def hive_delete():
"""Delete hiveid from Mongo and salt master"""
json_response = {"success": False}
hive_id = request.form.get('hive_id')
if not hive_id:
json_response['message'] = "Missing Hive ID"
else:
try:
# Delete Jobs
PepperJobs.objects(hive=hive_id).delete()
# Delete Instances
for instance in Hive.honeypots:
instance.delete()
# Delete Hive
Hive.objects(id=hive_id).delete()
# Remove Key
pepper_api.delete_key(hive_id)
json_response['success'] = True
json_response['message'] = "Hive Deleted"
except Exception as err:
json_response['message'] = "Error Deleting Hive: {0}".format(err)
return jsonify(json_response)
def poll_instances():
"""
This sets up an async salt call that is saved as a job per instance.
"""
for instance in HoneypotInstance.objects():
try:
hive = instance.hive
if hive.salt_alive:
container_name = instance.honeypot.container_name
pepper_job_id = pepper_api.docker_state(
str(hive.id), container_name)
job = PepperJobs(
hive=hive,
job_type="Docker State",
job_id=pepper_job_id,
job_short="Scheduled Docker State on {0}".format(
container_name),
job_description=
"Scheduled task to check Docker state for honeypot \
{0} on hive {1} with instance id: {2}".format(
container_name, hive.name, instance.id))
job.save()
else:
instance.status = "Unresponsive Hive"
instance.save()
except Exception as err:
error_message = "Error Checking Container State: {0}".format(err)
logger.error(error_message)
instance.status = error_message
instance.save()
def jobs_payload(job_id):
single_job = PepperJobs.objects(id=job_id).first()
json_response = {
"valid": True,
"payload": single_job.job_response
}
return jsonify(json_response)
def hive_test():
"""Add Docker Frame"""
json_response = {"success": False}
hive_id = request.form.get('hive_id')
frame_state_file = request.form.get('frame_state_file')
frame_id = request.form.get('frame_id')
if not hive_id:
json_response['message'] = "Missing Hive ID"
else:
try:
frame = Frame.objects(id=frame_id).first()
hive = Hive.objects(id=hive_id).first()
if hive and frame:
job_id = pepper_api.apply_state(hive_id, [frame_state_file])
job = PepperJobs(
hive=hive,
job_type="Apply Frame",
job_id=job_id,
job_short="Apply {0} state".format(frame.name),
job_description="Apply {0} frame state to Hive {1}".format(
frame.name, hive_id))
job.save()
hive.frame = frame
hive.save()
json_response['success'] = True
json_response['message'] = "Add Frame submitted \
with JID: {0}".format(job.id)
except Exception as err:
json_response['message'] = "Error Adding to swarm: {0}".format(err)
return jsonify(json_response)
def check_jobs():
# Get all PepperJobs not marked as complete
open_jobs = PepperJobs.objects(complete=False)
for job in open_jobs:
hive_id = str(job['hive']['id'])
api_check = pepper_api.lookup_job(job.job_id)
if job.job_type == "Docker State":
# We need to parse the message as details are not in the API
instance_id = job.job_description.split("id: ")[-1]
if api_check:
try:
api_response = api_check[hive_id]
if 'state' in api_response:
container_state = api_response['state']['new']
else:
container_state = api_response
job.complete = True
job.job_response = container_state
job.completed_at = datetime.utcnow
job.save()
instance = HoneypotInstance.objects(id=instance_id).first()
instance.status = container_state
instance.save()
except Exception as err:
logger.error("Salt Error: {0} {1}".format(err, api_check))
else:
hive_id = str(job['hive']['id'])
if api_check:
job.complete = True
job.job_response = json.dumps(api_check['data'][hive_id],
sort_keys=True,
indent=4)
job.completed_at = datetime.utcnow
job.save()
def jobs_poll():
json_response = {"success": False, "job_complete": False}
try:
job_id = request.forms.get('job_id')
job = PepperJobs.objects(id=job_id)
api_check = pepper_api.lookup_job(job.job_id)
hive_id = str(job['hive']['id'])
if api_check:
job.complete = True
job.job_response = json.dumps(
api_check['data'][hive_id],
sort_keys=True, indent=4)
job.completed_at = datetime.utcnow
job.save()
json_response['success'] = True
json_response['job_complete'] = job.complete
except Exception as err:
json_response['message'] = err
return jsonify(json_response)
def instance_control():
json_response = {"success": False, "message": "No action taken"}
instance_action = request.form.get('action')
instance_id = request.form.get('instance_id')
instance = HoneypotInstance.objects(id=instance_id).first()
hive = instance.hive
if not instance:
json_response['message'] = "Unable to find valid hive or instance"
return jsonify(json_response)
if instance_action == "delete":
# Trigger the container to close
container_name = instance.honeypot.container_name
remove_container = pepper_api.docker_remove(str(hive.id),
container_name)
if remove_container:
# remove the instance from the hive honeypot list
hive.update(pull__honeypots=instance)
json_response["success"] = True
json_response['message'] = "Removed instance of {0}".format(
container_name)
# Delete the instance
instance.delete()
hive.save()
elif instance_action == "stop":
container_name = instance.honeypot.container_name
pepper_job_id = pepper_api.docker_control(str(hive.id), container_name,
"stop")
job = PepperJobs(
hive=hive,
job_type="Docker State",
job_id=pepper_job_id,
job_short="Setting Docker State on {0}".format(container_name),
job_description="Setting Docker state for honeypot \
{0} on hive {1} with instance id: {2}".format(
container_name, hive.name, instance.id))
job.save()
json_response['success'] = True
json_response[
'message'] = "<strong>STOP</strong> requested for Honeypot \
<strong>{0}</strong> on Hive \
<strong>{1}</strong>".format(
container_name, hive.name)
instance.status = "Pending"
elif instance_action == "start":
container_name = instance.honeypot.container_name
pepper_job_id = pepper_api.docker_control(str(hive.id), container_name,
"start")
job = PepperJobs(
hive=hive,
job_type="Docker State",
job_id=pepper_job_id,
job_short="Setting Docker State on {0}".format(container_name),
job_description="Setting Docker state for honeypot \
{0} on hive {1} with instance id: {2}".format(
container_name, hive.name, instance.id))
job.save()
json_response['success'] = True
json_response[
'message'] = "<strong>START</strong> requested for Honeypot \
<strong>{0}</strong> on Hive \
<strong>{1}</strong>".format(
container_name, hive.name)
instance.status = "Pending"
elif instance_action == "poll":
container_name = instance.honeypot.container_name
pepper_job_id = pepper_api.docker_state(str(hive.id), container_name)
job = PepperJobs(
hive=hive,
job_type="Docker State",
job_id=pepper_job_id,
job_short="Checking Docker State on {0}".format(container_name),
job_description="Checking Docker state for honeypot \
{0} on hive {1} with instance id: {2}".format(
container_name, hive.name, instance.id))
job.save()
json_response['success'] = True
json_response[
'message'] = "<strong>Checking</strong> state for Honeypot \
<strong>{0}</strong> on Hive \
<strong>{1}</strong>".format(
container_name, hive.name)
instance.status = "Pending"
instance.save()
hive.save()
return jsonify(json_response)
def honeypot_deploy(honeypot_id):
form_vars = request.form.to_dict()
json_response = {"success": False}
honeypot_details = Honeypot.objects(id=honeypot_id).first()
if not honeypot_details:
json_response['message'] = "Can not find honeypot"
return jsonify(json_response)
hive_id = request.form.get('target_hive')
hive = Hive.objects(id=hive_id).first()
if not hive:
json_response['message'] = "Can not find Hive"
return jsonify(json_response)
# Does this hive have the correct frame installed
if not hive.frame:
json_response['message'] = "Can not find Hive"
return jsonify(json_response)
# Do we already have an instance of this honeypot type on this hive?#
# Get it and its auth_key
honeypot_instance = None
for instance in hive.honeypots:
if instance.honeypot.id == honeypot_details.id:
honeypot_instance = instance
auth_key = AuthKey.objects(
identifier=str(honeypot_instance.id)).first()
# Else we create an instance and a new auth_key
if not honeypot_instance:
# Create honeypot instance
honeypot_instance = HoneypotInstance(honeypot=honeypot_details,
hive=hive)
honeypot_instance.save()
instance_id = str(honeypot_instance.id)
# Create an AuthKey
auth_key = AuthKey(identifier=instance_id,
secret=instance_id,
publish=honeypot_details.channels)
auth_key.save()
instance_id = str(honeypot_instance.id)
# Now add any Pillar States
base_config = Config.objects.first()
config_pillar = {
"HIVEID": hive_id,
"HONEYPOTID": honeypot_id,
"INSTANCEID": instance_id,
"HPFIDENT": instance_id,
"HPFSECRET": instance_id,
"HPFPORT": 10000,
"HPFSERVER": base_config.broker_host
}
for field in form_vars.items():
if field[0].startswith('pillar-key'):
key_id = field[0].split('-')[-1]
key_name = field[1]
key_value = request.form.get("pillar-value-{0}".format(key_id))
if key_name == '' or key_value == '':
continue
config_pillar[key_name] = key_value
