Changeset 802
- Timestamp:
- 08/09/07 16:29:16 (1 year ago)
- Files:
-
- honeyclient/branches/exp/mbriggs-db/LICENSE (modified) (5 diffs)
- honeyclient/branches/exp/mbriggs-db/bin/StartManager.pl (modified) (2 diffs)
- honeyclient/branches/exp/mbriggs-db/bin/run.sh (modified) (1 diff)
- honeyclient/branches/exp/mbriggs-db/create_pkg_dir.pl (modified) (4 diffs)
- honeyclient/branches/exp/mbriggs-db/create_pkg_makefile.pl (modified) (4 diffs)
- honeyclient/branches/exp/mbriggs-db/etc/honeyclient.xml (modified) (9 diffs)
- honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Agent.pm (modified) (24 diffs)
- honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Agent/Driver.pm (modified) (7 diffs)
- honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Agent/Driver/Browser.pm (modified) (33 diffs)
- honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Agent/Driver/Browser/FF.pm (modified) (8 diffs)
- honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Agent/Driver/Browser/IE.pm (modified) (7 diffs)
- honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Agent/Integrity.pm (modified) (6 diffs)
- honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Agent/Integrity/Filesystem.pm (modified) (4 diffs)
- honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Agent/Integrity/Registry.pm (modified) (7 diffs)
- honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Agent/Integrity/Registry/Parser.pm (modified) (11 diffs)
- honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Agent/Integrity/Registry/Parser.yp (modified) (11 diffs)
- honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/DB.pm (modified) (2 diffs)
- honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Manager.pm (modified) (11 diffs)
- honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Manager/FW.pm (modified) (4 diffs)
- honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Manager/VM.pm (modified) (6 diffs)
- honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Manager/VM/Clone.pm (modified) (12 diffs)
- honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Util/Config.pm (modified) (5 diffs)
- honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Util/SOAP.pm (modified) (3 diffs)
- honeyclient/branches/exp/mbriggs-db/t/honeyclient_agent.t (modified) (2 diffs)
- honeyclient/branches/exp/mbriggs-db/t/honeyclient_agent_driver_browser_ie.t (modified) (1 diff)
- honeyclient/branches/exp/mbriggs-db/t/honeyclient_manager_vm.t (modified) (2 diffs)
- honeyclient/branches/exp/mbriggs-db/t/honeyclient_util_config.t (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
honeyclient/branches/exp/mbriggs-db/LICENSE
r13 r802 1 2 1 GNU GENERAL PUBLIC LICENSE 2 Version 2, June 1991 3 3 4 4 Copyright (C) 1989, 1991 Free Software Foundation, Inc. … … 7 7 of this license document, but changing it is not allowed. 8 8 9 9 Preamble 10 10 11 11 The licenses for most software are designed to take away your … … 57 57 modification follow. 58 58 59 59 GNU GENERAL PUBLIC LICENSE 60 60 TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 61 … … 256 256 of promoting the sharing and reuse of software generally. 257 257 258 258 NO WARRANTY 259 259 260 260 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY … … 278 278 POSSIBILITY OF SUCH DAMAGES. 279 279 280 280 END OF TERMS AND CONDITIONS honeyclient/branches/exp/mbriggs-db/bin/StartManager.pl
r594 r802 24 24 # They can however supply multiple urls which will be processed in order 25 25 26 my $driver = "IE"; 27 my $config = "/vm/master-vms/Agent.Master-22/winXPPro.cfg"; 28 my $maxrel = 10; 26 # Change to 'HoneyClient::Agent::Driver::Browser::IE' or 27 # 'HoneyClient::Agent::Driver::Browser::FF' 28 my $driver = "HoneyClient::Agent::Driver::Browser::IE"; 29 my $config = undef; 30 my $maxrel = -1; 29 31 my $nexturl = ""; 30 32 my $urllist= ""; … … 60 62 61 63 my $agentState = HoneyClient::Manager->run( 62 driver => $driver, # Change to 'IE' or 'FF'64 driver => $driver, 63 65 master_vm_config => $config, 64 66 agent_state => encode_base64(nfreeze({ 65 $driver => { # Change to 'IE' or 'FF'67 $driver => { 66 68 next_link_to_visit => $firsturl, 67 # Enable this line, if you want to only go to the68 # first 5 links for each domain.69 69 max_relative_links_to_visit => $maxrel, 70 70 links_to_visit => \%remaining_urls, honeyclient/branches/exp/mbriggs-db/bin/run.sh
r467 r802 1 1 #!/bin/bash 2 3 # $Id: run.sh 783 2007-07-30 17:43:19Z kindlund $ 2 4 3 5 echo "Starting up Agent - (Hit CTRL-C multiple times to exit.)" 4 6 5 7 # Remove all old /tmp/* entries. 6 rm /tmp/* 8 rm /tmp/* > /dev/null 2>&1 7 9 8 10 IP=$(/cygdrive/c/Program\ Files/VMware/VMware\ Tools/VMip.exe -get) honeyclient/branches/exp/mbriggs-db/create_pkg_dir.pl
r16 r802 1 1 #!/usr/bin/perl 2 3 # $Id: create_pkg_dir.pl 787 2007-07-30 19:02:18Z kindlund $ 4 2 5 use warnings; 3 6 use strict; … … 16 19 17 20 # Directories to include in the distribution 18 my %inc_dirs = (etc => $src_path . '/etc', 19 bin => $src_path . '/bin', 20 inc => 'thirdparty/inc',); 21 my %inc_dirs = (etc => $src_path . '/etc', 22 bin => $src_path . '/bin', 23 inc => 'thirdparty/inc', 24 'thirdparty' => 'thirdparty', 25 't' => 't', 26 ); 21 27 #--------------------------------------# 22 28 … … 63 69 find({wanted => \&process, no_chdir => 1} ,"$src_path/$path/$module"); 64 70 71 # Copy the LICENSE and INSTALL files. 72 my_copy("LICENSE",$pkg_name,1); 73 my_copy("INSTALL",$pkg_name,1); 74 65 75 l(''); 66 76 } … … 103 113 }#}}} 104 114 115 105 116 # All of the calls are the same, and I wanted to unclutter the above code 106 117 sub my_copy { #{{{ honeyclient/branches/exp/mbriggs-db/create_pkg_makefile.pl
r13 r802 1 1 #!/usr/bin/perl 2 3 # $Id: create_pkg_makefile.pl 783 2007-07-30 17:43:19Z kindlund $ 4 2 5 # Remember to add $name to this, or else it will not work 3 6 use warnings; … … 37 40 find(\&process,'lib'); 38 41 foreach( sort keys %requires){ 39 printf FILE "requires\t %s => %s;\n",$_,$requires{$_};42 printf FILE "requires\t'%s' => '%s';\n",$_,$requires{$_}; 40 43 } 41 44 } … … 49 52 print FILE "license\t\t'gpl';\n"; 50 53 print FILE "perl_version\t'5.006';\n"; 54 print FILE "author\t\t'MITRE Honeyclient Project <honeyclient\@mitre.org>';\n"; 51 55 52 56 … … 61 65 get_dependencies(join("::",@name)); 62 66 print FILE "\n"; 67 print FILE "no_index\t'directory' => 'etc';\n"; 68 print FILE "no_index\t'directory' => 'inc';\n"; 69 print FILE "no_index\t'directory' => 'thirdparty';\n"; 70 print FILE "\n"; 63 71 print FILE "auto_install;\n"; 64 72 print FILE "WriteAll;\n"; honeyclient/branches/exp/mbriggs-db/etc/honeyclient.xml
r596 r802 68 68 9000 69 69 </port> 70 <allowed_drivers description="List of implemented Drivers that the Agent is allowed to run directly."> 71 <name>HoneyClient::Agent::Driver::Browser::IE</name> 72 <name>HoneyClient::Agent::Driver::Browser::FF</name> 73 </allowed_drivers> 70 74 <!-- HoneyClient::Agent::Driver Options --> 71 75 <Driver> … … 74 78 20 75 79 </timeout> 80 <ActiveContent> 81 <enable description="Enables active content parsing. 1 enables, 0 disables." default="1"> 82 1 83 </enable> 84 <Flash> 85 <flasm_exec description="Path to the flasm executable." default="thirdparty/flasm/flasm.exe"> 86 thirdparty/flasm/flasm.exe 87 </flasm_exec> 88 </Flash> 89 </ActiveContent> 76 90 <Browser> 77 91 <!-- HoneyClient::Agent::Driver::IE Options --> 78 92 <!-- TODO: Update this. --> 79 93 <ignore_links_timed_out description="If this parameter is 1, then the browser will never attempt to revisit any links that caused the browser to initially time out." default="0"> 80 81 94 1 95 </ignore_links_timed_out> 82 96 <!