|
| | __init__ (self, testing=False) |
| |
| | prepare_zeek_output_dir (self) |
| |
| | get_host_ip (self) |
| |
| | start_webinterface (self) |
| |
| | store_host_ip (self) |
| |
| | create_folder_for_logs (self) |
| |
| bool | check_redis_database (self, redis_host='localhost', redis_port=6379) |
| |
| | get_random_redis_port (self) |
| |
| bool | clear_redis_cache_database (self, redis_host='localhost', redis_port=6379) |
| |
| | check_zeek_or_bro (self) |
| |
| | terminate_slips (self) |
| |
| | get_modules (self, to_ignore) |
| |
| | load_modules (self) |
| |
| | setup_detailed_logs (self, LogsProcess) |
| |
| | start_gui_process (self) |
| |
| | close_all_ports (self) |
| |
| str | get_pid_of_redis_server (self, int port) |
| |
| | update_local_TI_files (self) |
| |
| | add_metadata (self) |
| |
| | kill (self, module_name, INT=False) |
| |
| | kill_all (self, PIDs) |
| |
| | stop_core_processes (self) |
| |
| | save_the_db (self) |
| |
| bool | was_running_zeek (self) |
| |
| | store_zeek_dir_copy (self) |
| |
| | delete_zeek_files (self) |
| |
| | green (self, txt) |
| |
| | print_stopped_module (self, module) |
| |
| | get_already_stopped_modules (self) |
| |
| | warn_about_pending_modules (self, finished_modules) |
| |
| | set_analysis_end_date (self) |
| |
| bool | should_kill_all_modules (self, function_start_time, wait_for_modules_to_finish) |
| |
| | shutdown_gracefully (self) |
| |
| dict | get_open_redis_servers (self) |
| |
| | print_open_redis_servers (self) |
| |
| | get_port_of_redis_server (self, str pid) |
| |
| | flush_redis_server (self, str pid='', str port='') |
| |
| | kill_redis_server (self, pid) |
| |
| | remove_old_logline (self, redis_port) |
| |
| | remove_server_from_log (self, redis_port) |
| |
| | close_open_redis_servers (self) |
| |
| bool | is_debugger_active (self) |
| |
| | prepare_output_dir (self) |
| |
| | log_redis_server_PID (self, redis_port, redis_pid) |
| |
| | set_mode (self, mode, daemon='') |
| |
| | log (self, txt) |
| |
| | print (self, text, verbose=1, debug=0) |
| |
| | handle_flows_from_stdin (self, input_information) |
| |
| | load_db (self) |
| |
| | get_input_file_type (self, input_information) |
| |
| tuple | check_input_type (self) |
| |
| | check_given_flags (self) |
| |
| | set_input_metadata (self) |
| |
| | setup_print_levels (self) |
| |
| tuple | check_output_redirection (self) |
| |
| | print_version (self) |
| |
| | check_if_port_is_in_use (self, port) |
| |
| | start (self) |
| |
◆ __init__()
| StratosphereLinuxIPS.slips.Main.__init__ |
( |
|
self, |
|
|
|
testing = False |
|
) |
| |
◆ add_metadata()
| StratosphereLinuxIPS.slips.Main.add_metadata |
( |
|
self | ) |
|
Create a metadata dir output/metadata/ that has a copy of slips.conf, whitelist.conf, current commit and date
◆ check_given_flags()
| StratosphereLinuxIPS.slips.Main.check_given_flags |
( |
|
self | ) |
|
check the flags that don't require starting slips
for ex: clear db, clearing the blocking chain, killing all servers, stopping the daemon, etc.
◆ check_if_port_is_in_use()
| StratosphereLinuxIPS.slips.Main.check_if_port_is_in_use |
( |
|
self, |
|
|
|
port |
|
) |
| |
◆ check_input_type()
| tuple StratosphereLinuxIPS.slips.Main.check_input_type |
( |
|
self | ) |
|
returns line_type, input_type, input_information
supported input types are:
interface, argus, suricata, zeek, nfdump, db
supported self.input_information:
given filepath, interface or type of line given in stdin
◆ check_output_redirection()
| tuple StratosphereLinuxIPS.slips.Main.check_output_redirection |
( |
|
self | ) |
|
Determine where slips will place stdout, stderr and logfile based on slips mode
◆ check_redis_database()
| bool StratosphereLinuxIPS.slips.Main.check_redis_database |
( |
|
self, |
|
|
|
redis_host = 'localhost', |
|
|
|
redis_port = 6379 |
|
) |
| |
Check if we have redis-server running (this is the cache db it should always be running)
◆ check_zeek_or_bro()
| StratosphereLinuxIPS.slips.Main.check_zeek_or_bro |
( |
|
self | ) |
|
Check if we have zeek or bro
◆ clear_redis_cache_database()
| bool StratosphereLinuxIPS.slips.Main.clear_redis_cache_database |
( |
|
self, |
|
|
|
redis_host = 'localhost', |
|
|
|
redis_port = 6379 |
|
) |
| |
◆ close_all_ports()
| StratosphereLinuxIPS.slips.Main.close_all_ports |
( |
|
self | ) |
|
Closes all the redis ports in logfile and in slips supported range of ports
◆ close_open_redis_servers()
| StratosphereLinuxIPS.slips.Main.close_open_redis_servers |
( |
|
self | ) |
|
Function to close unused open redis-servers based on what the user chooses
◆ create_folder_for_logs()
| StratosphereLinuxIPS.slips.Main.create_folder_for_logs |
( |
|
self | ) |
|
Create a dir for logs if logs are enabled
◆ delete_zeek_files()
| StratosphereLinuxIPS.slips.Main.delete_zeek_files |
( |
|
self | ) |
|
◆ flush_redis_server()
| StratosphereLinuxIPS.slips.Main.flush_redis_server |
( |
|
self, |
|
|
str |
pid = '', |
|
|
str |
port = '' |
|
) |
| |
Flush the redis server on this pid, only 1 param should be given, pid or port
:param pid: can be False if port is given
Gets the pid of the port is not given
◆ get_already_stopped_modules()
| StratosphereLinuxIPS.slips.Main.get_already_stopped_modules |
( |
|
self | ) |
|
◆ get_host_ip()
| StratosphereLinuxIPS.slips.Main.get_host_ip |
( |
|
self | ) |
|
Recognize the IP address of the machine
◆ get_input_file_type()
| StratosphereLinuxIPS.slips.Main.get_input_file_type |
( |
|
self, |
|
|
|
input_information |
|
) |
| |
input_information: given file
returns binetflow, pcap, nfdump, zeek_folder, suricata, etc.
◆ get_modules()
| StratosphereLinuxIPS.slips.Main.get_modules |
( |
|
self, |
|
|
|
to_ignore |
|
) |
| |
Get modules from the 'modules' folder.
◆ get_open_redis_servers()
| dict StratosphereLinuxIPS.slips.Main.get_open_redis_servers |
( |
|
self | ) |
|
Returns the dict of PIDs and ports of the redis servers started by slips
◆ get_pid_of_redis_server()
| str StratosphereLinuxIPS.slips.Main.get_pid_of_redis_server |
( |
|
self, |
|
|
int |
port |
|
) |
| |
Gets the pid of the redis server running on this port
Returns str(port) or false if there's no redis-server running on this port
◆ get_port_of_redis_server()
| StratosphereLinuxIPS.slips.Main.get_port_of_redis_server |
( |
|
self, |
|
|
str |
pid |
|
) |
| |
returns the port of the redis running on this pid
◆ get_random_redis_port()
| StratosphereLinuxIPS.slips.Main.get_random_redis_port |
( |
|
self | ) |
|
Keeps trying to connect to random generated ports until we're connected.
returns the used port
◆ green()
| StratosphereLinuxIPS.slips.Main.green |
( |
|
self, |
|
|
|
txt |
|
) |
| |
returns the text in green
◆ handle_flows_from_stdin()
| StratosphereLinuxIPS.slips.Main.handle_flows_from_stdin |
( |
|
self, |
|
|
|
input_information |
|
) |
| |
Make sure the stdin line type is valid (argus, suricata, or zeek)
◆ is_debugger_active()
| bool StratosphereLinuxIPS.slips.Main.is_debugger_active |
( |
|
self | ) |
|
Return if the debugger is currently active
◆ kill()
| StratosphereLinuxIPS.slips.Main.kill |
( |
|
self, |
|
|
|
module_name, |
|
|
|
INT = False |
|
) |
| |
◆ kill_all()
| StratosphereLinuxIPS.slips.Main.kill_all |
( |
|
self, |
|
|
|
PIDs |
|
) |
| |
◆ kill_redis_server()
| StratosphereLinuxIPS.slips.Main.kill_redis_server |
( |
|
self, |
|
|
|
pid |
|
) |
| |
Kill the redis server on this pid
◆ load_db()
| StratosphereLinuxIPS.slips.Main.load_db |
( |
|
self | ) |
|
◆ load_modules()
| StratosphereLinuxIPS.slips.Main.load_modules |
( |
|
self | ) |
|
◆ log()
| StratosphereLinuxIPS.slips.Main.log |
( |
|
self, |
|
|
|
txt |
|
) |
| |
Is used instead of print for daemon debugging
◆ log_redis_server_PID()
| StratosphereLinuxIPS.slips.Main.log_redis_server_PID |
( |
|
self, |
|
|
|
redis_port, |
|
|
|
redis_pid |
|
) |
| |
◆ prepare_output_dir()
| StratosphereLinuxIPS.slips.Main.prepare_output_dir |
( |
|
self | ) |
|
:param self.input_information: either an interface or a filename (wlp3s0, sample.pcap, zeek_dir/ etc.)
◆ prepare_zeek_output_dir()
| StratosphereLinuxIPS.slips.Main.prepare_zeek_output_dir |
( |
|
self | ) |
|
◆ print()
| StratosphereLinuxIPS.slips.Main.print |
( |
|
self, |
|
|
|
text, |
|
|
|
verbose = 1, |
|
|
|
debug = 0 |
|
) |
| |
Function to use to print text using the outputqueue of slips.
Slips then decides how, when and where to print this text by taking all the processes into account
:param verbose:
0 - don't print
1 - basic operation/proof of work
2 - log I/O operations and filenames
3 - log database/profile/timewindow changes
:param debug:
0 - don't print
1 - print exceptions
2 - unsupported and unhandled types (cases that may cause errors)
3 - red warnings that needs examination - developer warnings
:param text: text to print. Can include format like f'Test {here}'
◆ print_open_redis_servers()
| StratosphereLinuxIPS.slips.Main.print_open_redis_servers |
( |
|
self | ) |
|
Returns a dict {counter: (used_port,pid) }
◆ print_stopped_module()
| StratosphereLinuxIPS.slips.Main.print_stopped_module |
( |
|
self, |
|
|
|
module |
|
) |
| |
◆ print_version()
| StratosphereLinuxIPS.slips.Main.print_version |
( |
|
self | ) |
|
◆ remove_old_logline()
| StratosphereLinuxIPS.slips.Main.remove_old_logline |
( |
|
self, |
|
|
|
redis_port |
|
) |
| |
This function should be called after adding a new duplicate line with redis_port
The only line with redis_port will be the last line, remove all the ones above
◆ remove_server_from_log()
| StratosphereLinuxIPS.slips.Main.remove_server_from_log |
( |
|
self, |
|
|
|
redis_port |
|
) |
| |
deletes the server running on the given pid from running_slips_logs
◆ save_the_db()
| StratosphereLinuxIPS.slips.Main.save_the_db |
( |
|
self | ) |
|
◆ set_analysis_end_date()
| StratosphereLinuxIPS.slips.Main.set_analysis_end_date |
( |
|
self | ) |
|
Add the analysis end date to the metadata file and
the db for the web inerface to display
◆ set_input_metadata()
| StratosphereLinuxIPS.slips.Main.set_input_metadata |
( |
|
self | ) |
|
save info about name, size, analysis start date in the db
◆ set_mode()
| StratosphereLinuxIPS.slips.Main.set_mode |
( |
|
self, |
|
|
|
mode, |
|
|
|
daemon = '' |
|
) |
| |
Slips has 2 modes, daemonized and interactive, this function
sets up the mode so that slips knows in which mode it's operating
:param mode: daemonized of interavtive
:param daemon: Daemon() instance
