forked from AssuranceMaladieSec/CertStreamMonitor
-
Notifications
You must be signed in to change notification settings - Fork 1
/
check_rules.py
executable file
·143 lines (121 loc) · 3.75 KB
/
check_rules.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
#!/usr/bin/env python3
# Copyright (c) 2018 Caisse nationale d'Assurance Maladie
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
import os
import re
import sys
import getopt
import logging
from utils.confparser import ConfParser
from utils.utils import VerifyPath
VERSION = "0.0.1"
def usage():
"""
CLI usage printing
"""
usage_output = """
-h --help Print this help
-c --config Configuration file to use
-d --domain Domain name to check
"""
print(usage_output)
sys.exit(0)
def ConfAnalysis(configuration_file):
"""
configuration file analysis. Load global variables with parameters found
in configuration file.
:param configuration_file: the configuration file
"""
global CONF
global SearchKeywords
global BlacklistKeywords
global DetectionThreshold
try:
CONF = ConfParser(configuration_file)
SearchKeywords = CONF.SearchKeywords
BlacklistKeywords = CONF.BlacklistKeywords
DetectionThreshold = CONF.DetectionThreshold
except:
err = sys.exc_info()
logging.error(" ConfParser Error: %s", err)
def args_parse():
"""
Tool options
"""
global ConfFile
global DOMAIN
if not len(sys.argv[1:]):
usage()
try:
opts, _ = getopt.getopt(sys.argv[1:], "hc:d:", ["help", "conf="])
except getopt.GetoptError as err:
logging.error(" Option Error. Exiting... %s", err)
usage()
sys.exit(2)
DOMAIN = None
for o, a in opts:
if o in ("-h", "--help"):
usage()
elif o in ("-c", "--config"):
if os.path.isfile(a):
ConfFile = a
else:
logging.error(" Can't find configuration file. Exiting...")
sys.exit(1)
elif o in ("-d", "--domain"):
DOMAIN = a
else:
assert False, "Unhandled Option"
if not DOMAIN:
usage()
sys.exit(2)
def print_callback():
"""
Truncate CertStreamMonitor/print_callback function, SQL/Logging support removed
"""
is_blacklisted = False
if BlacklistKeywords != str():
is_blacklisted = re.findall(BlacklistKeywords, DOMAIN)
results = re.findall(SearchKeywords, DOMAIN)
FindNb = len(set(results))
# Matching host whith blacklisted keywords are ignored
if is_blacklisted and FindNb >= DetectionThreshold:
logging.info("No match - Blacklisted keywords.")
return
# If search keywords occurence in the hostname is greater or equal to DetectionThreshold
if FindNb >= DetectionThreshold:
logging.info("This is a match, detection threashold reached.")
elif FindNb > 0 and FindNb < DetectionThreshold:
logging.info("No match - Detection threashold not reached.")
else:
logging.info("No match - Keywords not found.")
return
# Main
def main():
# Config
ConfAnalysis(ConfFile)
VerifyPath()
# logging
logger = logging.getLogger()
logger.setLevel(logging.DEBUG)
# term handler
stream_handler = logging.StreamHandler()
stream_handler.setLevel(logging.INFO)
logger.addHandler(stream_handler)
logging.info(
"Looking for these strings: %s, detection threshold: %s",
SearchKeywords,
DetectionThreshold)
print_callback()
# Start
if __name__ == '__main__':
args_parse()
main()