-- TODO: Update this. --> 83 97 <process_name description="The name of the Internet Explorer application process, as it appears in the Task Manager." default="iexplore.exe"> 84 85 98 iexplore.exe 99 </process_name> 86 100 <max_relative_links_to_visit description="An integer, representing the maximum number of relative links that the browser should visit, before moving onto another website. If negative, then the browser will exhaust all possible relative links found, before moving on. This functionality is best effort; it's possible for the browser to visit new links on previously visited websites." default="-1"> 87 -1 88 </max_relative_links_to_visit> 89 <goodwords description="A comma-separated list of good words which will increase the score of links within a webpage." default=""> 90 news,new,big,latest,main,update,sell,free,buy 91 </goodwords> 92 <badwords description="A comma-separated list of bad words which will decrease the score of links within a webpage." default=""> 93 archive,privacy,legal,disclaim,about,contact,copyright,jobs,careers 94 </badwords> 101 -1 102 </max_relative_links_to_visit> 103 <positive_words description="If a link contains any number of these words, then its probability of being visited (its score) will increase."> 104 <word>news</word> 105 <word>new</word> 106 <word>big</word> 107 <word>latest</word> 108 <word>main</word> 109 <word>update</word> 110 <word>sell</word> 111 <word>free</word> 112 <word>buy</word> 113 <word>science</word> 114 </positive_words> 115 <negative_words description="If a link contains any number of these words, then its probability of being visited (its score) will decrease."> 116 <word>archive</word> 117 <word>privacy</word> 118 <word>legal</word> 119 <word>disclaim</word> 120 <word>about</word> 121 <word>contact</word> 122 <word>copyright</word> 123 <word>jobs</word> 124 <word>careers</word> 125 </negative_words> 95 126 <IE> 96 <!-- HoneyClient::Agent::Driver::IE Options --> 97 <!-- TODO: Update this. --> 98 <ignore_links_timed_out description="If this parameter is 1, then the browser will never attempt to revisit any links that caused the browser to initially time out." default="0"> 99 1 100 </ignore_links_timed_out> 101 <!-- TODO: Update this. --> 102 <process_name description="The name of the Internet Explorer application process, as it appears in the Task Manager." default="iexplore.exe"> 103 iexplore.exe 104 </process_name> 105 <max_relative_links_to_visit description="An integer, representing the maximum number of relative links that the browser should visit, before moving onto another website. If negative, then the browser will exhaust all possible relative links found, before moving on. This functionality is best effort; it's possible for the browser to visit new links on previously visited websites." default="-1"> 106 -1 107 </max_relative_links_to_visit> 127 <!-- HoneyClient::Agent::Driver::Browser::IE Options --> 128 <process_exec description="The absolute path to the Internet Explorer application process, as it sits in the VM filesystem." default="C:\Program Files\Internet Explorer\iexplore.exe"> 129 C:\Program Files\Internet Explorer\iexplore.exe 130 </process_exec> 131 <process_name description="The name of the Internet Explorer executable, as it appears on the VM filesystem." default="iexplore.exe"> 132 iexplore.exe 133 </process_name> 108 134 </IE> 109 135 <FF> 110 <max_relative_links_to_visit description="An integer, representing the maximum number of relative links that the browser should visit, before moving onto another website. If negative, then the browser will exhaust all possible relative links found, before moving on. This functionality is best effort; it's possible for the browser to visit new links on previously visited websites." default="-1"> 111 5 112 </max_relative_links_to_visit> 113 <!-- http://gatekeeper-w.mitre.org:80 --> 114 <http_proxy description="Set to your HTTP Proxy if you have one, otherwise set to 'none'"> 115 none 116 </http_proxy> 117 <ff_exec description="path to the firefox executable (default install path is C:\Program Files\Mozilla Firefox\firefox.exe)"> 118 C:\Program Files\Mozilla Firefox\firefox.exe 119 </ff_exec> 136 <!