Navigation

← Previous Changeset
Next Changeset →

Changeset 1128

Timestamp:

01/24/08 17:18:32 (7 months ago)

Author:

kindlund

Message:

Updated codebase to reflect Ruby API.

Files:

honeyclient/trunk/lib/HoneyClient/Manager.pm (modified) (8 diffs)
honeyclient/trunk/lib/HoneyClient/Manager/Database.pm (modified) (2 diffs)
honeyclient/trunk/lib/HoneyClient/Manager/VM/Clone.pm (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

honeyclient/trunk/lib/HoneyClient/Manager.pm

r1109	r1128
584	584	}
585	585	#XXX: Insert Urls. To be moved eventually.
586		#if ($DB_ENABLE && ($clientDbId > 0)) {
587		# $LOG->info("Saving Url History to Database.");
588		# insert_url_history(agent_state => $globalAgentState);
589		# HoneyClient::DB::Client->update(
590		# '-set' => {
591		# status => $HoneyClient::DB::Client::STATUS_CLEAN,
592		# },
593		# '-where' => {
594		# id => $clientDbId,
595		# }
596		# );
597		#}
	586	if ($DB_ENABLE && ($clientDbId > 0)) {
	587	$LOG->info("Saving URL History to Database.");
	588	insert_url_history(agent_state => $globalAgentState,
	589	client_id => $clientDbId);
	590
	591	# Mark the VM as suspended within the database.
	592	#my $num_urls_inserted = HoneyClient::Manager::Database::set_client_suspended($clientDbId);
	593	}
	594
598	595
599	596	# XXX: There is an issue where if we try to quit but are in the
…	…
713	710	$stubFW->allowAllTraffic();
714	711
715		~~# XXX: Remove these, eventually.~~
716		~~# $URL = HoneyClient::Manager::VM->init();~~
717		~~# print "VM Daemon Listening On: " . $URL . "\n";~~
718		#
719		~~# $stubVM = getClientHandle(namespace => "HoneyClient::Manager::VM",~~
720		~~# fault_handler => \&_handleFaultAndCleanup);~~
721
722		~~# print "Calling setMasterVM()...\n";~~
723		~~# $som = $stubVM->setMasterVM(config => $args{'master_vm_config'});~~
724		~~# print "Result: " . $som->result() . "\n";~~
725
726		~~# print "Calling quickCloneVM()...\n";~~
727		~~# $som = $stubVM->quickCloneVM();~~
728		~~# print "Result: " . $som->result() . "\n";~~
729		~~# $vmCloneConfig = $som->result();~~
730
731		~~# # Make sure the VM is fully cloned, before trying to make any subsequent calls.~~
732		~~# print "Calling isRegisteredVM()...\n";~~
733		~~# $som = $stubVM->isRegisteredVM(config => $vmCloneConfig);~~
734		~~# $ret = $som->result();~~
735
736		~~# if (defined($ret)) {~~
737		~~# print "Result: " . $ret . "\n";~~
738		~~# }~~
739
740		~~# while (!defined($ret)) {~~
741		~~# sleep (3);~~
742		~~# print "Calling isRegisteredVM()...\n";~~
743		~~# $som = $stubVM->isRegisteredVM(config => $vmCloneConfig);~~
744		~~# $ret = $som->result();~~
745		~~# if (defined($ret)) {~~
746		~~# print "Result: " . $ret . "\n";~~
747		~~# }~~
748		~~# }~~
749
750		~~# print "Calling getStateVM()...\n";~~
751		~~# $som = $stubVM->getStateVM(config => $vmCloneConfig);~~
752		~~# $vmState = $som->result();~~
753		#
754		~~# if ($vmState == VM_EXECUTION_STATE_ON) {~~
755		~~# print "ON\n";~~
756		~~# } elsif ($vmState == VM_EXECUTION_STATE_OFF) {~~
757		~~# print "OFF\n";~~
758		~~# } elsif ($vmState == VM_EXECUTION_STATE_SUSPENDED) {~~
759		~~# print "SUSPENDED\n";~~
760		~~# } elsif ($vmState == VM_EXECUTION_STATE_STUCK) {~~
761		~~# print "STUCK\n";~~
762		~~# } else {~~
763		~~# print "UNKNOWN\n";~~
764		~~# }~~
765
766		~~# while ($vmState != VM_EXECUTION_STATE_ON) {~~
767		~~# sleep (3);~~
768		#
769		~~# print "Calling getStateVM()...\n";~~
770		~~# $som = $stubVM->getStateVM(config => $vmCloneConfig);~~
771		~~# $vmState = $som->result();~~
772		#
773		~~# if ($vmState == VM_EXECUTION_STATE_ON) {~~
774		~~# print "ON\n";~~
775		~~# } elsif ($vmState == VM_EXECUTION_STATE_OFF) {~~
776		~~# print "OFF\n";~~
777		~~# } elsif ($vmState == VM_EXECUTION_STATE_SUSPENDED) {~~
778		~~# print "SUSPENDED\n";~~
779		~~# } elsif ($vmState == VM_EXECUTION_STATE_STUCK) {~~
780		~~# print "STUCK\n";~~
781		~~# } else {~~
782		~~# print "UNKNOWN\n";~~
783		~~# }~~
784		~~# }~~
785
786		~~# print "Calling getMACaddrVM()...\n";~~
787		~~# $som = $stubVM->getMACaddrVM(config => $vmCloneConfig);~~
788		~~# print "Result: " . $som->result() . "\n";~~
789		~~# $vmMAC = $som->result();~~
790
791		~~# # Figure out when the Agent on the VM is alive and well.~~
792		~~# $ret = undef;~~
793		~~# my $logMsgPrinted = 0;~~
794		~~# while (!$ret) {~~
795		~~# sleep (3);~~
796		~~# print "Calling getIPaddrVM()...\n";~~
797		~~# $som = $stubVM->getIPaddrVM(config => $vmCloneConfig);~~
798		~~# if (defined($som->result())) {~~
799		~~# print "Result: " . $som->result() . "\n";~~
800		~~# }~~
801		~~# $vmIP = $som->result();~~
802		#
803		~~# print "Calling getNameVM()...\n";~~
804		~~# $som = $stubVM->getNameVM(config => $vmCloneConfig);~~
805		~~# print "Result: " . $som->result() . "\n";~~
806		~~# $vmName = $som->result();~~
807		#
808		~~# if (defined($vmIP) && defined($vmName)) {~~
809		~~# if (!$logMsgPrinted) {~~
810		~~# $LOG->info("Created clone VM (" . $vmName . ") using IP (" . $vmIP . ") and MAC (" . $vmMAC . ").");~~
811		~~# $logMsgPrinted = 1;~~
812		~~# }~~
813		#
814		~~# # Try contacting the Agent; ignore any faults.~~
815		~~# $SUPPRESS_ERRORS = 1;~~
816		~~# $stubAgent = getClientHandle(namespace => "HoneyClient::Agent",~~
817		~~# address => $vmIP,~~
818		~~# fault_handler => \&_handleFault);~~
819		#
820		~~# eval {~~
821		~~# print "Calling getStatus()...\n";~~
822		~~# $som = $stubAgent->getStatus();~~
823		~~# $ret = thaw(decode_base64($som->result()));~~
824		~~# print "Result:\n";~~
825		~~# # Make Dumper format more verbose.~~
826		~~# $Data::Dumper::Terse = 0;~~
827		~~# $Data::Dumper::Indent = 2;~~
828		~~# print Dumper($ret);~~
829		#
830		~~# };~~
831		~~# # Clear returned state, if any fault occurs.~~
832		~~# if ($@) {~~
833		~~# $ret = undef;~~
834		~~# }~~
835		~~# $SUPPRESS_ERRORS = 0;~~
836		~~# }~~
837		~~# }~~
838
839	712	# Create a new cloned VM.
840	713	$vm = HoneyClient::Manager::VM::Clone->new();
…	…
843	716	if ($DB_ENABLE) {
844	717	eval {
845		$clientDbId = dbRegisterClient($vm->name);
	718	dbRegisterClient($vm);
	719	$clientDbId = $vm->database_id;
846	720	};
847		if ($@ \|\| ($~~clientDbId == 0~~)) {
848		$~~clientDbId = 0~~; #$DB_FAILURE
	721	if ($@ \|\| ($vm->database_id == 0) \|\| !defined($vm->database_id)) {
	722	$vm->database_id(0); #$DB_FAILURE
849	723	$LOG->warn("Failure Inserting Client Object:\n$@");
850	724	}
…	…
927	801	# Check to see if the VM has been compromised.
928	802	print "WARNING: VM HAS BEEN COMPROMISED!\n";
929		~~# $LOG->info("Calling suspendVM(config => " . $vmCloneConfig . ").");~~
930		~~# $som = $stubVM->suspendVM(config => $vmCloneConfig);~~
