Esempio n. 1
0
def get_config():
    cfg = Config(find_config())

    try:
        access_key = cfg.config['minio']['access_key']
        secret_key = cfg.config['minio']['secret_key']
    except KeyError:
        sys.stderr.write(
            'WARNING! Misconfiguration: section [minio] of config.ini doesn\'t contain access_key or secret_key.\n'
        )
        return cfg

    if not access_key and not secret_key:
        if not os.path.exists('/etc/drakcore/minio.env'):
            raise RuntimeError(
                'ERROR! MinIO access credentials are not configured (and can not be auto-detected), unable to start.\n'
            )

        with open('/etc/drakcore/minio.env', 'r') as f:
            minio_cfg = [
                line.strip().split('=', 1) for line in f
                if line.strip() and '=' in line
            ]
            minio_cfg = {k: v for k, v in minio_cfg}

        try:
            cfg.config['minio']['access_key'] = minio_cfg['MINIO_ACCESS_KEY']
            cfg.config['minio']['secret_key'] = minio_cfg['MINIO_SECRET_KEY']
            cfg.minio_config = dict(cfg.config.items("minio"))
        except KeyError:
            sys.stderr.write(
                'WARNING! Misconfiguration: minio.env doesn\'t contain MINIO_ACCESS_KEY or MINIO_SECRET_KEY.\n'
            )

    return cfg
Esempio n. 2
0
def main(args):
    conf_path = os.path.join(ETC_DIR, "config.ini")
    conf = patch_config(Config(conf_path))

    if not conf.config.get('minio', 'access_key').strip():
        logging.warning(
            f"Detected blank value for minio access_key in {conf_path}. "
            "This service may not work properly.")

    unrecommended = validate_xen_commandline()

    if unrecommended:
        logging.warning("-" * 80)
        logging.warning(
            "You don't have the recommended settings in your Xen's command line."
        )
        logging.warning(
            "Please amend settings in your GRUB_CMDLINE_XEN_DEFAULT in /etc/default/grub.d/xen.cfg file."
        )

        for k, v, actual_v in unrecommended:
            if actual_v is not None:
                logging.warning(f"- Set {k}={v} (instead of {k}={actual_v})")
            else:
                logging.warning(f"- Set {k}={v} ({k} is not set right now)")

        logging.warning(
            "Then, please execute the following commands as root: update-grub && reboot"
        )
        logging.warning("-" * 80)
        logging.warning(
            "This check can be skipped by adding xen_cmdline_check=ignore in [drakrun] section of drakrun's config."
        )
        logging.warning(
            "Please be aware that some bugs may arise when using unrecommended settings."
        )

        try:
            xen_cmdline_check = conf.config.get('drakrun', 'xen_cmdline_check')
        except NoOptionError:
            xen_cmdline_check = 'fail'

        if xen_cmdline_check == 'ignore':
            logging.warning(
                "ATTENTION! Configuration specified that check result should be ignored, continuing anyway..."
            )
        else:
            logging.error(
                "Exitting due to above warnings. Please ensure that you are using recommended Xen's command line."
            )
            sys.exit(1)

    # Apply Karton configuration overrides
    drakrun_conf = conf.config["drakrun"] if conf.config.has_section(
        "drakrun") else {}
    DrakrunKarton.reconfigure(drakrun_conf)

    c = DrakrunKarton(conf, args.instance)
    c.init_drakrun()
    c.loop()
Esempio n. 3
0
def main():
    parser = argparse.ArgumentParser(description='Push sample to the karton')
    parser.add_argument('sample', help='Path to the sample')
    parser.add_argument('--start_command', help='e.g. start %f, %f will be replaced by file name', required=False)
    parser.add_argument('--timeout', default=600, type=int, help='analysis timeout in seconds', required=False)
    args = parser.parse_args()

    conf = patch_config(Config(os.path.join(ETC_DIR, 'config.ini')))
    producer = Producer(conf)

    task = Task({"type": "sample", "stage": "recognized", "platform": "win32"})

    with open(args.sample, "rb") as f:
        sample = Resource("sample", f.read())
    task.add_resource("sample", sample)

    # Add filename
    filename = os.path.basename(args.sample)
    task.add_payload("file_name", os.path.splitext(filename)[0])

