class Handler(object): def __init__(self,section,filename=None,data_results=None): self.logger = Logger() self.key=ConfigurationManager.readCuckooResultsConfig(variable='key',section=section) self.encapsulation = literal_eval(ConfigurationManager.readCuckooResultsConfig(variable='encapsulation',section=section)) self.keys = list(ConfigurationManager.readCuckooResultsConfig(variable='keys',section=section).split(',')) #Check if there are not any keys if self.keys==['']: self.keys=None self.subsectionskeys={} if self.encapsulation: self.subsections = returnsubsections(self.encapsulation,section=section,subsections=[]) for subsection in self.subsections: self.subsectionskeys[ConfigurationManager.readCuckooResultsConfig(variable='key',section='subsection_'+subsection)] = list(ConfigurationManager.readCuckooResultsConfig(variable='keys',section='subsection_'+subsection).split(',')) results=None try: if data_results is not None: results=data_results[self.key] elif filename is not None: results = load_results(filename)[self.key] except Exception, e: self.logger.errorLogging(str(e)) if isinstance(results,dict): self.dictionary = results self.list = None elif isinstance(results,list): self.list= results self.dictionary = None else: self.list = None self.dictionary = None
def update_analyzers_pool(): logger = Logger() try: global analyzers_pool analyzers = open("analyzers", "r") fcntl.fcntl(analyzers, fcntl.LOCK_EX) data = analyzers.read() fcntl.fcntl(analyzers, fcntl.LOCK_UN) analyzers.close() analyzers_pool = literal_eval(data) except Exception, e: info = str(e) logger.errorLogging(info)
def load_results(filename): results = None logger = Logger() try: dbfile = open(os.path.join(ANALYSIS_PATH,filename),'r') data = dbfile.read() results = json.loads(data) dbfile.close() except IOError, ioer : errorNum = ioer.errno errorCode = errno.errorcode[errorNum] errorString= os.strerror(errorNum) errorFile = ioer.filename info=(errorNum,errorCode,errorString,errorFile) logger.errorLogging(msg=info)
class InitServer: def __init__(self, console_queue, analyzers): self.logger = Logger() global available_servers_address, console available_servers_address = analyzers console = console_queue def run(self): global console try: console.put(str("Starting up on %s port %s" % server_address)) server = SocketServer.ThreadingTCPServer(server_address, TCPHandler) server.serve_forever() except Exception, e: info = str(e) console.put(info) self.logger.errorLogging(info)
def send_analysis_task(self, name, subject, hashtag, length, client_id, time, client_ip): global console logger = Logger() cacert = None server_certificate = None server_key = None taskid = uuid.uuid4() try: for cert in os.listdir(SERVER_CERTIFICATE): if all(x in cert for x in ["pem", "server"]): server_certificate = os.path.join(SERVER_CERTIFICATE, cert) if "ca" in cert: cacert = os.path.join(SERVER_CERTIFICATE, cert) if "key" in cert: server_key = os.path.join(SERVER_CERTIFICATE, cert) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ssl_sock = ssl.wrap_socket( sock=sock, ca_certs=cacert, certfile=server_certificate, keyfile=server_key, cert_reqs=ssl.CERT_REQUIRED ) analyzer = self.get_analyzer(name, client_id, time, client_ip, hashtag, taskid, length) ssl_sock.connect((analyzer[1], ANALYZER_PORT)) console.put("Sending identity") ssl_sock.send(str((taskid, name, "checksum", hashtag, length))) data = ssl_sock.recv() console.put(data) if data == "ready": ssl_sock.sendall(subject) data = ssl_sock.recv() console.put(data) data = ssl_sock.recv() console.put(data) ssl_sock.close() subjectinfo = "Subject:%s|Hashvalue:%s|Length:%s|Client:%s|Client IP:%s|Analyzer:%s|Analyzer IP:%s " % ( name, hashtag, length, client_id, client_ip, analyzer[0], analyzer[1], ) logger.infoLogging(subjectinfo) except Exception, e: info = str(e) console.put(info) logger.errorLogging(info)
class IOCServer(): def __init__(self,console_queue,active, analyzers): global active_analyzers,console,analyzers_pool active_analyzers=active console = console_queue analyzers_pool=analyzers self.logger= Logger() def run(self): global console try: console.put("Starting up on %s port %s"% server_address) console.put(' ') server = SocketServer.ThreadingTCPServer(server_address,RequestHandler) server.serve_forever() except Exception,e: info=str(e) console.put(info) self.logger.errorLogging(info)
