112 lines
3.6 KiB
Python
112 lines
3.6 KiB
Python
from util import find_data_file
|
|
from util import setup_child
|
|
from util import fprint
|
|
from util import run_cmd
|
|
from util import win32
|
|
from util import linux
|
|
from util import kill
|
|
import util
|
|
import time
|
|
import csv
|
|
import ssh
|
|
|
|
def get_blocklist(config, settings):
|
|
setup_child()
|
|
appendbad = settings["appendbad"]
|
|
whitelist = settings["whitelist"]
|
|
fprint("Downloading deny list from server")
|
|
data = ssh.check_for_file(config, "BadIPs.csv", "receive")
|
|
#fprint(data.stdout)
|
|
csvreader = csv.reader(data.stdout.split("\n"), delimiter=',', quotechar='|')
|
|
data2 = list()
|
|
for row in csvreader:
|
|
data2.append(row)
|
|
data2 = [i for i in data2 if i]
|
|
#fprint(data2)
|
|
for line in appendbad:
|
|
data2.append(line)
|
|
|
|
for line in whitelist:
|
|
for line2 in data2:
|
|
if line[0] in line2 and line[1] in line2:
|
|
fprint("Whitelisting P1 " + line[0] + ":" + str(line[1]))
|
|
data2.remove(line2)
|
|
|
|
if line[2] in settings["badapps"]:
|
|
tmp = settings["badapps"]
|
|
tmp.remove(line[2])
|
|
settings["badapps"] = tmp
|
|
if line[0] in settings["badips"]:
|
|
tmp = settings["badips"]
|
|
tmp.remove(line[0])
|
|
settings["badips"] = tmp
|
|
for line3 in settings["badlines"]:
|
|
if line[0] in line3 and line[1] in line3:
|
|
fprint("Whitelisting P2" + line[0] + ":" + str(line[1]))
|
|
tmp = settings["badlines"]
|
|
tmp.remove(line3)
|
|
settings["badlines"] = tmp
|
|
|
|
fprint(data2)
|
|
with open(find_data_file("blocklist.csv"), "w", newline="") as f:
|
|
writer = csv.writer(f)
|
|
writer.writerows(data2)
|
|
fprint("done creating csv")
|
|
return data2
|
|
|
|
def block_conn(config, datafile, res):
|
|
setup_child()
|
|
fprint("Searching block data")
|
|
mydata = list()
|
|
badapps = list()
|
|
badips = list()
|
|
badlines = list()
|
|
with open(find_data_file(datafile), newline='') as csvfile:
|
|
csvreader = csv.reader(csvfile, delimiter=',', quotechar='|')
|
|
|
|
for row in csvreader:
|
|
mydata.append(row)
|
|
|
|
baddata = res
|
|
fprint("Local loaded successfully")
|
|
goodct = 0
|
|
#fprint(mydata)
|
|
for line in mydata:
|
|
#fprint(line)
|
|
#fprint(line)
|
|
if line[0].find("0x") >= 0:
|
|
continue
|
|
|
|
srcip = line[2].split(":")[0]
|
|
srcport = line[2].split(":")[1]
|
|
destip = line[3].split(":")[0]
|
|
destport = line[3].split(":")[1]
|
|
pid = line[5]
|
|
try:
|
|
pid = int(pid)
|
|
except ValueError:
|
|
continue
|
|
found = False
|
|
for line in baddata:
|
|
#fprint(destip + " " + line[4])
|
|
badsrcip = line[2]
|
|
badsrcport = line[3]
|
|
baddestip = line[4]
|
|
baddestport = line[5]
|
|
badpid = line[11]
|
|
|
|
if ((srcip == badsrcip and srcport == badsrcport) or (destip == baddestip and destport == baddestport)) and not pid in badapps:
|
|
found = True
|
|
fprint("FLAG " + srcip + " " + destip + " " + str(pid))
|
|
badapps.append(pid)
|
|
badips.append(baddestip)
|
|
badlines.append(line)
|
|
#fprint(badapps)
|
|
#fprint("FLAG " + srcip + " " + destip + " " + str(pid))
|
|
#kill(pid)
|
|
|
|
if not found:
|
|
goodct = goodct + 1
|
|
|
|
return badapps, badips, badlines, goodct
|