def __init__(self, cfg): self.config = cfg # Broker Configuration bcfg = broker.Configuration() # (Optional) SSL Configuration if cfg.BrokerSSLCAFile: bcfg.openssl_cafile = cfg.BrokerSSLCAFile # Path to CA file if cfg.BrokerSSLCAPath: bcfg.openssl_capath = cfg.BrokerSSLCAPath # Path to directory with CA files if cfg.BrokerSSLCertificate: bcfg.openssl_certificate = cfg.BrokerSSLCertificate # Own certificate if cfg.BrokerSSLKeyFile: bcfg.openssl_key = cfg.BrokerSSLKeyFile # Own key self.endpoint = broker.Endpoint(bcfg) # Status Subscriber self.status_queue = self.endpoint.make_status_subscriber(True) # Message Subscribers self.log_queue = self.endpoint.make_subscriber("logs") self.file_queue = self.endpoint.make_subscriber("files") self.elastic = get_instance(self.config.ElasticIP, self.config.ElasticPort)
def run( config: DynaBox, logging: DynaBox, inq: JoinableQueue, subscribe_callback: Callable, unsubscribe_callback: Callable, ): global logger, workers logger = threatbus.logger.setup(logging, __name__) assert plugin_name in config, f"Cannot find configuration for {plugin_name} plugin" config = config[plugin_name] broker_opts = broker.BrokerOptions() broker_opts.forward = False ep = broker.Endpoint(broker.Configuration(broker_opts)) ep.listen(config.host, config.port) workers.append( SubscriptionManager(config.module_namespace, ep, subscribe_callback, unsubscribe_callback)) workers.append(BrokerReceiver(config.module_namespace, ep, inq)) workers.append(BrokerPublisher(config.module_namespace, ep)) for w in workers: w.start() logger.info("Zeek plugin started")
def run(config, logging, inq, subscribe_callback, unsubscribe_callback): logger = threatbus.logger.setup(logging, __name__) config = config[plugin_name] try: validate_config(config) except Exception as e: logger.fatal("Invalid config for plugin {}: {}".format(plugin_name, str(e))) host, port, namespace = ( config["host"].get(), config["port"].get(), config["module_namespace"].get(), ) broker_opts = broker.BrokerOptions() broker_opts.forward = False ep = broker.Endpoint(broker.Configuration(broker_opts)) ep.listen(host, port) logger.info(f"Broker: endpoint listening - {host}:{port}") threading.Thread( target=listen, args=(logger, namespace, ep, inq), daemon=True ).start() threading.Thread( target=manage, args=(logger, namespace, ep, subscribe_callback, unsubscribe_callback), daemon=True, ).start() threading.Thread(target=publish, args=(logger, namespace, ep), daemon=True).start() logger.info("Zeek plugin started")
def run( config: Subview, logging: Subview, inq: JoinableQueue, subscribe_callback: Callable, unsubscribe_callback: Callable, ): global logger, workers logger = threatbus.logger.setup(logging, __name__) config = config[plugin_name] try: validate_config(config) except Exception as e: logger.fatal("Invalid config for plugin {}: {}".format( plugin_name, str(e))) host, port, namespace = ( config["host"].get(), config["port"].get(), config["module_namespace"].get(), ) broker_opts = broker.BrokerOptions() broker_opts.forward = False ep = broker.Endpoint(broker.Configuration(broker_opts)) ep.listen(host, port) workers.append( SubscriptionManager(namespace, ep, subscribe_callback, unsubscribe_callback)) workers.append(BrokerReceiver(namespace, ep, inq)) workers.append(BrokerPublisher(namespace, ep)) for w in workers: w.start() logger.info("Zeek plugin started")
def test_ssl_auth_failure_no_ssl(self): cfg1 = broker.Configuration(broker.BrokerOptions()) cfg1.openssl_certificate = data_path("cert.1.pem") cfg1.openssl_key = data_path("key.1.pem") cfg1.openssl_cafile = data_path("ca.pem") cfg2 = broker.Configuration(broker.BrokerOptions()) with broker.Endpoint(cfg1) as ep1, \ broker.Endpoint(cfg2) as ep2: port = ep1.listen("127.0.0.1", 0) r = ep2.peer("127.0.0.1", port, 0) self.assertEqual(r, False) with broker.Endpoint(cfg2) as ep1, \ broker.Endpoint(cfg1) as ep2: port = ep1.listen("127.0.0.1", 0) r = ep2.peer("127.0.0.1", port, 0) self.assertEqual(r, False)
def test_ssl_auth_success_self_signed(self): cfg = broker.Configuration(broker.BrokerOptions()) cfg.openssl_certificate = data_path("cert.self-signed.pem") cfg.openssl_key = data_path("key.self-signed.pem") cfg.openssl_cafile = data_path("cert.self-signed.pem") with broker.Endpoint(cfg) as ep1, \ broker.Endpoint(cfg) as ep2, \ ep1.make_subscriber("/test") as s1, \ ep2.make_subscriber("/test") as s2: port = ep1.listen("127.0.0.1", 0) r = ep2.peer("127.0.0.1", port, 0) self.assertEqual(r, True) self.check_ping(ep1, s1, ep2, s2)
def XXXtest_ssl_auth_failure_ca_pw(self): cfg = broker.Configuration(broker.BrokerOptions()) cfg.openssl_certificate = data_path("cert.1.pem") cfg.openssl_key = data_path("key.1.enc.pem") cfg.openssl_cafile = data_path("ca.pem") cfg.openssl_passphrase = "WRONG PASSWORD" with broker.Endpoint(cfg) as ep1, \ broker.Endpoint(cfg) as ep2: port = ep1.listen("127.0.0.1", 0) # TODO: This correctly generates an exception in CAF, for which I # don't know where to catch it. r = ep2.peer("127.0.0.1", port, 0) self.assertEqual(r, False)
def cfg(opts): return broker.Configuration(opts) if opts else broker.Configuration( broker.BrokerOptions())
class BrokerEndpoint: """ The BrokerEndpoint is for the transmission of Broker messages. You can send and retrieve messages here. """ # Broker Endpoint bcfg = broker.Configuration() if Config.broker.ssl_ca_file: bcfg.openssl_cafile = Config.broker.ssl_ca_file # Path to CA file if Config.broker.ssl_ca_path: bcfg.openssl_capath = Config.broker.ssl_ca_path # Path to directory with CA files if Config.broker.ssl_certificate: bcfg.openssl_certificate = Config.broker.ssl_certificate # Own certificate if Config.broker.ssl_key_file: bcfg.openssl_key = Config.broker.ssl_key_file # Own key endpoint = broker.Endpoint(bcfg) # Status Subscriber status_queue = endpoint.make_status_subscriber(True) # Subscribe to management commands command_queue = endpoint.make_subscriber("commands") # peering objects. needed for unpeering peerings = [0, 0, None] @staticmethod def getStatusMessages(): for st in BrokerEndpoint.status_queue.poll(): # Error if type(st) == broker.Error: yield "[Broker Error] {}".format(st) # Status elif type(st) == broker.Status: yield "[Broker Status] {}".format(st) else: raise RuntimeError("Unknown Broker Status Type") @staticmethod def getCommandMessages(): """ Gets a message from the command message_queue :return: Broker Message """ return BrokerEndpoint.command_queue.poll() @staticmethod def sendLogs(message): """ Sends a Broker message containing a JSON string. :param message: message to publish """ index = "honeygrove-" + datetime.today().strftime('%Y-%m') BrokerEndpoint.endpoint.publish("logs", {index: message}) @staticmethod def listen(ip, port): """ Listen on ip:port :param ip: string :param port: int """ p = BrokerEndpoint.endpoint.listen(ip, port) if p == 0: raise RuntimeError( "Unable to listen on Broker port {}".format(port)) return p @staticmethod def peer(ip, port): """ Peer to given ip:port :param ip: string :param port: int """ if [ip, port] != BrokerEndpoint.peerings[0:2]: if BrokerEndpoint.peerings[0] != 0: BrokerEndpoint.unPeer(BrokerEndpoint.peerings[2]) obj = BrokerEndpoint.endpoint.peer_nosync(ip, port) BrokerEndpoint.peerings = [ip, port, obj] @staticmethod def unPeer(peeringObj=None): """ unpeering to given port/ip :param peeringObj: peering objekt """ if peeringObj is None: BrokerEndpoint.endpoint.unpeer(BrokerEndpoint.peerings[2]) else: BrokerEndpoint.endpoint.unpeer(peeringObj) @staticmethod def sendMessageToTopic(topic, msg): """ Sends a Broker Message to a given topic :param topic: string with topic :param msg: can be str, int, double """ BrokerEndpoint.endpoint.publish(topic, msg) @staticmethod def sendFile(filepath): """ Sends a file to the file topic :param filepath: path to the file """ with open(str(filepath), "rb") as file: content = file.read() b64content = base64.b64encode(content) BrokerEndpoint.endpoint.publish( "files", b64content.decode(encoding="utf-8"))