orkac: added warden client for request tracker 20150903

warden3/contrib/connectors/warden_client-rt/LICENSE

+BSD License
+
+Copyright © 2011-2015 Cesnet z.s.p.o
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of the Cesnet z.s.p.o nor the names of its
+      contributors may be used to endorse or promote products derived from this
+      software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE Cesnet z.s.p.o BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

warden3/contrib/connectors/warden_client-rt/README

++-----------------------------------------------------------------+
+| Warden client Request Tracker connector 20150903 for Warden 3.X |
++-----------------------------------------------------------------+
+
+Content
+
+  A. Introduction
+  B. Dependencies
+  C. Usage
+  D. Configuration
+
+------------------------------------------------------------------------------
+A. Introduction
+
+   Warden client Request Tracker connector (executable warden_client-rt.py) is a one-shot 
+   script to send events from Warden queue toward the Request Tracker.
+
+------------------------------------------------------------------------------
+B. Dependencies
+
+ 1. Platform
+
+    Python 2.7+
+
+ 2. Python packages
+
+    warden_client 3.0+
+
+------------------------------------------------------------------------------
+C. Usage
+
+   warden_client-rt.py
+
+   This script does not run as a daemon, for regularly run use job scheduler cron.
+
+------------------------------------------------------------------------------
+D. Configuration
+
+    warden_client-rt.cfg
+
+    warden - path to warden-client config, e.g. 'warden/warden_client.cfg'
+    bt - templates for request tracker tickets and array of cidrs for reporting
+    rt - requestr tracker account section
+    filter - filtering warden events
+
+   cron
+    SCRIPT_PATH=/opt/warden_client/
+    0  */1   * * *  root cd $SCRIPT_PATH; python warden_client-rt.py > /dev/null 2>&1
+
+------------------------------------------------------------------------------
+Copyright (C) 2011-2015 Cesnet z.s.p.o

warden3/contrib/connectors/warden_client-rt/bittorrent.tpl

+Dobrý den,
+
+přišlo nám upozornění od cizí organizace, že Váš počítač nabízel produkty uvedené níže.
+Do doby než nám zašlete vysvětlení Vám byla zablokována registrace.
+
+Notice ID: {id}
+Protocol: BitTorrent
+IP Address: {ip} 
+File Name: {filename}
+Timestamp: {timestamp}
+
+Chtěli bychom Vás požádat o prověření, zda nedochází k porušování autorských práv z této stanice.
+Prosíme, ověřte stav Vaší stanice, a zašlete nám vysvětlující zprávu, kde uvedete kroky, které jste realizoval, aby dále k tomuto jevu nedocházelo.
+
+Bližší informace o problematice naleznete na adrese:
+http://idoc.vsb.cz/cit/tuonet/pravidla/az/
+
+---
+
+Hello,
+
+we received an information from foreign organization, that your PC shared (uploaded) copyrighted material listed below.
+Your registration (access to computer network and internet) will be suppressed until you send us an explanation.
+
+Notice ID: {id}
+Protocol: BitTorrent
+IP Address: {ip} 
+File Name: {filename}
+Timestamp: {timestamp}
+
+We would like to ask you for verify your PC (installed software), if there is some software which may be the cause for breaking the copyright act.
+Please check your PC and send us your deliverance, including the steps you realized to avoid this in the future.

warden3/contrib/connectors/warden_client-rt/warden_client-rt.cfg

+{
+	"warden": {
+		"url": "https://warden-hub.cesnet.cz/warden3",
+		"certfile": "/etc/ssl/mentat.vsb.cz/server.crt",
+		"keyfile": "/etc/ssl/mentat.vsb.cz/serverkey_de.pem",
+		"cafile": "/etc/ssl/mentat.vsb.cz/tcs-ca-bundle.pem",
+		"timeout": 60,
+		#"recv_events_limit": 6000,
+		"errlog": {"level": "debug"},
+		"filelog": {"file": "/var/log/warden_client.log", "level": "warning"},
+		"idstore": "/var/lib/warden/warden_client.id",
+		"name": "cz.vsb.bittorrent",
+		"secret": "TAJNE"
+	},
+	"bt": {
+		"template": "bittorrent.tpl",
+		"matching_cidrs": ["158.196.0.0/16", "89.0.0.0/8"]
+	},
+	"rt": {
+		"rtrest": "https://idesk.vsb.cz/REST/1.0/",
+		"rtuser": "LOGIN",
+		"rtpass": "HESLO",
+		# <option value="3">Bezpečnostní síťové incidenty</option>
+		"rtqueue": 7,
+		"category": "sdileni",
+		"other": " - zablokovano",
+		"rtsubject": "{category} {ip}{login}{other}"
+	},
+	"filter": {
+		"cat": ["Fraud.Copyright"]
+	}
+}

warden3/contrib/connectors/warden_client-rt/warden_client-rt.py

+#!/usr/bin/python
+# -*- coding: UTF-8 -*-
+
+import os, sys
+from netaddr import all_matching_cidrs # apt-get install python-netaddr
+
+from warden_client import Client, Error, read_cfg
+
+# pip install python-rtkit
+from rtkit.resource import RTResource
+from rtkit.authenticators import QueryStringAuthenticator
+from rtkit.errors import RTResourceError
+from rtkit import set_logging
+
+import logging
+set_logging('debug')
+logger = logging.getLogger('rtkit')
+
+def createTicket (config, body, ip):
+
+        template = config.get('rtsubject') 
+	# "rtsubject": "{category} {ip} {login} {other}"
+	subject = template.format(category=config.get("category", "sdileni"), ip="("+ip+")", login="", other=config.get("other", " - zablokovano"))
+
+	content = {
+	    'content': {
+			'Queue': config.get('rtqueue'),
+			'Subject': subject, 
+			'Text': body,
+	    }
+	}
+	
+	try:
+	    resource = RTResource(config.get('rtrest'), config.get('rtuser'), config.get('rtpass'), QueryStringAuthenticator)
+	    response = resource.post(path='ticket/new', payload=content,)
+
+	    logger.info(response.parsed)
+
+	except RTResourceError as e:
+	    logger.error(e.response.status_int)
+	    logger.error(e.response.status)
+	    logger.error(e.response.parsed)
+
+
+def main():
+	config = read_cfg("warden_client-rt.cfg")
+
+	# Allow inline or external Warden config
+	wconfig = config.get("warden", "warden_client.cfg")
+
+	if isinstance(wconfig, basestring):
+		wconfig = read_cfg(wconfig)
+
+	wclient = Client(**wconfig) 
+
+	btconfig = config.get("bt", None)
+	matching_cidrs = btconfig.get('matching_cidrs')
+
+	with open(btconfig.get('template', None)) as f:
+	       template = f.read()
+
+
+	filt = {}
+	conf_filt = config.get("filter", {})
+	# Extract filter explicitly to be sure we have right param names for getEvents
+	for s in ("cat", "nocat", "tag", "notag", "group", "nogroup"):
+		filt[s] = conf_filt.get(s, None)
+
+	ret = wclient.getEvents(**filt)
+	
+	for e in ret:
+		try:
+			ip = e.get("Source")[0].get("IP4")[0]
+			id = e.get("ID")
+			timestamp = e.get("DetectTime")
+			filename = e['Attach'][0]['FileName'][0]
+		except:
+			pass	
+
+		message = template.format(id=id, ip=ip, filename=filename, timestamp=timestamp)
+		#print message
+
+		if all_matching_cidrs(ip, btconfig.get('matching_cidrs', None)):
+			createTicket(config.get('rt',None), message, ip)
+
+if __name__ == "__main__":
+    main()