def __init__(self, cfg):
self.config = cfg
# Broker Configuration
bcfg = broker.Configuration()
# (Optional) SSL Configuration
if cfg.BrokerSSLCAFile:
bcfg.openssl_cafile = cfg.BrokerSSLCAFile # Path to CA file
if cfg.BrokerSSLCAPath:
bcfg.openssl_capath = cfg.BrokerSSLCAPath # Path to directory with CA files
if cfg.BrokerSSLCertificate:
bcfg.openssl_certificate = cfg.BrokerSSLCertificate # Own certificate
if cfg.BrokerSSLKeyFile:
bcfg.openssl_key = cfg.BrokerSSLKeyFile # Own key
self.endpoint = broker.Endpoint(bcfg)
# Status Subscriber
self.status_queue = self.endpoint.make_status_subscriber(True)
# Message Subscribers
self.log_queue = self.endpoint.make_subscriber("logs")
self.file_queue = self.endpoint.make_subscriber("files")
self.elastic = get_instance(self.config.ElasticIP,
self.config.ElasticPort)
def run(
config: DynaBox,
logging: DynaBox,
inq: JoinableQueue,
subscribe_callback: Callable,
unsubscribe_callback: Callable,
):
global logger, workers
logger = threatbus.logger.setup(logging, __name__)
assert plugin_name in config, f"Cannot find configuration for {plugin_name} plugin"
config = config[plugin_name]
broker_opts = broker.BrokerOptions()
broker_opts.forward = False
ep = broker.Endpoint(broker.Configuration(broker_opts))
ep.listen(config.host, config.port)
workers.append(
SubscriptionManager(config.module_namespace, ep, subscribe_callback,
unsubscribe_callback))
workers.append(BrokerReceiver(config.module_namespace, ep, inq))
workers.append(BrokerPublisher(config.module_namespace, ep))
for w in workers:
w.start()
logger.info("Zeek plugin started")
def run(config, logging, inq, subscribe_callback, unsubscribe_callback):
logger = threatbus.logger.setup(logging, __name__)
config = config[plugin_name]
try:
validate_config(config)
except Exception as e:
logger.fatal("Invalid config for plugin {}: {}".format(plugin_name, str(e)))
host, port, namespace = (
config["host"].get(),
config["port"].get(),
config["module_namespace"].get(),
)
broker_opts = broker.BrokerOptions()
broker_opts.forward = False
ep = broker.Endpoint(broker.Configuration(broker_opts))
ep.listen(host, port)
logger.info(f"Broker: endpoint listening - {host}:{port}")
threading.Thread(
target=listen, args=(logger, namespace, ep, inq), daemon=True
).start()
threading.Thread(
target=manage,
args=(logger, namespace, ep, subscribe_callback, unsubscribe_callback),
daemon=True,
).start()
threading.Thread(target=publish, args=(logger, namespace, ep), daemon=True).start()
logger.info("Zeek plugin started")
def run(
config: Subview,
logging: Subview,
inq: JoinableQueue,
subscribe_callback: Callable,
unsubscribe_callback: Callable,
):
global logger, workers
logger = threatbus.logger.setup(logging, __name__)
config = config[plugin_name]
try:
validate_config(config)
except Exception as e:
logger.fatal("Invalid config for plugin {}: {}".format(
plugin_name, str(e)))
host, port, namespace = (
config["host"].get(),
config["port"].get(),
config["module_namespace"].get(),
)
broker_opts = broker.BrokerOptions()
broker_opts.forward = False
ep = broker.Endpoint(broker.Configuration(broker_opts))
ep.listen(host, port)
workers.append(
SubscriptionManager(namespace, ep, subscribe_callback,
unsubscribe_callback))
workers.append(BrokerReceiver(namespace, ep, inq))
workers.append(BrokerPublisher(namespace, ep))
for w in workers:
w.start()
logger.info("Zeek plugin started")
def test_ssl_auth_failure_no_ssl(self):
cfg1 = broker.Configuration(broker.BrokerOptions())
cfg1.openssl_certificate = data_path("cert.1.pem")
cfg1.openssl_key = data_path("key.1.pem")
cfg1.openssl_cafile = data_path("ca.pem")
cfg2 = broker.Configuration(broker.BrokerOptions())
with broker.Endpoint(cfg1) as ep1, \
broker.Endpoint(cfg2) as ep2:
port = ep1.listen("127.0.0.1", 0)
r = ep2.peer("127.0.0.1", port, 0)
self.assertEqual(r, False)
with broker.Endpoint(cfg2) as ep1, \
broker.Endpoint(cfg1) as ep2:
port = ep1.listen("127.0.0.1", 0)
r = ep2.peer("127.0.0.1", port, 0)
self.assertEqual(r, False)
def test_ssl_auth_success_self_signed(self):
cfg = broker.Configuration(broker.BrokerOptions())
cfg.openssl_certificate = data_path("cert.self-signed.pem")
cfg.openssl_key = data_path("key.self-signed.pem")
cfg.openssl_cafile = data_path("cert.self-signed.pem")
with broker.Endpoint(cfg) as ep1, \
broker.Endpoint(cfg) as ep2, \
ep1.make_subscriber("/test") as s1, \
ep2.make_subscriber("/test") as s2:
port = ep1.listen("127.0.0.1", 0)
r = ep2.peer("127.0.0.1", port, 0)
self.assertEqual(r, True)
self.check_ping(ep1, s1, ep2, s2)
def XXXtest_ssl_auth_failure_ca_pw(self):
cfg = broker.Configuration(broker.BrokerOptions())
cfg.openssl_certificate = data_path("cert.1.pem")
cfg.openssl_key = data_path("key.1.enc.pem")
cfg.openssl_cafile = data_path("ca.pem")
cfg.openssl_passphrase = "WRONG PASSWORD"
with broker.Endpoint(cfg) as ep1, \
broker.Endpoint(cfg) as ep2:
port = ep1.listen("127.0.0.1", 0)
# TODO: This correctly generates an exception in CAF, for which I
# don't know where to catch it.
r = ep2.peer("127.0.0.1", port, 0)
self.assertEqual(r, False)
def cfg(opts):
return broker.Configuration(opts) if opts else broker.Configuration(
broker.BrokerOptions())
class BrokerEndpoint:
"""
The BrokerEndpoint is for the transmission of Broker messages.
You can send and retrieve messages here.
"""
# Broker Endpoint
bcfg = broker.Configuration()
if Config.broker.ssl_ca_file:
bcfg.openssl_cafile = Config.broker.ssl_ca_file # Path to CA file
if Config.broker.ssl_ca_path:
bcfg.openssl_capath = Config.broker.ssl_ca_path # Path to directory with CA files
if Config.broker.ssl_certificate:
bcfg.openssl_certificate = Config.broker.ssl_certificate # Own certificate
if Config.broker.ssl_key_file:
bcfg.openssl_key = Config.broker.ssl_key_file # Own key
endpoint = broker.Endpoint(bcfg)
# Status Subscriber
status_queue = endpoint.make_status_subscriber(True)
# Subscribe to management commands
command_queue = endpoint.make_subscriber("commands")
# peering objects. needed for unpeering
peerings = [0, 0, None]
@staticmethod
def getStatusMessages():
for st in BrokerEndpoint.status_queue.poll():
# Error
if type(st) == broker.Error:
yield "[Broker Error] {}".format(st)
# Status
elif type(st) == broker.Status:
yield "[Broker Status] {}".format(st)
else:
raise RuntimeError("Unknown Broker Status Type")
@staticmethod
def getCommandMessages():
"""
Gets a message from the command message_queue
:return: Broker Message
"""
return BrokerEndpoint.command_queue.poll()
@staticmethod
def sendLogs(message):
"""
Sends a Broker message containing a JSON string.
:param message: message to publish
"""
index = "honeygrove-" + datetime.today().strftime('%Y-%m')
BrokerEndpoint.endpoint.publish("logs", {index: message})
@staticmethod
def listen(ip, port):
"""
Listen on ip:port
:param ip: string
:param port: int
"""
p = BrokerEndpoint.endpoint.listen(ip, port)
if p == 0:
raise RuntimeError(
"Unable to listen on Broker port {}".format(port))
return p
@staticmethod
def peer(ip, port):
"""
Peer to given ip:port
:param ip: string
:param port: int
"""
if [ip, port] != BrokerEndpoint.peerings[0:2]:
if BrokerEndpoint.peerings[0] != 0:
BrokerEndpoint.unPeer(BrokerEndpoint.peerings[2])
obj = BrokerEndpoint.endpoint.peer_nosync(ip, port)
BrokerEndpoint.peerings = [ip, port, obj]
@staticmethod
def unPeer(peeringObj=None):
"""
unpeering to given port/ip
:param peeringObj: peering objekt
"""
if peeringObj is None:
BrokerEndpoint.endpoint.unpeer(BrokerEndpoint.peerings[2])
else:
BrokerEndpoint.endpoint.unpeer(peeringObj)
@staticmethod
def sendMessageToTopic(topic, msg):
"""
Sends a Broker Message to a given topic
:param topic: string with topic
:param msg: can be str, int, double
"""
BrokerEndpoint.endpoint.publish(topic, msg)
@staticmethod
def sendFile(filepath):
"""
Sends a file to the file topic
:param filepath: path to the file
"""
with open(str(filepath), "rb") as file:
content = file.read()
b64content = base64.b64encode(content)
BrokerEndpoint.endpoint.publish(
"files", b64content.decode(encoding="utf-8"))
