def startup(self): super(TaskClient, self).startup() self.cc_url = self.cf.get('cc') self.ioloop = IOLoop.instance() self.xtx = CryptoContext(self.cf) self.ccrq = CCReqStream(self.cc_url, self.xtx, self.ioloop) self.taskmgr = TaskManager(self.ccrq)
def startup(self): """Setup sockets and handlers.""" super(CCServer, self).startup() self.log.info("C&C server version %s starting up..", self.__version__) self.xtx = CryptoContext(self.cf) self.zctx = zmq.Context(self.zmq_nthreads) self.ioloop = IOLoop.instance() self.local_url = self.cf.get('cc-socket') self.cur_role = self.cf.get('cc-role', 'insecure') if self.cur_role == 'insecure': self.log.warning( 'CC is running in insecure mode, please add "cc-role = local" or "cc-role = remote" option to config' ) self.stat_level = self.cf.getint('cc-stats', 1) if self.stat_level < 1: self.log.warning('CC statistics level too low: %d', self.stat_level) # initialize local listen socket s = self.zctx.socket(zmq.XREP) s.setsockopt(zmq.LINGER, self.zmq_linger) s.setsockopt(zmq.HWM, self.zmq_hwm) if self.zmq_rcvbuf > 0: s.setsockopt(zmq.RCVBUF, self.zmq_rcvbuf) if self.zmq_sndbuf > 0: s.setsockopt(zmq.SNDBUF, self.zmq_sndbuf) if self.zmq_tcp_keepalive > 0: if getattr(zmq, 'TCP_KEEPALIVE', -1) > 0: s.setsockopt(zmq.TCP_KEEPALIVE, self.zmq_tcp_keepalive) s.setsockopt(zmq.TCP_KEEPALIVE_INTVL, self.zmq_tcp_keepalive_intvl) s.setsockopt(zmq.TCP_KEEPALIVE_IDLE, self.zmq_tcp_keepalive_idle) s.setsockopt(zmq.TCP_KEEPALIVE_CNT, self.zmq_tcp_keepalive_cnt) else: self.log.info("TCP_KEEPALIVE not available") s.bind(self.local_url) self.local = CCStream(s, self.ioloop, qmaxsize=self.zmq_hwm) self.local.on_recv(self.handle_cc_recv) self.handlers = {} self.routes = {} rcf = skytools.Config('routes', self.cf.filename, ignore_defs=True) for r, hnames in rcf.cf.items('routes'): self.log.info('New route: %s = %s', r, hnames) for hname in [hn.strip() for hn in hnames.split(',')]: h = self.get_handler(hname) self.add_handler(r, h) self.stimer = PeriodicCallback(self.send_stats, 30 * 1000, self.ioloop) self.stimer.start()
def __init__(self, service_type, args): # no crypto for logs self.logxtx = CryptoContext(None) self.xtx = CryptoContext(None) super(CCJob, self).__init__(service_type, args) self.hostname = socket.gethostname() root = skytools.getLogger() root.addHandler(CallbackLogger(self.emit_log)) self.xtx = CryptoContext(self.cf)
def __init__(self, hname, hcf, ccscript): super(JobMgr, self).__init__(hname, hcf, ccscript) self.cc_config = ccscript.args[0] self.local_url = ccscript.local_url self.cc_job_name = ccscript.job_name self.job_args_extra = [] if ccscript.options.quiet: self.job_args_extra.append("-q") if ccscript.options.verbose: self.job_args_extra.extend(["-v"] * ccscript.options.verbose) self.jobs = {} for dname in self.cf.getlist('daemons'): defs = make_job_defaults(ccscript.cf, dname) self.add_job(dname, defs) self.xtx = CryptoContext(None)
class CCJob(skytools.DBScript): zctx = None cc = None cc_url = None zmq_nthreads = 1 zmq_linger = 500 zmq_hwm = 100 zmq_rcvbuf = 0 # means no change zmq_sndbuf = 0 # means no change def __init__(self, service_type, args): # no crypto for logs self.logxtx = CryptoContext(None) self.xtx = CryptoContext(None) super(CCJob, self).__init__(service_type, args) self.hostname = socket.gethostname() root = skytools.getLogger() root.addHandler(CallbackLogger(self.emit_log)) self.xtx = CryptoContext(self.cf) def emit_log(self, rec): if not self.cc: self.connect_cc() if not self.cc: return msg = LogMessage( req = 'log.