931		~~# HoneyClient::Manager::VM->destroy();~~
932	803	my $vmName = $vm->name;
933	804	$vmCompromised = 1;
…	…
955	826	$LOG->info("Archiving VM...");
956	827	$vm->archive();
	828
	829	# Insert Compromised Fingerprint into DB.
	830	if ($DB_ENABLE && ($vm->database_id > 0)) {
	831	# Put URL History in database.
	832	$LOG->info("Saving URL History to Database.");
	833	insert_url_history(agent_state => $args{'agent_state'},
	834	client_id => $vm->database_id);
	835
	836	# Delete the 'last_resource' attribute.
	837	delete $fingerprint->{last_resource};
	838
	839	# Associate the client who has this fingerprint.
	840	$fingerprint->{client_id} = $vm->database_id;
	841
	842	$LOG->info("Inserting Fingerprint Into Database.");
	843	my $fingerprint_id = undef;
	844	eval {
	845	$fingerprint_id = HoneyClient::Manager::Database::insert_fingerprint($fingerprint);
	846	};
	847	if ($@ \|\| ($fingerprint_id == 0) \|\| !defined($fingerprint_id)) {
	848	$LOG->warn("Failure Inserting Fingerprint Object:\n$@");
	849	}
	850
	851	$LOG->info("Database Insert Successful.");
	852	}
	853	# Make sure VM is suspended.
957	854	$vm = undef;
958	855
959		~~# Insert Compromised Fingerprint into DB.~~
960		~~#if ($DB_ENABLE && ($clientDbId > 0)) {~~
961		~~# #XXX: This should occurr as a resource is accessed and will be moved. Also should be in Browser code.~~
962		~~# # Put Honeyclient Link History in database.~~
963		~~# $LOG->info("Saving Url History to Database.");~~
964		~~# $args{'agent_state'} = insert_url_history(agent_state => $args{'agent_state'});~~
965		~~# $globalAgentState = $args{'agent_state'};~~
966		#
967		~~# # Remove the compromise time from the fingerprint. This is to be added to the Client Object~~
968		~~# delete $fingerprint->{last_resource};~~
969		~~# my $compromise_time = HoneyClient::DB::Time->new(delete($fingerprint->{'compromise_time'}));~~
970		~~# $LOG->info("Inserting Fingerprint Into Database.");~~
971		~~# my $fp = HoneyClient::DB::Fingerprint->new($fingerprint);~~
972		~~# my $fpId = $fp->insert();~~
973		~~# my $ctId = $compromise_time->insert();~~
974		~~# HoneyClient::DB::Client->update(~~
975		~~# '-set' => {~~
976		~~# status => $HoneyClient::DB::Client::STATUS_COMPROMISED,~~
977		~~# fingerprint => $fpId,~~
978		~~# compromise_time => $ctId,~~
979		~~# },~~
980		~~# '-where' => {~~
981		~~# id => $clientDbId,~~
982		~~# }~~
983		~~# );~~
984		~~# $LOG->info("Database Insert Successful.");~~
985		#}
986	856	return; # Return out of eval block.
987	857	} else {
…	…
994	864	$LOG->info("All URLs exhausted. Shutting down Manager.");
995	865	$vm = undef;
996		~~# Get a local copy of the configuration and kill the global copy.~~
997		~~# my $vmCfg = $vmCloneConfig;~~
998		~~# $vmCloneConfig = undef;~~
999		~~# $LOG->info("Calling suspendVM(config => " . $vmCfg . ").");~~
1000		~~# $stubVM->suspendVM(config => $vmCfg);~~
1001	866	print "Done!\n";
1002	867	_cleanup();
…	…
1071	936	# Extract arguments.
1072	937	my %args = @_;
1073
	938
1074	939	my $agent_state = thaw(decode_base64($args{'agent_state'}));
1075
1076		my $state;
1077		my $agent_driver;
	940	my $agent_driver = undef;
1078	941	foreach my $driver (keys %$agent_state) {
1079	942	if ($agent_state->{$driver}) {
1080		$state = $agent_state->{$driver};
1081		$agent_driver = $driver;
