Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
Gelencsér Szabolcs
/
cloud
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
1de90b85
authored
Feb 27, 2015
by
Bach Dániel
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
firewall: add blacklist hook support
parent
9f8191f1
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
33 additions
and
2 deletions
+33
-2
circle/circle/settings/base.py
+1
-0
circle/firewall/views.py
+32
-2
No files found.
circle/circle/settings/base.py
View file @
1de90b85
...
@@ -563,3 +563,4 @@ CLIENT_DOWNLOAD_URL = get_env_variable('CLIENT_DOWNLOAD_URL', 'http://circleclou
...
@@ -563,3 +563,4 @@ CLIENT_DOWNLOAD_URL = get_env_variable('CLIENT_DOWNLOAD_URL', 'http://circleclou
ADMIN_ENABLED
=
False
ADMIN_ENABLED
=
False
BLACKLIST_PASSWORD
=
get_env_variable
(
"BLACKLIST_PASSWORD"
,
""
)
BLACKLIST_PASSWORD
=
get_env_variable
(
"BLACKLIST_PASSWORD"
,
""
)
BLACKLIST_HOOK_URL
=
get_env_variable
(
"BLACKLIST_HOOK_URL"
,
""
)
circle/firewall/views.py
View file @
1de90b85
...
@@ -18,9 +18,12 @@
...
@@ -18,9 +18,12 @@
from
__future__
import
absolute_import
,
unicode_literals
from
__future__
import
absolute_import
,
unicode_literals
from
datetime
import
timedelta
from
datetime
import
timedelta
from
json
import
dumps
import
logging
import
logging
from
netaddr
import
AddrFormatError
,
IPAddress
from
netaddr
import
AddrFormatError
,
IPAddress
from
requests
import
post
from
requests.exceptions
import
RequestException
from
django.core.exceptions
import
PermissionDenied
from
django.core.exceptions
import
PermissionDenied
from
django.http
import
HttpResponse
from
django.http
import
HttpResponse
...
@@ -36,6 +39,28 @@ from django.conf import settings
...
@@ -36,6 +39,28 @@ from django.conf import settings
logger
=
logging
.
getLogger
(
__name__
)
logger
=
logging
.
getLogger
(
__name__
)
def
send_request
(
obj
):
data
=
{
"ip"
:
obj
.
ipv4
,
"msg"
:
obj
.
snort_message
,
"reason"
:
obj
.
reason
,
"expires_at"
:
str
(
obj
.
expires_at
)
.
split
(
'.'
)[
0
],
"object_kind"
:
"ban"
}
if
obj
.
host
:
data
.
update
({
"hostname"
:
obj
.
host
.
hostname
,
"username"
:
obj
.
host
.
owner
.
username
,
"fullname"
:
obj
.
host
.
owner
.
get_full_name
()})
try
:
r
=
post
(
settings
.
BLACKLIST_HOOK_URL
,
data
=
dumps
(
data
,
indent
=
2
),
timeout
=
3
)
r
.
raise_for_status
()
except
RequestException
as
e
:
logger
.
warning
(
"Error in HTTP POST:
%
s. url:
%
s params:
%
s"
,
str
(
e
),
settings
.
BLACKLIST_HOOK_URL
,
data
)
else
:
logger
.
info
(
"Successful HTTP POST. url:
%
s params:
%
s"
,
settings
.
BLACKLIST_HOOK_URL
,
data
)
@csrf_exempt
@csrf_exempt
@require_POST
@require_POST
def
add_blacklist_item
(
request
):
def
add_blacklist_item
(
request
):
...
@@ -48,7 +73,7 @@ def add_blacklist_item(request):
...
@@ -48,7 +73,7 @@ def add_blacklist_item(request):
try
:
try
:
address
=
request
.
POST
.
get
(
'address'
)
address
=
request
.
POST
.
get
(
'address'
)
IPAddress
(
address
,
version
=
4
)
address_object
=
IPAddress
(
address
,
version
=
4
)
except
(
AddrFormatError
,
TypeError
)
as
e
:
except
(
AddrFormatError
,
TypeError
)
as
e
:
logger
.
warning
(
"Invalid IP address:
%
s (
%
s)"
,
address
,
str
(
e
))
logger
.
warning
(
"Invalid IP address:
%
s (
%
s)"
,
address
,
str
(
e
))
return
HttpResponse
(
_
(
"Invalid IP address."
))
return
HttpResponse
(
_
(
"Invalid IP address."
))
...
@@ -56,13 +81,15 @@ def add_blacklist_item(request):
...
@@ -56,13 +81,15 @@ def add_blacklist_item(request):
obj
,
created
=
BlacklistItem
.
objects
.
get_or_create
(
ipv4
=
address
)
obj
,
created
=
BlacklistItem
.
objects
.
get_or_create
(
ipv4
=
address
)
if
created
:
if
created
:
try
:
try
:
obj
.
host
=
Host
.
objects
.
get
(
ipv4
=
address
)
db_format
=
'.'
.
join
(
"
%03
d"
%
x
for
x
in
address_object
.
words
)
obj
.
host
=
Host
.
objects
.
get
(
ipv4
=
db_format
)
except
Host
.
DoesNotExist
:
except
Host
.
DoesNotExist
:
pass
pass
now
=
timezone
.
now
()
now
=
timezone
.
now
()
can_update
=
((
obj
.
whitelisted
and
now
>
obj
.
expires_at
)
or
can_update
=
((
obj
.
whitelisted
and
now
>
obj
.
expires_at
)
or
not
obj
.
whitelisted
)
not
obj
.
whitelisted
)
is_new
=
created
or
(
obj
.
expires_at
and
now
>
obj
.
expires_at
)
if
created
or
can_update
:
if
created
or
can_update
:
obj
.
reason
=
request
.
POST
.
get
(
'reason'
)
obj
.
reason
=
request
.
POST
.
get
(
'reason'
)
...
@@ -77,4 +104,7 @@ def add_blacklist_item(request):
...
@@ -77,4 +104,7 @@ def add_blacklist_item(request):
elif
can_update
:
elif
can_update
:
logger
.
info
(
"Successfully modified blacklist item
%
s."
,
address
)
logger
.
info
(
"Successfully modified blacklist item
%
s."
,
address
)
if
is_new
and
settings
.
BLACKLIST_HOOK_URL
:
send_request
(
obj
)
return
HttpResponse
(
unicode
(
_
(
"OK"
)))
return
HttpResponse
(
unicode
(
_
(
"OK"
)))
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment