'Mar': 3, + 'Apr': 4, + 'May': 5, + 'Jun': 6, + 'Jul': 7, + 'Aug': 8, + 'Sep': 9, + 'Oct': 10, + 'Nov': 11, + 'Dec': 12 } + +import time + +def syslog2pgsql(date): + """Convertit une date du type `Jul 15 19:32:23' en une date du type `15-07-2005 19:32:23'""" + mois = months[date[0:3]] + jour = int(date[4:6]) + heure = date[7:] + annee = time.gmtime()[0] + return "%02d-%02d-%04d %s" % (jour, mois, annee, heure) + + + diff --git a/wiki/dump_proxy.py b/wiki/dump_proxy.py new file mode 100644 index 00000000..88c81812 --- /dev/null +++ b/wiki/dump_proxy.py @@ -0,0 +1,934 @@ +# -*- coding: utf-8 -*- +""" +MoinMoin - Dump a MoinMoin wiki to static pages +Version modifiée par ADG pour les besoins du Cr@ns. +Ce fichier devrait être linké depuis /usr/lib/pymodules/python2.6/MoinMoin/script/export/ + +@copyright: 2002-2004 Juergen Hermann , + 2005-2006 MoinMoin:ThomasWaldmann +@license: GNU GPL, see COPYING for details. +""" + +import sys, os, time, codecs, shutil, re, errno + +from MoinMoin import config, wikiutil, Page, user +from MoinMoin import script +from MoinMoin.action import AttachFile + +url_prefix_static = "." +logo_html = '' +HTML_SUFFIX = ".html" + +page_template = u''' + + + + %(pagename)s + + + +
+ +
+%(pagehtml)s +
+ +

+Cette page a été extraite du wiki le %(timestamp)s. +

+
+ + +''' + + +def _attachment(request, pagename, filename, outputdir, **kw): + filename = filename.encode(config.charset) + source_dir = AttachFile.getAttachDir(request, pagename) + source_file = os.path.join(source_dir, filename) + dest_dir = os.path.join(outputdir, "attachments", wikiutil.quoteWikinameFS(pagename)) + dest_file = os.path.join(dest_dir, filename) + dest_url = "attachments/%s/%s" % (wikiutil.quoteWikinameFS(pagename), wikiutil.url_quote(filename)) + if os.access(source_file, os.R_OK): + if not os.access(dest_dir, os.F_OK): + try: + os.makedirs(dest_dir) + except: + script.fatal("Cannot create attachment directory '%s'" % dest_dir) + elif not os.path.isdir(dest_dir): + script.fatal("'%s' is not a directory" % dest_dir) + + shutil.copyfile(source_file, dest_file) + script.log('Writing "%s"...' % dest_url) + return dest_url + else: + return "" + + +class PluginScript(script.MoinScript): + """\ +Purpose: +======== +This tool allows you to dump MoinMoin wiki pages to static HTML files. + +Detailed Instructions: +====================== +General syntax: moin [options] export dump_proxy [dump-options] + +[options] usually should be: + --config-dir=/path/to/my/cfg/ --wiki-url=http://wiki.example.org/ + +[dump-options] see below: + 0. You must run this script as owner of the wiki files, usually this is the + web server user. + + 1. To dump all the pages on the wiki to the directory '/mywiki' + moin ... export dump_proxy --target-dir=/mywiki + + 2. To dump all the pages readable by 'JohnSmith' on the wiki to the directory + '/mywiki' + moin ... export dump_proxy --target-dir=/mywiki --username JohnSmith +""" + + def __init__(self, argv=None, def_values=None): + script.MoinScript.