Merge branch 'warden-3' of homeproj.cesnet.cz:warden into warden-3

426cc041 · Pavel Kácha · f962be6c · a06a23d1 · 426cc041 · 426cc041
Commit 426cc041 authored 10 years ago by Pavel Kácha
--- a/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
+++ b/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
@@ -21,7 +21,7 @@ DEFAULT_NAME = 'org.example.warden.test'
 DEFAULT_AWIN = 5


-def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_count, src_ip4, dst_ip4, aggr_win):
+def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_count, src_ip, dst_ip, aggr_win):

  event = {
     "Format": "IDEA0",
@@ -32,14 +32,9 @@ def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_
     "Category": ["Attempt.Login"],
     "Note": "SSH login attempt",
     "ConnCount": conn_count,
-     "Source": [
-        { 
-          "IP4": [src_ip4],
-        }
-     ],
+     "Source": [{}],
     "Target": [
        {
-           "IP4": [dst_ip4],
           "Proto": ["tcp", "ssh"],
           "Port" : [22]
        }
@@ -54,6 +49,10 @@ def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_
     ]
  }

+  af = "IP4" if not ':' in src_ip else "IP6"
+  event['Source'][0][af] = [src_ip]
+  event['Target'][0][af] = [dst_ip]
+
  return event

 def main():
@@ -72,7 +71,7 @@ def main():
  crs = con.cursor()

  events = []
-  query =  "SELECT UNIX_TIMESTAMP(s.starttime) as starttime, s.ip, COUNT(s.id) as attack_scale, sn.ip as sensor \
+  query =  "SELECT UNIX_TIMESTAMP(CONVERT_TZ(s.starttime, '+00:00', @@global.time_zone)) as starttime, s.ip, COUNT(s.id) as attack_scale, sn.ip as sensor \
            FROM sessions s \
            LEFT JOIN sensors sn ON s.sensor=sn.id \
            WHERE s.starttime > DATE_SUB(UTC_TIMESTAMP(), INTERVAL + %s SECOND) \
@@ -84,7 +83,7 @@ def main():
    dtime = format_timestamp(row['starttime'])
    etime = format_timestamp(time())
    stime = format_timestamp(time() - awin)
-    events.append(gen_event_idea(client_name = aname, detect_time = dtime, win_start_time = stime, win_end_time = etime, conn_count = row['attack_scale'], src_ip4 = row['ip'], dst_ip4 = row['sensor'], aggr_win = awin))
+    events.append(gen_event_idea(client_name = aname, detect_time = dtime, win_start_time = stime, win_end_time = etime, conn_count = row['attack_scale'], src_ip = row['ip'], dst_ip = row['sensor'], aggr_win = awin))
      
  print "=== Sending ==="
  start = time()

--- a/warden3/warden_client/warden_client.py
+++ b/warden3/warden_client/warden_client.py
@@ -588,7 +588,7 @@ def format_timestamp(epoch=None, utc=True, utcoffset=None):
    return format_time(*time.gmtime(epoch)[:6], microsec=us, utcoffset=utcoffset)


-def format_time(year, month, day, hour, minute, second, microsec=0, utcoffset=0):
+def format_time(year, month, day, hour, minute, second, microsec=0, utcoffset=None):
    if utcoffset is None:
        utcoffset = -(time.altzone if time.daylight else time.timezone)
    tstr = "%04d-%02d-%02dT%02d:%02d:%02d" % (year, month, day, hour, minute, second)