    # Extract and add extension
    extension = os.path.splitext(filename)[1][1:]
    if extension:
        task.headers['extension'] = extension

    if args.start_command is not None:
        task.add_payload("start_command", args.start_command)

    if args.timeout is not None:
        task.add_payload("timeout", args.timeout)

    producer.send_task(task)
Esempio n. 4
0
def main():
    conf_path = os.path.join(ETC_DIR, "config.ini")
    conf = Config(conf_path)

    if not conf.config.get('minio', 'access_key').strip():
        logging.warning(f"Detected blank value for minio access_key in {conf_path}. "
                        "This service may not work properly.")

    c = DrakrunKarton(conf)
    c.init_drakrun()
    c.loop()
Esempio n. 5
0
def main():
    parser = argparse.ArgumentParser(description='Push sample to the karton')
    parser.add_argument('sample', help='Path to the sample')
    args = parser.parse_args()

    conf = Config('/etc/drakrun/config.ini')
    producer = Producer(conf)

    with open(args.sample, "rb") as f:
        sample = Resource("sample", f.read())

    task = Task({"type": "sample", "stage": "recognized", "platform": "win32"})
    task.add_resource("sample", sample)

    producer.send_task(task)
Esempio n. 6
0
def main():
    config = Config(find_config())
    service = SystemService(config)

    system_disable = config.config["drakmon"].get("system_disable", "1")

    if system_disable == "1":
        service.log.info("Refusing to start, system_disable=1 is set in config.ini")
        return

    bucket_name = config.minio_config["bucket"]

    service.log.info("Verifying bucket existence...")
    minio = get_minio_helper(config)
    if not minio.bucket_exists(bucket_name):
        service.log.info("Bucket %s is missing. Creating new one...", bucket_name)
        minio.make_bucket(bucket_name)

    service.loop()
Esempio n. 7
0
def main():
    conf_path = os.path.join(ETC_DIR, "config.ini")
    conf = Config(conf_path)

    if not conf.config.get('minio', 'access_key').strip():
        logging.warning(
            f"Detected blank value for minio access_key in {conf_path}. "
            "This service may not work properly.")

    try:
        identity = conf.config.get('drakrun', 'identity')
    except NoOptionError:
        pass
    else:
        DrakrunKarton.identity = identity
        logging.warning(f"Overriding identity to: {identity}")

    c = DrakrunKarton(conf)
    c.init_drakrun()
    c.loop()
Esempio n. 8
0
def main():
    conf = Config(find_config())
    processor = AnalysisProcessor(conf, REGISTERED_PLUGINS)
    processor.loop()
Esempio n. 9
0
from tempfile import NamedTemporaryFile

import requests

from flask import Flask, jsonify, request, send_file, redirect, send_from_directory, Response, abort
from karton2 import Config, Producer, Resource, Task
from minio.error import NoSuchKey
from datetime import datetime
from time import mktime

from drakcore.system import SystemService
from drakcore.util import find_config


app = Flask(__name__, static_folder='frontend/build/static')
conf = Config(find_config())

drakmon_cfg = {k: v for k, v in conf.config.items("drakmon")}

rs = SystemService(conf).rs
minio = SystemService(conf).minio


@app.after_request
def add_header(response):
    response.headers['Access-Control-Allow-Origin'] = '*'
    return response


@app.route("/list")
def route_list():
Esempio n. 10
0
class DrakrunAnalysisConsumer(Karton):
    identity = "karton.drakrun.archiver"
    filters = [{"type": "analysis", "kind": "drakrun"}]

    def process(self):
        tmp_dir = tempfile.mkdtemp(prefix="drakrun")
        analysis_uid = self.current_task.payload['analysis_uid']

        self.log.info(f"Storing analysis {analysis_uid} into {tmp_dir}")

        for name, resource in self.current_task.iterate_resources():
            resource.download_to_file(os.path.join(tmp_dir, name))

        with open(os.path.join(tmp_dir, "procmon.log"), "r") as f:
            self.log.info(
                f"First 10 lines of procmon output for analysis {self.current_task.uid}"
            )

            for obj in map(json.loads, f.read().split('\n')[:10]):
                self.log.info(obj)


if __name__ == "__main__":
    parser = argparse.ArgumentParser(
        description='Exemplary DRAKVUF Sandbox analysis consumer')
    args = parser.parse_args()

    conf = Config(os.path.join(os.path.dirname(__file__), "config.ini"))
    c = DrakrunAnalysisConsumer(conf)
    c.loop()