Navigation

← Previous Changeset
Next Changeset →

Changeset 1060

Timestamp:

11/29/07 14:41:47 (9 months ago)

Author:

xkovah

Message:

merging back in the xkovah-firewall_update changes

Files:

honeyclient/trunk/bin/fw (copied) (copied from honeyclient/branches/exp/xkovah-firewall_update/bin/fw)
honeyclient/trunk/etc/honeyclient.xml (modified) (2 diffs)
honeyclient/trunk/lib/HoneyClient/Manager.pm (modified) (6 diffs)
honeyclient/trunk/lib/HoneyClient/Manager/FW.pm (modified) (35 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

honeyclient/trunk/etc/honeyclient.xml

r1048	r1060
79	79	<!-- TODO: Update this. -->
80	80	<timeout description="How long the Driver waits during a drive operation, before timing out (in seconds)." default="60">
81		20
	81	10
82	82	</timeout>
83	83	<ActiveContent>
…	…
98	98	</ignore_links_timed_out>
99	99	<max_relative_links_to_visit description="An integer, representing the maximum number of relative links that the browser should visit, before moving onto another website. If negative, then the browser will exhaust all possible relative links found, before moving on. This functionality is best effort; it's possible for the browser to visit new links on previously visited websites." default="-1">
100		5
	100	1
101	101	</max_relative_links_to_visit>
102	102	<positive_words description="If a link contains any number of these words, then its probability of being visited (its score) will increase.">

honeyclient/trunk/lib/HoneyClient/Manager.pm

r1048	r1060
502	502	my $stubFW = getClientHandle(namespace => "HoneyClient::Manager::FW");
503	503
504		# XXX: Change this to ~~fwInit~~(), eventually.
	504	# XXX: Change this to installDefaultRules(), eventually.
505	505	# Reset the firewall, to allow everything open.
506		$stubFW->~~testConnect~~();
	506	$stubFW->allowAllTraffic();
507	507
508	508	# XXX: Remove this, eventually.
…	…
670	670
671	671	# Open up the firewall initially, to allow the Agent to do an SVN update.
672		$stubFW->testConnect();
	672	#FIXME: This needs to be more limited for the multi-vm case, and should probably
	673	# just be included by making the default rules require no action
	674	$stubFW->allowAllTraffic();
673	675
674	676	# XXX: Remove these, eventually.
…	…
818	820	# corresponding driver will need. (We may want to get this
819	821	# information eventually from the Agent, as part of Driver::next().)
820		'tcp' => ~~undef~~,
	822	'tcp' => [80,443],
821	823	};
822	824
…	…
828	830
829	831	# Initialize the firewall.
830		$stubFW->~~fwInit~~();
	832	$stubFW->installDefaultRules();
831	833
832	834	# Add new chain, per cloned VM.
…	…
972	974	# Get the new targets from the Agent.
973	975	$vmStateTable->{$vm->name}->{targets} = $ret->{$args{'driver'}}->{next}->{targets};
	976	#$vmStateTable->{$vm->name}->{targets} = '0.0.0.0';
974	977
975	978	print "VM State Table:\n";
…	…
998	1001	# the daemon, in which case, we indefinately try to reset the
999	1002	# firewall accordingly.
1000		$stubFW->~~fwInit~~();
	1003	$stubFW->installDefaultRules();
1001	1004	$stubFW->addChain($vmStateTable);
1002	1005	$stubFW->addRules($vmStateTable);

honeyclient/trunk/lib/HoneyClient/Manager/FW.pm

r1008	r1060
93	93	# Lets set our default honeyclient ruleset:
94	94	my $stub = getClientHandle(namespace => "HoneyClient::Manager::FW");
95		my $som = $stub->~~fwInit~~();
	95	my $som = $stub->installDefaultRules();
96	96	my @initlist = $som->paramsall;
97	97	print "$_\n" foreach (@initlist);
…	…
100	100	$hashref = this data structure will be passed from the manager to the HoneyClient::Manager::FW
101	101
102		$som = $stub->addRule( $hashref );
	102	$som = $stub->addRules( $hashref );
103	103	print $stub->result;
104	104	print "\n";
…	…
160	160	use POSIX qw( WIFEXITED );
161	161	use English '-no_match_vars';
	162
	163	# Make Dumper format more verbose.
	164	$Data::Dumper::Terse = 0;
	165	$Data::Dumper::Indent = 2;
162	166
163	167	# set our configuration file location
…	…
348	352	=item *
349	353
350		~~fwInit~~()
351
352		The ~~fwInit~~ function awaits a call from the Honeyclient manager, once a call is made the function performs numerous subfunctions but
	354	installDefaultRules()
	355
	356	The installDefaultRules function awaits a call from the Honeyclient manager, once a call is made the function performs numerous subfunctions but
353	357	mainly handles creation of the default iptables ruleset for the honeyclient network.
354	358	IPTables ruleset:
…	…
368	372
369	373	eval{
370		diag("Testing ~~fwInit~~()...");
	374	diag("Testing installDefaultRules()...");
371	375	$URL = HoneyClient::Manager::FW->init_fw();
372	376	# Wait at least a second, in order to initialize the daemon.
…	…
374	378	# Connect to daemon as a client.
375	379	$stub = getClientHandle(namespace => "HoneyClient::Manager::FW");
376		$som = $stub->~~fwInit~~($hashref);
	380	$som = $stub->installDefaultRules($hashref);
377	381	$som = $stub->_validateInit();
378		is($som->result, 24, "~~fwInit current has set up 28 rules") or diag("The fwInit~~() call failed.");
	382	is($som->result, 24, "installDefaultRules current has set up 28 rules") or diag("The installDefaultRules() call failed.");
379	383	$som = $stub->_setAcceptPolicy();
380	384	$som = $stub->_flushChains();
…	…
395	399	=cut
396	400
397		sub ~~fwInit~~ {
	401	sub installDefaultRules {
398	402	my ($class) = shift();
399	403	my ($systempid, $f_success, $del_success, $acceptsuccess, $denysuccess,
…	…
408	412	#$systempid = _getpid($processname);
409	413	my $log = get_logger("HoneyClient::Manager::FW");
410		$log->info("Entering ~~fwInit~~(), starting Firewall initialization...");
	414	$log->info("Entering installDefaultRules(), starting Firewall initialization...");
411	415
412	416	# Could not connect to iptables
…	…
514	518
515	519	I<Inputs>: Requires hash reference (hohohohoh).
516		I<Output>: returns hash of a hash to be used during the addRule() function for rule generation.
	520	I<Output>: returns hash of a hash to be used during the addRules() function for rule generation.
517	521
518	522	=cut
…	…
527	531	# Get the VM identifier.
528	532	foreach $vm_ID (keys %{$hashref}) {
	533	my $vmObj = $hashref->{$vm_ID};
	534	my $vmSources = $vmObj->{'sources'};
	535	my $vmTargets = $vmObj->{'targets'};
529	536
530	537	# Get the VM's source MAC address.
531		foreach $src_MAC_addr (keys %{ $hashref->{$vm_ID}->{'sources'} }) {
	538	foreach $src_MAC_addr (keys %{ $vmSources }) {
	539	my $vmSrcMAC = $vmSources->{$src_MAC_addr};
532	540
533	541	# Get the VM's source IP address.
534		foreach $src_IP_addr (
535		keys %{ $hashref->{$vm_ID}->{'sources'}->{$src_MAC_addr} })
	542	foreach $src_IP_addr (keys %{ $vmSrcMAC })
536	543	{
537	544
538	545	# Get the VM's source protocol.
539		foreach $src_IP_proto (
540		keys %{
541		$hashref->{$vm_ID}->{'sources'}->{$src_MAC_addr}
542		->{$src_IP_addr}
543		}
544		)
	546	foreach $src_IP_proto (keys %{$vmSrcMAC->{$src_IP_addr}})
545	547	{
546	548
…	…
550	552	# Get the list of ports.
551	553	my @src_ports = ();
552		if (
553		defined(
554		$hashref->{$vm_ID}->{'sources'}->{$src_MAC_addr}
555		->{$src_IP_addr}->{$src_IP_proto}
556		)
557		)
	554	if (defined($vmSrcMAC->{$src_IP_addr}->{$src_IP_proto}))
558	555	{
559		@src_ports =
560		@{ $hashref->{$vm_ID}->{'sources'}->{$src_MAC_addr}
561		->{$src_IP_addr}->{$src_IP_proto} };
	556	@src_ports = @{ $vmSrcMAC->{$src_IP_addr}->{$src_IP_proto} };
562	557	}
563	558
…	…
577	572
578	573	# Get the target hosts.
579		foreach $dst_host (
580		keys %{ $hashref->{$vm_ID}->{'targets'} })
	574	foreach $dst_host (keys %{ $vmTargets })
581	575	{
582
	576	#print "working on dst_host $dst_host\n";
	577	my $vmDstHost = $vmTargets->{$dst_host};
583	578	# Get the target IPs.
584		foreach $dst_IP_addr (_resolveHost($dst_host)) {
	579	foreach $dst_IP_addr (_resolveHost($dst_host))
	580	{
585	581
586	582	# Get the target protocol.
587		foreach $dst_IP_proto (
588		keys %{
589		$hashref->{$vm_ID}->{'targets'}
590		->{$dst_host}
591		}
592		)
	583	foreach $dst_IP_proto (keys %{$vmDstHost})
593	584	{
594
	585	#print "working on dst_IP_proto $dst_IP_proto\n";
595	586	#print STDERR "Destination Protocol: " . $dst_IP_proto . "\n";
596	587	# We skip over combinations, where the source and destination protocols
…	…
604	595	# Get the list of ports.
605	596	my @dst_ports = ();
606		if (
607		defined(
608		$hashref->{$vm_ID}->{'targets'}
609		->{$dst_host}->{$dst_IP_proto}
610		)
611		)
	597	if (defined($vmDstHost->{$dst_IP_proto}))
612	598	{
613		@dst_ports =
614		@{ $hashref->{$vm_ID}->{'targets'}
615		->{$dst_host}->{$dst_IP_proto} };
	599	@dst_ports = @{ $vmDstHost->{$dst_IP_proto} };
616	600	}
617
	601	else{
	602	}
	603
	604	print "dst_ports = @dst_ports\n";
618	605	# Figure out how big the array is.
619	606	my $num_of_dst_ports = scalar(@dst_ports);
620	607	my $dst_port_counter = 0;
621	608	my $dst_port = undef;
	609	my @holderArray = ();
622	610	do {
623	611
…	…
625	613	# is empty.
626	614	if ($num_of_dst_ports <= 0) {
627		$dst_port = "*";
	615	print "setting $dst_port = *\n";
	616	$dst_port = "*";
628	617	} else {
629		$dst_port =
630		$dst_ports[$dst_port_counter];
	618	$dst_port = $dst_ports[$dst_port_counter];
631	619	}
632	620
633	621	# generate our rules here into a %HoH based on destination ip address
634		~~$HoH{$dst_IP_addr} =~~ {
	622	push @holderArray, {
635	623	"chain" => "$vm_ID",
636	624	"source-mac" => "$src_MAC_addr",
…	…
646	634	};
647	635	$dst_port_counter++;
648		} until (
649		~~$dst_port_counter >= $num_of_dst_ports)~~;
	636	} until ($dst_port_counter >= $num_of_dst_ports);
	637	$HoH{$dst_IP_addr} = \@holderArray;
650	638	}
651	639	}
…	…
673	661	and give me an array of VM names that will be added from the iptables chain list. The reason we have broken
674	662	add_vm_chain() up and made it its separate subroutine is because when we add a rule to the iptables ruleset, we
675		must first have a user-defined chain in place. A commit must occur which writes it to the kernel-level netfilter subsystem, then
676		the rule must be added after that has occurred.
	663	must first have a user-defined chain in place. A commit must occur which writes it to the kernel-level netfilter subsystem, then the rule must be added after that has occurred.
677	664
678	665	I<Output>: returns true if VM chain was deleted, returns false if not
…	…
863	850	$log->info("Flushing the entries and chains now...");
864	851	foreach my $chainname (@chainArray) {
865		$log->info("Flusing entries in $chainname");
	852	$log->info("Flushing entries in $chainname");
866	853	$table->flush_entries($chainname) or
867	854	die ("Error: Unable to flush entries in chain $chainname");
868	855	$log->info("Deleting $chainname");
869		$table->delete_chain($chainname);
	856	$table->delete_chain($chainname) or
870	857	die ("Error: Unable to delete chain $chainname");
871	858	}
…	…
918	905	=item *
919	906
920		addRule($hashref)
921
922		addRule is a function that handles the addition of a new iptable rule into the existing IPTables ruleset which allow honeyclients functionality to crawl
923		the internet in search of malicious web sites. ~~FWPunch~~ first checks for the existance of the user-defined chain before it
	907	addRules($hashref)
	908
	909	addRules is a function that handles the addition of a new iptable rule into the existing IPTables ruleset which allow honeyclients functionality to crawl
	910	the internet in search of malicious web sites. addRules first checks for the existance of the user-defined chain before it
924	911	creates a new VM rule. If the chain already exists, the rule can not be added since their is no corresponding chain.
925		If it does exist, the rule is added successfully. All ~~FWPunch~~ calls are logged.
926
927		The addRule() function will recieve a $hashref which will be a muli-level hash table whose structure
	912	If it does exist, the rule is added successfully. All addRules calls are logged.
	913
	914	The addRules() function will recieve a $hashref which will be a muli-level hash table whose structure
928	915	will resemble the below data structure:
929	916
…	…
1018	1005
1019	1006	eval{
1020		diag("Testing addRule()...");
	1007	diag("Testing addRules()...");
1021	1008	$URL = HoneyClient::Manager::FW->init_fw();
1022	1009	# Wait at least a second, in order to initialize the daemon.
…	…
1024	1011	# Connect to daemon as a client.
1025	1012	$stub = getClientHandle(namespace => "HoneyClient::Manager::FW");
1026		my $som = $stub->~~fwInit~~($hashref);
	1013	my $som = $stub->installDefaultRules($hashref);
1027	1014	$som = $stub->addChain($hashref);
1028		$som = $stub->addRule($hashref);
1029		ok($som->result, "addRule~~() successfully passed and added a new rule.") or diag("The addRule~~() call failed.");
	1015	$som = $stub->addRules($hashref);
	1016	ok($som->result, "addRules() successfully passed and added a new rule.") or diag("The addRules() call failed.");
1030	1017	$som = $stub->_setAcceptPolicy();
1031	1018	$som = $stub->_flushChains();
…	…
1061	1048	# debugging options, automatically logs to logfile for review later
1062	1049	$log = get_logger("HoneyClient::Manager::FW");
1063		$log->info("Entering addRule() function()");
	1050	$log->info("Entering addRules() function()");
1064	1051
1065	1052	# getst the Chain name for which we will be inserting new rules on the fly
…	…
1084	1071	# to the Honeyclient manager. The manager is the one actually sending the hashref from which we are
1085	1072	# parsing.
1086		$log->info("[addRule]: parsing hashref and returning %rules");
	1073	$log->info("[addRules]: parsing hashref and returning %rules");
1087	1074	my %rules = _parseHash($hashref);
1088	1075	print Dumper(\%rules);
…	…
1094	1081	#my $state = [ 'ESTABLISHED', 'RELATED' ];
1095	1082	# start looping through our HoH
1096		for $destip (keys %rules) {
1097
	1083	foreach my $destip (keys %rules) {
	1084
	1085	foreach my $href (@{$rules{$destip}}){
1098	1086	# inserting the firewall rules into the "out" chain here.
1099	1087	# The insertion will be at the head of the chain due to the "0" location.
1100		my $success =
1101		$table->insert_entry(
1102		$vout,
1103		{
1104		"protocol" => $rules{$destip}{'protocol'},
1105		"source" => $rules{$destip}{'source'},
1106		"destination" => $rules{$destip}{'destination'},
1107		"jump" => $rules{$destip}{'jump'},
1108		"mac-source" => $rules{$destip}{'source-mac'},
1109		"matches" => $rules{$destip}{'matches'},
1110		"destination-port" => $rules{$destip}{'destination-port'}
1111		},
1112		0
1113		);
1114		if (!$success) {
1115		die ("Error: Unable to insert entry in chain $vout");
	1088	my $success =
	1089	$table->insert_entry(
	1090	$vout,
	1091	{
	1092	"protocol" => $href->{'protocol'},
	1093	"source" => $href->{'source'},
	1094	# "destination" => $href->{'destination'},
	1095	"jump" => $href->{'jump'},
	1096	"mac-source" => $href->{'source-mac'},
	1097	"matches" => $href->{'matches'},
	1098	"destination-port" => $href->{'destination-port'}
	1099	},
	1100	0
	1101	);
	1102	if (!$success) {
	1103	die ("Error: Unable to insert entry in chain $vout");
	1104	}
	1105	# inserting the firewall rules into the "in" chain here.
	1106	$success =
	1107	$table->insert_entry(
	1108	$vin,
	1109	{
	1110	"protocol" => $href->{'protocol'},
	1111	# "source" => $href->{'destination'},
	1112	"destination" => $href->{'source'},
	1113	"jump" => $href->{'jump'}
	1114	},
	1115	0
	1116	);
	1117	if (!$success) {
	1118	die ("Error: Unable to insert entry in chain $vin");
	1119	}
	1120	$counter++;
1116	1121	}
1117
1118		# inserting the firewall rules into the "in" chain here.
1119		$success =
1120		$table->insert_entry(
1121		$vin,
1122		{
1123		"protocol" => $rules{$destip}{'protocol'},
1124		"source" => $rules{$destip}{'destination'},
1125		"destination" => $rules{$destip}{'source'},
1126		"jump" => $rules{$destip}{'jump'}
1127		},
1128		0
1129		);
1130		if (!$success) {
1131		die ("Error: Unable to insert entry in chain $vin");
1132		}
1133		$counter++;
1134		}
	1122	}
1135	1123	$table->commit() or die ("Error: Unable to commit changes to filter table");
1136	1124	my $end = gettimeofday();
…	…
1796	1784
1797	1785	# start looping through our HoH to insert our rules into the iptables ruleset
1798		for my $destip (keys %rules) {
1799		my $success =
1800		$table->insert_entry(
1801		"PREROUTING",
1802		{
1803		"source" => $rules{$destip}{'source'},
1804		"destination" => "!$rules{$destip}{'destination'}",
1805		"jump" => "LOG",
1806		"log-level" => "debug",
1807		"log-prefix" => "VMID=$vmID "
1808		},
1809		0
1810		);
1811		if (!$success) {
1812		die ("Error: Unable to insert entry into chain PREROUTING");
	1786	foreach my $destip (keys %rules) {
	1787	foreach my $href (@{$rules{$destip}}){
	1788	my $success =
	1789	$table->insert_entry(
	1790	"PREROUTING",
	1791	{
	1792	"source" => $href->{'source'},
	1793	"destination" => "!$href->{'destination'}",
	1794	"jump" => "LOG",
	1795	"log-level" => "debug",
	1796	"log-prefix" => "VMID=$vmID "
	1797	},
	1798	0
	1799	);
	1800	if (!$success) {
	1801	die ("Error: Unable to insert entry into chain PREROUTING $!");
	1802	}
	1803	print "success = $success\n";
1813	1804	}
1814		~~print "success = $success\n";~~
1815	1805	}
1816	1806	$table->commit() or die ("Error: Unable to commit changes to nat table");
…	…
1827	1817
1828	1818	# start looping through our HoH to insert our rules into the iptables ruleset
1829		for my $destip (keys %rules) {
1830		$success =
1831		$table->delete_entry(
1832		"PREROUTING",
1833		{
1834		"source" => $rules{$destip}{'source'},
1835		"destination" => "!$rules{$destip}{'destination'}",
1836		"jump" => "LOG",
1837		"log-level" => "debug",
1838		"log-prefix" => "VMID=$vmID "
1839		}
1840		);
1841		if(!$success){
1842		die ("Error: Unable to delete entry from chain PREROUTING");
1843		last;
1844		}
1845		print "success = $success\n";
	1819	foreach my $destip (keys %rules){
	1820	foreach my $href (@{$rules{$destip}}){
	1821	$success =
	1822	$table->delete_entry(
	1823	"PREROUTING",
	1824	{
	1825	"source" => $href->{'source'},
	1826	"destination" => "!$href->{'destination'}",
	1827	"jump" => "LOG",
	1828	"log-level" => "debug",
	1829	"log-prefix" => "VMID=$vmID "
	1830	}
	1831	);
	1832	if (!$success) {
	1833	die ("Error: Unable to delete entry from chain PREROUTING $!");
	1834	}
	1835	print "success = $success\n";
	1836	}
1846	1837	}
1847	1838	$table->commit() or die ("Error: Unable to commit changes to nat table");
…	…
2223	2214	}
2224	2215
2225		=pod
2226
2227		=item *
2228
2229		[NOT IMPLEMENTED AT THIS TIME]: _rule_exists() function checks for the existance of rules within our IPTables ruleset. Within this function,
2230		we are checking the rules within the user-defined chains that we have created. If there is a match within the "input" VM, we consider that a match since when the rule is initially appended, it is appended to both the VM#-in and VM#-out chains. Here, I am only testing against the VM#-in chain since if the rule is in one, it has to be in both.
2231
2232		I<Inputs>:
2233		B<$table>is the object type of IPTables::IPv4::Table.
2234		B<$vin> is the VM input chain name.
2235		B<$vout> is the VM output chain name.
2236		B<%rule> is a hash containing source, destination, and protocol values.
2237
2238		I<Output>: Return true if success or false if failure
2239
2240		=cut
2241
2242		sub _rule_exists {
2243		my ($table, $vin, $vout, %rule) = @_;
2244		my ($code, @outrules, @inrules, $i);
2245		my $log = get_logger("HoneyClient::Manager::FW");
2246		$log->info("Entering _rule_exists() function");
2247
2248		# getting list of chain rules, hash is passed in from FWPunch()
2249		@inrules = $table->list_rules($rule{'chain'});
2250
2251		# Eventually, we will run tests against the outrules as well but for now we are just populating the @outrules array
2252		@outrules = $table->list_rules($rule{'chain'});
2253
2254		# loop through all the rules to find a match, using source, destination, target and protocol as matching fields
2255		for ($i = 0 ; $i <= $#inrules ; $i++) {
2256		if ( $inrules[$i]->{'source'} eq $rule{'source'}
2257		&& $inrules[$i]->{'destination'} eq $rule{'destination'}
2258		&& $inrules[$i]->{'jump'} eq $rule{'jump'}
2259		&& $inrules[$i]->{'protocol'} eq $rule{'protocol'})
2260		{
2261
2262		# We have a match
2263		$code = 1;
2264		last;
2265		} else {
2266
2267		# No match
2268		$code = 0;
2269		}
2270		}
2271		$log->info("Returning return code $code");
2272		return $code;
2273		}
2274
2275		=pod
2276
2277		=item *
2278
2279		[NOT IMPLEMENTED AT THIS TIME]: _translate($url);
2280
2281		The translate function converts a host name to dotted quad format.
2282
2283		I<Inputs>:
2284		B<$url>is the domain name that will be converted to dotted quad format.
2285
2286		I<Output>: Return the domain name as an IP address.
2287
2288		=cut
2289
2290		sub _translate {
2291		(my $url) = @_;
2292		chomp($url);
2293		my $packed_address = gethostbyname($url);
2294		my $dotted_quad = inet_ntoa($packed_address);
2295		return ($dotted_quad);
2296		}
	2216
2297	2217	##################################################################
2298	2218	# Function name: getStatus()
…	…
2332	2252
2333	2253	eval{
2334		diag("Testing fwStatus()...");
	2254	diag("Testing getStatus()...");
2335	2255	$URL = HoneyClient::Manager::FW->init_fw();
2336	2256	# Wait at least a second, in order to initialize the daemon.
…	…
2489	2409	=item *
2490	2410
2491		~~[NOT IMPLEMENTED AT THIS TIME]: insertMac();~~
2492
2493		~~insertMac function add mac address filtering (Anti-spoofing) rules after the VM user-chains~~
2494		~~are created. They must be remotely called after the vm_add_chain() function.~~
2495
2496		~~I<Inputs>:~~
2497		~~B<$chain> is the name of the chain that you will be applying the Mac filtering to.~~
2498		~~B<$ip> is the VM ip address that will be filtered.~~
2499		~~B<$mac> is the mac address of the VM honeyclient.~~
2500
2501		~~I<Output>: returns nothing~~
2502
2503		~~=cut~~
2504
2505		~~sub _insertMac {~~
2506		~~my $table = IPTables::IPv4::init('filter');~~
2507		~~my $class = shift;~~
2508		~~my $chain = shift;~~
2509		~~my $ip = shift;~~
2510		~~my $mac = shift;~~
2511		~~my ($vmchainout, $code, $status) = q{};~~
2512		~~$vmchainout = "$chain-out";~~
2513		~~my $iptables = "/sbin/iptables";~~
2514
2515		~~# This tests to see if a value for $mac has been defined, if the image is not up and running (accepting~~
2516		~~# icmp request/replies, then mac will not be able to be found. If it is found, $mac will be set, hence~~
2517		~~# defined. Success will yield a 1 if rule insertion is successful, failure to insert the mac filter entry # will return a 0~~
2518		~~if (defined($mac)) {~~
2519
2520		~~# rules will be inserted at the HEAD of the user-defined chain~~
2521		~~my $success =~~
2522		~~$table->insert_entry(~~
2523		~~$vmchainout,~~
2524		{
2525		~~"source" => $ip,~~
2526		~~'matches' => ['mac'],~~
2527		~~'mac-source' => "!$mac",~~
2528		~~"jump" => "DROP"~~
2529		},
2530		0
2531		);
2532		~~if (!$success) {~~
2533		~~die ("Error: Unable to insert entry into chain $vmchainout");~~
2534		}
2535		~~$table->commit() or die ("Error: Unable to commit changes to filter table");~~
2536		~~return $success;~~
2537		~~} else {~~
2538		~~$success = 0;~~
2539		~~return $success;~~
2540		}
2541		}
2542
2543		~~=pod~~
2544
2545		=item *
2546
2547	2411	_chain_exists();
2548	2412
…	…
2564	2428	# Connect to daemon as a client.
2565	2429	$stub = getClientHandle(namespace => "HoneyClient::Manager::FW");
2566		my $som = $stub->~~fwInit~~($hashref);
	2430	my $som = $stub->installDefaultRules($hashref);
2567	2431	$som = $stub->addChain($hashref);
2568	2432	is($som->result, 1, "_chainExists($hashref) successfully passed.") or diag("The _chainExists() call failed.");
…	…
2611	2475	}
2612	2476
2613		~~=pod~~
2614
2615		=item *
2616
2617		~~[NOT IMPLEMENTED AT THIS TIME]: isAlive();~~
2618
2619		~~Tests for existance of a file to verify if firewall has been started (not currently active)~~
2620
2621		~~I<Inputs>:~~
2622		~~B<$pidfile> is the name of the created PID file.~~
2623
2624		~~I<Output>: creation of file with resolved IP addresses.~~
2625
2626		~~=cut~~
2627
2628		~~sub isAlive {~~
2629		~~my ($pidfile) = "/var/run/firewall.pid";~~
2630		~~my $alive = "";~~
2631
2632		~~# we will be checking for the existance of a newly created firewall with the word ENABLED in it.~~
2633		~~if (-f $pidfile) {~~
2634		~~$alive = 1;~~
2635		~~} else {~~
2636		~~$alive = 0;~~
2637		}
2638		~~return ($alive);~~
2639		}
2640	2477
2641	2478	=pod
…	…
2825	2662	}
2826	2663
2827		~~=pod~~
2828
2829		=item *
2830
2831		~~[NOT IMPLEMENTED AT THIS TIME]: _sendMail() is a helper function that sends email to other systems informing them of various actions with the firewall.~~
2832
2833		~~_sendMail will send mail to the root account at localhost informing the root user of various firewall actions~~
2834		~~I<Inputs>:~~
2835		~~B<$from> is where the user is sending from~~
2836		~~B<$to> is where the user is sending to~~
2837		~~B<$subject> is the subject of the email~~
2838		~~B<$body> is content of the email~~
2839		~~I<Output>: returns nothing for now~~
2840
2841		~~=cut~~
2842
2843		~~sub _sendMail {~~
2844		~~my $from = shift;~~
2845		~~my $to = shift;~~
2846		~~my $subject = shift;~~
2847		~~my $body = shift;~~
2848		~~open(SM, "\|-", "/bin/mail", "-s", $subject, $to, "-f", $from) or~~
2849		~~die ("Error: Unable to send mail");~~
2850		~~print SM $body, "\n";~~
2851		~~close(SM) or die ("Error: Unable to send mail");~~
2852		}
2853
2854		~~=pod~~
2855
2856		=item *
2857
2858		~~[NOT IMPLEMENTED AT THIS TIME]: getcpuload is a function that gives you the cpuload of the OS firewall. This should help give a better understanding of how the~~
2859		~~firewall OS is running.~~
2860
2861		~~I<Inputs>:~~
2862		~~nothing~~
2863		~~I<Output>: cpu load of the OS FW~~
2864
2865		~~=cut~~
2866
2867		~~sub getcpuload {~~
2868		~~my ($class) = @_;~~
2869		~~# TODO: Make sure system call returns properly.~~
2870		~~my $uptime = `$UPTIME`;~~
2871		~~my $cpuLoad = 0;~~
2872		~~if ($uptime =~ /load average:\s+([\d\.]+)/) {~~
2873		~~$cpuLoad = $1;~~
2874		}
2875		~~return $cpuLoad;~~
2876		}
2877	2664
2878	2665	=pod
…	…
3023	2810	}
3024	2811
3025		~~=pod~~
3026
3027		=item *
3028
3029		~~fwOff() opens up our firewall.~~
3030
3031		~~I<Inputs>: n/a~~
3032		~~I<Output>: nothing~~
3033
3034		~~=cut~~
3035
3036		~~sub fwOff {~~
3037
3038		~~# package name~~
3039		~~my $class = shift;~~
3040
3041		~~# flush all entries in all chain and delete the chains~~
3042		~~_flushChains();~~
3043
3044		~~# turns off the firewall and sets the policy to the default chains (INPUT, OUTPUT, and FORWARD)~~
3045		~~# to ACCEPT~~
3046		~~_setAcceptPolicy();~~
3047		}
3048
3049		~~=pod~~
3050
3051		=item *
3052
3053		~~killProcess();~~
3054
3055		~~This is a function kills all systems process based on the command line name give via the remote call.~~
3056		~~It looks through the process table and removes all processes with that key name.~~
3057
3058		~~<Inputs>:~~
3059		~~no input~~
3060
3061		~~I<Output>: destruction of all Process IDs.~~
3062
3063		~~=cut~~
3064
3065		~~sub killProcess {~~
3066		~~use Proc::ProcessTable;~~
3067		~~my $class = shift;~~
3068		~~my $process = shift;~~
3069		~~my ($t, $p, $success) = "";~~
3070		~~$t = new Proc::ProcessTable;~~
3071		~~chomp($process);~~
3072		~~foreach my $p (@{ $t->table }) {~~
3073		~~if ($p->cmndline =~ /$process/) {~~
3074		~~$success = 1;~~
3075		~~print "Removing $process pid " . $p->pid . "\n";~~
3076		~~$p->kill(9) or die ("Error: Unable to kill process $process");~~
3077		}
3078		}
3079		~~return ($success);~~
3080		}
3081
3082		~~=pod~~
3083
3084		=item *
3085
3086		~~[NOT IMPLEMENTED AT THIS TIME]: checkDiskSize();~~
3087
3088		~~checkDiskSize() checks the size of the honeywall partitions and makes sure the disk does not fill up. If~~
3089		~~it reaches a certain level (90%), then it shoots off an email to root and logs it to hard disk.~~
3090
3091		~~I<Inputs>:~~
3092		~~no inputs~~
3093
3094		~~I<Output>: outputs the percentage of hard disk that is filled per partition.~~
3095
3096		~~=cut~~
3097
3098		~~sub checkDiskSize {~~
3099		~~my $class = shift;~~
3100		~~my $target = "90";~~
3101		~~my $disksize;~~
3102		~~my $sendmail = 1;~~
3103		~~my $MACHINE = `uname`;~~
3104		~~my $address = "root";~~
3105		~~my $linux = 0;~~
3106		~~my $mail = "/usr/bin/mail";~~
3107		~~my $df = "/bin/df";~~
3108		~~my $grep = "/bin/grep";~~
3109
3110		~~if ($MACHINE =~ m/Linux/i) {~~
3111		~~$linux = 1;~~
3112		~~} else {~~
3113		~~$linux = 0;~~
3114		}
3115		~~if ($linux) {~~
3116		~~my @partitions =~~
3117		~~qw(/dev/sda1 /dev/sda2 /dev/sda5 /dev/sda6 /dev/sda7 /dev/sda8 /dev/sda9);~~
3118		~~foreach my $part (@partitions) {~~
3119		~~# TODO: Check to make sure this system call returns properly.~~
3120		~~$disksize = `$df -k \| $grep $part \| cut -b53-54`;~~
3121		~~if ($disksize > 50) {~~
3122		~~print "$part\t$disksize%\n";~~
3123		~~} else {~~
3124		~~print "All filesystems are within their limits\n";~~
3125		}
3126		}
3127		}
3128		}
3129
3130		~~=pod~~
3131
3132		=item *
3133
3134		~~[NOT IMPLEMENTED AT THIS TIME]: isCompromised();~~
3135
3136		~~isCompromised() checks the iptables log files to see if there has been a compromise to one of the VM images.~~
3137
3138		~~I<Inputs>: hash reference($hashref)~~
3139
3140		~~I<Output>: none~~
3141
3142		~~=cut~~
3143
3144		~~sub isCompromised {~~
3145
3146		~~# check to see if /var/log/iptables file exists~~
3147		~~# if exists, parse all logs with TAG (hwall)~~
3148		~~# grab the VMID of all those entries~~
3149		~~# report back VMID(s) that could possibly be compromised~~
3150		~~# return VMID list~~
3151
3152		}
3153
3154
3155		~~=pod~~
3156
3157		=item *
3158
3159		~~checkLog();~~
3160
3161		~~checkLog() checks for network anomalies (MAC address spoofing) or any blocked outbound traffic that orginates from~~
3162		~~anywhere from the VM subnet.~~
3163
3164		~~I<Inputs>: hash reference($hashref)~~
3165
3166		~~I<Output>: none~~
3167
3168		~~=cut~~
3169
3170		~~sub checkLog {~~
3171		~~my $class = shift;~~
3172		~~my $hashref = shift;~~
3173		~~# my $filename = getVar(name => "iptableslog")~~
3174		~~my $vmname = _getVMName($hashref);~~
3175		~~my $filename = "/root/honeyclient/sandbox/alphaFW/test.log";~~
3176		~~# macCheck($hashref, $vmname, $filename);~~
3177		}
3178
3179		~~=pod~~
3180
3181		=item *
3182
3183		~~runTcpdump() - starts a tcpdump procces for a specified VM machine.~~
3184
3185		~~I<Inputs>: VM name and the source IP address of the image.~~
3186
3187		~~I<Output>: none~~
3188
3189		~~=cut~~
3190
3191		~~#sub runTcpdump {~~