Beispiel #1
0
        static void Main2()
        {
            //Initialise
            ScutaConfig.load();
            HelperFunctions.configure(3, 1, false, true, "", "Application", "Scuta");
            HelperFunctions.debugMessage(0, ("Scuta v" + Assembly.GetExecutingAssembly().GetName().Version + " is starting..."), 0, 100, HelperFunctions.MessageType.Information);

            FWCtrl.Setup();

            if (ScutaConfig.enableIOT)
            {
                IOTCtrl.Initialise(ScutaConfig.iotHubConnectionString, ScutaConfig.iotHubDeviceName, ScutaConfig.iotHubUri);
            }

            if (ScutaConfig.enableMessageForwarding)
            {
                MsgForwarding.Setup(ScutaConfig.messageForwardingIP, ScutaConfig.messageForwardingPort);
            }

            if (ScutaConfig.watchEventLog)
            {
                EventLogWorker newWorker = new EventLogWorker();
                ThreadManager.LaunchWorker(newWorker);
            }

            if (ScutaConfig.watchLogFile)
            {
                LogFileWorker logFileWorker = new LogFileWorker(ScutaConfig.watchLogFilePath, ScutaConfig.watchLogFileName);
                ThreadManager.LaunchWorker(logFileWorker);
            }
        }
Beispiel #2
0
        protected override void OnStart(string[] args)
        {
            base.OnStart(args);
            //Initialise
            ScutaConfig.load();
            HelperFunctions.configure(3, 3, false, true, "", "Scuta", "Scuta Service");
            HelperFunctions.debugMessage(0, ("Scuta v" + Assembly.GetExecutingAssembly().GetName().Version + " is starting..."), 0, 100, HelperFunctions.MessageType.Information);

            FWCtrl.Setup();

            httpClient = new HttpClient();

            if (ScutaConfig.enableIOT)
            {
                IOTCtrl.Initialise(ScutaConfig.iotHubConnectionString, ScutaConfig.iotHubDeviceName, ScutaConfig.iotHubUri);
            }

            if (ScutaConfig.enablePBI)
            {
                PowerBICtrl.serviceURI = ScutaConfig.pbiServiceUri; PowerBICtrl.enableDebugToLog = true;
            }
            ;

            if (ScutaConfig.enableMessageForwarding)
            {
                MsgForwarding.Setup(ScutaConfig.messageForwardingIP, ScutaConfig.messageForwardingPort);
            }

            if (ScutaConfig.watchEventLog)
            {
                EventLogWorker newWorker = new EventLogWorker();
                rootThread = ThreadManager.LaunchWorker(newWorker);
            }

            if (ScutaConfig.watchLogFile)
            {
                LogFileWorker logFileWorker = new LogFileWorker(ScutaConfig.watchLogFilePath, ScutaConfig.watchLogFileName);
                ThreadManager.LaunchWorker(logFileWorker);
            }
        }
Beispiel #3
0
        public void ban(string sshdmessage)
        {
            // Ban the IP indicated in the event log message

            Regex IPV4 = new Regex(@"\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b");
            Regex User = new Regex(@"(?<=user ).*?(?= from)");

            Match ip   = IPV4.Match(sshdmessage);
            Match user = User.Match(sshdmessage);

            if (ScutaConfig.enableIOT)
            {
            }
            ;

            if (ScutaConfig.enableMessageForwarding)
            {
                MsgForwarding forwarder = new MsgForwarding(); forwarder.SendMessage(String.Format("Banning user {0} from {1}", user.Value, ip.Value));
            }

            FWCtrl.ban(ip.Value, ScutaConfig.banMinutes, user.Value);
        }
Beispiel #4
0
        public void ban(string ip, string user)
        {
            // Ban the IP indicated in the event log message

