Add manual blacklist functionality

testing 1669171544
Cole Deck 2 years ago
parent 86eeb716ac
commit d62fa3b79f

@ -8,7 +8,7 @@ import bcrypt
def login(config, user, password, sysid): def login(config, user, password, sysid):
fprint("Attempting to login as " + user) fprint("Attempting to login as " + user)
filename = sysid + "login.csv" filename = sysid + "login.csv"
#return True
#hashpasswd = bcrypt.hashpw(password.encode('utf-8'), user).decode() #hashpasswd = bcrypt.hashpw(password.encode('utf-8'), user).decode()
with open(find_data_file(filename), "w", newline="") as f: with open(find_data_file(filename), "w", newline="") as f:
writer = csv.writer(f) writer = csv.writer(f)

@ -1,7 +1,7 @@
core: core:
autostart: true autostart: true
clockspeed: 20 clockspeed: 20
interval: 5 interval: 10
level: 2 level: 2
localadmin: true localadmin: true
sftp: sftp:
@ -16,4 +16,4 @@ sftp:
port: 22 port: 22
user: ec2-user user: ec2-user
ui: ui:
darkmode: true darkmode: false

@ -18,8 +18,7 @@ import auth
import panel import panel
import block import block
badapps = [756, 278670] history = list()
badips = ["208.59.79.12",]
displaydata = None displaydata = None
settings = None settings = None
netdata_res = None netdata_res = None
@ -66,7 +65,7 @@ def netstat_done(res):
def process_done(res): def process_done(res):
if settings["running"] == True: if settings["running"] == True:
fprint("uploading to sftp...") fprint("uploading to sftp...")
#ssh.sftp_send_data(res, config, datafile) #ssh.sftp_send_data(config, datafile, 'send')
procdata_res = pool.apply_async(ssh.sftp_send_data, (config, datafile, 'send'), callback=upload_done) procdata_res = pool.apply_async(ssh.sftp_send_data, (config, datafile, 'send'), callback=upload_done)
@ -229,12 +228,15 @@ def mainloop(pool):
badip = line[4] badip = line[4]
badport = line[5] badport = line[5]
fprint("Firewalling " + badip + ":" + str(badport)) fprint("Firewalling " + badip + ":" + str(badport))
if win32: if (badip, badport) not in history:
cmd = 'New-NetFirewallRule -DisplayName "IPPigeon Security Rule ' + badip + ':' + str(badport) + '" -Group "IPPigeon" -Direction Outbound -LocalPort Any -Protocol ' + badproto + ' -Action Block -RemoteAddress ' + badip + ' -RemotePort ' + str(badport) if win32:
run_cmd(cmd) cmd = 'New-NetFirewallRule -DisplayName "IPPigeon Security Rule ' + badip + ':' + str(badport) + '" -Group "IPPigeon" -Direction Outbound -LocalPort Any -Protocol ' + badproto + ' -Action Block -RemoteAddress ' + badip + ' -RemotePort ' + str(badport)
if linux: run_cmd(cmd)
cmd = "nft add rule ip ippigeon output ip daddr " + badip + " " + badproto.lower() + " dport " + str(badport) + " drop" if linux:
run_cmd(cmd) cmd = "nft add rule ip ippigeon output ip daddr " + badip + " " + badproto.lower() + " dport " + str(badport) + " drop"
run_cmd(cmd)
else:
history.append((badip, badport))
if settings["applyconfig"] == True: if settings["applyconfig"] == True:

@ -246,7 +246,6 @@ class ServerPanel(wx.Panel):
txt = "Status: Running (" + str(settings["config"]["core"]["level"]) + ")" txt = "Status: Running (" + str(settings["config"]["core"]["level"]) + ")"
else: else:
txt = "Status: Not running" txt = "Status: Not running"
#self.list_ctrl.SetSize(self.GetSize()[0] - 50, self.GetSize()[1] - 200) #self.list_ctrl.SetSize(self.GetSize()[0] - 50, self.GetSize()[1] - 200)
self.checklogin() self.checklogin()
if settings["loggedin"] == True: if settings["loggedin"] == True:
@ -268,6 +267,10 @@ class ServerPanel(wx.Panel):
return return
fprint("updatedata called") fprint("updatedata called")
loaddata() loaddata()
list_total = self.list_ctrl.GetItemCount()
list_top = self.list_ctrl.GetTopItem()
list_pp = self.list_ctrl.GetCountPerPage()
list_bottom = min(list_top + list_pp, list_total - 1)
if self.list_ctrl.DeleteAllItems(): if self.list_ctrl.DeleteAllItems():
fprint("Items deleted") fprint("Items deleted")
else: else:
@ -293,10 +296,12 @@ class ServerPanel(wx.Panel):
for j in range(1, 6): for j in range(1, 6):
#fprint(str(idx) + " " + str(TEST_FILE.iloc[i, 0])) #fprint(str(idx) + " " + str(TEST_FILE.iloc[i, 0]))
self.list_ctrl.SetItem(idx, j, str(TEST_FILE.iloc[i, j])) self.list_ctrl.SetItem(idx, j, str(TEST_FILE.iloc[i, j]))
#fprint(i, j, TEST_FILE.iloc[i, j]) #fprint(i, j, TEST_FILE.iloc[i, j])
#self.SetSizer(self.main_sizer) #self.SetSizer(self.main_sizer)
self.list_ctrl.EnsureVisible((list_bottom - 1))
wx.CallLater(100, self.updatedata) wx.CallLater(100, self.updatedata)
def on_start(self, event): def on_start(self, event):

@ -7,11 +7,16 @@ from util import macos
from invoke import exceptions from invoke import exceptions
import sys import sys
c = None
def sftp_send_data(config, filename, filetype): def sftp_send_data(config, filename, filetype):
setup_child() setup_child()
if not macos: if not macos:
fprint("Connecting over SSH to " + config['sftp']['host']) fprint("Connecting over SSH to " + config['sftp']['host'])
c = Connection(host=config['sftp']['host'], user=config['sftp']['user'], port=config['sftp']['port'], connect_kwargs={"key_filename": find_data_file(config['sftp']['keyfile']),}) global c
if c is None:
c = Connection(host=config['sftp']['host'], user=config['sftp']['user'], port=config['sftp']['port'], connect_kwargs={"key_filename": find_data_file(config['sftp']['keyfile']),})
fprint("Sending data over SFTP: " + filename) fprint("Sending data over SFTP: " + filename)
fprint(c.put(find_data_file(filename), remote=config['sftp']['filepath'][filetype])) fprint(c.put(find_data_file(filename), remote=config['sftp']['filepath'][filetype]))
fprint("Data sent over SFTP successfully") fprint("Data sent over SFTP successfully")
@ -21,7 +26,9 @@ def sftp_send_data(config, filename, filetype):
def check_for_file(config, filename, location): def check_for_file(config, filename, location):
setup_child() setup_child()
fprint("Connecting over SSH to " + config['sftp']['host']) fprint("Connecting over SSH to " + config['sftp']['host'])
c = Connection(host=config['sftp']['host'], user=config['sftp']['user'], port=config['sftp']['port'], connect_kwargs={"key_filename": find_data_file(config['sftp']['keyfile']),}) global c
if c is None:
c = Connection(host=config['sftp']['host'], user=config['sftp']['user'], port=config['sftp']['port'], connect_kwargs={"key_filename": find_data_file(config['sftp']['keyfile']),})
fprint("Checking for existence of file " + config['sftp']['filepath'][location] + "/" + filename) fprint("Checking for existence of file " + config['sftp']['filepath'][location] + "/" + filename)
try: try:
res = c.run("ls -l " + config['sftp']['filepath'][location] + "/" + filename, hide=True) res = c.run("ls -l " + config['sftp']['filepath'][location] + "/" + filename, hide=True)
@ -33,7 +40,9 @@ def check_for_file(config, filename, location):
def run_ssh(config, command, location): def run_ssh(config, command, location):
setup_child() setup_child()
fprint("Connecting over SSH to " + config['sftp']['host']) fprint("Connecting over SSH to " + config['sftp']['host'])
c = Connection(host=config['sftp']['host'], user=config['sftp']['user'], port=config['sftp']['port'], connect_kwargs={"key_filename": find_data_file(config['sftp']['keyfile']),}) global c
if c is None:
c = Connection(host=config['sftp']['host'], user=config['sftp']['user'], port=config['sftp']['port'], connect_kwargs={"key_filename": find_data_file(config['sftp']['keyfile']),})
fprint("cd to " + config['sftp']['filepath'][location]) fprint("cd to " + config['sftp']['filepath'][location])
with c.cd(config['sftp']['filepath'][location]): with c.cd(config['sftp']['filepath'][location]):
fprint("Running ssh command: " + command) fprint("Running ssh command: " + command)

Loading…
Cancel
Save