crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[firewall/filtrage] On droppe les problèmes de formatage

Browse source 
Ignore-this: eda45d6122669802eeee401d5ff81cf9
parce que netfilter fait parfois caca (comme tout le monde…)

darcs-hash:20121030223617-28565-c421592560f590198c00bce4e7dd6a7e453fec53.gz
This commit is contained in:
Daniel STAN 2012-10-30 23:36:17 +01:00
parent 5d25b023d8
commit c04010afbb
1 changed files with 51 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

84
surveillance/filtrage_firewall.py
View file

@ -76,17 +76,23 @@ for log in filtre :
resultat_flood = motif_flood.match(log)
if resultat_p2p :
ip_src = resultat_p2p.group(3)
verif = iptools.AddrInNets (ip_src,reseau)
if verif :
date = resultat_p2p.group(1)
id_p2p = int(protocole_p2p[resultat_p2p.group(2)])
try:
ip_src = resultat_p2p.group(3)
ip_dest = resultat_p2p.group(4)
proto = int(protocole[resultat_p2p.group(5)]) #C'est à dire id pour la base
port_src = int(resultat_p2p.group(6))
port_dest = int(resultat_p2p.group(7))
date=strptime.syslog2pgsql(date)
verif = iptools.AddrInNets (ip_src,reseau)
except ValueError:
continue #IP malformee
if verif :
try:
date = resultat_p2p.group(1)
id_p2p = int(protocole_p2p[resultat_p2p.group(2)])
ip_src = resultat_p2p.group(3)
ip_dest = resultat_p2p.group(4)
proto = int(protocole[resultat_p2p.group(5)]) #C'est à dire id pour la base
port_src = int(resultat_p2p.group(6))
port_dest = int(resultat_p2p.group(7))
date=strptime.syslog2pgsql(date)
except ValueError, KeyError:
continue #mal parse
# On remplit la base :
######################
@ -96,34 +102,46 @@ for log in filtre :
# On teste si le log contient des virus
########################################
elif resultat_virus :
ip_src = resultat_virus.group(3)
verif = iptools.AddrInNets (ip_src,reseau)
if verif :
date = resultat_virus.group(1)
try:
ip_src = resultat_virus.group(3)
ip_dest = resultat_virus.group(4)
proto = int(protocole[resultat_virus.group(5)]) #C'est à dire id pour la base
port_src = int(resultat_virus.group(6))
port_dest = int(resultat_virus.group(7))
# On remplit la base :
######################
date=strptime.syslog2pgsql(date)
verif = iptools.AddrInNets (ip_src,reseau)
except ValueError:
continue
if verif :
try:
date = resultat_virus.group(1)
ip_src = resultat_virus.group(3)
ip_dest = resultat_virus.group(4)
proto = int(protocole[resultat_virus.group(5)]) #C'est à dire id pour la base
port_src = int(resultat_virus.group(6))
port_dest = int(resultat_virus.group(7))
# On remplit la base :
######################
date=strptime.syslog2pgsql(date)
except ValueError, KeyError:
continue
requete = "INSERT INTO virus (date,ip_src,ip_dest,id,port_src,port_dest) VALUES ('%s','%s','%s',%d,%d,%d)" % (date,ip_src,ip_dest,proto,port_src,port_dest)
curseur.execute(requete)
elif resultat_flood :
ip_src = resultat_flood.group(3)
verif = iptools.AddrInNets (ip_src,reseau)
if verif :
date = resultat_flood.group(1)
try:
ip_src = resultat_flood.group(3)
ip_dest = resultat_flood.group(4)
proto = int(protocole[resultat_flood.group(5)]) #C'est à dire id pour la base
port_src = int(resultat_flood.group(6))
port_dest = int(resultat_flood.group(7))
# On remplit la base :
######################
date=strptime.syslog2pgsql(date)
verif = iptools.AddrInNets (ip_src,reseau)
except ValueError:
continue
if verif :
try:
date = resultat_flood.group(1)
ip_src = resultat_flood.group(3)
ip_dest = resultat_flood.group(4)
proto = int(protocole[resultat_flood.group(5)]) #C'est à dire id pour la base
port_src = int(resultat_flood.group(6))
port_dest = int(resultat_flood.group(7))
# On remplit la base :
######################
date=strptime.syslog2pgsql(date)
except ValueError, KeyError:
continue
requete = "INSERT INTO flood (date,ip_src,ip_dest,id,port_src,port_dest) VALUES ('%s','%s','%s',%d,%d,%d)" % (date,ip_src,ip_dest,proto,port_src,port_dest)
curseur.execute(requete)