	943	$agent_driver = $driver;
1082	944	last;
1083	945	}
1084	946	}
1085	947
1086		foreach my $i (keys %link_categories) {
1087		my @url_history;
1088		while (my ($url,$url_time) = each(%{$state->{$link_categories{$i}}})) {
1089		# Don't insert already inserted URLs into DB.
1090		if (!$url_time) {
1091		next;
1092		}
1093		# Some ignored links are the result of invalid Urls. Preprocess to avoid errors.
1094		my $url_obj = HoneyClient::DB::Url->new($url);
1095		next if (!$url_obj);
1096		my $u = HoneyClient::DB::Url::History->new({
1097		url => $url_obj,
1098		visited => $url_time,
1099		status => $i,
1100		});
1101		push @url_history,$u;
1102		# For all sucessfully inserted URLs, set their timestamps to 0.
1103		$agent_state->{$agent_driver}->{$link_categories{$i}}->{$url} = 0;
1104		}
1105
1106		# Update the History item to reflect the Client it belongs to.
1107		# get_col_name is used to get the foreign key column associated w/ the url_history array
1108		HoneyClient::DB::Client->append_children(
1109		'-parent_id' => $clientDbId,
1110		'url_history' => \@url_history,
1111		);
1112		$LOG->info("Inserted Urls of type ".$link_categories{$i});
1113		}
1114
1115		return encode_base64(nfreeze($agent_state));
	948	# Set the client ID.
	949	$agent_state->{$agent_driver}->{'client_id'} = $args{'client_id'};
	950
	951	# XXX: Delete this, eventually.
	952	use Data::Dumper;
	953	$LOG->info("agent_state = " . Data::Dumper::Dumper($agent_state));
	954
	955	my $num_urls_inserted = HoneyClient::Manager::Database::insert_history_urls($agent_state->{$agent_driver});
	956	$LOG->info($num_urls_inserted . " URL(s) Inserted.");
1116	957	}
1117	958
1118	959	sub dbRegisterClient {
1119		my $vm~~Name~~ = shift;
	960	my $vm = shift;
1120	961	my $dt = DateTime::HiRes->now();
1121	962
1122		~~$LOG->info("Attempting to Register Client $vmName.");~~
1123
1124	963	# Register the VM with the DB
1125
1126		~~#my $clientObj = HoneyClient::DB::Client->new({~~
1127		~~# system_id => $vmName,~~
1128		~~# status => $HoneyClient::DB::Client::STATUS_RUNNING,~~
1129		~~# # TODO: Collect host,application, and config through automation/config files~~
1130		~~# host => {~~
1131		~~# organization => 'MITRE',~~
1132		~~# host_name => Sys::Hostname::Long::hostname_long,~~
1133		~~# ip_address => Sys::HostIP->ip,~~
1134		~~# },~~
1135		~~# client_app => {~~
1136		~~# manufacturer => 'Microsoft',~~
1137		~~# name => 'Internet Explorer',~~
1138		~~# major_version => '6',~~
1139		~~# },~~
1140		~~# config => {~~
1141		~~# name => 'Default Windows XP SP2',~~
1142		~~# os_name => 'Microsoft Windows',~~
1143		~~# os_version => 'XP Professional',~~
1144		~~# os_patches => [{~~
1145		~~# name => 'Service Pack 2',~~
1146		~~# }],~~
1147		~~# },~~
1148		~~# start_time => $dt->ymd('-').'T'.$dt->hms(':'),~~
1149		~~#});~~
1150		~~#return $clientObj->insert();~~
1151
1152	964	my $client = {
1153		cid => $vmName,
	965	cid => $vm->name,
1154	966	status => 'running',
1155	967	# TODO: Collect host,application, and config through automation/config files
…	…
1174	986	start => $dt->ymd('-').'T'.$dt->hms(':'),
1175	987	};
1176		return HoneyClient::Manager::Database::insert("Client", $client);
1177
	988	$vm->database_id(HoneyClient::Manager::Database::insert_client($client));
1178	989	}
1179	990