            FWCtrl.ban(ip, ScutaConfig.banMinutes, user);

            if (ScutaConfig.enableIOT)
            {
                recordToIOT(ip, user);
            }
            ;
            if (ScutaConfig.enablePBI)
            {
                recordToPBI(ip, user);
            }
            ;

            if (ScutaConfig.enableMessageForwarding)
            {
                MsgForwarding forwarder = new MsgForwarding(); forwarder.SendMessage(String.Format("Banning user {0} from {1}", user, ip));
            }
        }
 static void Main1(string[] args)
 {
     FWCtrl ctrl = new FWCtrl();
 }
        private void logCheck(object sender, FileSystemEventArgs e)
        {
            try
            {
                if (e.Name.StartsWith("ex"))
                {
                    if (DateTime.Now.Minute >= lastCheck.Minute + 5)
                    {
                        if (lastCheck.Hour == DateTime.Now.Hour)
                        {
                            logFileBefore = logFileNow;
                            logFileNow    = e;
                        }
                        else
                        {
                            logFileBefore = logFileNow;
                        }
                        lastCheck = DateTime.Now;

                        System.IO.StreamReader file = new System.IO.StreamReader(e.FullPath);

                        var aLine = file.ReadLine();

                        string[] lineSplit = null;

                        while (aLine != null)
                        {
                            if (aLine.Contains(DateTime.Now.Year.ToString()))
                            {
                                lineSplit = aLine.Split(' ');

                                if (lineSplit[9].Contains("Invalid+Username+or+Password"))
                                {
                                    if (totalIpDictionary.ContainsKey(lineSplit[2]))
                                    {
                                        totalIpDictionary.TryGetValue(lineSplit[2], out int oldValue);
                                        totalIpDictionary[lineSplit[2]] = oldValue + 1;
                                    }
                                    else
                                    {
                                        totalIpDictionary.Add(lineSplit[2], 1);
                                    }
                                }
                            }

                            aLine = file.ReadLine();
                        }

                        file.Close();

                        string pathToWrite = @"C:\fileCheckerBlockedIPList.txt";

                        System.IO.StreamWriter myFileOpener = new System.IO.StreamWriter(pathToWrite, true);
                        myFileOpener.Close();

                        System.IO.StreamReader myFileReader = new System.IO.StreamReader(pathToWrite);

                        List <string> ipListOnFile = new List <string>();

                        string line = myFileReader.ReadLine();

                        while (line != null)
                        {
                            ipListOnFile.Add(line);
                            line = myFileReader.ReadLine();
                        }
                        myFileReader.Close();

                        System.IO.StreamWriter myFileWriter = new System.IO.StreamWriter(pathToWrite, true);

                        var matches = totalIpDictionary.Where(element => element.Value > 2);
                        for (int j = 0; j < matches.ToList().Count; j++)
                        {
                            if (!ipListOnFile.Contains(matches.ToArray()[j].Key))
                            {
                                totalIPDictionaryToBlock.Add(matches.ToArray()[j].Key, matches.ToArray()[j].Value);
                                myFileWriter.WriteLine(matches.ToArray()[j].Key);
                                FWCtrl fw = new FWCtrl();
                                fw.ipAddToList(matches.ToArray()[j].Key);
                            }
                        }
                        myFileWriter.Close();
                        IPListView.Items.Clear();
                        for (int i = 0; i < totalIPDictionaryToBlock.Count; i++)
                        {
                            string[] bilgiler =
                            {
                                totalIPDictionaryToBlock.Keys.ToArray()[i],
                                DateTime.Now.ToString(),
                                totalIPDictionaryToBlock.Values.ToArray()[i].ToString()
                            };

                            var n = new ListViewItem(bilgiler);
                            IPListView.Items.Add(n);
                            IPListView.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
                        }

                        if (totalIPDictionaryToBlock.Count > 50)
                        {
                            totalIPDictionaryToBlock.Clear();
                        }
                        if (totalIpDictionary.Count > 100)
                        {
                            totalIpDictionary.Clear();
                        }
                    }
                }
            }
            catch (Exception)
            {
            }
        }