{5} Assigned, Active Tickets by Owner (Full Description) (12 matches)

With the exception of !HoneyClient::Manager::VM, this component and all child subcomponents have sparse logging.

Task: This module and all its child submodules need to have improved Log::Log4perl support, in order to enable remote auditing. This means that every package needs to follow the following example:

# This package initializes the global logging facility.
use HoneyClient::Util::Config;

# Include Logging Library
use Log::Log4perl qw(:easy);

# The global logging object.
our $LOG = get_logger();

# Transform all 'print' statements, into one of the following:
$LOG->debug('debug messages');
$LOG->info('information messages/notices');
$LOG->warn('warnings');
$LOG->error('known errors that occur, but do not cause the code to return/exit abnormally');
$LOG->fatal('unknown errors that cause the code to return/exit abnormally');

See this article for more information about how to use this logging system.

This is also a minor issue around the UserDocumentation. While the diagram shows the overall network configuration, it lacks what sort of traffic is generated. I ran into issues with this as I had a firewall installed on the host system, which blocked the communication with the guest os. Would be good, if the exact communication flow could be spelled out (for example, I am unsure why the agent listens on port 9000 (or does it?) and the agent listens on port 8089)

This also limits the user's to troubleshoot themselves. Currently I am running into an issue where the agent doesnt connect with the manager. The documentation might give some pointers that allow to troubleshoot my setup.

Running the HoneyClient::Agent test it seems like all is passing. At the end, it complains about failures and concludes with Error 255. Below the entire test output:

$ make test
/usr/bin/perl.exe "-Iinc" Makefile.PL --config= --installdeps=Algorithm::Diff,0,
Data::Compare,0,Data::Diff,0,Data::Structure::Util,0,Data::Validate::URI,0,DateT
ime,0,DateTime::HiRes,0,File::Type,0,Filesys::CygwinPaths,0,Parse::Yapp::Driver,
0,Search::Binary,0,Term::ProgressBar,0,Test::Exception,0
/usr/bin/perl.exe "-MExtUtils::Command::MM" "-e" "test_harness(0, 'inc', 'blib/l
ib', 'blib/arch')" t/honeyclient_agent_driver.t t/honeyclient_agent_driver_brows
er_ff.t t/honeyclient_agent_driver_browser_ie.t t/honeyclient_agent_integrity_fi
lesystem.t t/honeyclient_agent_integrity_registry.t t/honeyclient_agent_integrit
y_registry_parser.t
t/honeyclient_agent_driver.......................ok
t/honeyclient_agent_driver_browser_ff............ok 3/0#
# About to run basic FF-specific browser tests.
# Note: These tests *require* network connectivity and
# *expect* FF to be installed at the following location.
#
# Process Name:         'firefox.exe'
# Process Location:     'C:\Program Files\Mozilla Firefox\firefox.exe'
#
# If FF is installed in a different location or has a different executable name,

# then please answer *NO* to the next question and update your etc/honeyclient.x
ml
# file, changing the 'process_name' and 'process_exec' elements in the
# <HoneyClient/><Agent/><Driver/><Browser/><FF/> section.
#
# Then, once updated, re-run these tests.
#

#
# About to drive FF to a specific website for *exactly* 20 seconds.
# Note: Please do *NOT* close the browser manually; the test code should close i
t automatically.
#
t/honeyclient_agent_driver_browser_ff............ok 19/0
#

#
# About to restart FF.  Please check if the "Restore Previous Session" dialog bo
x appears.
#

#
no
#
Don't know which tests failed: got 19 ok, expected 0
t/honeyclient_agent_driver_browser_ie............ok 3/0#
# About to run basic IE-specific browser tests.
# Note: These tests *require* network connectivity and
# *expect* IE to be installed at the following location.
#
# Process Name:         'iexplore.exe'
# Process Location:     'C:\Program Files\Internet Explorer\iexplore.exe'
#
# If IE is installed in a different location or has a different executable name,

# then please answer *NO* to the next question and update your etc/honeyclient.x
ml
# file, changing the 'process_name' and 'process_exec' elements in the
# <HoneyClient/><Agent/><Driver/><Browser/><IE/> section.
#
# Then, once updated, re-run these tests.
#

#
# About to drive IE to a specific website for *exactly* 20 seconds.
# Note: Please do *NOT* close the browser manually; the test code should close i
t automatically.
#
t/honeyclient_agent_driver_browser_ie............ok 19/0
#

Don't know which tests failed: got 19 ok, expected 0
t/honeyclient_agent_integrity_filesystem.........ok 2/0# These tests will create
 temporary files in /tmp.  Be sure to cleanup this directory, if any of these te
sts fail.
# Performing baseline check of the filesystem; this may take some time...
t/honeyclient_agent_integrity_filesystem.........ok
t/honeyclient_agent_integrity_registry...........ok 1/0# These tests will create
 temporary files in /tmp.  Be sure to cleanup this directory, if any of these te
sts fail.
# Performing baseline check of 'HKEY_CURRENT_USER' hive; this may take some time
...
t/honeyclient_agent_integrity_registry...........ok 38/0# Performing baseline ch
eck of 'HKEY_CURRENT_CONFIG' hive; this may take some time...
# Performing baseline check of 'HKEY_CURRENT_CONFIG' hive; this may take some ti
me...
t/honeyclient_agent_integrity_registry...........ok
t/honeyclient_agent_integrity_registry_parser....ok
Failed Test                             Stat Wstat Total Fail  List of Failed
-------------------------------------------------------------------------------
t/honeyclient_agent_driver_browser_ff.t                0   ??  ??
t/honeyclient_agent_driver_browser_ie.t                0   ??  ??
Failed 2/6 test scripts. -38/157 subtests failed.
Files=6, Tests=157, 123 wallclock secs ( 5.73 cusr + 14.71 csys = 20.43 CPU)
Failed 2/6 test programs. -38/157 subtests failed.
make: *** [test_dynamic] Error 255

This can either be through starting with a baseline (and there are multiple ways to do that) or by figuring out a way to do it through callbacks (probably not possible for XP) or by implementing the ways that Regmon did it for XP and then using callbacks for for 2003 and vista.

While the honeyclient is traversing remote servers, we may occasionally want to interupt the drive function to introduce a new set of remote servers to traverse. For example, suppose we have the following web sites to spider:

www.cnn.com news.google.com www.slashdot.org

Let's say that we're currently spidering www.cnn.com, and now we have an additional list of sites that must be spidered within a short timeframe. We need to be able to take our original list of sites above, and insert the new list as follows:

www.cnn.com <new_list_of_sites_to_spider> news.google.com www.slashdot.org

This feature will allow us to interrupt the existing list of sites in order to prioritize another list of sites.

We definitely want to get back to being able to check the old and new size. Also I need to look into the purported ability for the capture code to see changes to metadata. Hopefully it can detect permissions changes for instance.