summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--monitor/josef_lib.py2
-rwxr-xr-xmonitor/josef_logreader.py63
-rwxr-xr-xmonitor/josef_monitor.py2
-rwxr-xr-xmonitor/josef_reader.py4
-rw-r--r--monitor/monitor_conf.py34
-rwxr-xr-xtools/josef_auditor.py16
6 files changed, 87 insertions, 34 deletions
diff --git a/monitor/josef_lib.py b/monitor/josef_lib.py
index 24c0c32..28ea0c0 100644
--- a/monitor/josef_lib.py
+++ b/monitor/josef_lib.py
@@ -18,7 +18,7 @@ import zipfile
import shutil
from certkeys import publickeys
-# from Crypto.Hash import SHA256
+from Crypto.Hash import SHA256
import Crypto.PublicKey.RSA as RSA
from Crypto.Signature import PKCS1_v1_5
diff --git a/monitor/josef_logreader.py b/monitor/josef_logreader.py
index 62edfff..8be4dd5 100755
--- a/monitor/josef_logreader.py
+++ b/monitor/josef_logreader.py
@@ -30,7 +30,6 @@ def read_loglog(filename):
return content
def print_log_stats(l):
- print l
log = read_loglog(l)
rev_log = list(reversed(log))
last = rev_log[0]
@@ -48,12 +47,66 @@ def print_log_stats(l):
print "STH age: " + str(age)[:-7]
print "Size: " + size
break
- # else:
- # print "No STH update found in log."
+ else:
+ print "No STH update found in log."
+
+
+def print_average_age(l):
+ log = read_loglog(l)
+ rev_log = list(reversed(log))
+ # last = rev_log[0]
+
+ prev_timestamp = None
+ ages = []
+ for item in rev_log:
+ line = item[TIME_LEN:]
+ if line[:len(START_STR)] == START_STR:
+ # break
+ prev_timestamp = None # Don't count over restarts
+ if line[:len(NEW_STH_STR)] == NEW_STH_STR:
+ timestamp = datetime.datetime.strptime(line[-20:-1], '%Y-%m-%d %H:%M:%S')
+ if prev_timestamp is not None:
+ ages.append(prev_timestamp - timestamp)
+ prev_timestamp = timestamp
+
+ if len(ages) == 0:
+ print "No timedeltas found.."
+ else:
+ average_timedelta = sum(ages, datetime.timedelta(0)) / len(ages)
+ print "Average update time: " + str(average_timedelta) + " (" + str(len(ages)) + " values)"
+
+def print_errors(l):
+ # print errors since last restart
+ log = read_loglog(l)
+ rev_log = list(reversed(log))
+
+ prev_timestamp = None
+ ages = []
+ for item in rev_log:
+ line = item[TIME_LEN:]
+ if "ERROR" in line:
+ print item[:-1]
+ if line[:len(START_STR)] == START_STR:
+ # break # comment this line to print all errors ever
+ pass
- print ""
if __name__ == "__main__":
logs = get_logs()
for log in logs:
- print_log_stats(log) \ No newline at end of file
+ if log == "monitor.log":
+ pass
+ else:
+ print log
+ print_log_stats(log)
+ print_average_age(log)
+ print_errors(log)
+ print ""
+
+
+
+
+
+
+
+
diff --git a/monitor/josef_monitor.py b/monitor/josef_monitor.py
index a36868d..dfdeacf 100755
--- a/monitor/josef_monitor.py
+++ b/monitor/josef_monitor.py
@@ -125,7 +125,7 @@ class ctlog:
check_sth_signature(self.url, new_sth, None)
except:
self.log("ERROR: Could not verify STH signature")
- print "ERROR: Could not verify STH signature from " + url
+ print "ERROR: Could not verify STH signature from " + self.url
sth_time = datetime.datetime.fromtimestamp(new_sth['timestamp'] / 1000, UTC()).strftime("%Y-%m-%d %H:%M:%S")
if new_sth["timestamp"] != self.sth["timestamp"]:
diff --git a/monitor/josef_reader.py b/monitor/josef_reader.py
index 8ffbd36..1906587 100755
--- a/monitor/josef_reader.py
+++ b/monitor/josef_reader.py
@@ -70,12 +70,12 @@ class monitored_domain:
if len(added_items) != 0:
self.log(str(len(added_items)) + " new item(s):")
for item in added_items:
- self.log(item)
+ self.log(str(item))
if len(removed_items) != 0:
self.log(str(len(removed_items)) + " removed item(s):")
for item in removed_items:
- self.log(item)
+ self.log(str(item))
class monitored_entry:
diff --git a/monitor/monitor_conf.py b/monitor/monitor_conf.py
