Ticket #4 (closed new_feature: fixed)

Opened 2 years ago

Last modified 1 year ago

Add integrity check/recovery logic when compromise occurs on honeyclient VM

Reported by: kindlund Assigned to: kindlund
Priority: normal Milestone: 0.9
Component: HoneyClient::Manager Version: 0.91
Severity: major Keywords: manager
Cc:

Description

When an integrity check fails on any honeyclient VM, the HoneyClient::Manager does not perform any useful state recovery operation.

We need to add the ability for the Manager to create a new clone to pick up where the old clone left off (but skip over the violating resource).

Attachments

Change History

11/04/06 00:16:32 changed by kindlund

  • status changed from new to assigned.

Need to document this process further.

11/04/06 00:37:14 changed by kindlund

  • summary changed from Add integrity recovery logic to Add integrity check/recovery logic.

11/04/06 00:40:50 changed by kindlund

  • summary changed from Add integrity check/recovery logic to Add integrity check/recovery logic when compromise occurs.

11/04/06 00:51:33 changed by kindlund

  • summary changed from Add integrity check/recovery logic when compromise occurs to Add integrity check/recovery logic when compromise occurs on honeyclient VM.

11/04/06 02:03:07 changed by kindlund

  • type changed from task to new_feature.

11/07/06 11:20:34 changed by knwang

  • version changed from alpha to beta.

11/15/06 14:57:46 changed by kindlund

  • status changed from assigned to closed.
  • resolution set to fixed.

Updated HoneyClient::Manager codebase to support Agent recovery when an integrity check fails. By default, if an integrity check fails, then the Manager will respawn a new cloned Agent VM, that has the original state information, but incremented so that the clone will drive to the next resource (i.e., URL) the the original would have gone to — had the original VM's integrity check passed.

Also added the following segment within the etc/honeyclient.xml file: 

<HoneyClient>
    <Agent>
        <perform_integrity_checks description="An integer, representing whether the Agent should perform any integrity checks. 1 enable
s, 0 disables." default="1">
            1
        </perform_integrity_checks>
    </Agent>
</HoneyClient>

08/29/07 12:43:17 changed by kindlund

  • version changed from beta to 0.91.

Add/Change #4 (Add integrity check/recovery logic when compromise occurs on honeyclient VM)




Change Properties
Action