Dplacement
darcs-hash:20050831233129-6d78a-2ef5f572a45e3e6178edeca255fbd1159444b780.gz
This commit is contained in:
pessoles
parent
f3d04aa223
commit
db137d4ca3
5 changed files with 897 additions and 0 deletions
120
surveillance/filtrage_firewall.py
Executable file
120
surveillance/filtrage_firewall.py
Executable file
|
|
@ -0,0 +1,120 @@
|
|||
#! /usr/bin/env python
|
||||
# -*- encoding: iso-8859-15 -*-
|
||||
|
||||
|
||||
###########################
|
||||
# Import des commmandes : #
|
||||
###########################
|
||||
|
||||
import commands
|
||||
import os
|
||||
# import pg # Import des commandes de postgres
|
||||
import sys
|
||||
sys.path.append('/usr/scripts/gestion')
|
||||
import iptools
|
||||
from pyPgSQL import PgSQL
|
||||
import re
|
||||
from time import gmtime,strftime
|
||||
sys.path.append('/home/bernat')
|
||||
import strptime
|
||||
|
||||
# Définition de constantes :
|
||||
############################
|
||||
|
||||
reseau = ["138.231.136.0/21", "138.231.148.0/22"]
|
||||
|
||||
# Ouverture de la base de données :
|
||||
###################################
|
||||
pgsql = PgSQL.connect(host='/var/run/postgresql', database='filtrage', user='crans')
|
||||
pgsql.autocommit = True
|
||||
|
||||
|
||||
|
||||
###########################################
|
||||
# Récupération des tables de protocoles : #
|
||||
###########################################
|
||||
|
||||
|
||||
curseur = pgsql.cursor()
|
||||
requete = "SELECT nom,id_p2p from protocole_p2p"
|
||||
curseur.execute(requete)
|
||||
curseur.fetchall
|
||||
tableau = curseur.fetchall()
|
||||
protocole_p2p = {}
|
||||
for cellule in tableau:
|
||||
protocole_p2p[cellule[0]]=cellule[1]
|
||||
|
||||
curseur = pgsql.cursor()
|
||||
requete = "SELECT nom,id from protocole"
|
||||
curseur.execute(requete)
|
||||
curseur.fetchall
|
||||
tableau = curseur.fetchall()
|
||||
protocole = {}
|
||||
for cellule in tableau:
|
||||
protocole[cellule[0]]=cellule[1]
|
||||
|
||||
|
||||
|
||||
##############################################################
|
||||
# Parser ler log du firewall: /var/log/firewall/filtre.log : #
|
||||
##############################################################
|
||||
|
||||
# Définition des motifs des comparaisons :
|
||||
##########################################
|
||||
motif_p2p = re.compile("^(.*) komaz .* IPP2P=([^ ]*).* SRC=([^ ]*).* DST=([^ ]*).* PROTO=([^ ]*).* SPT=([^ ]*).* DPT=([^ ]*).*")
|
||||
|
||||
motif_virus = re.compile("^(.*) komaz .* Virus:([^ ]*).* SRC=([^ ]*).* DST=([^ ]*).* PROTO=([^ ]*).* SPT=([^ ]*).* DPT=([^ ]*).*")
|
||||
|
||||
motif_flood = re.compile("^(.*) komaz .* Flood:([^ ]*).* SRC=([^ ]*).* DST=([^ ]*).* PROTO=([^ ]*).* SPT=([^ ]*).* DPT=([^ ]*).*")
|
||||
|
||||
|
||||
# On récupère en continu les log du firewall:
|
||||
#############################################
|
||||
filtre = os.popen("tail -F /var/log/firewall/filtre.log 2> /dev/null")
|
||||
|
||||
|
||||
# On matche les log du firewall avec les motifs :
|
||||
#################################################
|
||||
for log in filtre :
|
||||
resultat_p2p = motif_p2p.match(log)
|
||||
resultat_virus = motif_virus.match(log)
|
||||
resultat_flood = motif_flood.match(log)
|
||||
if resultat_p2p :
|
||||
date = resultat_p2p.group(1)
|
||||
id_p2p = int(protocole_p2p[resultat_p2p.group(2)])
|
||||
ip_src = resultat_p2p.group(3)
|
||||
ip_dest = resultat_p2p.group(4)
|
||||
proto = int(protocole[resultat_p2p.group(5)]) #C'est à dire id pour la base
|
||||
port_src = int(resultat_p2p.group(6))
|
||||
port_dest = int(resultat_p2p.group(7))
|
||||
date=strptime.syslog2pgsql(date)
|
||||
|
||||
# On remplit la base :
|
||||
######################
|
||||
curseur = pgsql.cursor()
|
||||
requete = "INSERT INTO p2p (date,ip_src,ip_dest,id_p2p,id,port_src,port_dest) VALUES ('%s','%s','%s',%d,%d,%d,%d)" % (date,ip_src,ip_dest,id_p2p,proto,port_src,port_dest)
|
||||
curseur.execute(requete)
|
||||
|
||||
# On teste si le log contient des virus
|
||||
########################################
|
||||
elif resultat_virus :
|
||||
date = resultat_virus.group(1)
|
||||
ip_src = resultat_virus.group(3)
|
||||
ip_dest = resultat_virus.group(4)
|
||||
proto = int(protocole[resultat_virus.group(5)]) #C'est à dire id pour la base
|
||||
port_src = int(resultat_virus.group(6))
|
||||
port_dest = int(resultat_virus.group(7))
|
||||
elif resultat_flood :
|
||||
date = resultat_flood.group(1)
|
||||
ip_src = resultat_flood.group(3)
|
||||
ip_dest = resultat_flood.group(4)
|
||||
proto = int(protocole[resultat_flood.group(5)]) #C'est à dire id pour la base
|
||||
port_src = int(resultat_flood.group(6))
|
||||
port_dest = int(resultat_flood.group(7))
|
||||
|
||||
# On remplit la base :
|
||||
######################
|
||||
date=strptime.syslog2pgsql(date)
|
||||
curseur = pgsql.cursor()
|
||||
requete = "INSERT INTO virus (date,ip_src,ip_dest,id,port_src,port_dest) VALUES ('%s','%s','%s',%d,%d,%d)" % (date,ip_src,ip_dest,proto,port_src,port_dest)
|
||||
curseur.execute(requete)
|
||||
Loading…
Add table
Add a link
Reference in a new issue