Permalink
Browse files

Improve readability of the web interface

  • Loading branch information...
root
root committed Aug 1, 2018
1 parent 49ad997 commit 42c180cc163a8ef65c0217b08e127153d62f27a9
Showing with 50 additions and 33 deletions.
  1. +14 −5 daemon/sensor.py
  2. +5 −5 daemon/syncfw.py
  3. +5 −5 models/events.py
  4. +1 −2 models/exemptions.py
  5. +1 −2 models/threats.py
  6. +1 −2 models/users.py
  7. +10 −7 webapp/routes/api.py
  8. +13 −5 webapp/static/js/dashboard.js
@@ -6,18 +6,27 @@
# -*- coding: utf-8 -*-

from daemon import conf, log, db
import time, os, re
import time, re, os, subprocess

class sensor:
def __init__(self):
self.ino = 0
self.idx = 0
self.start()

def parse(self, buffer):
for source, destination, port in re.findall(".* SRC=([0-9a-f:.]+) DST=([0-9a-f:.]+) .* DPT=([0-9]+) .*", buffer, re.IGNORECASE):
log.info(str("Blocking '{}' -> '{}:{}'").format(source, destination, port))
db.session_append(db.models.events(source=source, destination=destination, port=port, creation=int(time.time())))
def parse(self, content):
try:
iplist = subprocess.check_output(["hostname", "--all-ip"], stderr=subprocess.STDOUT).decode().strip().split(" ")
except Exception as error:
log.error(error)
iplist = []
for srcaddr, dstaddr, srcport, dstport in re.findall(".* SRC=([0-9a-f:.]+) DST=([0-9a-f:.]+) .* SPT=([0-9]+) DPT=([0-9]+) .*", content, re.IGNORECASE):
if dstaddr in iplist:
log.info(str("Blocking incoming '{}:{}' -> '{}:{}'").format(srcaddr, srcport, dstaddr, dstport))
db.session_append(db.models.events(ts=int(time.time()), srcaddr=srcaddr, dstaddr=dstaddr, srcport=srcport, dstport=dstport, flag=1))
if srcaddr in iplist:
log.info(str("Blocking outgoing '{}:{}' -> '{}:{}'").format(srcaddr, srcport, dstaddr, dstport))
db.session_append(db.models.events(ts=int(time.time()), srcaddr=srcaddr, dstaddr=dstaddr, srcport=srcport, dstport=dstport, flag=2))
try:
db.session_commit()
except Exception as error:
@@ -6,7 +6,7 @@
# -*- coding: utf-8 -*-

from daemon import conf, log, db, ipfw, dnfw
import time, importlib, re, json, socket, pebble
import time, re, importlib, json, socket, pebble

def ipbydn(data):
result = set()
@@ -103,9 +103,9 @@ def build(self):
def clean(self):
for element in conf.get("exemptions"):
if re.search("[.][a-z]+$", element):
db.session_append(db.models.exemptions(domain=element.lower(), creation=int(time.time())))
db.session_append(db.models.exemptions(ts=int(time.time()), domain=element.lower()))
else:
db.session_append(db.models.exemptions(ipaddr=element.lower(), creation=int(time.time())))
db.session_append(db.models.exemptions(ts=int(time.time()), ipaddr=element.lower()))
try:
db.models.exemptions().metadata.drop_all(db.engine)
db.models.exemptions().metadata.create_all(db.engine)
@@ -174,11 +174,11 @@ def merge(self):
for record in revlookup:
self.check_append(record, ipfw.ipbl, ipfw.dnbl)
self.check_append(element, ipfw.dnbl, ipfw.drop)
db.session_append(db.models.threats(domain=element, jsondata=json.dumps(revlookup), creation=int(time.time())))
db.session_append(db.models.threats(ts=int(time.time()), domain=element, jsondata=json.dumps(revlookup)))
self.threats.pop(element)
else:
self.check_append(element, ipfw.ipbl, ipfw.drop)
db.session_append(db.models.threats(ipaddr=element, jsondata=json.dumps(revlookup), creation=int(time.time())))
db.session_append(db.models.threats(ts=int(time.time()), ipaddr=element, jsondata=json.dumps(revlookup)))
self.threats.pop(element)
try:
self.check_commit()
@@ -13,9 +13,9 @@ class events(declarative_base()):
__tablename__ = "events"