◆ setup_detailed_logs()
| StratosphereLinuxIPS.slips.Main.setup_detailed_logs |
( |
|
self, |
|
|
|
LogsProcess |
|
) |
| |
Detailed logs are the ones created by logsProcess
◆ setup_print_levels()
| StratosphereLinuxIPS.slips.Main.setup_print_levels |
( |
|
self | ) |
|
setup debug and verose levels
◆ should_kill_all_modules()
| bool StratosphereLinuxIPS.slips.Main.should_kill_all_modules |
( |
|
self, |
|
|
|
function_start_time, |
|
|
|
wait_for_modules_to_finish |
|
) |
| |
checks if x minutes has passed since the start of the function
:param wait_for_modules_to_finish: time in mins to wait before force killing all modules
defined by wait_for_modules_to_finish in slips.conf
◆ shutdown_gracefully()
| StratosphereLinuxIPS.slips.Main.shutdown_gracefully |
( |
|
self | ) |
|
Wait for all modules to confirm that they're done processing
or kill them after 15 mins
◆ start()
| StratosphereLinuxIPS.slips.Main.start |
( |
|
self | ) |
|
◆ start_gui_process()
| StratosphereLinuxIPS.slips.Main.start_gui_process |
( |
|
self | ) |
|
◆ start_webinterface()
| StratosphereLinuxIPS.slips.Main.start_webinterface |
( |
|
self | ) |
|
Starts the web interface shell script if -w is given
◆ stop_core_processes()
| StratosphereLinuxIPS.slips.Main.stop_core_processes |
( |
|
self | ) |
|
◆ store_host_ip()
| StratosphereLinuxIPS.slips.Main.store_host_ip |
( |
|
self | ) |
|
Store the host IP address if input type is interface
◆ store_zeek_dir_copy()
| StratosphereLinuxIPS.slips.Main.store_zeek_dir_copy |
( |
|
self | ) |
|
◆ terminate_slips()
| StratosphereLinuxIPS.slips.Main.terminate_slips |
( |
|
self | ) |
|
Shutdown slips, is called when stopping slips before
starting all modules. for example using -cb
◆ update_local_TI_files()
| StratosphereLinuxIPS.slips.Main.update_local_TI_files |
( |
|
self | ) |
|
◆ warn_about_pending_modules()
| StratosphereLinuxIPS.slips.Main.warn_about_pending_modules |
( |
|
self, |
|
|
|
finished_modules |
|
) |
| |
◆ was_running_zeek()
| bool StratosphereLinuxIPS.slips.Main.was_running_zeek |
( |
|
self | ) |
|
returns true if zeek wa sused in this run
◆ alerts_default_path
| StratosphereLinuxIPS.slips.Main.alerts_default_path |
◆ args
| StratosphereLinuxIPS.slips.Main.args |
◆ c1
| StratosphereLinuxIPS.slips.Main.c1 |
◆ conf
| StratosphereLinuxIPS.slips.Main.conf |
◆ daemon
| StratosphereLinuxIPS.slips.Main.daemon |
◆ enable_metadata
| StratosphereLinuxIPS.slips.Main.enable_metadata |
◆ end_port
| StratosphereLinuxIPS.slips.Main.end_port |
◆ evidenceProcessQueue
| StratosphereLinuxIPS.slips.Main.evidenceProcessQueue |
◆ info_path
| StratosphereLinuxIPS.slips.Main.info_path |
◆ input_information
| StratosphereLinuxIPS.slips.Main.input_information |
◆ input_type
| StratosphereLinuxIPS.slips.Main.input_type |
◆ line_type
| StratosphereLinuxIPS.slips.Main.line_type |
◆ logsProcessQueue
| StratosphereLinuxIPS.slips.Main.logsProcessQueue |
◆ mode
| StratosphereLinuxIPS.slips.Main.mode |
◆ name
| StratosphereLinuxIPS.slips.Main.name |
◆ open_servers_PIDs
| StratosphereLinuxIPS.slips.Main.open_servers_PIDs |
◆ outputqueue
| StratosphereLinuxIPS.slips.Main.outputqueue |
◆ pid
| StratosphereLinuxIPS.slips.Main.pid |
◆ PIDs
| StratosphereLinuxIPS.slips.Main.PIDs |
◆ profilerProcessQueue
| StratosphereLinuxIPS.slips.Main.profilerProcessQueue |
◆ redis_port
| StratosphereLinuxIPS.slips.Main.redis_port |
◆ running_logfile
| StratosphereLinuxIPS.slips.Main.running_logfile |
◆ start_port
| StratosphereLinuxIPS.slips.Main.start_port |
◆ twid_width
| StratosphereLinuxIPS.slips.Main.twid_width |
◆ zeek_bro
| StratosphereLinuxIPS.slips.Main.zeek_bro |
◆ zeek_folder
| StratosphereLinuxIPS.slips.Main.zeek_folder |
The documentation for this class was generated from the following file:
- /home/runner/work/StratosphereLinuxIPS/StratosphereLinuxIPS/slips.py
1.9.8