Changeset 1104
- Timestamp:
- 01/11/08 15:46:34 (7 months ago)
- Files:
-
- honeyclient/trunk/lib/HoneyClient/Manager.pm (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
honeyclient/trunk/lib/HoneyClient/Manager.pm
r1084 r1104 301 301 require HoneyClient::DB::Url::History; 302 302 require HoneyClient::DB::Time; 303 304 305 303 %link_categories = ( 304 $HoneyClient::DB::Url::History::STATUS_VISITED => 'links_visited', 305 $HoneyClient::DB::Url::History::STATUS_TIMED_OUT => 'links_timed_out', 306 306 # For the time being, ignored links will not be inserted. 307 # 308 307 # $HoneyClient::DB::Url::History::STATUS_IGNORED => 'links_ignored', 308 ); 309 309 } 310 310 … … 581 581 $dump_file->close(); 582 582 } 583 584 585 586 587 588 589 590 591 592 593 594 595 583 #XXX: Insert Urls. To be moved eventually. 584 #if ($DB_ENABLE && ($clientDbId > 0)) { 585 $LOG->info("Saving Url History to Database."); 586 insert_url_history(agent_state => $globalAgentState); 587 HoneyClient::DB::Client->update( 588 '-set' => { 589 status => $HoneyClient::DB::Client::STATUS_CLEAN, 590 }, 591 '-where' => { 592 id => $clientDbId, 593 } 594 ); 595 } 596 596 597 597 # XXX: There is an issue where if we try to quit but are in the … … 708 708 # Open up the firewall initially, to allow the Agent to do an SVN update. 709 709 #FIXME: This needs to be more limited for the multi-vm case, and should probably 710 711 710 # just be included by making the default rules require no action 711 $stubFW->allowAllTraffic(); 712 712 713 713 # XXX: Remove these, eventually. … … 957 957 # Insert Compromised Fingerprint into DB. 958 958 if ($DB_ENABLE && ($clientDbId > 0)) { 959 960 961 962 959 #XXX: This should occurr as a resource is accessed and will be moved. Also should be in Browser code. 960 # Put Honeyclient Link History in database. 961 $LOG->info("Saving Url History to Database."); 962 $args{'agent_state'} = insert_url_history(agent_state => $args{'agent_state'}); 963 963 $globalAgentState = $args{'agent_state'}; 964 964 965 966 967 965 # Remove the compromise time from the fingerprint. This is to be added to the Client Object 966 delete $fingerprint->{last_resource}; 967 my $compromise_time = HoneyClient::DB::Time->new(delete($fingerprint->{'compromise_time'})); 968 968 $LOG->info("Inserting Fingerprint Into Database."); 969 969 my $fp = HoneyClient::DB::Fingerprint->new($fingerprint); … … 1070 1070 my %args = @_; 1071 1071 1072 1073 1074 1075 1076 1077 1078 1072 my $agent_state = thaw(decode_base64($args{'agent_state'})); 1073 1074 my $state; 1075 my $agent_driver; 1076 foreach my $driver (keys %$agent_state) { 1077 if ($agent_state->{$driver}) { 1078 $state = $agent_state->{$driver}; 1079 1079 $agent_driver = $driver; 1080 1081 1082 1083 1084 1085 1086 1080 last; 1081 } 1082 } 1083 1084 foreach my $i (keys %link_categories) { 1085 my @url_history; 1086 while (my ($url,$url_time) = each(%{$state->{$link_categories{$i}}})) { 1087 1087 # Don't insert already inserted URLs into DB. 1088 1088 if (!$url_time) { 1089 1089 next; 1090 1090 } 1091 1092 1093 1094 1095 1096 1097 1098 1099 1091 # Some ignored links are the result of invalid Urls. Preprocess to avoid errors. 1092 my $url_obj = HoneyClient::DB::Url->new($url); 1093 next if (!$url_obj); 1094 my $u = HoneyClient::DB::Url::History->new({ 1095 url => $url_obj, 1096 visited => $url_time, 1097 status => $i, 1098 }); 1099 push @url_history,$u; 1100 1100 # For all sucessfully inserted URLs, set their timestamps to 0. 1101 1102 1101 $agent_state->{$agent_driver}->{$link_categories{$i}}->{$url} = 0; 1102 } 1103 1103 1104 1104 # Update the History item to reflect the Client it belongs to. 1105 1105 # get_col_name is used to get the foreign key column associated w/ the url_history array 1106 1107 1108 1109 1110 1111 1112 1113 1106 HoneyClient::DB::Client->append_children( 1107 '-parent_id' => $clientDbId, 1108 'url_history' => \@url_history, 1109 ); 1110 $LOG->info("Inserted Urls of type ".$link_categories{$i}); 1111 } 1112 1113 return encode_base64(nfreeze($agent_state)); 1114 1114 } 1115 1115 … … 1120 1120 $LOG->info("Attempting to Register Client $vmName."); 1121 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1122 # Register the VM with the DB 1123 my $clientObj = HoneyClient::DB::Client->new({ 1124 system_id => $vmName, 1125 status => $HoneyClient::DB::Client::STATUS_RUNNING, 1126 # TODO: Collect host,application, and config through automation/config files 1127 host => { 1128 organization => 'MITRE', 1129 host_name => Sys::Hostname::Long::hostname_long, 1130 ip_address => Sys::HostIP->ip, 1131 }, 1132 client_app => { 1133 manufacturer => 'Microsoft', 1134 name => 'Internet Explorer', 1135 major_version => '6', 1136 }, 1137 config => { 1138 name => 'Default Windows XP SP2', 1139 os_name => 'Microsoft Windows', 1140 os_version => 'XP Professional', 1141 os_patches => [{ 1142 name => 'Service Pack 2', 1143 }], 1144 }, 1145 start_time => $dt->ymd('-').'T'.$dt->hms(':'), 1146 }); 1147 return $clientObj->insert(); 1148 1148 } 1149 1149
