Skip to content
Snippets Groups Projects
Commit a8dc34c5 authored by Michal Kostěnec's avatar Michal Kostěnec Committed by root
Browse files

Anonymizing with options no | yes | omit

parent c5b424da
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
warden3/contrib/connectors/hp-kippo/README
+ 8
1
View file @ a8dc34c5
...@@ -40,6 +40,13 @@ D. Configuration ...@@ -40,6 +40,13 @@ D. Configuration
warden - path to warden-client config, e.g. 'warden/warden_client.cfg' warden - path to warden-client config, e.g. 'warden/warden_client.cfg'
name - sensor's source id used as a source of events, e.g. 'cz.cesnet.server.kippo' name - sensor's source id used as a source of events, e.g. 'cz.cesnet.server.kippo'
anonymised - no | yes | omit
- no (default value)
- yes = anonymize to 'target_net' (see below)
- omit = completely omit target field
target_net - anonymized network used as target if 'anonymized' option is 'yes'
dbhost - hostname/IP of MySQL DB server dbhost - hostname/IP of MySQL DB server
dbuser - username dbuser - username
dbpass - password dbpass - password
...@@ -49,7 +56,7 @@ D. Configuration ...@@ -49,7 +56,7 @@ D. Configuration
cron cron
SCRIPT_PATH=/opt/warden_client/ SCRIPT_PATH=/opt/warden_client/
*/5 * * * * root cd $SCRIPT_PATH; warden3-kippo-sender.py >> kippo-sender.log */5 * * * * root cd $SCRIPT_PATH; warden3-kippo-sender.py > /dev/null 2>&1
Note: Repeat interval must be the same as value of 'awin'. Note: Repeat interval must be the same as value of 'awin'.
......
warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
+ 9
8
View file @ a8dc34c5
...@@ -19,7 +19,7 @@ DEFAULT_ACONFIG = 'warden_client-kippo.cfg' ...@@ -19,7 +19,7 @@ DEFAULT_ACONFIG = 'warden_client-kippo.cfg'
DEFAULT_WCONFIG = 'warden_client.cfg' DEFAULT_WCONFIG = 'warden_client.cfg'
DEFAULT_NAME = 'org.example.warden.test' DEFAULT_NAME = 'org.example.warden.test'
DEFAULT_AWIN = 5 DEFAULT_AWIN = 5
DEFAULT_ANONYMISED = False DEFAULT_ANONYMISED = 'no'
DEFAULT_TARGET_NET = '0.0.0.0/0' DEFAULT_TARGET_NET = '0.0.0.0/0'
...@@ -54,12 +54,13 @@ def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_ ...@@ -54,12 +54,13 @@ def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_
af = "IP4" if not ':' in src_ip else "IP6" af = "IP4" if not ':' in src_ip else "IP6"
event['Source'][0][af] = [src_ip] event['Source'][0][af] = [src_ip]
if not anonymised: if anonymised != 'omit':
event['Target'][0][af] = [dst_ip] if anonymised == 'yes':
else: event['Target'][0]['Anonymised'] = True
event['Target'][0]['Anonymised'] = True event['Target'][0][af] = [target_net]
event['Target'][0][af] = [target_net] else:
event['Target'][0][af] = [dst_ip]
return event return event
def main(): def main():
...@@ -74,7 +75,7 @@ def main(): ...@@ -74,7 +75,7 @@ def main():
aanonymised = aconfig.get('anonymised', DEFAULT_ANONYMISED) aanonymised = aconfig.get('anonymised', DEFAULT_ANONYMISED)
atargetnet = aconfig.get('target_net', DEFAULT_TARGET_NET) atargetnet = aconfig.get('target_net', DEFAULT_TARGET_NET)
aanonymised = aanonymised if atargetnet != DEFAULT_TARGET_NET else False aanonymised = aanonymised if (atargetnet != DEFAULT_TARGET_NET) or (aanonymised == 'omit') else DEFAULT_ANONYMISED
wclient = Client(**wconfig) wclient = Client(**wconfig)
......
warden3/contrib/connectors/hp-kippo/warden_client-kippo.cfg
+ 1
1
View file @ a8dc34c5
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
"warden": "warden_client.cfg", "warden": "warden_client.cfg",
"name": "cz.cesnet.server.kippo", "name": "cz.cesnet.server.kippo",
"anonymised": false, "anonymised": "no",
"target_net": "195.113.0.0/16", "target_net": "195.113.0.0/16",
"dbhost": "localhost", "dbhost": "localhost",
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment