Changeset 328

Timestamp:

05/06/07 20:43:06 (1 year ago)

Author:

kindlund

Message:

merged filesystem exp branch back into trunk

Files:

• honeyclient/trunk/etc/honeyclient.xml (modified) (4 diffs)
• honeyclient/trunk/lib/HoneyClient/Agent.pm (modified) (9 diffs)
• honeyclient/trunk/lib/HoneyClient/Agent/Driver.pm (modified) (2 diffs)
• honeyclient/trunk/lib/HoneyClient/Agent/Driver/Browser.pm (modified) (4 diffs)
• honeyclient/trunk/lib/HoneyClient/Agent/Driver/Browser/FF.pm (modified) (1 diff)
• honeyclient/trunk/lib/HoneyClient/Agent/Driver/Browser/IE.pm (modified) (1 diff)
• honeyclient/trunk/lib/HoneyClient/Agent/Integrity.pm (modified) (9 diffs)
• honeyclient/trunk/lib/HoneyClient/Agent/Integrity/Filesystem.pm (copied) (copied from honeyclient/branches/exp/kindlund-filesystem/lib/HoneyClient/Agent/Integrity/Filesystem.pm)
• honeyclient/trunk/lib/HoneyClient/Agent/Integrity/Registry.pm (modified) (12 diffs)
• honeyclient/trunk/lib/HoneyClient/Agent/Integrity/Registry/Parser.pm (modified) (2 diffs)
• honeyclient/trunk/lib/HoneyClient/Agent/Integrity/Registry/Parser.yp (modified) (2 diffs)
• honeyclient/trunk/lib/HoneyClient/Manager.pm (modified) (2 diffs)
• honeyclient/trunk/lib/HoneyClient/Manager/FW.pm (modified) (2 diffs)
• honeyclient/trunk/lib/HoneyClient/Manager/VM.pm (modified) (10 diffs)
• honeyclient/trunk/lib/HoneyClient/Util/Config.pm (modified) (2 diffs)
• honeyclient/trunk/lib/HoneyClient/Util/SOAP.pm (modified) (2 diffs)
• honeyclient/trunk/t/honeyclient_agent_integrity.t (modified) (2 diffs)
• honeyclient/trunk/t/honeyclient_agent_integrity_filesystem.t (copied) (copied from honeyclient/branches/exp/kindlund-filesystem/t/honeyclient_agent_integrity_filesystem.t)
• honeyclient/trunk/t/honeyclient_manager_vm.t (modified) (8 diffs)
• honeyclient/trunk/t/testVM (deleted)
• honeyclient/trunk/t/test_filesystem (copied) (copied from honeyclient/branches/exp/kindlund-filesystem/t/test_filesystem)
• honeyclient/trunk/t/test_vm (copied) (copied from honeyclient/branches/exp/kindlund-filesystem/t/test_vm)

