[
MAINHACK
]
Mail Test
BC
Config Scan
HOME
Create...
New File
New Folder
Viewing / Editing File: persistent_storage.py
File is not writable. Editing disabled.
"""Update agent's db on receiving message & trigger other changes if necessary. """ import logging from defence360agent.contracts.messages import Reject from defence360agent.contracts.plugins import ( MessageSink, MessageSource, expect, ) from defence360agent.model.simplification import run_in_executor from defence360agent.contracts.messages import MessageType from im360.internals import geo from im360.model.firewall import IPList, is_expired from im360.model.incident import Incident from im360.utils.validate import IP logger = logging.getLogger(__name__) class PersistentStorage(MessageSink, MessageSource): IGNORED_INCIDENT_TAGS_TO_SAVE = ('noshow',) async def create_sink(self, loop): self._loop = loop async def create_source(self, loop, sink): self._loop = loop self._sink = sink @staticmethod def _filter_out(incidents): """ yield incidents that should be stored into local db """ for inc in incidents: # filter out incidents with 'noshow' tag if any(tag in PersistentStorage.IGNORED_INCIDENT_TAGS_TO_SAVE for tag in inc.get('tag', [])): continue # filter out incidents from whitelisted IP addresses if inc.get('ip_whitelisted', False): continue yield inc @expect(MessageType.SensorIncidentList) @expect(MessageType.LocalIncidentList) @expect(MessageType.UnreportableLocalIncidentList) async def record_incident(self, message): logger.debug('record_incident: "%s"', message.get('description', '<no decription>')) incident_list = [] is_local = isinstance( message, ( MessageType.UnreportableLocalIncidentList, MessageType.LocalIncidentList ) ) with geo.reader() as geo_reader: for incident in self._filter_out(message.list): if is_local: ip = None country_code = None else: ip = IP.ip_net_to_string(incident.get('attackers_ip')) country_code = geo_reader.get_id(ip) incident_list.append({'plugin': incident['plugin_id'], 'rule': incident['rule'], 'timestamp': incident['timestamp'], 'retries': incident['retries'], 'severity': incident['severity'], 'name': incident['name'], 'description': incident['message'], 'abuser': ip, 'country': country_code, 'domain': incident.get('domain')}) await run_in_executor( self._loop, lambda: Incident.save_incident_list(incident_list) ) @expect(MessageType.CaptchaDosAlert) async def record_captcha_dos_alert(self, message): """Update iplists db tables on CaptchaDosAlert. & Send BlockUnblockList, to update ipsets/webshield. """ if is_expired(message["expiration"]): raise Reject("Expired CaptchaDos alert") lists_or_error = await run_in_executor( self._loop, lambda: IPList.blacklist_graylisted_on_captcha_dos_alert( ip=message["attackers_ip"], expiration=message["expiration"], comment=message["message"], ), ) if isinstance(lists_or_error, Exception): raise lists_or_error await self._sink.process_message( MessageType.BlockUnblockList(lists_or_error) )
Save Changes
Cancel / Back
Close ×
Server Info
Hostname: server05.hostinghome.co.in
Server IP: 192.168.74.40
PHP Version: 7.4.33
Server Software: Apache
System: Linux server05.hostinghome.co.in 3.10.0-962.3.2.lve1.5.81.el7.x86_64 #1 SMP Wed May 31 10:36:47 UTC 2023 x86_64
HDD Total: 1.95 TB
HDD Free: 691.26 GB
Domains on IP: N/A (Requires external lookup)
System Features
Safe Mode:
Off
disable_functions:
None
allow_url_fopen:
On
allow_url_include:
Off
magic_quotes_gpc:
Off
register_globals:
Off
open_basedir:
None
cURL:
Enabled
ZipArchive:
Disabled
MySQLi:
Enabled
PDO:
Enabled
wget:
Yes
curl (cmd):
Yes
perl:
Yes
python:
Yes
gcc:
Yes
pkexec:
No
git:
Yes
User Info
Username: itsweb
User ID (UID): 1619
Group ID (GID): 1621
Script Owner UID: 1619
Current Dir Owner: N/A