__init__(self, argv, def_values) + self.parser.add_option( + "-t", "--target-dir", dest = "target_dir", + help = "Write html dump to DIRECTORY" + ) + self.parser.add_option( + "-u", "--username", dest = "dump_user", + help = "User the dump will be performed as (for ACL checks, etc)" + ) + + def mainloop(self): + """ moin-dump's main code. """ + + # Prepare output directory + if not self.options.target_dir: + script.fatal("you must use --target-dir=/your/output/path to specify the directory we write the html files to") + outputdir = os.path.abspath(self.options.target_dir) + try: + os.mkdir(outputdir) + script.log("Created output directory '%s'!" % outputdir) + except OSError, err: + if err.errno != errno.EEXIST: + script.fatal("Cannot create output directory '%s'!" % outputdir) + + # Insert config dir or the current directory to the start of the path. + config_dir = self.options.config_dir + if config_dir and os.path.isfile(config_dir): + config_dir = os.path.dirname(config_dir) + if config_dir and not os.path.isdir(config_dir): + script.fatal("bad path given to --config-dir option") + sys.path.insert(0, os.path.abspath(config_dir or os.curdir)) + + self.init_request() + request = self.request + + # fix url_prefix_static so we get relative paths in output html + request.cfg.url_prefix_static = url_prefix_static + + # use this user for permissions checks + request.user = user.User(request, name=self.options.dump_user) + + pages = request.rootpage.getPageList(user='') # get list of all pages in wiki + pages.sort() + if self.options.page: # did user request a particular page or group of pages? + try: + namematch = re.compile(self.options.page) + pages = [page for page in pages if namematch.match(page)] + if not pages: + pages = [self.options.page] + except: + pages = [self.options.page] + + wikiutil.quoteWikinameURL = lambda pagename, qfn=wikiutil.quoteWikinameFS: (qfn(pagename) + HTML_SUFFIX) + + AttachFile.getAttachUrl = lambda pagename, filename, request, **kw: _attachment(request, pagename, filename, outputdir, **kw) + + errfile = os.path.join(outputdir, 'error.log') + errlog = open(errfile, 'w') + errcnt = 0 + + page_front_page = wikiutil.getLocalizedPage(request, request.cfg.page_front_page).page_name + page_title_index = wikiutil.getLocalizedPage(request, 'TitleIndex').page_name + page_word_index = wikiutil.getLocalizedPage(request, 'WordIndex').page_name + + navibar_html = '' + for p in [page_front_page, page_title_index, page_word_index]: + navibar_html += '[%s] ' % (wikiutil.quoteWikinameURL(p), wikiutil.escape(p)) + + urlbase = request.url # save wiki base url + for pagename in pages: + # we have the same name in URL and FS + file = wikiutil.quoteWikinameURL(pagename) + script.log('Writing "%s"...' % file) + try: + pagehtml = '' + request.url = urlbase + pagename # add current pagename to url base + page = Page.Page(request, pagename) + request.page = page + try: + request.reset() + pagehtml = request.redirectedOutput(page.send_page, count_hit=0, content_only=1) + except: + errcnt = errcnt + 1 + print >> sys.stderr, "*** Caught exception while writing page!" + print >> errlog, "~" * 78 + print >> errlog, file # page filename + import traceback + traceback.print_exc(None, errlog) + finally: + timestamp = time.strftime("%Y-%m-%d %H:%M") + filepath = os.path.join(outputdir, file) + fileout = codecs.open(filepath, 'w', config.charset) + fileout.write(page_template % { + 'charset': config.charset, + 'pagename': pagename, + 'pagehtml': pagehtml, + 'timestamp': timestamp, + }) + fileout.close() + + # copy FrontPage to "index.html" + indexpage = page_front_page + if self.options.page: + indexpage = pages[0] # index page has limited use when dumping specific pages, but create one anyway + shutil.copyfile( + os.path.join(outputdir, wikiutil.quoteWikinameFS(indexpage) + HTML_SUFFIX), + os.path.join(outputdir, 'index' + HTML_SUFFIX) + ) + + errlog.close() + if errcnt: + print >> sys.stderr, "*** %d error(s) occurred, see '%s'!" % (errcnt, errfile) +