diff --git a/warden3/contrib/connectors/hp-kippo/README b/warden3/contrib/connectors/hp-kippo/README
index b2ccf31cbb6f8d12d49fd888852d6d76238cc611..ae372854ca137146c58aefd79f379af4c28e194b 100644
--- a/warden3/contrib/connectors/hp-kippo/README
+++ b/warden3/contrib/connectors/hp-kippo/README
@@ -37,6 +37,7 @@ C. Usage
D. Configuration
warden_client-kippo.cfg
+ warden - path to warden-client config, e.g. 'warden/warden_client.cfg'
name - sensor's source id used as a source of events, e.g. 'cz.cesnet.server.kippo'
dbhost - hostname/IP of MySQL DB server
diff --git a/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py b/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
index 998e8c73b3b7789d1d95c3dcf6da5bed006eaebe..156171502076c49b26e7ce8af3616cdfca01b995 100644
--- a/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
+++ b/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
@@ -15,6 +15,11 @@ from os import path
import MySQLdb as my
import MySQLdb.cursors as mycursors
+DEFAULT_ACONFIG = 'warden_client-kippo.cfg'
+DEFAULT_WCONFIG = 'warden_client.cfg'
+DEFAULT_NAME = 'org.example.warden.test'
+DEFAULT_AWIN = 5
+
def get_precise_timestamp(epoch=None):
t = epoch if epoch else time()
us = trunc((t-trunc(t))*1000000)
@@ -30,7 +35,7 @@ def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_
"DetectTime": detect_time,
"WinStartTime": win_start_time,
"WinEndTime": win_end_time,
- "Category": ["Attempt.Login", "Test"],
+ "Category": ["Attempt.Login"],
"Note": "SSH login attempt",
"ConnCount": conn_count,
"Source": [
@@ -58,9 +63,12 @@ def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_
return event
def main():
- wconfig = read_cfg("warden_client.cfg")
- aconfig = read_cfg("warden_client-kippo.cfg")
- wconfig['name'] = aconfig['name']
+ aconfig = read_cfg(DEFAULT_ACONFIG)
+ wconfig = read_cfg(aconfig.get('warden', DEFAULT_WCONFIG))
+
+ aname = aconfig.get('name', DEFAULT_NAME)
+ awin = aconfig.get('awin', DEFAULT_AWIN)
+ wconfig['name'] = aname
wclient = Client(**wconfig)
@@ -70,19 +78,19 @@ def main():
crs = con.cursor()
events = []
- query = ["SELECT UNIX_TIMESTAMP(s.starttime) as starttime, s.ip, COUNT(s.id) as attack_scale, sn.ip as sensor \
+ query = "SELECT UNIX_TIMESTAMP(s.starttime) as starttime, s.ip, COUNT(s.id) as attack_scale, sn.ip as sensor \
FROM sessions s \
LEFT JOIN sensors sn ON s.sensor=sn.id \
WHERE s.starttime > DATE_SUB(UTC_TIMESTAMP(), INTERVAL + %s MINUTE) \
- GROUP BY s.ip ORDER BY s.starttime ASC;"]
+ GROUP BY s.ip ORDER BY s.starttime ASC;"
- crs.execute("".join(query), aconfig['awin'])
+ crs.execute(query, awin)
rows = crs.fetchall()
for row in rows:
dtime = get_precise_timestamp(row['starttime'])
etime = get_precise_timestamp(time())
- stime = get_precise_timestamp(time() - aconfig['awin'] * 60)
- events.append(gen_event_idea(client_name = aconfig['name'], detect_time = dtime, win_start_time = stime, win_end_time = etime, conn_count = row['attack_scale'], src_ip4 = row['ip'], dst_ip4 = row['sensor'], aggr_win = aconfig['awin']))
+ stime = get_precise_timestamp(time() - awin * 60)
+ events.append(gen_event_idea(client_name = aname, detect_time = dtime, win_start_time = stime, win_end_time = etime, conn_count = row['attack_scale'], src_ip4 = row['ip'], dst_ip4 = row['sensor'], aggr_win = awin))
print "=== Sending ==="
start = time()
@@ -91,7 +99,7 @@ def main():
if ret:
wclient.logger.info("%d event(s) successfully delivered." % len(rows))
- print "Time: %f" % (time()-start)
+ print "Time: %f" % (time() - start)
if __name__ == "__main__":
diff --git a/warden3/contrib/connectors/hp-kippo/warden_client-kippo.cfg b/warden3/contrib/connectors/hp-kippo/warden_client-kippo.cfg
index e529c83faaad3f29f1f5088956b2d2faf2b0e067..116efa8c51ac54bb6e6cc5710871a24851d7f279 100644
--- a/warden3/contrib/connectors/hp-kippo/warden_client-kippo.cfg
+++ b/warden3/contrib/connectors/hp-kippo/warden_client-kippo.cfg
@@ -1,4 +1,5 @@
{
+ "warden": "warden_client.cfg",
"name": "cz.cesnet.server.kippo",
"sensor_ip4": "195.113.x.x",