class TaskServer: def __init__(self, console_queue, analyzers, active_analyzers_dict): # update_analyzers_pool() self.logger = Logger() global analyzers_pool, console, active_analyzers analyzers_pool = analyzers console = console_queue active_analyzers = active_analyzers_dict def run(self): global console, analyzers_pool try: console.put("Starting up on %s port %s" % server_address) console.put("Available analyzers:") console.put(str(analyzers_pool)) console.put(" ") server = SocketServer.ThreadingTCPServer(server_address, TCPHandler) server.serve_forever() except Exception, e: info = str(e) console.put(info) self.logger.errorLogging(info)
def send_client_report(self,analysis_identity,maec_analysis): global console logger = Logger() cacert=None server_certificate=None server_key = None try: for cert in os.listdir(SERVER_CERTIFICATE): if all(x in cert for x in ['pem', 'server']): server_certificate = os.path.join(SERVER_CERTIFICATE,cert) if 'ca' in cert: cacert = os.path.join(SERVER_CERTIFICATE,cert) if 'key' in cert: server_key =os.path.join(SERVER_CERTIFICATE,cert) sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM) ssl_sock = ssl.wrap_socket(sock=sock,ca_certs=cacert,certfile=server_certificate,keyfile=server_key,cert_reqs=ssl.CERT_REQUIRED) ssl_sock.connect((analysis_identity[3],clients_port)) console.put('Sending results to: '+str(analysis_identity[1])) maechash = hashlib.sha1(maec_analysis).hexdigest() client_analysis_identity=(maechash,analysis_identity[1],analysis_identity[5],analysis_identity[7],analysis_identity[2],analysis_identity[0]) ssl_sock.send(str(client_analysis_identity)) data = ssl_sock.recv() datatuple = literal_eval(data) console.put('Client message:'+str(datatuple[1])) if datatuple[0]=='ready': ssl_sock.sendall(maec_analysis) data = ssl_sock.recv() datatuple = literal_eval(data) console.put(datatuple[1]) if not datatuple[0]: pass #TODO: What happens when client has not received the analysis results. ssl_sock.close() except Exception,e: info=str(e) console.put(info) logger.errorLogging(info)
class CuckooRemoteServer(): def __init__(self,server_ip=None,server_port=None,ioc_server_ip=None,ioc_server_port=None,): self.logger = Logger() self.id = SERVER_ID if server_ip is not None and server_port is not None: self.server_address = (server_ip,server_port) else: self.server_address=server_address if ioc_server_ip is not None and ioc_server_port is not None: self.ioc_server_address = (ioc_server_ip,ioc_server_port) else: self.ioc_server_address=init_server_address def get_server_id(self): return self.id def communicate_identity(self): try: cacert=None server_certificate=None server_key = None for cert in os.listdir(CERTIFICATES_PATH): if all(x in cert for x in ['pem', 'server']): server_certificate = os.path.join(CERTIFICATES_PATH,cert) if 'ca' in cert: cacert = os.path.join(CERTIFICATES_PATH,cert) if 'key' in cert: server_key =os.path.join(CERTIFICATES_PATH,cert) sock= socket.socket(socket.AF_INET,socket.SOCK_STREAM) ssl_sock = ssl.wrap_socket(sock=sock,ca_certs=cacert,certfile=server_certificate,keyfile=server_key,cert_reqs=ssl.CERT_REQUIRED) ssl_sock.connect(self.ioc_server_address) print repr(ssl_sock.getpeername()) print ssl_sock.cipher() print pprint.pformat(ssl_sock.getpeercert()) print("Sending identity") ssl_sock.send(str(('identity',self.get_server_id()))) data = ssl_sock.recv() datatuple = literal_eval(data) if datatuple[0]==True: flag=True else: flag=False print("IoC Server message: %s"%datatuple[1]) ssl_sock.close() time.sleep(10) except SSLError,ssler: errorNum = ssler.errno errorCode = errno.errorcode[errorNum] errorString= os.strerror(errorNum) errorFile = ssler.filename info=(errorNum,errorCode,errorString,errorFile) self.logger.errorLogging(msg=info) flag=False print('SSL Error: '+str(info)) except socket.error, socker : errorNum = socker.errno errorCode = errno.errorcode[errorNum] errorString= os.strerror(errorNum) errorFile = socker.filename info=(errorNum,errorCode,errorString,errorFile) self.logger.errorLogging(msg=info) flag=False print('Socket Error: '+str(info))