# update key / config and save again
auth_key.save()
honeypot_instance.hpfeeds = auth_key
honeypot_instance.pillar = config_pillar
honeypot_instance.save()
# Create the job
honeypot_state_file = 'honeypots/{0}/{1}'.format(
honeypot_details.id, honeypot_details.honeypot_state_file)
pillar_string = ", ".join(
('"{}": "{}"'.format(*i) for i in config_pillar.items()))
try:
job_id = pepper_api.apply_state(
hive_id,
[honeypot_state_file, "pillar={{{0}}}".format(pillar_string)])
hive = Hive.objects(id=hive_id).first()
job = PepperJobs(
hive=hive,
job_id=job_id,
job_type="Apply Honeypot",
job_short="Apply State {0}".format(honeypot_details.name),
job_description="Apply honeypot {0} to Hive {1}".format(
honeypot_state_file, hive_id))
job.save()
if honeypot_instance not in hive.honeypots:
hive.honeypots.append(honeypot_instance)
hive.save()
json_response['success'] = True
json_response['message'] = "Job Created with Job ID: {0}".format(
str(job.id))
except Exception as err:
json_response['message'] = "Error creating job: {0}".format(err)
return jsonify(json_response)
def frame_deploy(frame_id):
"""Add Docker Frame"""
form_vars = request.form.to_dict()
json_response = {"success": False}
hive_id = request.form.get('hive_id')
frame_state_file = request.form.get('frame_state_file')
frame_id = request.form.get('frame_id')
frame_details = Frame.objects(id=frame_id).first()
if not frame_details:
json_response['message'] = "Can not find honeypot"
hive_id = request.form.get('target_hive')
hive = Hive.objects(id=hive_id).first()
if not hive:
json_response['message'] = "Can not find Hive"
config_pillar = {
"HIVEID": hive_id,
"FRAMEID": frame_id
}
# Now add any Pillar States
for field in form_vars.items():
if field[0].startswith('pillar-key'):
key_id = field[0].split('-')[-1]
key_name = field[1]
key_value = request.form.get("pillar-value-{0}".format(key_id))
if key_name == '' or key_value == '':
continue
config_pillar[key_name] = key_value
frame_state_file = 'frames/{0}/{1}'.format(
frame_details.id, frame_details.frame_state_path
)
pillar_string = ", ".join(
('"{}": "{}"'.format(*i) for i in config_pillar.items())
)
try:
job_id = pepper_api.apply_state(
hive_id,
[
frame_state_file,
"pillar={{{0}}}".format(pillar_string)
]
)
hive = Hive.objects(id=hive_id).first()
job = PepperJobs(
hive=hive,
job_id=job_id,
job_type="Apply Frame",
job_short="Apply State {0}".format(frame_details.name),
job_description="Apply frame {0} to Hive {1}".format(
frame_details, hive_id)
)
job.save()
hive.frame = frame_details
hive.save()
json_response['success'] = True
json_response['message'] = "Job Created with Job ID: {0}".format(
str(job.id)
)
except Exception as err:
json_response['message'] = "Error creating job: {0}".format(err)
return jsonify(json_response)
def jobs_paginate():
# Used to check for query strings
# for k, v in request.form.items():
# print(k, v)
draw = request.form.get("draw")
start_offset = int(request.form.get("start"))
per_page = int(request.form.get("length"))
# Calculate the correct page number
start_offset = start_offset + per_page
start_page = int(start_offset / per_page)
# print(start_offset, start_page, per_page)
# Check for a column sort
order_by = request.form.get("order[0][column]")
order_direction = request.form.get("order[0][dir]")
if order_direction == "asc":
direction = "+"
else:
direction = "-"
column = [
"show_more",
"hive_id",
"job_type",
"job_short",
"created_at",
"completed_at"
][int(order_by)]
# Default sort
if order_by == "0":
order_string = "-created_at"
else:
order_string = "{0}{1}".format(direction, column)
job_rows = PepperJobs.objects().order_by(
order_string).paginate(
page=start_page,
per_page=per_page
)
job_count = job_rows.total
# This should be how many matched a search. If no search then total rows
filtered_records = job_count
# Collect all the rows together
data_rows = []
for row in job_rows.items:
try:
single_row = {
"DT_RowId": str(row.id),
"hive_id": str(row.hive.name),
"job_type": row.job_type,
"job_short": row.job_short,
"created_at": row.created_at,
"completed_at": row.completed_at,
"job_id": str(row.id)
}
data_rows.append(single_row)
except Exception as err:
error_message = "Error getting jobs: {0}".format(err)
current_app.logger.error(error_message)
print(error_message)
continue
# Final Json to return
json_results = {
"draw": draw,
"recordsTotal": job_count,
"recordsFiltered": filtered_records,
"data": data_rows
}
return jsonify(json_results)