index c6852a0..b926fd7 100644
--- a/monitor/monitor_conf.py
+++ b/monitor/monitor_conf.py
@@ -24,25 +24,25 @@ MONITORED_DOMAINS = [
"*.sunet.se",
"mail.google.com",
"*.symantec.com",
- "*.se",
+ # "*.se",
]
# CT logs and associated keys
ctlogs = [
- {"name" : "pilot",
- "url" : "https://ct.googleapis.com/pilot/",
- "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==",
- "id" : "pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA="},
+ # {"name" : "pilot",
+ # "url" : "https://ct.googleapis.com/pilot/",
+ # "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==",
+ # "id" : "pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA="},
- {"name" : "plausible",
- "url" : "https://plausible.ct.nordu.net/",
- "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9UV9+jO2MCTzkabodO2F7LM03MUBc8MrdAtkcW6v6GA9taTTw9QJqofm0BbdAsbtJL/unyEf0zIkRgXjjzaYqQ==",
- "id" : "qucLfzy41WbIbC8Wl5yfRF9pqw60U1WJsvd6AwEE880="},
+ # {"name" : "plausible",
+ # "url" : "https://plausible.ct.nordu.net/",
+ # "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9UV9+jO2MCTzkabodO2F7LM03MUBc8MrdAtkcW6v6GA9taTTw9QJqofm0BbdAsbtJL/unyEf0zIkRgXjjzaYqQ==",
+ # "id" : "qucLfzy41WbIbC8Wl5yfRF9pqw60U1WJsvd6AwEE880="},
- {"name" : "digicert",
- "url" : "https://ct1.digicert-ct.com/log/",
- "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A==",
- "id" : "VhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0="},
+ # {"name" : "digicert",
+ # "url" : "https://ct1.digicert-ct.com/log/",
+ # "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A==",
+ # "id" : "VhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0="},
{"name" : "izenpe",
"url" : "https://ct.izenpe.com/",
@@ -59,10 +59,10 @@ ctlogs = [
# "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1/TMabLkDpCjiupacAlP7xNi0I1JYP8bQFAHDG1xhtolSY1l4QgNRzRrvSe8liE+NPWHdjGxfx3JhTsN9x8/6Q==",
# "id" : "aPaY+B9kgr46jO65KB1M/HFRXWeT1ETRCmesu09P+8Q="},
- {"name" : "rocketeer",
- "url" : "https://ct.googleapis.com/rocketeer/",
- "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg==",
- "id": "7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/cs="},
+ # {"name" : "rocketeer",
+ # "url" : "https://ct.googleapis.com/rocketeer/",
+ # "key" : "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg==",
+ # "id": "7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/cs="},
{"name" : "symantec",
"url" : "https://ct.ws.symantec.com/",
diff --git a/tools/josef_auditor.py b/tools/josef_auditor.py
index 0f12037..44eb5f8 100755
--- a/tools/josef_auditor.py
+++ b/tools/josef_auditor.py
@@ -278,14 +278,14 @@ def get_proof_by_index(baseurl, index, tree_size):
def get_all_roots(base_url):
result = urlopen(base_url + "ct/v1/get-roots").read()
certs = json.loads(result)["certificates"]
- print time.strftime('%H:%M:%S') + " Received " + str(len(certs)) + " certs from " + base_url
-
- for accepted_cert in certs:
- subject = get_cert_info(base64.decodestring(accepted_cert))["subject"]
- issuer = get_cert_info(base64.decodestring(accepted_cert))["issuer"]
- if subject == issuer:
- root_cert = base64.decodestring(accepted_cert)
- print get_cert_info(root_cert)["subject"]
+ print time.strftime('%H:%M:%S') + " Received " + str(len(certs)) + " roots from " + base_url
+
+ # for accepted_cert in certs:
+ # subject = get_cert_info(base64.decodestring(accepted_cert))["subject"]
+ # issuer = get_cert_info(base64.decodestring(accepted_cert))["issuer"]
+ # if subject == issuer:
+ # root_cert = base64.decodestring(accepted_cert)
+ # print get_cert_info(root_cert)["subject"]
def print_errors(errors):
print "Encountered " + str(len(errors)) + " errors:"
generated by cgit v1.1 at 2025-07-13 05:27:48 +0000