id = Column(Integer, primary_key=True)
source = Column(String)
destination = Column(String)
port = Column(Integer)
creation = Column(Integer, default=0)
modification = Column(Integer, default=0)
ts = Column(Integer, default=0)
srcaddr = Column(String)
dstaddr = Column(String)
srcport = Column(Integer)
dstport = Column(Integer)
flag = Column(Integer, default=0)
@@ -13,8 +13,7 @@ class exemptions(declarative_base()):
__tablename__ = "exemptions"

id = Column(Integer, primary_key=True)
ts = Column(Integer, default=0)
domain = Column(String, unique=True)
ipaddr = Column(String, unique=True)
creation = Column(Integer, default=0)
modification = Column(Integer, default=0)
flag = Column(Integer, default=0)
@@ -13,9 +13,8 @@ class threats(declarative_base()):
__tablename__ = "threats"

id = Column(Integer, primary_key=True)
ts = Column(Integer, default=0)
domain = Column(String, unique=True)
ipaddr = Column(String, unique=True)
jsondata = Column(String)
creation = Column(Integer, default=0)
modification = Column(Integer, default=0)
flag = Column(Integer, default=0)
@@ -13,10 +13,9 @@ class users(declarative_base()):
__tablename__ = "users"

id = Column(Integer, primary_key=True)
ts = Column(Integer, default=0)
hash = Column(String)
fullname = Column(String)
username = Column(String, unique=True)
password = Column(String)
creation = Column(Integer, default=0)
modification = Column(Integer, default=0)
flag = Column(Integer, default=0)
@@ -64,14 +64,17 @@ def controller_api_events(timeframe):
minimum, maximum = period[timeframe]
query = g.db.session.query(g.db.models.events)
query = query.order_by(g.db.models.events.id.desc())
query = query.filter(g.db.models.events.creation >= minimum)
query = query.filter(g.db.models.events.creation <= maximum)
query = query.filter(g.db.models.events.ts >= minimum)
query = query.filter(g.db.models.events.ts <= maximum)
if "matchonly" in request.values and request.values.get("matchonly"):
query = query.filter(g.db.models.events.port.in_(request.values.get("matchonly").split(",")))
query = query.filter(g.db.models.events.srcport.in_(request.values.get("matchonly").split(",")) | g.db.models.events.dstport.in_(request.values.get("matchonly").split(",")))
for row in query.yield_per(g.db.chunk):
data.append({
"source": row.source,
"destination": row.destination,
"port": row.port,
"datetime": datetime.utcfromtimestamp(row.creation).strftime("%Y-%m-%d %H:%M:%S")})
"id": row.id,
"ts": row.ts,
"srcaddr": row.srcaddr,
"dstaddr": row.dstaddr,
"srcport": row.srcport,
"dstport": row.dstport,
"flag": row.flag})
return make_response(json.dumps(data))
@@ -54,12 +54,20 @@ $(function () {
json.forEach(function (element, index) {
var item = template.clone().attr("class", "item");

result[moment.utc(element.datetime).format({"m": "YYYY-MM-DD HH:mm:00", "h": "YYYY-MM-DD HH:00:00", "d": "YYYY-MM-DD 00:00:00"}[unit])]++;
item.find(".data-datetime").text(element.datetime);
item.find(".data-source").text(element.source);
item.find(".data-destination").text(element.destination);
item.find(".data-port").text(element.port).css({"background-color": colorhash(element.port)});
if (element.flag == 1) {
item.find(".data-datetime").text(moment.utc(element.ts * 1000).format("YYYY-MM-DD HH:mm:ss"));
item.find(".data-source").text(element.srcaddr).attr("class", "text-danger");
item.find(".data-destination").text(element.dstaddr).attr("class", "text-secondary");
item.find(".data-port").text(element.dstport).css({"background-color": colorhash(element.dstport)});
}
if (element.flag == 2) {
item.find(".data-datetime").text(moment.utc(element.ts * 1000).format("YYYY-MM-DD HH:mm:ss"));
item.find(".data-source").text(element.srcaddr).attr("class", "text-secondary");
item.find(".data-destination").text(element.dstaddr).attr("class", "text-danger");
item.find(".data-port").text(element.srcport).css({"background-color": colorhash(element.srcport)});
}
template.parent().append(item);
result[moment.utc(element.ts * 1000).format({"m": "YYYY-MM-DD HH:mm:00", "h": "YYYY-MM-DD HH:00:00", "d": "YYYY-MM-DD 00:00:00"}[unit])]++;
});
if (chartobj) {
chartobj.destroy();

0 comments on commit 42c180c

Please sign in to comment.