Project

General

Profile

Tâche #13277

Scénario #13198: Site interdit non vu comme interdit dans l'EAD

Corriger l'observatoire des navigations pour qu'il détecte les accès aux sites "interdits"

Added by Joël Cuissinat about 6 years ago. Updated about 6 years ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Start date:
09/28/2015
Due date:
% Done:

100%

Estimated time:
4.00 h
Spent time:
Remaining (hours):
0.0

Associated revisions

Revision 9221e490 (diff)
Added by Joël Cuissinat about 6 years ago

Détection des sites interdits dans l'observatoire des navigations

  • backend/actions/lib/logparser/logparsing.py : utilisation de la recherche étendu
    afin de rechercher le mot clé en anglais et en français

Ref: #13277 @2h

Revision ea28bf0f (diff)
Added by Joël Cuissinat about 6 years ago

Nettoyage du code (pylint)

  • backend/actions/lib/logparser/logparsing.py : mis à niveau des "raise"

Ref: #13277 @20m

Revision 8a4322a0 (diff)
Added by Emmanuel GARETTE about 6 years ago

changement dans la regexp de détection des fichiers de log *guardian (ref #13277 @1h)

History

#1 Updated by Scrum Master about 6 years ago

  • Assigned To set to Joël Cuissinat

#2 Updated by Scrum Master about 6 years ago

  • Status changed from Nouveau to En cours

#3 Updated by Joël Cuissinat about 6 years ago

=> AM-T03-012

#4 Updated by Joël Cuissinat about 6 years ago

root@amon:~# rgrep -B1 DENIED /usr/share/ead2/
/usr/share/ead2/backend/actions/lib/logparser/logparsing.py-    if denied is not None:
/usr/share/ead2/backend/actions/lib/logparser/logparsing.py:        cmd += grep % 'DENIED'
--
/usr/share/ead2/backend/actions/lib/logparser/logparsing.py-                    }
/usr/share/ead2/backend/actions/lib/logparser/logparsing.py:            if 'DENIED' in line:
  • LOG constaté 2.5.1
    2015-09-29T10:40:51.671765+02:00 amon.etb1.lan e2guardian0[26124]: "2015.9.29 10:40:51","prof.6a","10.1.1.1","http://antiproxy.org","*Accès interdit* Site interdit : antiproxy.org","GET","0","0","","1","403","-","","","","","-","-","" 
    
  • Ancien logs (ex antivirus)
    Jan 27 15:33:15 amon dansguardian0[16831]: "2015.1.27 15:33:15","-","10.1.1.21","http://www.securite-informatique.info/virus/eicar/download/eicar_niveau30.rar","*INFECTED* *DENIED* Virus or bad content detected. Eicar-Test-Signature","GET","20169","0","Content scanning","1","403","text/plain","","","-" 
    

#5 Updated by Joël Cuissinat about 6 years ago

  • % Done changed from 0 to 100
  • Remaining (hours) changed from 4.0 to 0.25

#6 Updated by Scrum Master about 6 years ago

  • Status changed from En cours to Résolu

#7 Updated by Scrum Master about 6 years ago

  • Status changed from Résolu to En cours

#8 Updated by Emmanuel GARETTE about 6 years ago

  • Assigned To changed from Joël Cuissinat to Emmanuel GARETTE
  • % Done changed from 100 to 80
  • Remaining (hours) changed from 0.25 to 1.0

Certains fichiers de logs ne sont pas pris en compte.

#9 Updated by Emmanuel GARETTE about 6 years ago

  • % Done changed from 80 to 100
  • Remaining (hours) changed from 1.0 to 0.25

#10 Updated by Scrum Master about 6 years ago

  • Status changed from En cours to Résolu

#11 Updated by Scrum Master about 6 years ago

  • Status changed from Résolu to Fermé
  • Remaining (hours) changed from 0.25 to 0.0

Also available in: Atom PDF