Move reverse DNS core management into iwla.py + Add robot_domains configuration
This commit is contained in:
Gregory Soutade
@@ -19,12 +19,13 @@
|
||||
#
|
||||
|
||||
import socket
|
||||
import re
|
||||
|
||||
from iwla import IWLA
|
||||
from iplugin import IPlugin
|
||||
|
||||
"""
|
||||
Post analysis hook
|
||||
Pre analysis hook
|
||||
|
||||
Replace IP by reverse DNS names
|
||||
|
||||
@@ -32,7 +33,7 @@ Plugin requirements :
|
||||
None
|
||||
|
||||
Conf values needed :
|
||||
reverse_dns_timeout*
|
||||
robot_domains*
|
||||
|
||||
Output files :
|
||||
None
|
||||
@@ -51,12 +52,13 @@ Statistics deletion :
|
||||
"""
|
||||
|
||||
class IWLAPostAnalysisReverseDNS(IPlugin):
|
||||
DEFAULT_DNS_TIMEOUT = 0.5
|
||||
|
||||
def load(self):
|
||||
timeout = self.iwla.getConfValue('reverse_dns_timeout',
|
||||
IWLAPostAnalysisReverseDNS.DEFAULT_DNS_TIMEOUT)
|
||||
socket.setdefaulttimeout(timeout)
|
||||
self.robot_domains_re = []
|
||||
robot_domains = self.iwla.getConfValue('robot_domains', [])
|
||||
for domain in robot_domains:
|
||||
self.robot_domains_re.append(re.compile(domain))
|
||||
|
||||
return True
|
||||
|
||||
def hook(self):
|
||||
@@ -65,15 +67,13 @@ class IWLAPostAnalysisReverseDNS(IPlugin):
|
||||
if hit.get('dns_analysed', False): continue
|
||||
# Do reverse for feed parser even if they're not
|
||||
# valid visitors
|
||||
if not hit.get('feed_parser', False) and\
|
||||
not self.iwla.isValidVisitor(hit):
|
||||
if hit.get('robot', False) and not hit.get('feed_parser', False):
|
||||
continue
|
||||
try:
|
||||
name, _, _ = socket.gethostbyaddr(k)
|
||||
hit['remote_addr'] = name.lower()
|
||||
hit['dns_name_replaced'] = True
|
||||
except:
|
||||
pass
|
||||
finally:
|
||||
hit['dns_analysed'] = True
|
||||
|
||||
res = self.iwla.reverseDNS(hit)
|
||||
|
||||
for r in self.robot_domains_re:
|
||||
if r.match(hit['remote_addr']):
|
||||
hit['robot'] = True
|
||||
break
|
||||
|
||||
|
||||
Reference in New Issue
Block a user