Commits · master · Turris / Pakon

31 Mar, 2020 1 commit
- add LICENSE · aefdd045
  Martin Matějek authored Mar 31, 2020
  
  aefdd045
31 Jan, 2019 1 commit
- show: Fix crash when no aggregated data exists · f1d64e7c
  Martin Matějek authored Jan 31, 2019
  
  f1d64e7c
11 Dec, 2018 1 commit
- add basic documentation · b930f3c9
  Martin Petráček authored Dec 11, 2018
  
  b930f3c9
05 Dec, 2018 1 commit

archive: don't delete flows from live invidually, delete them at once · ffe599c2

Martin Petráček authored Dec 05, 2018

Also backup database ASAP, when flows are moved (it used to be done in
cron,after the archive script finished - which could be long).

ffe599c2

26 Nov, 2018 1 commit
- try harder to avoid 'database is locked' error · 2fbb40bf
  Martin Petráček authored Nov 26, 2018
  
  2fbb40bf
23 Nov, 2018 5 commits
- archive: add hard_limit, delete records if the database is too full · 7b78bc24
  Martin Petráček authored Nov 22, 2018
  
  7b78bc24
- monitor: delete the oldest records when the database gets too full · 10e44ecd
  Martin Petráček authored Nov 22, 2018
  
  10e44ecd
- handler: refactor · 3c29d824
  Martin Petráček authored Nov 22, 2018
  
  3c29d824
- change DB indexes · 825d4326
  Martin Petráček authored Nov 22, 2018
  
  825d4326
- refactor archivation · 248fe80d
  Martin Petráček authored Nov 22, 2018
  
  248fe80d
21 Nov, 2018 2 commits
- monitor: switch sqlite to autocommit mode · ca02c20d
  Martin Petráček authored Nov 21, 2018
  
  ca02c20d
- archive: perfrom moving from live to archive in a transaction · eb98306c
  Martin Petráček authored Nov 21, 2018
```
flows are either inserted+deleted, or nothing is changed
```
  eb98306c
13 Nov, 2018 1 commit
- convert DNS hostnames to lower · 33a1bd7f
  Martin Petráček authored Nov 13, 2018
```
0x20 bit encoding makes DNS queries with random mixed case
```
  33a1bd7f
08 Oct, 2018 2 commits
- archive: increase timeout for acquiring lock · 252df926
  Martin Petráček authored Oct 08, 2018
  
  252df926
- workaround for bug in python3 - causing expection interupting archive · 81537c83
  Martin Petráček authored Oct 08, 2018
  
  81537c83
03 Sep, 2018 1 commit
- archive: wrap squash in transaction · df85c901
  Martin Petráček authored Sep 03, 2018
  
  df85c901
23 Jul, 2018 1 commit

do not use suricata_conntrack_flows script when suricata is in IDS mode, · 22477b9b

Martin Petráček authored Jul 23, 2018

read directly from suricata socket

also try (!again!) to ensure that suricata_conntrack_flows script dies
with pakon-monitor.py. Trying bigger hammer (PR_SET_PDEATHSIG) this time...

22477b9b

16 Jul, 2018 1 commit
- fix notify_new_devices option - was ignored till now · 826001ad
  Martin Petráček authored Jul 16, 2018
  
  826001ad
20 Jun, 2018 1 commit
- get_dev_mac: prevent possible crash when `ip neigh` output doesn't match · b09b9845
  Martin Petráček authored Jun 19, 2018
  
  b09b9845
19 Jun, 2018 1 commit
- fix bug: wrong name · 6758d271
  Martin Petráček authored Jun 19, 2018
  
  6758d271
15 Jun, 2018 1 commit
- handler: ignore mac address cases · df155864
  Martin Petráček authored Jun 15, 2018
  
  df155864
22 May, 2018 2 commits
- monitor: get MAC and dev from `ip neigh`, suricata way is unreliable · f35a2ee2
  Martin Petráček authored May 22, 2018
  
  f35a2ee2
- handler: fix wrong aggregation · 7969295f
  Martin Petráček authored May 22, 2018
  
  7969295f
14 May, 2018 1 commit
- domains_reapply: don't update not-existing file (avoid traceback) · b50d2df8
  Martin Petráček authored May 14, 2018
  
  b50d2df8
08 Mar, 2018 1 commit
- add mac->name feature to handler, names from DHCP config · 084aee8f
  Martin Petráček authored Mar 08, 2018
  
  084aee8f
01 Feb, 2018 1 commit

monitor: delete incomplete flows after restart · 5a08434f

Martin Petráček authored Feb 01, 2018

monitor should get complete information about bypassed flows from
suricata_conntrack script before its exit - so they are complete.
What remains are connections that were just opened - we don't know much about
them, they just make output more confusing.

5a08434f

31 Jan, 2018 2 commits
- config: archive path · 05d8eb9d
  Martin Petráček authored Jan 31, 2018
  
  05d8eb9d
- config: default notify_new_devices to 0 · e8ab2bc7
  Martin Petráček authored Jan 31, 2018
  
  e8ab2bc7
30 Jan, 2018 1 commit
- moved interfaces to pakon config (from suricata config) · c02537f1
  Martin Petráček authored Jan 26, 2018
  
  c02537f1
25 Jan, 2018 1 commit
- archive: add default archive_rule (if no rules are present in config) · 5500a231
  Martin Petráček authored Jan 25, 2018
  
  5500a231
18 Jan, 2018 8 commits
- don't squash flows without hostname into one (preserve dest_ip) · 403939ec
  Martin Petráček authored Jan 15, 2018
  
  403939ec
- add size_threshold configuration option · 1663fe34
  Martin Petráček authored Jan 15, 2018
  
  1663fe34
- don't perform VACUUM of archive · 47d4af80
  Martin Petráček authored Jan 15, 2018
  
  47d4af80
- allow configuring archive_rules · d1fa9eb7
  Martin Petráček authored Jan 15, 2018
  
  d1fa9eb7
- make archive_path configurable · ddc90cc5
  Martin Petráček authored Jan 15, 2018
  
  ddc90cc5
- monitor: dump DNS cache to file on exit, (try to) reload on start · c0d39f31
  Martin Petráček authored Jan 18, 2018
  
  c0d39f31
- monitor: improved DNSCache · 691f84ef
  Martin Petráček authored Jan 18, 2018
  
  691f84ef
- monitor: use src_mac as client identification instead of src_ip · 7efeee87
  Martin Petráček authored Jan 18, 2018
```
src_ip doesn't work well with IPv6 (dns could still go over IPv4)
also, temporary IPv6 addresses are used, with short lifetime
MAC is much more stable identifier
```
  7efeee87
15 Jan, 2018 1 commit
- catch database error - caused crash sometimes · 3c886346
  Martin Petráček authored Jan 15, 2018
  
  3c886346
08 Jan, 2018 1 commit
- handler: improved handling of missing hostname · b411eea0
  Martin Petráček authored Nov 29, 2017
  
  b411eea0