honeyclient/trunk/lib/HoneyClient/Manager/Database.pm

r1124	r1128
1	1	use strict;
2	2
3		use YAML ~~qw'freeze thaw Bless'~~;
	3	use YAML;
4	4	use XML::RPC;
	5	use Carp qw();
	6	use Data::Dumper;
	7	use Data::Structure::Util;
5	8
6	9	package HoneyClient::Manager::Database;
…	…
10	13	sub AUTOLOAD {
11	14	my $obj = shift;
12		my $obj_yaml = YAML::freeze(~~$obj~~);
	15	my $obj_yaml = YAML::freeze(Data::Structure::Util::unbless($obj));
13	16	my $name = $AUTOLOAD;
14	17	$name =~ s/.*://;
15	18
16		my $xmlrpc = XML::RPC->new('http://localhost:3000/hc_database/api');
17		return $xmlrpc->call($name,$obj_yaml);
	19	my $xmlrpc = XML::RPC->new('http://172.16.164.103:3000/hc_database/api');
	20
	21	my $ret = $xmlrpc->call($name,$obj_yaml);
	22
	23	# XXX: Make this more robust.
	24	# Need to check if arguments are like "faultCode" or "errString", I believe.
	25	# Error checking.
	26	if (ref($ret) eq "HASH") {
	27	Carp::croak("Error: " . Data::Dumper::Dumper($ret));
	28	}
	29
	30	return $ret;
18	31	}
19	32
20	33	sub insert {
21	34	my ($class,$obj) = @_;
22		my $obj_yaml = ~~freeze($obj~~);
	35	my $obj_yaml = YAML::freeze(Data::Structure::Util::unbless($obj));
23	36
24	37	# Execute insert via XML-RPC and return id
25	38	eval {
26		my $xmlrpc = XML::RPC->new('http://~~localhost~~:3000/hc_database/api');
	39	my $xmlrpc = XML::RPC->new('http://172.16.164.103:3000/hc_database/api');
27	40	return $xmlrpc->call("insert",$class,$obj_yaml);
28	41	};

honeyclient/trunk/lib/HoneyClient/Manager/VM/Clone.pm

r1064	r1128
382	382
383	383	The name of the cloned VM.
	384
	385	=back
	386
	387	=head2 database_id
	388
	389	=over 4
	390
	391	The ID of the VM data, if it is stored within a database.
384	392
385	393	=back
…	…
839	847	# A variable containing the name the cloned VM.
840	848	name => undef,
	849
	850	# A variable containing the database identifier, if any is specified.
	851	database_id => undef,
841	852
842	853	# A SOAP handle to the VM manager daemon. (This internal variable

Download in other formats:

Powered by Trac 0.10.4
By Edgewall Software.

Privacy Policy | Terms of Use | Contact Us
This project is sponsored by The MITRE Corporation. Applying systems engineering and advanced technology to critical national problems.
Copyright © 2004-2008, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only. MITRE has no control over content on external sites unless noted.