iwla/plugins/post_analysis/reverse_dns.py

59 lines
1.3 KiB
Python
Raw Normal View History

2014-11-24 21:37:37 +01:00
import socket
from iwla import IWLA
2014-11-24 17:13:59 +01:00
from iplugin import IPlugin
2014-12-10 07:09:05 +01:00
#
# Post analysis hook
#
# Replace IP by reverse DNS names
#
# Plugin requirements :
# None
#
# Conf values needed :
# reverse_dns_timeout*
#
# Output files :
# None
#
# Statistics creation :
# None
#
# Statistics update :
# valid_visitors:
# remote_addr
# dns_name_replaced
# dns_analyzed
#
# Statistics deletion :
# None
#
2014-11-24 17:13:59 +01:00
class IWLAPostAnalysisReverseDNS(IPlugin):
DEFAULT_DNS_TIMEOUT = 0.5
2014-11-24 21:42:57 +01:00
def __init__(self, iwla):
super(IWLAPostAnalysisReverseDNS, self).__init__(iwla)
2014-11-24 17:13:59 +01:00
self.API_VERSION = 1
2014-11-24 21:37:37 +01:00
def load(self):
timeout = self.iwla.getConfValue('reverse_dns_timeout',
IWLAPostAnalysisReverseDNS.DEFAULT_DNS_TIMEOUT)
2014-11-24 21:37:37 +01:00
socket.setdefaulttimeout(timeout)
return True
def hook(self):
hits = self.iwla.getValidVisitors()
2014-11-24 17:13:59 +01:00
for (k, hit) in hits.items():
if hit.get('dns_analysed', False): continue
try:
name, _, _ = socket.gethostbyaddr(k)
2014-12-16 07:38:57 +01:00
hit['remote_addr'] = name.lower()
2014-11-26 16:17:16 +01:00
hit['dns_name_replaced'] = True
2014-11-24 17:13:59 +01:00
except:
pass
finally:
hit['dns_analysed'] = True