From a8dc34c5ebaa23769b742f8fde57c4c56c2f459b Mon Sep 17 00:00:00 2001
From: Michal Kostenec <kostenec@cesnet.cz>
Date: Tue, 12 May 2015 14:05:43 +0200
Subject: [PATCH] Anonymizing with options no | yes | omit

---
 warden3/contrib/connectors/hp-kippo/README      |  9 ++++++++-
 .../connectors/hp-kippo/warden3-kippo-sender.py | 17 +++++++++--------
 .../connectors/hp-kippo/warden_client-kippo.cfg |  2 +-
 3 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/warden3/contrib/connectors/hp-kippo/README b/warden3/contrib/connectors/hp-kippo/README
index ae37285..8096b5a 100644
--- a/warden3/contrib/connectors/hp-kippo/README
+++ b/warden3/contrib/connectors/hp-kippo/README
@@ -40,6 +40,13 @@ D. Configuration
     warden - path to warden-client config, e.g. 'warden/warden_client.cfg'
     name - sensor's source id used as a source of events, e.g. 'cz.cesnet.server.kippo'
 
+    anonymised - no | yes | omit
+               - no (default value)
+               - yes = anonymize to 'target_net' (see below)
+               - omit = completely omit target field
+
+    target_net - anonymized network used as target if 'anonymized' option is 'yes' 
+
     dbhost - hostname/IP of MySQL DB server 
     dbuser - username 
     dbpass - password
@@ -49,7 +56,7 @@ D. Configuration
     
    cron
     SCRIPT_PATH=/opt/warden_client/
-    */5  *   * * *  root cd $SCRIPT_PATH; warden3-kippo-sender.py >> kippo-sender.log
+    */5  *   * * *  root cd $SCRIPT_PATH; warden3-kippo-sender.py > /dev/null 2>&1
 
     Note: Repeat interval must be the same as value of 'awin'.
 
diff --git a/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py b/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
index 76775f4..014d256 100644
--- a/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
+++ b/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
@@ -19,7 +19,7 @@ DEFAULT_ACONFIG = 'warden_client-kippo.cfg'
 DEFAULT_WCONFIG = 'warden_client.cfg'
 DEFAULT_NAME = 'org.example.warden.test'
 DEFAULT_AWIN = 5
-DEFAULT_ANONYMISED = False
+DEFAULT_ANONYMISED = 'no'
 DEFAULT_TARGET_NET = '0.0.0.0/0'
 
 
@@ -54,12 +54,13 @@ def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_
   af = "IP4" if not ':' in src_ip else "IP6"
   event['Source'][0][af] = [src_ip]
 
-  if not anonymised:
-    event['Target'][0][af] = [dst_ip]
-  else:
-    event['Target'][0]['Anonymised'] = True
-    event['Target'][0][af] = [target_net]
-
+  if anonymised != 'omit':
+    if anonymised == 'yes':
+      event['Target'][0]['Anonymised'] = True
+      event['Target'][0][af] = [target_net]
+    else:
+      event['Target'][0][af] = [dst_ip]
+  
   return event
 
 def main():
@@ -74,7 +75,7 @@ def main():
   aanonymised = aconfig.get('anonymised', DEFAULT_ANONYMISED)
   atargetnet  = aconfig.get('target_net', DEFAULT_TARGET_NET)
 
-  aanonymised = aanonymised if atargetnet != DEFAULT_TARGET_NET else False
+  aanonymised = aanonymised if (atargetnet != DEFAULT_TARGET_NET) or (aanonymised == 'omit') else DEFAULT_ANONYMISED
 
   wclient = Client(**wconfig)   
 
diff --git a/warden3/contrib/connectors/hp-kippo/warden_client-kippo.cfg b/warden3/contrib/connectors/hp-kippo/warden_client-kippo.cfg
index 1eb4cbd..9a274a7 100644
--- a/warden3/contrib/connectors/hp-kippo/warden_client-kippo.cfg
+++ b/warden3/contrib/connectors/hp-kippo/warden_client-kippo.cfg
@@ -2,7 +2,7 @@
     "warden": "warden_client.cfg",
     "name": "cz.cesnet.server.kippo",
 
-    "anonymised": false,
+    "anonymised": "no",
     "target_net": "195.113.0.0/16",
 
     "dbhost": "localhost",
-- 
GitLab