-
Notifications
You must be signed in to change notification settings - Fork 0
/
respond.py
29 lines (23 loc) · 1.12 KB
/
respond.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
from strategy.DefenceStrategyImplementation import DefenceStrategyImplementation
from datetime import datetime
import MySQLdb
import os.path
import sys
import json
dir = sys.argv[1]
base_path = os.path.dirname(os.path.realpath(__file__))
config_path = os.path.join(base_path, "configuration.json")
configuration = json.loads(open(config_path, 'r').read())
with open(os.path.join(dir, 'debug'), 'a') as log:
log.write("Run started at {}\n".format(datetime.utcnow()))
#retrieve detected attacks
db = MySQLdb.connect(host="localhost", user=configuration["db-username"], passwd=configuration["db-password"], db="cowrie")
cur = db.cursor()
cur.execute("""SELECT sessions.ip AS rhost, sensors.ip AS host FROM sessions INNER JOIN auth ON auth.session = sessions.id INNER JOIN sensors ON sessions.sensor = sensors.id WHERE auth.timestamp > DATE_SUB(UTC_TIMESTAMP(), INTERVAL 1 MINUTE) GROUP BY rhost, host""")
rows = cur.fetchall()
print(rows)
#run strategy logic
strategy = DefenceStrategyImplementation(dir)
strategy.defend(rows)
with open(os.path.join(dir, 'debug'), 'a') as log:
log.write("Run ok at {}\n".format(datetime.utcnow()))