-- HoneyClient::Agent::Driver::Browser::FF Options --> 137 <process_exec description="The absolute path to the Mozilla Firefox application process, as it sits in the VM filesystem." default="C:\Program Files\Mozilla Firefox\firefox.exe"> 138 C:\Program Files\Mozilla Firefox\firefox.exe 139 </process_exec> 140 <process_name description="The name of the Mozilla Firefox executable, as it appears on the VM filesystem." default="firefox.exe"> 141 firefox.exe 142 </process_name> 120 143 </FF> 121 144 </Browser> … … 171 194 <regex>C:/WINDOWS/SYSTEM32/wbem.*</regex> 172 195 <regex>C:/WINDOWS/WindowsUpdate.log</regex> 196 <regex>C:/WINDOWS/wmsetup.log</regex> 173 197 <!-- To exclude entries inside cygwin, use the following format. --> 174 198 <regex>/cygdrive/c/cygwin/tmp.*</regex> … … 209 233 <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MenuOrder\\Favorites\\Links.*$</regex> 210 234 <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MenuOrder\\Start Menu2\\Programs.*$</regex> 211 <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2 \\CPC\\Volume.*$</regex>235 <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2.*$</regex> 212 236 <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU.*$</regex> 213 237 <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\.+\\Count.*$</regex> … … 218 242 <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\BagMRU.*$</regex> 219 243 <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache.*$</regex> 244 <regex>^HKEY_CURRENT_USER\\Software\\Microsoft\\Windows Media\\WMSDK\\General.*$</regex> 220 245 <regex>^HKEY_CURRENT_USER\\Volatile Environment$</regex> 221 246 <regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Macromedia$</regex> 222 247 <regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Macromedia\\FlashPlayer$</regex> 223 248 <regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\RNG$</regex> 249 <regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Dfrg\\BootOptimizeFunction$</regex> 250 <regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Direct3D\\MostRecentApplication$</regex> 224 251 <regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PCHealth\\PchSvc$</regex> 225 252 <regex>^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\.*$</regex> … … 257 284 <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MenuOrder\\Favorites\\Links.*$</regex> 258 285 <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MenuOrder\\Start Menu2\\Programs.*$</regex> 259 <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2 \\CPC\\Volume.*$</regex>286 <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2.*$</regex> 260 287 <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU.*$</regex> 261 288 <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\.*$</regex> … … 264 291 <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\ShellNoRoam\\DUIBags\\ShellFolders\\.*$</regex> 265 292 <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache.*$</regex> 293 <regex>^HKEY_USERS\\S.+\\Software\\Microsoft\\Windows Media\\WMSDK\\General.*$</regex> 266 294 </exclude_list> 267 295 <!-- HoneyClient::Agent::Integrity::Registry::Test Options --> … … 296 324 </Agent> 297 325 <!-- HoneyClient::DB Options --> 298 299 300 301 302 303 1 27.0.0.1304 305 306 307 308 309 310 311 326 <DB> 327 <enable description="Enables database operations. 1 enables, 0 disables." default="0"> 328 1 329 </enable> 330 <host description="The system providing the HoneyClient database. If the database is installed on the same host system as the Manager, then localhost should be used." default="127.0.0.1"> 331 172.16.164.1 332 </host> 333 <dbname description="The name of the HoneyClient database." default="HoneyClient"> 334 HoneyClient 335 </dbname> 336 <user description="The username to use, when connecting to the HoneyClient database."