Changeset 1002

Show
Ignore:
Timestamp:
11/09/07 16:05:36 (1 year ago)
Author:
kindlund
Message:

Disabled per-domain integrity checking, now that we check after each URL. Added debug support, where the Manager will dump any fingerprints it finds to a 'Compromise.dump' file, along with inserting into the database (if specified).

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • honeyclient/branches/exp/kindlund-dynamic_updates/etc/honeyclient.xml

    r998 r1002  
    352352    <Manager> 
    353353        <!-- TODO: Update this. --> 
    354         <manager_state description="Upon termination, the Manager will attempt to save a complete copy of its state into this file, if specified." default=""> 
     354        <manager_state description="Upon termination, the Manager will attempt to append a complete copy of its state into this file, if specified." default=""> 
    355355            Manager.dump 
    356356        </manager_state> 
     357        <compromise_dump description="When the Manager encounters a compromised VM, it will attempt to append a complete copy of the compromised information to this file, if specified."> 
     358            Compromise.dump 
     359        </compromise_dump> 
    357360        <!-- TODO: Update this. --> 
    358361        <address description="The IP or hostname that all Manager modules should use, when accepting SOAP requests." default="localhost"> 
     
    465468        <VM> 
    466469            <master_vm_config description="The full absolute path to the VM configuration file on the host system that will be used by all subsequent cloned VMs."> 
    467                 /vm/master-vms/Agent.Master-27/winXPPro.cfg 
     470                /vm/master-vms/Agent.Master-27-dynamic_updates/winXPPro.cfg 
    468471            </master_vm_config> 
    469472            <port description="The TCP port number that the SOAP server of the VM daemon will listen on for requests.  Note: This port should be unique and not already be used by other modules, services, or daemons running on the host system." default="8089"> 

  • honeyclient/branches/exp/kindlund-dynamic_updates/lib/HoneyClient/Agent.pm

    r1001 r1002  
    967967            _unlock($data); 
    968968        } 
    969                  
     969         
     970        # XXX: This code may come in handy again, if we decide to keep the 
     971        # old-style integrity checks. 
    970972        # Perform an integrity check, if needed. 
    971         if (defined($integrity)) { 
    972             # For now, we update a scalar called 'is_compromised' within 
    973             # the $data->{$driverName}->{'status'} sub-hashtable. 
    974             $LOG->info($driverName . " - Performing Integrity Checks."); 
    975             $changes = $integrity->check(); 
    976             if (scalar(@{$changes->{processes}})) {  
    977                 $LOG->warn($driverName . " - Integrity Check: FAILED"); 
    978                 $isCompromised = 1; 
    979                 $changes->{'last_resource'} = $lastResource; 
    980             } else { 
    981                 $LOG->info($driverName . " - Integrity Check: PASSED"); 
    982             } 
    983         } 
     973        # if (defined($integrity)) { 
     974        #     # For now, we update a scalar called 'is_compromised' within 
     975        #     # the $data->{$driverName}->{'status'} sub-hashtable. 
     976        #     $LOG->info($driverName . " - Performing Integrity Checks."); 
     977        #     $changes = $integrity->check(); 
     978        #     if (scalar(@{$changes->{processes}})) {  
     979        #         $LOG->warn($driverName . " - Integrity Check: FAILED"); 
     980        #         $isCompromised = 1; 
     981        #         $changes->{'last_resource'} = $lastResource; 
     982        #     } else { 
     983        #         $LOG->info($driverName . " - Integrity Check: PASSED"); 
     984        #     } 
     985        # } 
     986 
    984987        # Release our copy of the integrity object, but do not destroy  
    985988        # any internal references. 

  • honeyclient/branches/exp/kindlund-dynamic_updates/lib/HoneyClient/Manager.pm

    r998 r1002  
    533533        $Data::Dumper::Indent = 2; 
    534534        print $dump_file Dumper(thaw(decode_base64($globalAgentState))); 
     535        $dump_file->close(); 
    535536    } 
    536537 
     
    867868                    $vmCompromised = 1; 
    868869 
    869                     # Insert Compromised Fingerprint into DB. 
    870870                    my $fingerprint = $ret->{$args{'driver'}}->{status}->{fingerprint}; 
    871871                    $LOG->warn("VM Compromised.  Last Resource (" . $fingerprint->{'last_resource'} . ")"); 
     872 
     873                    # Dump the fingerprint to the compromise file, if needed. 
     874                    # XXX: May want to change this format/usage, eventually. 
     875                    my $COMPROMISE_FILE = getVar(name => "compromise_dump"); 
     876                    if (length($COMPROMISE_FILE) > 0 && 
     877                        defined($fingerprint)) { 
     878                        $LOG->info("Saving fingerprint to '" . $COMPROMISE_FILE . "'."); 
     879                        my $dump_file = new IO::File($COMPROMISE_FILE, "a"); 
     880 
     881                        # XXX: Delete this block, eventually. 
     882                        $Data::Dumper::Terse = 0; 
     883                        $Data::Dumper::Indent = 2; 
     884                        print $dump_file "\$vmName = " . $vmName . ";\n"; 
     885                        print $dump_file Dumper($fingerprint); 
     886                        $dump_file->close(); 
     887                    } 
     888 
     889                    # Insert Compromised Fingerprint into DB. 
    872890                    if ($DB_ENABLE && ($clientDbId > 0)) { 
    873891                        # Remove the last_url from the fingerprint and insert it as Url History