%s' % rec.levelname.lower(), log_level = rec.levelname, service_type = self.service_name, job_name = self.job_name, log_msg = rec.getMessage(), log_time = rec.created, log_pid = rec.process, log_line = rec.lineno, log_function = rec.funcName) cmsg = self.logxtx.create_cmsg(msg) cmsg.send_to (self.cc) def ccquery (self, msg, blob = None): """Sends query to CC, waits for answer.""" assert isinstance (msg, BaseMessage) if not self.cc: self.connect_cc() cmsg = self.xtx.create_cmsg (msg, blob) cmsg.send_to (self.cc) crep = CCMessage(self.cc.recv_multipart()) return crep.get_payload(self.xtx) def ccpublish (self, msg, blob = None): assert isinstance (msg, BaseMessage) if not self.cc: self.connect_cc() cmsg = self.xtx.create_cmsg (msg, blob) cmsg.send_to (self.cc) def load_config(self): """ Load and return skytools.Config instance. """ cf = skytools.Config('ccserver', self.args[0]) self.cc_jobname = cf.get('job_name') self.cc_url = cf.get('cc-socket') if len(self.args) > 1: self.service_name = self.args[1] self.cf_defaults = make_job_defaults(cf, self.service_name) cf = super(CCJob, self).load_config() return cf def reload (self): """ Reload config. """ super(CCJob, self).reload() self.zmq_nthreads = self.cf.getint ('zmq_nthreads', self.zmq_nthreads) self.zmq_hwm = self.cf.getint ('zmq_hwm', self.zmq_hwm) self.zmq_linger = self.cf.getint ('zmq_linger', self.zmq_linger) self.zmq_rcvbuf = hsize_to_bytes (self.cf.get ('zmq_rcvbuf', str(self.zmq_rcvbuf))) self.zmq_sndbuf = hsize_to_bytes (self.cf.get ('zmq_sndbuf', str(self.zmq_sndbuf))) self.close_cc() def _boot_daemon(self): # close ZMQ context/thread before forking to background self.close_cc() super(CCJob, self)._boot_daemon() def connect_cc(self): if not self.zctx: self.zctx = zmq.Context(self.zmq_nthreads) if not self.cc: self.cc = self.zctx.socket(zmq.XREQ) self.cc.setsockopt(zmq.LINGER, self.zmq_linger) self.cc.setsockopt(zmq.HWM, self.zmq_hwm) if self.zmq_rcvbuf > 0: self.cc.setsockopt (zmq.RCVBUF, self.zmq_rcvbuf) if self.zmq_sndbuf > 0: self.cc.setsockopt (zmq.SNDBUF, self.zmq_sndbuf) self.cc.connect (self.cc_url) return self.cc def close_cc(self): if self.cc: self.cc.close() self.cc = None if self.zctx: self.zctx.term() self.zctx = None
def startup(self): """Setup sockets and handlers.""" super(CCServer, self).startup() self.log.info("C&C server version %s starting up..", self.__version__) self.xtx = CryptoContext(self.cf) self.zctx = zmq.Context(self.zmq_nthreads) self.ioloop = IOLoop.instance() self.local_url = self.cf.get('cc-socket') self.cur_role = self.cf.get('cc-role', 'insecure') if self.cur_role == 'insecure': self.log.warning( 'CC is running in insecure mode, please add "cc-role = local" or "cc-role = remote" option to config' ) self.stat_level = self.cf.getint('cc-stats', 1) if self.stat_level < 1: self.log.warning('CC statistics level too low: %d', self.stat_level) self.infofile = self.cf.getfile('infofile', '') self.infofile_level = self.cf.getint('infofile-level', 2) if self.infofile_level >= 3: self.stats_deque_bucket = 5 # seconds self.stats_deque_cursor = int(time.time() / self.stats_deque_bucket) self.stats_timespans = [1 * 60, 5 * 60, 15 * 60] # seconds assert sum([ ts % self.stats_deque_bucket for ts in self.stats_timespans ]) == 0 self.stats_deque_window = max( self.stats_timespans) / self.stats_deque_bucket + 1 self.stats_deque = deque([{} for i in range(self.stats_deque_window)], maxlen=self.stats_deque_window) self.stats_total = {} # initialize local listen socket s = self.zctx.socket(zmq.XREP) s.setsockopt(zmq.LINGER, self.zmq_linger) try: s.setsockopt(zmq.HWM, self.zmq_hwm) except AttributeError: s.set_hwm(self.zmq_hwm) if self.zmq_rcvbuf > 0: s.setsockopt(zmq.RCVBUF, self.zmq_rcvbuf) if self.zmq_sndbuf > 0: s.setsockopt(zmq.SNDBUF, self.zmq_sndbuf) if self.zmq_tcp_keepalive > 0: if getattr(zmq, 'TCP_KEEPALIVE', -1) > 0: s.setsockopt(zmq.TCP_KEEPALIVE, self.zmq_tcp_keepalive) s.setsockopt(zmq.TCP_KEEPALIVE_INTVL, self.zmq_tcp_keepalive_intvl) s.setsockopt(zmq.TCP_KEEPALIVE_IDLE, self.zmq_tcp_keepalive_idle) s.setsockopt(zmq.TCP_KEEPALIVE_CNT, self.zmq_tcp_keepalive_cnt) else: self.log.info("TCP_KEEPALIVE not available") s.bind(self.local_url) self.local = CCStream(s, self.ioloop, qmaxsize=self.zmq_hwm) self.local.on_recv(self.handle_cc_recv) self.handlers = {} self.routes = {} rcf = skytools.Config('routes', self.cf.filename, ignore_defs=True) for r, hnames in rcf.cf.items('routes'): self.log.info('New route: %s = %s', r, hnames) for hname in [hn.strip() for hn in hnames.split(',')]: h = self.get_handler(hname) self.add_handler(r, h) self.stats_period = self.cf.getint('stats-period', 30) self.stimer = PeriodicCallback(self.send_stats, self.stats_period * 1000, self.ioloop) self.stimer.start()