> 337 honeyclient_user 338 </user> 339 <pass description="The password to use, when connecting to the HoneyClient database."> 312 340 honeyclient_password 313 314 315 316 317 341 </pass> 342 <port description="The default TCP port number used to communicate with the database." default="3306"> 343 3306 344 </port> 345 </DB> 318 346 <Manager> 319 347 <!-- TODO: Update this. --> … … 431 459 <VM> 432 460 <master_vm_config description="The full absolute path to the VM configuration file on the host system that will be used by all subsequent cloned VMs."> 433 /vm/master-vms/Agent.Master-2 0/winXPPro.cfg461 /vm/master-vms/Agent.Master-23/winXPPro.cfg 434 462 </master_vm_config> 435 463 <port description="The TCP port number that the SOAP server of the VM daemon will listen on for requests. Note: This port should be unique and not already be used by other modules, services, or daemons running on the host system." default="8089"> honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Agent.pm
r536 r802 38 38 =head1 VERSION 39 39 40 0.9 740 0.99 41 41 42 42 =head1 SYNOPSIS … … 76 76 # Defines which functions can be called externally. 77 77 require Exporter; 78 our (@ISA, @EXPORT, @EXPORT_OK, %EXPORT_TAGS, $VERSION , @DRIVERS);78 our (@ISA, @EXPORT, @EXPORT_OK, %EXPORT_TAGS, $VERSION); 79 79 80 80 # Set our package version. 81 $VERSION = 0.9 7;81 $VERSION = 0.99; 82 82 83 83 @ISA = qw(Exporter); 84 84 85 # Symbols to export on request85 # Symbols to export automatically 86 86 @EXPORT = qw(); 87 87 … … 98 98 ); 99 99 100 # Symbols to autoexport ( :DEFAULT tag)100 # Symbols to autoexport (when qw(:all) tag is used) 101 101 @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } ); 102 102 … … 110 110 $Config{useithreads} or Carp::croak "Error: Recompile Perl with ithread support, in order to use this module.\n"; 111 111 112 # Registered driver list.113 # TODO: Eventually, make this more dynamic, based upon the presence of HoneyClient::Agent::Driver::* elements114 # within the global configuration file. Or, feed the initialization logic through init() as part of the arguments.115 @DRIVERS = ( 'IE' );116 foreach (@DRIVERS) {117 eval "use HoneyClient::Agent::Driver::Browser::$_";118 if ($@) {119 Carp::croak "$@";120 }121 }122 123 112 $SIG{PIPE} = 'IGNORE'; # Do not exit on broken pipes. 124 113 } 125 our (@EXPORT_OK, $VERSION , @DRIVERS);114 our (@EXPORT_OK, $VERSION); 126 115 127 116 =pod … … 150 139 use HoneyClient::Util::Config qw(getVar); 151 140 152 # TODO: Change Driver::IE to Driver::Browser::IE 153 # Make sure HoneyClient::Agent::Driver::IE loads. 154 BEGIN { use_ok('HoneyClient::Agent::Driver::IE') or diag("Can't load HoneyClient::Agent::Driver::IE package. Check to make sure the package library is correctly listed within the path."); } 155 require_ok('HoneyClient::Agent::Driver::IE'); 156 can_ok('HoneyClient::Agent::Driver::IE', 'new'); 157 can_ok('HoneyClient::Agent::Driver::IE', 'drive'); 158 can_ok('HoneyClient::Agent::Driver::IE', 'getNextLink'); 159 can_ok('HoneyClient::Agent::Driver::IE', 'next'); 160 can_ok('HoneyClient::Agent::Driver::IE', 'isFinished'); 161 can_ok('HoneyClient::Agent::Driver::IE', 'status'); 162 use HoneyClient::Agent::Driver::IE; 141 # TODO: Include FF 142 # Make sure HoneyClient::Agent::Driver::Browser::IE loads. 143 BEGIN { use_ok('HoneyClient::Agent::Driver::Browser::IE') or diag("Can't load HoneyClient::Agent::Driver::Browser::IE package. Check to make sure the package library is correctly listed within the path."); } 144 require_ok('HoneyClient::Agent::Driver::Browser::IE'); 145 # TODO: Update this list of function names. 146 can_ok('HoneyClient::Agent::Driver::Browser::IE', 'new'); 147 can_ok('HoneyClient::Agent::Driver::Browser::IE', 'drive'); 148 can_ok('HoneyClient::Agent::Driver::Browser::IE', 'getNextLink'); 149 can_ok('HoneyClient::Agent::Driver::Browser::IE', 'next'); 150 can_ok('HoneyClient::Agent::Driver::Browser::IE', 'isFinished'); 151 can_ok('HoneyClient::Agent::Driver::Browser::IE', 'status'); 152 use HoneyClient::Agent::Driver::Browser::IE; 163 153 164 154 # Make sure Storable loads. … … 241 231 our $DAEMON_PID : shared = undef; 242 232 243 # Global static value, to indicate if the Agent should perform 233 # Global array, to indicate which implemented Drivers the 234 # Agent is allowed to run. 235 our $ALLOWED_DRIVERS = getVar(name => 'allowed_drivers')->{name}; 236 237 # Global value, to indicate if the Agent should perform 244 238 # any integrity checks. 245 239 our $PERFORM_INTEGRITY_CHECKS : shared = … … 353 347 } 354 348 349 # Figure out what our list of allowed Drivers are. 350 $ALLOWED_DRIVERS = getVar(name => 'allowed_drivers')->{name}; 351 355 352 # Acquire data lock. 356 353 _lock(); … … 358 355 # Initialize the $driverData shared hashtable. 359 356 my $data = { }; 360 for my $driverName (@DRIVERS) { 361 362 # TODO: Figure out which drivers' data to initialize, based upon 363 # which driver argument hashtables were provided. Then keep 364 # that list in a globally, defined array. 365 357 for my $driverName (@{$ALLOWED_DRIVERS}) { 358 359 eval "use $driverName"; 360 if ($@) { 361 $LOG->fatal($@); 362 Carp::croak $@; 363 } 364 366 365 $data->{$driverName} = { 367 366 'state' => undef, … … 590 589 591 590 # Figure out the corresponding driver name. 592 my @package = split(/::/, ref($driver)); 593 my $driverName = pop(@package); 591 my $driverName = ref($driver); 594 592 595 593 # Extract the corresponding queue. … … 630 628 =pod 631 629 632 =head1 EX PORTS633 634 =head2 run( )630 =head1 EXTERNAL SOAP FUNCTIONS 631 632 =head2 run(driver_name => $driverName) 635 633 636 634 =over 4 637 635 636 Runs the Agent for one cycle. In this cycle, the following happens: 637 638 =over 4 639 640 =item 1) 641 642 The specified Driver is driven for multiple work units, where each 643 consecutive drive operation contacts the same network resources 644 (aka. "targets"). The Driver ceases its operation, as soon as 645 it has exhausted all targets or until it is ready to contact a 646 different set of targets. 647 648 =item 2) 649 650 Once the specified driver has stopped, the Agent performs a corresponding 651 Integrity check. 652 653 =back 654 638 655 # XXX: Fill this in. 639 656 640 657 I<Inputs>: 641 B<$ arg> is an optional argument.642 SOAP server to listen on.658 B<$driverName> is the name of the Driver to use, when running this 659 cycle. 643 660 644 I<Output>: XXX: Fill this in. 661 I<Output>: Returns true if the Agent successfully started a new cycle; 662 returns false, if the Agent is still running an existing cycle and 663 has not finished yet. 664 665 I<Notes>: 666 During a single run() cycle, it is expected that the driven application 667 will only contact the same targets. This allows the Manager to update 668 firewall rules between cycles. 645 669 646 670 =back 647 671 648 =begin testing649 672 #=begin testing 673 # 650 674 # XXX: Fill this in. 651 1; 652 653 =end testing 675 # 676 #=end testing 654 677 655 678 =cut … … 657 680 sub run { 658 681 # Extract arguments. 682 my ($class, %args) = @_; 683 684 # Log resolved arguments. 685 $LOG->debug(sub { 686 # Make Dumper format more terse. 687 $Data::Dumper::Terse = 1; 688 $Data::Dumper::Indent = 0; 689 Dumper(\%args); 690 }); 691 692 # Sanity check. Make sure we get a valid argument. 693 my $argsExist = scalar(%args); 694 if (!$argsExist || 695 !exists($args{'driver_name'}) || 696 !defined($args{'driver_name'})) { 697 698 # Die if no valid argument is supplied. 