[
MAINHACK
]
Mail Test
BC
Config Scan
HOME
Create...
New File
New Folder
Viewing / Editing File: whitelist_panels_login.py
File is not writable. Editing disabled.
import logging import time from ipaddress import ip_network from humanize import naturaldelta from defence360agent.contracts.plugins import expect, MessageSink from im360.api.ips import IPApi from defence360agent.contracts.messages import MessageType from im360.ioc import services from im360.model.firewall import IPList logger = logging.getLogger(__name__) class WhitelistPanelsLogin(MessageSink): """ Placing all IPs that successfuly login panel into whitelist with TTL. """ PROCESSING_ORDER = MessageSink.ProcessingOrder.IGNORE_MESSAGE OSSEC_RULES = { 11006: False, # rule id for cPanel login 11009: True # rule id for WHM login (full access) } TTL = 60 * 60 * 3 def __init__(self): self._whitelist_cache = services.primary_whitelist_cache async def create_sink(self, loop): self._loop = loop @expect(MessageType.SensorIncident, plugin_id='ossec') async def whitelist_panels_login(self, message): if message['rule'] in self.OSSEC_RULES: ip = ip_network(message.get('attackers_ip')) expiration = int(self.TTL + time.time()) if not await self._whitelist_cache.contains(ip): await IPApi.block( items=[ip], listname=IPList.WHITE, expiration=expiration, manual=False, comment="Whitelisted for %s due to successful panel login" % naturaldelta(self.TTL), full_access=self.OSSEC_RULES[message['rule']] ) logger.info('Added %s logged in panel to the Whitelist' ' for %s seconds', ip, self.TTL)
Save Changes
Cancel / Back
Close ×
Server Info
Hostname: server05.hostinghome.co.in
Server IP: 192.168.74.40
PHP Version: 7.4.33
Server Software: Apache
System: Linux server05.hostinghome.co.in 3.10.0-962.3.2.lve1.5.81.el7.x86_64 #1 SMP Wed May 31 10:36:47 UTC 2023 x86_64
HDD Total: 1.95 TB
HDD Free: 691.07 GB
Domains on IP: N/A (Requires external lookup)
System Features
Safe Mode:
Off
disable_functions:
None
allow_url_fopen:
On
allow_url_include:
Off
magic_quotes_gpc:
Off
register_globals:
Off
open_basedir:
None
cURL:
Enabled
ZipArchive:
Disabled
MySQLi:
Enabled
PDO:
Enabled
wget:
Yes
curl (cmd):
Yes
perl:
Yes
python:
Yes
gcc:
Yes
pkexec:
No
git:
Yes
User Info
Username: itsweb
User ID (UID): 1619
Group ID (GID): 1621
Script Owner UID: 1619
Current Dir Owner: N/A