honeyclient/trunk/etc/honeyclient.xml

@@ -69 +69 @@
-            <!-- TODO: Update this. -->
-            <timeout description="How long the Driver waits during a drive operation, before timing out (in seconds)." default="60">
-1
+2
-            </timeout>
-            <Browser>
@@ -125 +125 @@
-        <!-- HoneyClient::Agent::Integrity Options -->
-        <Integrity>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
-                /tmp/changes.txt
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-            <Registry>
+                <hives_to_check description="List of registry hives to analyze.">
+                    <name>HKEY_LOCAL_MACHINE</name>
+                    <name>HKEY_CLASSES_ROOT</name>
+                    <name>HKEY_CURRENT_USER</name>
+                    <name>HKEY_USERS</name>
+                    <name>HKEY_CURRENT_CONFIG</name> 
+                </hives_to_check>
+                <exclude_list description="List of perl regular expressions, each matching one or more registry key directory names to exclude from analysis.  These entries match registry key directories that change normally during the course of driving the target application.  As such, they are excluded from analysis in order to reduce false positives.  As in normal regular expressions, each backslash (\) must be escaped (\\) and each regex must not end with any backslash character.">
+                    <regex>^HKEY_CURRENT_USER\\SessionInformation.*$</regex>
+                    <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IntelliForms$</regex>
+                    <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International$</regex>
+                    <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International\\CpMRU$</regex>
+                    <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main$</regex>
+                    <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security\\AntiPhishing.*$</regex>
+                    <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\TypedURLs$</regex>
+                    <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MenuOrder\\Favorites\\Links.*$</regex>
+                    <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MenuOrder\\Start Menu2\\Programs.*$</regex>
+                    <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume.*$</regex>
+                    <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\.+\\Count.*$</regex>
+                    <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\.*$</regex>
+                    <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections.*$</regex>
+                    <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache.*$</regex>
+                    <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\DUIBags\\ShellFolders\\.*$</regex>
+                    <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU.*$</regex>
+                    <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache.*$</regex>
+                    <regex>^HKEY_CURRENT_USER\\Volatile Environment$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Macromedia$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Macromedia\\FlashPlayer$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\RNG$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\BITS$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Group Policy\\State\\Machine\\Extension-List\\.*$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Group Policy\\State\\S.+\\Extension-List\\.*$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\.*$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Auto Update.*$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\.*$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Prefetcher$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon\\Settings$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet.+\\Services\\.+\\Parameters\\Tcpip.*$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet.+\\Services\\Dhcp\\Parameters.*$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet.+\\Services\\Eventlog\\Application\\ESENT.*$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet.+\\Services\\SharedAccess\\Epoch.*$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet.+\\Services\\Tcpip\\Parameters\\Interfaces\\.*$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Dhcp\\Parameters.*$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Eventlog\\Application\\ESENT.*$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Epoch$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\.*$</regex>
+                    <regex>^HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.+\\Parameters\\Tcpip.*$</regex>
+                    <regex>^HKEY_USERS\\.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\.+\\Count.*$</regex>
+                    <regex>^HKEY_USERS\\.+\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU.*$</regex>
+                    <regex>^HKEY_USERS\\.+\\UNICODE Program Groups.*$</regex>
+                    <regex>^HKEY_USERS\\S.+\\SessionInformation$</regex>
+                    <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Internet Explorer\\IntelliForms$</regex>
+                    <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Internet Explorer\\International$</regex>
+                    <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Internet Explorer\\International\\CpMRU$</regex>
+                    <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Internet Explorer\\Main$</regex>
+                    <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Internet Explorer\\Security\\AntiPhishing.*$</regex>
+                    <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Internet Explorer\\TypedURLs$</regex>
+                    <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MenuOrder\\Favorites\\Links.*$</regex>
+                    <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MenuOrder\\Start Menu2\\Programs.*$</regex>
+                    <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume.*$</regex>
+                    <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\.*$</regex>
+                    <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections.*$</regex>
+                    <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache.*$</regex>
+                    <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\ShellNoRoam\\DUIBags\\ShellFolders\\.*$</regex>
+                    <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache.*$</regex>
+                </exclude_list>
-                <!-- HoneyClient::Agent::Integrity::Registry::Test Options -->
-                <Test>
@@ -304 +396 @@
-        <!-- HoneyClient::Manager::VM Options -->
-        <VM>
-            <!-- TODO: Update this. -->
-            <!-- Note: This port should be unique and not already in use by other modules, services, or daemons running on the host system. -->
-            <port description="The TCP port number that the SOAP server for all Manager modules will listen on for requests." default="8089">
-                8089
-            </port>
-            <!-- TODO: Update this. -->
-            <datastore_path description="The absolute path to the parent directory, where all HoneyClient VM data is stored on the host server.  It is assumed that individual VM data is stored in separate subdirectories within this parent directory." default="/vm">
-                /vm
-            </datastore_path>
-            <!-- TODO: Update this. -->
-            <snapshot_path description="The absolute path to the directory that contains all snapshot data, associated with every HoneyClient VM." default="/vm/snapshots">
-                /vm/snapshots
-            </snapshot_path>
-            <!-- TODO: Update this. -->
-            <vmware_port description="The TCP port that VMware Server / GSX uses for console communication.  By default, this TCP port is 902.  Unless you've explicitly changes this port during the vmware-config.pl setup process, leave this setting as the default." default="902">
-                902
-            </vmware_port>
-            <!-- TODO: Update this. -->
-            <bin_tar description="The absolute path to the 'tar' executable, accessible on the host filesystem." default="/bin/tar">
-                /bin/tar
-            </bin_tar>
-            <!-- TODO: Update this. -->
-            <vm_id_length description="The length of each corresponding VM identifier (VMID).  This value can be any integer between 1 and 32, inclusive.  The VMID is a hexadecimal string that represents the VM's name.  It is designed to be generated once per clone and remain for the life of the VM (regardless of where it runs).  The VMID is used externally by HoneyClient::Manager and HoneyClient::Manager::FW.  The HoneyClient::Manager::FW package uses IPTables and binds each rule to a specific VMID.  However, IPTable's firewall rule labels can only be a maximum of 30 characters in length.  Thus, 26 is specified here, to account for 'VMID-OUT' as a possible chain name." default="26">
-                26
-            </vm_id_length>
-            <!-- TODO: Update this. -->
-            <dhcp_log description="The absolute path to the file that contains the DHCP logs, when a new VM gets a DHCP lease from the VMware Server / GSX server." default="/var/log/messages">
-                /var/log/messages
@@ -340 +425 @@
-                    are *only* used for unit testing.
-                -->
-VM
-VM
+_vm
+_vm
-                </test_vm_config>
-            </Test>

honeyclient/trunk/lib/HoneyClient/Agent.pm

@@ -9 +9 @@
-# @author knwang, ttruong, kindlund
-#
-6
+7
-#
-# This program is free software; you can redistribute it and/or
@@ -163 +163 @@
-
-# Make sure Storable loads.
-
+freeze 
-require_ok('Storable');
+can_ok('Storable', 'freeze');
-can_ok('Storable', 'nfreeze');
-can_ok('Storable', 'thaw');
-
+freeze 
-
-# Make sure MIME::Base64 loads.
@@ -209 +210 @@
-# Include Hash Serialization Utility Libraries
-# TODO: Update unit tests to include 'dclone'
-
+freeze 
-$Storable::Deparse = 1;
-$Storable::Eval = 1;
@@ -242 +243 @@
-# initialized integrity state of the VM -- ready to be checked
-# against, at any time.
+our $integrity = undef;
-our $integrityState : shared = undef;
-
@@ -369 +371 @@
-    # Perform initial integrity baseline check.
-    #my $integrity = undef;
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
-
-    # Release data lock.
@@ -730 +733 @@
-                    # As such, do NOT try to call integrity checks on multiple, simultaneous
-                    # asynchronous threaded drivers.
-#
+
-                    # Perform initial integrity baseline check.
-
+#
-                    # TODO: Initialize Integrity Checks
-
-
-
-
-
-
-
+
-                }
-
@@ -815 +812 @@
-                    # Check to see if our driver's targets have changed.
-                    $driverTargetsChanged = not(Compare($data->{$driverName}->{'next'}->{'targets'}, $driver->next()->{'targets'}));
+                    # XXX: Delete this, eventually.
+                    if ($driverTargetsChanged) {
+                        print "Driver targets have changed.\n";
+                        #$Data::Dumper::Terse = 0;
+                        #$Data::Dumper::Indent = 1;
+                        #print "Current: " . Dumper($data->{$driverName}->{'next'}->{'targets'}) . "\n";
+                        #print "Next: " . Dumper($driver->next()->{'targets'}) . "\n";
+                    }
-
-                    # Copy object data to shared memory.
@@ -843 +848 @@
-                    # the $data->{$driverName}->{'status'} sub-hashtable.
-                    print "Performing Integrity Checks...\n";
-
+
+
+
-                        print "Integrity Check: FAILED\n";
-                        $data->{$driverName}->{'status'}->{'is_compromised'} = 1;
@@ -1156 +1163 @@
-=head1 COPYRIGHT & LICENSE
-
-6
+7
-
-This program is free software; you can redistribute it and/or

honeyclient/trunk/lib/HoneyClient/Agent/Driver.pm

@@ -10 +10 @@
-# @author knwang, ttruong, kindlund
-#
-6
+7
-#
-# This program is free software; you can redistribute it and/or
@@ -713 +713 @@
-=head1 COPYRIGHT & LICENSE
-
-6
+7
-
-This program is free software; you can redistribute it and/or

honeyclient/trunk/lib/HoneyClient/Agent/Driver/Browser.pm

@@ -11 +11 @@
-# @author knwang, kindlund, stephenson
-#
-6
+7
-#
-# This program is free software; you can redistribute it and/or
@@ -476 +476 @@
-
-    # Comma-separated string containing the good words and bad words for link scoring purposes
+    # TODO: Need to fix this to support proper XML list elements.
-    goodwords => getVar(name => "goodwords", namespace => "HoneyClient::Agent::Driver::Browser"),
-    badwords => getVar(name => "badwords", namespace => "HoneyClient::Agent::Driver::Browser"),
@@ -1023 +1024 @@
-    # Check our internal relative links counter.
-    if ($self->_remaining_number_of_relative_links_to_visit == 1) {
+
+        # XXX: Delete this, eventually.
+        print "Resetting relative links to visit counter.\n";
+
-        # The counter has reached one, so drop all other relative links
-        # found, to force the driver to go to a new website.
@@ -1578 +1583 @@
-=head1 COPYRIGHT & LICENSE
-
-6
+7
-
-This program is free software; you can redistribute it and/or

honeyclient/trunk/lib/HoneyClient/Agent/Driver/Browser/FF.pm

@@ -7 +7 @@
-#              HoneyClient VM.
-#
+# CVS: $Id$
+#
-# @author knwang, xkovah, kindlund, ttruong
-#
-6
+7
-#
-# This program is free software; you can redistribute it and/or

honeyclient/trunk/lib/HoneyClient/Agent/Driver/Browser/IE.pm

@@ -11 +11 @@
-# @author knwang, ttruong, kindlund, stephenson
-#
-6
+7
-#
-# This program is free software; you can redistribute it and/or

honeyclient/trunk/lib/HoneyClient/Agent/Integrity.pm

@@ -1 +1 @@
-################################################################################
-# Created on:  June 01, 2006
-
+::Integrity
-# File:        Integrity.pm
-# Description: Module for checking the system integrity for possible
-#              modifications.
-#
-@author knwang, xkovah, ttruong
+CVS: $Id$
-#
-
+
+
+
-#
-# This program is free software; you can redistribute it and/or
@@ -31 +33 @@
-=head1 NAME
-
-
-
-
-
+
+
-
-=head1 VERSION
-
-
+
-
-=head1 SYNOPSIS
-
+  use HoneyClient::Agent::Integrity;
+  use Data::Dumper;
+
+  # Create the Integrity object.  Upon creation, the object will
+  # be initialized, by performing a baseline of the Agent VM OS.
+  my $integrity = HoneyClient::Agent::Integrity->new();
+
+  # ... Some time elapses ...
+
+  # Check the Agent VM, for any violations.
+  my $changes = $integrity->check();
+
+  if (!defined($changes)) {
+      print "No integrity violations have occurred.\n";
+  } else {
+      print "System integrity has been compromised:\n";
+      print Dumper($changes);
+  }
+
+  # $changes refers to an array of hashtable references, where
+  # each hashtable has the following format:
+  #
+  # $changes = {
+  #     registry => [ {
+  #         # The registry directory name.
+  #         'key' => 'HKEY_LOCAL_MACHINE\Software...',
+  #
+  #         # Indicates if the registry directory was deleted,
+  #         # added, or changed.
+  #         'status' => 'deleted' | 'added' | 'changed',
+  # 
+  #         # An array containing the list of entries within the
+  #         # registry directory that have been deleted, added, or
+  #         # changed.  If this array is empty, then the corresponding
+  #         # registry directory in the original and new hives contained
+  #         # no entries.
+  #         'entries'  => [ {
+  #             'name' => "\"string\"",  # A (potentially) quoted string; 
+  #                                      # "@" for default
+  #             'new_value' => "string", # New string; maybe undef, if deleted
+  #             'old_value' => "string", # Old string; maybe undef, if added
+  #         }, ],
+  #    }, ],
+  #
+  #    filesystem => [ {
+  #         # Indicates if the filesystem entry was deleted,
+  #         # added, or changed.
+  #         'status' => 'deleted' | 'added' | 'changed',
+  #
+  #         # If the entry has been added/changed, then this 
+  #         # hashtable contains the file/directory's new information.
+  #         'new' => {
+  #             'name'  => 'C:\WINDOWS\SYSTEM32...',
+  #             'size'  => 1263, # in bytes
+  #             'mtime' => 1178135092, # modification time, seconds since epoch
+  #         },
+  #
+  #         # If the entry has been deleted/changed, then this
+  #         # hashtable contains the file/directory's old information.
+  #         'old' => {
+  #             'name'  => 'C:\WINDOWS\SYSTEM32...',
+  #             'size'  => 802, # in bytes
+  #             'mtime' => 1178135028, # modification time, seconds since epoch
+  #         },
+  #   }, ],
+  # }
+
+=head1 DESCRIPTION
+
+# TODO: This text needs to change.
+
-=head2 INITIALIZATION
+
+# TODO: This text needs to change.
-
-In order to properly check the system, a snapshot must be taken of a known-good
@@ -61 +134 @@
-
-=head2 CHECKING
+
+# TODO: This text needs to change.
-
-Checking the filesystem entails running mostly the same code as the initialization
@@ -92 +167 @@
-use Carp ();
-
-=pod
-
-=begin testing
-
-# Make sure HoneyClient::Agent::Integrity loads.
-BEGIN { use_ok('HoneyClient::Agent::Integrity', qw(initAll checkAll initRegistry checkRegistry initFileSystem checkFileSystem)) or diag("Can't load HoneyClient::Util::Config package.  Check to make sure the package library is correctly listed within the path."); }
-require_ok('HoneyClient::Agent::Integrity');
-#can_ok('HoneyClient::Agent::Integrity', 'new');
-can_ok('HoneyClient::Agent::Integrity', 'initAll');
-can_ok('HoneyClient::Agent::Integrity', 'checkAll');
-can_ok('HoneyClient::Agent::Integrity', 'initFileSystem');
-can_ok('HoneyClient::Agent::Integrity', 'checkFileSystem');
-use HoneyClient::Agent::Integrity qw(initAll checkAll initFileSystem checkFileSystem);
-
-# Make sure HoneyClient::Util::Config loads.
-BEGIN { use_ok('HoneyClient::Util::Config', qw(getVar)) or diag("Can't load HoneyClient::Util::Config package.  Check to make sure the package library is correctly listed within the path."); }
-require_ok('HoneyClient::Util::Config');
-can_ok('HoneyClient::Util::Config', 'getVar');
-use HoneyClient::Util::Config qw(getVar);
-
-# Make sure File::Find loads.
-BEGIN { use_ok('File::Find', qw(find)) or diag("Can't load File::Find package.  Check to make sure the package library is correctly listed within the path."); }
-require_ok('File::Find');
-can_ok('File::Find', 'find');
-use File::Find;
-
-# Make sure Digest::MD5 loads.
-#BEGIN { use_ok('Digest::MD5', qw(new)) or diag("Can't load Digest::MD5 package.  Check to make sure the package library is correctly listed within the path."); }
-#require_ok('Digest::MD5');
-#use Digest::MD5;
-
-# Make sure MIME::Base64 loads.
-BEGIN { use_ok('MIME::Base64', qw(encode_base64 decode_base64)) or diag("Can't load MIME::Base64 package.  Check to make sure the package library is correctly listed within the path."); }
-require_ok('MIME::Base64');
-can_ok('MIME::Base64', 'encode_base64');
-can_ok('MIME::Base64', 'decode_base64');
-use MIME::Base64 qw(encode_base64 decode_base64);
-
-# Make sure Storable loads.
-BEGIN { use_ok('Storable', qw(dclone nfreeze thaw)) or diag("Can't load Storable package.  Check to make sure the package library is correctly listed within the path."); }
-require_ok('Storable');
-can_ok('Storable', 'dclone');
-can_ok('Storable', 'nfreeze');
-can_ok('Storable', 'thaw');
-use Storable qw(dclone nfreeze thaw);
-
-###Testing Globals###
-# Directory where the known-good test files are stored
-$test_dir = getVar(name => "test_dir");
-
-# List of files and directories to check during filesystem checking
-$file_checklist = getVar(name => "file_checklist");
-
-# List of files or directories to exclude if found in subdirs during
-# filesystem check.
-$file_exclude = getVar(name => "file_exclude");
-
-# File where found changes are written to
-$change_file = getVar(name => "change_file");
-
-=end testing
-
-=cut
-
-# Include Global Configuration Processing Library
-use HoneyClient::Util::Config qw(getVar);
+
+# Include the Registry Checking Library
-use HoneyClient::Agent::Integrity::Registry;
-
-
-
-
+
+
+
+
+
-use Storable qw(nfreeze thaw dclone);
-$Storable::Deparse = 1;
-$Storable::Eval = 1;
+
+# Use Dumper Library
-use Data::Dumper;
-
+
+
+
+
+
+
+
-
-BEGIN {
@@ -180 +203 @@
-
-    # Symbols to export on request
-new initAll checkAll
+ 
-
-    # Items to export into callers namespace by default. Note: do not export
@@ -186 +209 @@
-    # Do not simply export all your public functions/methods/constants.
-
+    # This allows declaration use HoneyClient::Agent::Integrity ':all';
+    # If you do not need this, moving things directly into @EXPORT or @EXPORT_OK
+    # will save memory.
+
+    %EXPORT_TAGS = (
+        'all' => [ qw( ) ],
+    );
+
-    # Symbols to autoexport (:DEFAULT tag)
-
-
+
+
+
-}
-our (@EXPORT_OK, $VERSION);
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-);
-
-
-
-
-
-
-
-
-
-
-