class Handler(object):
def __init__(self,section,filename=None,data_results=None):
self.logger = Logger()
self.key=ConfigurationManager.readCuckooResultsConfig(variable='key',section=section)
self.encapsulation = literal_eval(ConfigurationManager.readCuckooResultsConfig(variable='encapsulation',section=section))
self.keys = list(ConfigurationManager.readCuckooResultsConfig(variable='keys',section=section).split(','))
#Check if there are not any keys
if self.keys==['']:
self.keys=None
self.subsectionskeys={}
if self.encapsulation:
self.subsections = returnsubsections(self.encapsulation,section=section,subsections=[])
for subsection in self.subsections:
self.subsectionskeys[ConfigurationManager.readCuckooResultsConfig(variable='key',section='subsection_'+subsection)] = list(ConfigurationManager.readCuckooResultsConfig(variable='keys',section='subsection_'+subsection).split(','))
results=None
try:
if data_results is not None:
results=data_results[self.key]
elif filename is not None:
results = load_results(filename)[self.key]
except Exception, e:
self.logger.errorLogging(str(e))
if isinstance(results,dict):
self.dictionary = results
self.list = None
elif isinstance(results,list):
self.list= results
self.dictionary = None
else:
self.list = None
self.dictionary = None
def update_analyzers_pool():
logger = Logger()
try:
global analyzers_pool
analyzers = open("analyzers", "r")
fcntl.fcntl(analyzers, fcntl.LOCK_EX)
data = analyzers.read()
fcntl.fcntl(analyzers, fcntl.LOCK_UN)
analyzers.close()
analyzers_pool = literal_eval(data)
except Exception, e:
info = str(e)
logger.errorLogging(info)
def load_results(filename):
results = None
logger = Logger()
try:
dbfile = open(os.path.join(ANALYSIS_PATH,filename),'r')
data = dbfile.read()
results = json.loads(data)
dbfile.close()
except IOError, ioer :
errorNum = ioer.errno
errorCode = errno.errorcode[errorNum]
errorString= os.strerror(errorNum)
errorFile = ioer.filename
info=(errorNum,errorCode,errorString,errorFile)
logger.errorLogging(msg=info)
class InitServer:
def __init__(self, console_queue, analyzers):
self.logger = Logger()
global available_servers_address, console
available_servers_address = analyzers
console = console_queue
def run(self):
global console
try:
console.put(str("Starting up on %s port %s" % server_address))
server = SocketServer.ThreadingTCPServer(server_address, TCPHandler)
server.serve_forever()
except Exception, e:
info = str(e)
console.put(info)
self.logger.errorLogging(info)
def send_analysis_task(self, name, subject, hashtag, length, client_id, time, client_ip):
global console
logger = Logger()
cacert = None
server_certificate = None
server_key = None
taskid = uuid.uuid4()
try:
for cert in os.listdir(SERVER_CERTIFICATE):
if all(x in cert for x in ["pem", "server"]):
server_certificate = os.path.join(SERVER_CERTIFICATE, cert)
if "ca" in cert:
cacert = os.path.join(SERVER_CERTIFICATE, cert)
if "key" in cert:
server_key = os.path.join(SERVER_CERTIFICATE, cert)
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(
sock=sock, ca_certs=cacert, certfile=server_certificate, keyfile=server_key, cert_reqs=ssl.CERT_REQUIRED
)
analyzer = self.get_analyzer(name, client_id, time, client_ip, hashtag, taskid, length)
ssl_sock.connect((analyzer[1], ANALYZER_PORT))
console.put("Sending identity")
ssl_sock.send(str((taskid, name, "checksum", hashtag, length)))
data = ssl_sock.recv()
console.put(data)
if data == "ready":
ssl_sock.sendall(subject)
data = ssl_sock.recv()
console.put(data)
data = ssl_sock.recv()
console.put(data)
ssl_sock.close()
subjectinfo = "Subject:%s|Hashvalue:%s|Length:%s|Client:%s|Client IP:%s|Analyzer:%s|Analyzer IP:%s " % (
name,
hashtag,
length,
client_id,
client_ip,
analyzer[0],
analyzer[1],
)
logger.infoLogging(subjectinfo)
except Exception, e:
info = str(e)
console.put(info)
logger.errorLogging(info)
class IOCServer():
def __init__(self,console_queue,active, analyzers):
global active_analyzers,console,analyzers_pool
active_analyzers=active
console = console_queue
analyzers_pool=analyzers
self.logger= Logger()
def run(self):
global console
try:
console.put("Starting up on %s port %s"% server_address)
console.put(' ')
server = SocketServer.ThreadingTCPServer(server_address,RequestHandler)
server.serve_forever()
except Exception,e:
info=str(e)
console.put(info)
self.logger.errorLogging(info)
class TaskServer:
def __init__(self, console_queue, analyzers, active_analyzers_dict):
# update_analyzers_pool()
self.logger = Logger()
global analyzers_pool, console, active_analyzers
analyzers_pool = analyzers
console = console_queue
active_analyzers = active_analyzers_dict
def run(self):
global console, analyzers_pool
try:
console.put("Starting up on %s port %s" % server_address)
console.put("Available analyzers:")
console.put(str(analyzers_pool))
console.put(" ")
server = SocketServer.ThreadingTCPServer(server_address, TCPHandler)
server.serve_forever()
except Exception, e:
info = str(e)
console.put(info)
self.logger.errorLogging(info)
def send_client_report(self,analysis_identity,maec_analysis):
global console
logger = Logger()
cacert=None
server_certificate=None
server_key = None
try:
for cert in os.listdir(SERVER_CERTIFICATE):
if all(x in cert for x in ['pem', 'server']):
server_certificate = os.path.join(SERVER_CERTIFICATE,cert)
if 'ca' in cert:
cacert = os.path.join(SERVER_CERTIFICATE,cert)
if 'key' in cert:
server_key =os.path.join(SERVER_CERTIFICATE,cert)
sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(sock=sock,ca_certs=cacert,certfile=server_certificate,keyfile=server_key,cert_reqs=ssl.CERT_REQUIRED)
ssl_sock.connect((analysis_identity[3],clients_port))
console.put('Sending results to: '+str(analysis_identity[1]))
maechash = hashlib.sha1(maec_analysis).hexdigest()
client_analysis_identity=(maechash,analysis_identity[1],analysis_identity[5],analysis_identity[7],analysis_identity[2],analysis_identity[0])
ssl_sock.send(str(client_analysis_identity))
data = ssl_sock.recv()
datatuple = literal_eval(data)
console.put('Client message:'+str(datatuple[1]))
if datatuple[0]=='ready':
ssl_sock.sendall(maec_analysis)
data = ssl_sock.recv()
datatuple = literal_eval(data)
console.put(datatuple[1])
if not datatuple[0]:
pass
#TODO: What happens when client has not received the analysis results.
ssl_sock.close()
except Exception,e:
info=str(e)
console.put(info)
logger.errorLogging(info)
class CuckooRemoteServer():
def __init__(self,server_ip=None,server_port=None,ioc_server_ip=None,ioc_server_port=None,):
self.logger = Logger()
self.id = SERVER_ID
if server_ip is not None and server_port is not None:
self.server_address = (server_ip,server_port)
else:
self.server_address=server_address
if ioc_server_ip is not None and ioc_server_port is not None:
self.ioc_server_address = (ioc_server_ip,ioc_server_port)
else:
self.ioc_server_address=init_server_address
def get_server_id(self):
return self.id
def communicate_identity(self):
try:
cacert=None
server_certificate=None
server_key = None
for cert in os.listdir(CERTIFICATES_PATH):
if all(x in cert for x in ['pem', 'server']):
server_certificate = os.path.join(CERTIFICATES_PATH,cert)
if 'ca' in cert:
cacert = os.path.join(CERTIFICATES_PATH,cert)
if 'key' in cert:
server_key =os.path.join(CERTIFICATES_PATH,cert)
sock= socket.socket(socket.AF_INET,socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(sock=sock,ca_certs=cacert,certfile=server_certificate,keyfile=server_key,cert_reqs=ssl.CERT_REQUIRED)
ssl_sock.connect(self.ioc_server_address)
print repr(ssl_sock.getpeername())
print ssl_sock.cipher()
print pprint.pformat(ssl_sock.getpeercert())
print("Sending identity")
ssl_sock.send(str(('identity',self.get_server_id())))
data = ssl_sock.recv()
datatuple = literal_eval(data)
if datatuple[0]==True:
flag=True
else:
flag=False
print("IoC Server message: %s"%datatuple[1])
ssl_sock.close()
time.sleep(10)
except SSLError,ssler:
errorNum = ssler.errno
errorCode = errno.errorcode[errorNum]
errorString= os.strerror(errorNum)
errorFile = ssler.filename
info=(errorNum,errorCode,errorString,errorFile)
self.logger.errorLogging(msg=info)
flag=False
print('SSL Error: '+str(info))
except socket.error, socker :
errorNum = socker.errno
errorCode = errno.errorcode[errorNum]
errorString= os.strerror(errorNum)
errorFile = socker.filename
info=(errorNum,errorCode,errorString,errorFile)
self.logger.errorLogging(msg=info)
flag=False
print('Socket Error: '+str(info))
