Skip to content
Snippets Groups Projects
Commit 0fbd2b24 authored by Pavel Valach's avatar Pavel Valach
Browse files

Merge branch 'dionaea-sanitize-credentials' into 'master' 

Dionaea: sanitize credentials

See merge request !4
parents 33caedb3 b466db26
No related branches found
No related tags found
1 merge request!4Dionaea: sanitize credentials
Hide whitespace changes
Inline Side-by-side
dionaea/log_wardenfiler.py
+ 10
5
View file @ 0fbd2b24
...@@ -106,10 +106,15 @@ class LogWardenfilerHandler(ihandler): ...@@ -106,10 +106,15 @@ class LogWardenfilerHandler(ihandler):
ihandler.__init__(self, path) ihandler.__init__(self, path)
self.path = path self.path = path
self._config = config self._config = config
def _bytes_to_str(self, s):
if isinstance(s, str):
return s
return str(s, "utf-8", "backslashreplace")
def _fixup_event(self, event): def _fixup_event(self, event):
if 'database' in event and isinstance(event['database'], bytes): if 'database' in event and isinstance(event['database'], bytes):
event['database'] = str(event['database'], "utf-8", "backslashreplace") event['database'] = self._bytes_to_str(event['database'])
return event return event
def _save_event(self, event): def _save_event(self, event):
...@@ -410,17 +415,17 @@ class LogWardenfilerHandler(ihandler): ...@@ -410,17 +415,17 @@ class LogWardenfilerHandler(ihandler):
def handle_incident_dionaea_modules_python_ftp_login(self, icd): def handle_incident_dionaea_modules_python_ftp_login(self, icd):
con = icd.con con = icd.con
self._register_connection(con, "ftp", cred = {"User": icd.username, "Password": icd.password}) self._register_connection(con, "ftp", cred = {"User": self._bytes_to_str(icd.username), "Password": self._bytes_to_str(icd.password)})
logger.info("new FTP login within connection from %s:%i to %s:%i" % (con.remote.host, con.remote.port, con.local.host, con.local.port)) logger.info("new FTP login within connection from %s:%i to %s:%i" % (con.remote.host, con.remote.port, con.local.host, con.local.port))
def handle_incident_dionaea_modules_python_mssql_login(self, icd): def handle_incident_dionaea_modules_python_mssql_login(self, icd):
con = icd.con con = icd.con
self._register_connection(con, "ms-sql-s", cred = {"User": icd.username, "Password": icd.password}) self._register_connection(con, "ms-sql-s", cred = {"User": self._bytes_to_str(icd.username), "Password": self._bytes_to_str(icd.password)})
logger.info("new MSSQL login within connection from %s:%i to %s:%i" % (con.remote.host, con.remote.port, con.local.host, con.local.port)) logger.info("new MSSQL login within connection from %s:%i to %s:%i" % (con.remote.host, con.remote.port, con.local.host, con.local.port))
def handle_incident_dionaea_modules_python_mysql_login(self, icd): def handle_incident_dionaea_modules_python_mysql_login(self, icd):
con = icd.con con = icd.con
self._register_connection(con, "mysql", cred = {"User": icd.username, "Password": icd.password}) self._register_connection(con, "mysql", cred = {"User": self._bytes_to_str(icd.username), "Password": self._bytes_to_str(icd.password)})
logger.info("new MySQL login within connection from %s:%i to %s:%i" % (con.remote.host, con.remote.port, con.local.host, con.local.port)) logger.info("new MySQL login within connection from %s:%i to %s:%i" % (con.remote.host, con.remote.port, con.local.host, con.local.port))
def handle_incident_dionaea_modules_python_p0f(self, icd): def handle_incident_dionaea_modules_python_p0f(self, icd):
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment