Skip to content

Commit

Permalink
try catch
Browse files Browse the repository at this point in the history
  • Loading branch information
root authored and root committed Aug 9, 2016
1 parent 7dd7870 commit 80a1de8
Show file tree
Hide file tree
Showing 3 changed files with 180 additions and 173 deletions.
227 changes: 115 additions & 112 deletions auto_block.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,132 +41,135 @@ def auto_block_thread():

while True:
time.sleep(60)

server_ip = socket.gethostbyname(configloader.get_config().MYSQL_HOST)

if configloader.get_config().MYSQL_SSL_ENABLE == 1:
conn = cymysql.connect(host=configloader.get_config().MYSQL_HOST, port=configloader.get_config().MYSQL_PORT, user=configloader.get_config().MYSQL_USER,
passwd=configloader.get_config().MYSQL_PASS, db=configloader.get_config().MYSQL_DB, charset='utf8',ssl={'ca':configloader.get_config().MYSQL_SSL_CA,'cert':configloader.get_config().MYSQL_SSL_CERT,'key':configloader.get_config().MYSQL_SSL_KEY})
else:
conn = cymysql.connect(host=configloader.get_config().MYSQL_HOST, port=configloader.get_config().MYSQL_PORT, user=configloader.get_config().MYSQL_USER,
passwd=configloader.get_config().MYSQL_PASS, db=configloader.get_config().MYSQL_DB, charset='utf8')
conn.autocommit(True)


deny_file = open('/etc/hosts.deny')
fcntl.flock(deny_file.fileno(),fcntl.LOCK_EX)
deny_lines = deny_file.readlines()
deny_file.close()

logging.info("Read hosts.deny from line " + str(start_line))
real_deny_list = deny_lines[start_line:]

denyed_ip_list = []
for line in real_deny_list:
if get_ip(line) and line.find('#') != 0:
ip = get_ip(line)

if ip == server_ip:
i = 0
try:
server_ip = socket.gethostbyname(configloader.get_config().MYSQL_HOST)

if configloader.get_config().MYSQL_SSL_ENABLE == 1:
conn = cymysql.connect(host=configloader.get_config().MYSQL_HOST, port=configloader.get_config().MYSQL_PORT, user=configloader.get_config().MYSQL_USER,
passwd=configloader.get_config().MYSQL_PASS, db=configloader.get_config().MYSQL_DB, charset='utf8',ssl={'ca':configloader.get_config().MYSQL_SSL_CA,'cert':configloader.get_config().MYSQL_SSL_CERT,'key':configloader.get_config().MYSQL_SSL_KEY})
else:
conn = cymysql.connect(host=configloader.get_config().MYSQL_HOST, port=configloader.get_config().MYSQL_PORT, user=configloader.get_config().MYSQL_USER,
passwd=configloader.get_config().MYSQL_PASS, db=configloader.get_config().MYSQL_DB, charset='utf8')
conn.autocommit(True)


deny_file = open('/etc/hosts.deny')
fcntl.flock(deny_file.fileno(),fcntl.LOCK_EX)
deny_lines = deny_file.readlines()
deny_file.close()

logging.info("Read hosts.deny from line " + str(start_line))
real_deny_list = deny_lines[start_line:]

denyed_ip_list = []
for line in real_deny_list:
if get_ip(line) and line.find('#') != 0:
ip = get_ip(line)

for line in deny_lines:
if line.find(ip) != -1:
del deny_lines[i]
i = i + 1
if ip == server_ip:
i = 0

for line in deny_lines:
if line.find(ip) != -1:
del deny_lines[i]
i = i + 1

deny_file = file("/etc/hosts.deny", "w+")
fcntl.flock(deny_file.fileno(),fcntl.LOCK_EX)
for line in deny_lines:
deny_file.write(line)
deny_file.write("\n")
deny_file.close()

continue

deny_file = file("/etc/hosts.deny", "w+")
fcntl.flock(deny_file.fileno(),fcntl.LOCK_EX)
for line in deny_lines:
deny_file.write(line)
deny_file.write("\n")
deny_file.close()
cur = conn.cursor()
cur.execute("SELECT * FROM `blockip` where `ip` = '" + str(ip) + "'")
rows = cur.fetchone()
cur.close()

continue

cur = conn.cursor()
cur.execute("SELECT * FROM `blockip` where `ip` = '" + str(ip) + "'")
rows = cur.fetchone()
cur.close()

if rows != None:
continue
if rows != None:
continue

cur = conn.cursor()
cur.execute("INSERT INTO `blockip` (`id`, `nodeid`, `ip`, `datetime`) VALUES (NULL, '" + str(configloader.get_config().NODE_ID) + "', '" + str(ip) + "', unix_timestamp())")
cur.close()

logging.info("Block ip:" + str(ip))

denyed_ip_list.append(ip)

cur = conn.cursor()
cur.execute("SELECT * FROM `blockip` where `datetime`>unix_timestamp()-60")
rows = cur.fetchall()
cur.close()

deny_str = "";
deny_str_at = "";

for row in rows:
node = row[1]
ip = get_ip(row[2])

cur = conn.cursor()
cur.execute("INSERT INTO `blockip` (`id`, `nodeid`, `ip`, `datetime`) VALUES (NULL, '" + str(configloader.get_config().NODE_ID) + "', '" + str(ip) + "', unix_timestamp())")
cur.close()
if ip != None:

logging.info("Block ip:" + str(ip))
if str(node) == str(configloader.get_config().NODE_ID):
if configloader.get_config().ANTISSATTACK == 1 and configloader.get_config().CLOUDSAFE == 1 and ip not in denyed_ip_list:
deny_str_at = deny_str_at + "\nALL: " + str(ip)
os.system('route add -host %s gw 127.0.0.1' % str(ip))
logging.info("Remote Block ip:" + str(ip))
else:
deny_str = deny_str + "\nALL: " + str(ip)
logging.info("Remote Block ip:" + str(ip))
os.system('route add -host %s gw 127.0.0.1' % str(ip))

denyed_ip_list.append(ip)

deny_file=open('/etc/hosts.deny','a')
fcntl.flock(deny_file.fileno(),fcntl.LOCK_EX)
deny_file.write(deny_str + "\n")
deny_file.close()

if configloader.get_config().ANTISSATTACK == 1 and configloader.get_config().CLOUDSAFE == 1:
deny_file=open('/etc/hosts.deny','a')
fcntl.flock(deny_file.fileno(),fcntl.LOCK_EX)
deny_file.write(deny_str_at + "\n")
deny_file.close()

cur = conn.cursor()
cur.execute("SELECT * FROM `blockip` where `datetime`>unix_timestamp()-60")
rows = cur.fetchall()
cur.close()

deny_str = "";
deny_str_at = "";

for row in rows:
node = row[1]
ip = get_ip(row[2])


if ip != None:

if str(node) == str(configloader.get_config().NODE_ID):
if configloader.get_config().ANTISSATTACK == 1 and configloader.get_config().CLOUDSAFE == 1 and ip not in denyed_ip_list:
deny_str_at = deny_str_at + "\nALL: " + str(ip)
os.system('route add -host %s gw 127.0.0.1' % str(ip))
logging.info("Remote Block ip:" + str(ip))
else:
deny_str = deny_str + "\nALL: " + str(ip)
logging.info("Remote Block ip:" + str(ip))
os.system('route add -host %s gw 127.0.0.1' % str(ip))
cur = conn.cursor()
cur.execute("SELECT * FROM `unblockip` where `datetime`>unix_timestamp()-60")
rows = cur.fetchall()
cur.close()


deny_file=open('/etc/hosts.deny','a')
fcntl.flock(deny_file.fileno(),fcntl.LOCK_EX)
deny_file.write(deny_str + "\n")
deny_file.close()

if configloader.get_config().ANTISSATTACK == 1 and configloader.get_config().CLOUDSAFE == 1:
deny_file=open('/etc/hosts.deny','a')
conn.close()

deny_file = open('/etc/hosts.deny')
fcntl.flock(deny_file.fileno(),fcntl.LOCK_EX)
deny_file.write(deny_str_at + "\n")
deny_lines = deny_file.readlines()
deny_file.close()

i = 0

for line in deny_lines:
for row in rows:
ip = str(row[1])
if line.find(ip) != -1:
del deny_lines[i]
os.system('route del -host %s gw 127.0.0.1' % str(ip))
logging.info("Unblock ip:" + str(ip))
i = i + 1

deny_file = file("/etc/hosts.deny", "w+")
fcntl.flock(deny_file.fileno(),fcntl.LOCK_EX)
for line in deny_lines:
deny_file.write(line)
deny_file.write("\n")
deny_file.close()

except BaseException:
logging.error("Auto block thread error")


cur = conn.cursor()
cur.execute("SELECT * FROM `unblockip` where `datetime`>unix_timestamp()-60")
rows = cur.fetchall()
cur.close()

conn.close()

deny_file = open('/etc/hosts.deny')
fcntl.flock(deny_file.fileno(),fcntl.LOCK_EX)
deny_lines = deny_file.readlines()
deny_file.close()

i = 0

for line in deny_lines:
for row in rows:
ip = str(row[1])
if line.find(ip) != -1:
del deny_lines[i]
os.system('route del -host %s gw 127.0.0.1' % str(ip))
logging.info("Unblock ip:" + str(ip))
i = i + 1

deny_file = file("/etc/hosts.deny", "w+")
fcntl.flock(deny_file.fileno(),fcntl.LOCK_EX)
for line in deny_lines:
deny_file.write(line)
deny_file.write("\n")
deny_file.close()

start_line = file_len("/etc/hosts.deny")

98 changes: 51 additions & 47 deletions auto_thread.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,58 +35,62 @@ def auto_thread():

while True:
time.sleep(60)
if configloader.get_config().MYSQL_SSL_ENABLE == 1:
conn = cymysql.connect(host=configloader.get_config().MYSQL_HOST, port=configloader.get_config().MYSQL_PORT, user=configloader.get_config().MYSQL_USER,
passwd=configloader.get_config().MYSQL_PASS, db=configloader.get_config().MYSQL_DB, charset='utf8',ssl={'ca':configloader.get_config().MYSQL_SSL_CA,'cert':configloader.get_config().MYSQL_SSL_CERT,'key':configloader.get_config().MYSQL_SSL_KEY})
else:
conn = cymysql.connect(host=configloader.get_config().MYSQL_HOST, port=configloader.get_config().MYSQL_PORT, user=configloader.get_config().MYSQL_USER,
passwd=configloader.get_config().MYSQL_PASS, db=configloader.get_config().MYSQL_DB, charset='utf8')
conn.autocommit(True)
cur = conn.cursor()
cur.execute("SELECT * FROM `auto` where `datetime`>unix_timestamp()-60 AND `type`=1")
rows = cur.fetchall()
cur.close()

for row in rows:
id = row[0]
data = row[2]
sign = row[3]
verify_data = "-----BEGIN PGP SIGNED MESSAGE-----\n" + \
"Hash: SHA256\n" + \
"\n" + \
data + "\n" + \
"-----BEGIN PGP SIGNATURE-----\n" + \
"Version: GnuPG v2\n" + \
"\n" + \
sign + "\n" + \
"-----END PGP SIGNATURE-----\n"

verified = gpg.verify(verify_data)
is_verified = 0
for key in public_keys:
if key['keyid'] == verified.key_id:
is_verified = 1
break

if is_verified == 1:
cur = conn.cursor()
cur.execute("SELECT * FROM `auto` where `sign`='" + str(configloader.get_config().NODE_ID) + "-" + str(id) + "'")
if cur.fetchone() == None :
cur_c = conn.cursor()
cur_c.execute("INSERT INTO `auto` (`id`, `value`, `sign`, `datetime`,`type`) VALUES (NULL, 'NodeID:" + str(configloader.get_config().NODE_ID) + " Exec Command ID:" + str(configloader.get_config().NODE_ID) + " Starting....', '" + str(configloader.get_config().NODE_ID) + "-" + str(id) + "', unix_timestamp(),'2')")
cur_c.close()

logging.info("Running the command:" + data)
thread.start_new_thread(run_command,(data,id))
cur.close()
try:
if configloader.get_config().MYSQL_SSL_ENABLE == 1:
conn = cymysql.connect(host=configloader.get_config().MYSQL_HOST, port=configloader.get_config().MYSQL_PORT, user=configloader.get_config().MYSQL_USER,
passwd=configloader.get_config().MYSQL_PASS, db=configloader.get_config().MYSQL_DB, charset='utf8',ssl={'ca':configloader.get_config().MYSQL_SSL_CA,'cert':configloader.get_config().MYSQL_SSL_CERT,'key':configloader.get_config().MYSQL_SSL_KEY})
else:
logging.info("Running the command:" + data)

conn = cymysql.connect(host=configloader.get_config().MYSQL_HOST, port=configloader.get_config().MYSQL_PORT, user=configloader.get_config().MYSQL_USER,
passwd=configloader.get_config().MYSQL_PASS, db=configloader.get_config().MYSQL_DB, charset='utf8')
conn.autocommit(True)
cur = conn.cursor()
cur.execute("SELECT * FROM `auto` where `datetime`>unix_timestamp()-60 AND `type`=1")
rows = cur.fetchall()
cur.close()

for row in rows:
id = row[0]
data = row[2]
sign = row[3]
verify_data = "-----BEGIN PGP SIGNED MESSAGE-----\n" + \
"Hash: SHA256\n" + \
"\n" + \
data + "\n" + \
"-----BEGIN PGP SIGNATURE-----\n" + \
"Version: GnuPG v2\n" + \
"\n" + \
sign + "\n" + \
"-----END PGP SIGNATURE-----\n"

verified = gpg.verify(verify_data)
is_verified = 0
for key in public_keys:
if key['keyid'] == verified.key_id:
is_verified = 1
break

if is_verified == 1:
cur = conn.cursor()
cur.execute("SELECT * FROM `auto` where `sign`='" + str(configloader.get_config().NODE_ID) + "-" + str(id) + "'")
if cur.fetchone() == None :
cur_c = conn.cursor()
cur_c.execute("INSERT INTO `auto` (`id`, `value`, `sign`, `datetime`,`type`) VALUES (NULL, 'NodeID:" + str(configloader.get_config().NODE_ID) + " Exec Command ID:" + str(configloader.get_config().NODE_ID) + " Starting....', '" + str(configloader.get_config().NODE_ID) + "-" + str(id) + "', unix_timestamp(),'2')")
cur_c.close()

logging.info("Running the command:" + data)
thread.start_new_thread(run_command,(data,id))
cur.close()
else:
logging.info("Running the command:" + data)

conn.commit()
conn.close()
cur = conn.cursor()
cur.execute("SELECT * FROM `auto` where `datetime`>unix_timestamp()-60 AND `type`=1")
rows = cur.fetchall()
cur.close()

conn.commit()
conn.close()
except BaseException:
logging.error("Auto exec thread error")

Loading

0 comments on commit 80a1de8

Please sign in to comment.