699 $LOG->warn("No Driver name specified."); 700 die SOAP::Fault->faultcode(__PACKAGE__ . "->run()") 701 ->faultstring("No Driver name specified."); 702 } 703 704 # Sanity check. Make sure the driver name specified is 705 # on our allowed list. 706 my @drivers_found = grep(/^$args{'driver_name'}$/, @{$ALLOWED_DRIVERS}); 707 my $driverName = pop(@drivers_found); 708 unless (defined($driverName)) { 709 $LOG->warn("Not allowed to run Driver (" . $args{'driver_name'} . ")."); 710 die SOAP::Fault->faultcode(__PACKAGE__ . "->run()") 711 ->faultstring("Not allowed to run Driver (" . $args{'driver_name'} . ")."); 712 } 659 713 660 714 # Temporary variable, used to hold thawed driver data. … … 667 721 my $thread = undef; 668 722 669 # TODO: Eventually, use the globally defined array 670 # of actual drivers used (set by init()). 671 for my $driverName (@DRIVERS) { 723 if (defined($driverName)) { 672 724 673 725 # Acquire data lock. … … 678 730 679 731 # XXX: Delete this, eventually. 680 print "Checking TID = " . Dumper($tid) . "\n";732 print $driverName . " - Checking TID = " . Dumper($tid) . "\n"; 681 733 if (defined(threads->object($tid))) { 682 print "Thread defined.\n";734 print $driverName . " - Thread defined.\n"; 683 735 if (threads->object($tid)->is_running()) { 684 print "Thread is running.\n";736 print $driverName . " - Thread is running.\n"; 685 737 } else { 686 print "Thread is NOT running.\n";738 print $driverName . " - Thread is NOT running.\n"; 687 739 } 688 740 } else { 689 print "Thread NOT defined.\n";741 print $driverName . " - Thread NOT defined.\n"; 690 742 } 691 743 … … 702 754 } else { 703 755 # XXX: Remove this, eventually. 704 print "Creating a new run() child thread...\n";756 print $driverName . " - Creating a new run() child thread...\n"; 705 757 } 706 758 … … 736 788 if ($thread->is_running()) { 737 789 # XXX: Debugging, remove eventually. 738 print "Thread ID = " . $thread->tid() . "\n";790 print $driverName . " - Thread ID = " . $thread->tid() . "\n"; 739 791 } else { 740 792 # XXX: Debugging, remove eventually. 741 print "Thread ID = " . $thread->tid() . " (NOT RUNNING)\n";793 print $driverName . " - Thread ID = " . $thread->tid() . " (NOT RUNNING)\n"; 742 794 } 743 795 … … 747 799 748 800 # XXX: Debugging, remove eventually. 749 print "Run thread initialized.\n";801 print "Run thread(s) initialized.\n"; 750 802 751 803 # At this point, the driver thread is initialized and running, … … 801 853 # Now, initialize each driver object. 802 854 # Figure out which $driver object to use... 803 my $driverClass = 'HoneyClient::Agent::Driver::Browser::' .$driverName;855 my $driverClass = $driverName; 804 856 805 857 if (!defined($data->{$driverName}->{'state'})) { … … 848 900 # We assume $driver->next() returns defined data. 849 901 foreach my $resource (keys %{$driver->next()->{resources}}) { 850 $LOG->info( "Driving To Resource: " . $resource);902 $LOG->info($driverName . " - Driving To Resource: " . $resource); 851 903 $lastResource = $resource; 852 904 } … … 866 918 # XXX: Delete this, eventually. 867 919 if ($driverTargetsChanged) { 868 $LOG->info( "Driver targets have changed.");920 $LOG->info($driverName . " - Driver targets have changed."); 869 921 #$Data::Dumper::Terse = 0; 870 922 #$Data::Dumper::Indent = 1; … … 884 936 } 885 937 886 # TODO: Perform Integrity Check 938 # Perform Integrity Check 939 # XXX: We may want this logic moved out of the child thread, 940 # in case we ever have more than one worker thread simultaneously going. 941 # (We wouldn't want to have 2 worker threads simultaneously performing 942 # this check, as VM performance would slow to a crawl.) 887 943 my $isCompromised = 0; 888 944 my $changes = undef; … … 890 946 # For now, we update a scalar called 'is_compromised' within 891 947 # the $data->{$driverName}->{'status'} sub-hashtable. 892 $LOG->info( "Performing Integrity Checks.");948 $LOG->info($driverName . " - Performing Integrity Checks."); 893 949 $changes = $integrity->check(); 894 950 if (scalar(@{$changes->{registry}}) || 895 951 scalar(@{$changes->{filesystem}})) { 896 $LOG->warn( "Integrity Check: FAILED");952 $LOG->warn($driverName . " - Integrity Check: FAILED"); 897 953 $isCompromised = 1; 898 954 $changes->{'last_resource'} = $lastResource; 899 955 } else { 900 $LOG->info( "Integrity Check: PASSED");956 $LOG->info($driverName . " - Integrity Check: PASSED"); 901 957 } 902 958 } … … 936 992 937 993 # TODO: Do proper fault queuing. 938 $LOG->error( "FAULT: " . $@);994 $LOG->error($driverName . " - FAULT: " . $@); 939 995 } 940 996 941 997 # XXX: Debugging, remove eventually. 942 print "About to return out of child thread.\n";998 print $driverName . " - About to return out of child thread.\n"; 943 999 if (!threads->is_detached()) { 944 1000 threads->detach(); … … 994 1050 995 1051 # Figure out which driver to use. 996 for my $driverName (@ DRIVERS) {1052 for my $driverName (@{$ALLOWED_DRIVERS}) { 997 1053 998 1054 # If the corresponding key within the argument … … 1034 1090 # Initialize the driver object. 1035 1091 # Figure out which $driver object to use... 1036 my $driverClass = 'HoneyClient::Agent::Driver::Browser::' .$driverName;1092 my $driverClass = $driverName; 1037 1093 1038 1094 if (!defined($data->{$driverName}->{'state'})) { honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Agent/Driver.pm
r515 r802 38 38 =head1 VERSION 39 39 40 This documentation refers to HoneyClient::Agent::Driver version 0.9 7.40 This documentation refers to HoneyClient::Agent::Driver version 0.99. 41 41 42 42 =head1 SYNOPSIS … … 120 120 121 121 # Set our package version. 122 $VERSION = 0.9 7;122 $VERSION = 0.99; 123 123 124 124 @ISA = qw(Exporter); 125 125 126 # Symbols to export on request126 # Symbols to export automatically 127 127 # Note: Since this module is object-oriented, we do *NOT* export 128 128 # any functions other than "new" to call statically. Each function … … 147 147 ); 148 148 149 # Symbols to autoexport ( :DEFAULT tag)149 # Symbols to autoexport (when qw(:all) tag is used) 150 150 @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } ); 151 151 … … 273 273 =cut 274 274 275 my %PARAMS = (276 timeout => getVar(name => "timeout"), # Timeout (in seconds).277 );278 279 275 ####################################################################### 280 276 # Private Methods Implemented # … … 310 306 311 307 # Sanity check: Make sure the supplied value is an object. 312 my $type = ref($self) or Carp::croak "Error: $self is not an object!\n"; 308 my $type = ref($self); 309 unless(defined($type)) { 310 $LOG->error("Error: $self is not an object!"); 311 Carp::croak "Error: $self is not an object!\n"; 312 } 313 313 314 314 # Now, get the name of the function. … … 387 387 # 388 388 # - For each parameter given, it overwrites any corresponding 389 # parameters specified within the default hashtable, % PARAMS,389 # parameters specified within the default hashtable, %params, 390 390 # with custom entries that were given as parameters. 391 391 # … … 407 407 # Initialize default parameters. 408 408 $self = { }; 409 my %params = %{dclone(\%PARAMS)}; 409 my %params = ( 410 timeout => getVar(name => "timeout"), # Timeout (in seconds). 411 ); 412 410 413 @{$self}{keys %params} = values %params; 411 414 honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Agent/Driver/Browser.pm
r596 r802 40 40 =head1 VERSION 41 41 42 This documentation refers to HoneyClient::Agent::Driver::Browser version 0.9 7.42 This documentation refers to HoneyClient::Agent::Driver::Browser version 0.99. 43 43 44 44 =head1 SYNOPSIS … … 87 87 $browser->drive(); 88 88 89 # Or, we can specify the URL as an argument. 90 $browser->drive(url => "http://www.mitre.org"); 91 89 92 =head1 DESCRIPTION 90 93 91 This library allows the Agent module to drive an instance of any bro swer,94 This library allows the Agent module to drive an instance of any browser, 92 95 running inside the HoneyClient VM. The purpose of this module is to 93 96 programmatically navigate the browser to different websites, in order to … … 95 98 96 99 This module is object-oriented in design, retaining all state information 97 within itself for easy access. A specific browser class must inherit from98 Browser.99