Compare commits
4 Commits
main
...
ablesov/fi
Author | SHA1 | Date | |
---|---|---|---|
|
13ddb3b0bc | ||
|
daca707ad8 | ||
|
216db5d387 | ||
|
887e90cd06 |
@ -13,6 +13,7 @@ import os
|
|||||||
import re
|
import re
|
||||||
import sys
|
import sys
|
||||||
import whois
|
import whois
|
||||||
|
from security import safe_command
|
||||||
|
|
||||||
|
|
||||||
class ZeekEngine(object):
|
class ZeekEngine(object):
|
||||||
@ -396,7 +397,7 @@ class ZeekEngine(object):
|
|||||||
# This check can be good if the domain has already been cached by
|
# This check can be good if the domain has already been cached by
|
||||||
# the device so it wont appear in self.dns.
|
# the device so it wont appear in self.dns.
|
||||||
|
|
||||||
if any([cert["cn"].endswith(r["domain"]) for r in self.dns]):
|
if any(cert["cn"].endswith(r["domain"]) for r in self.dns):
|
||||||
continue
|
continue
|
||||||
|
|
||||||
for domain in self.bl_domains:
|
for domain in self.bl_domains:
|
||||||
@ -445,10 +446,10 @@ class ZeekEngine(object):
|
|||||||
"""
|
"""
|
||||||
Start zeek and check the logs.
|
Start zeek and check the logs.
|
||||||
"""
|
"""
|
||||||
sp.Popen("cd {} && /opt/zeek/bin/zeek -Cr capture.pcap protocols/ssl/validate-certs".format(
|
safe_command.run(sp.Popen, "cd {} && /opt/zeek/bin/zeek -Cr capture.pcap protocols/ssl/validate-certs".format(
|
||||||
self.working_dir), shell=True).wait()
|
self.working_dir), shell=False).wait()
|
||||||
sp.Popen("cd {} && mv *.log assets/".format(self.working_dir),
|
safe_command.run(sp.Popen, "cd {} && mv *.log assets/".format(self.working_dir),
|
||||||
shell=True).wait()
|
shell=False).wait()
|
||||||
self.fill_dns(self.working_dir + "/assets/")
|
self.fill_dns(self.working_dir + "/assets/")
|
||||||
self.netflow_check(self.working_dir + "/assets/")
|
self.netflow_check(self.working_dir + "/assets/")
|
||||||
self.ssl_check(self.working_dir + "/assets/")
|
self.ssl_check(self.working_dir + "/assets/")
|
||||||
|
@ -15,3 +15,6 @@ netifaces==0.11.0
|
|||||||
weasyprint==59.0
|
weasyprint==59.0
|
||||||
python-whois==0.8.0
|
python-whois==0.8.0
|
||||||
six==1.16.0
|
six==1.16.0
|
||||||
|
security==1.2.1 \
|
||||||
|
--hash=sha256:4ca5f8cfc6b836e2192a84bb5a28b72c17f3cd1abbfe3281f917394c6e6c9238
|
||||||
|
--hash=sha256:0a9dc7b457330e6d0f92bdae3603fecb85394beefad0fd3b5058758a58781ded
|
||||||
|
Loading…
Reference in New Issue
Block a user