def __init__(self, configFile, identifier='default', sync_frequency=15.0, logging_dest='/dev/log', realm='global', scale=None, actorsRoot=None): self._stopEvent = gevent.event.Event() self._logger = None self._log_level = logging.INFO self._log_dest = logging_dest self._realm = realm self._initLogging(self._log_level, logging_dest) self._threads = gevent.pool.Group() self._owner = 'beach.patrol/%s' % (identifier, ) self._mutex = BoundedSemaphore(value=1) self._entries = OrderedDict() self._freq = sync_frequency self._updateFreq = 60 * 60 self._patrolHash = None self._patrolUrl = None self._isMonitored = False self._originalTtl = None self._beach = Beach(configFile, realm=realm) self._scale = scale self._actorsRoot = actorsRoot if self._actorsRoot is not None and not self._actorsRoot.endswith('/'): self._actorsRoot += '/'
def __init__(self, configFile, identifier='default', sync_frequency=15.0, logging_dest='/dev/log', realm='global', scale=None, actorsRoot=None): self._stopEvent = gevent.event.Event() self._logger = None self._log_level = logging.INFO self._log_dest = logging_dest self._realm = realm self._initLogging(self._log_level, logging_dest) self._threads = gevent.pool.Group() self._owner = 'beach.patrol/%s' % (identifier, ) self._entries = OrderedDict() self._watch = {} self._freq = sync_frequency self._beach = Beach(configFile, realm=realm) self._scale = scale self._actorsRoot = actorsRoot if self._actorsRoot is not None and not self._actorsRoot.endswith('/'): self._actorsRoot += '/'
def init( self, parameters, resources ): self.beach_api = Beach( self._beach_config_path, realm = 'hcp' ) self.db = CassDb( parameters[ 'db' ], 'hcp_analytics' ) self.audit = self.getActorHandle( resources[ 'auditing' ], timeout = 30, nRetries = 3 ) self.admin = self.getActorHandle( resources[ 'admin' ], timeout = 30, nRetries = 3 ) self.sensorDir = self.getActorHandle( resources[ 'sensordir' ], timeout = 30, nRetries = 3 ) self.genDefaultsIfNotPresent() isSuccess, _oid = self.get_global_config( None ) if isSuccess: self.admin_oid = uuid.UUID( str( _oid[ 'global/admin_oid' ] ) ) else: self.admin_oid = None self.handle( 'get_global_config', self.get_global_config ) self.handle( 'get_org_config', self.get_org_config ) self.handle( 'set_config', self.set_config ) self.handle( 'deploy_org', self.deploy_org ) self.handle( 'get_c2_cert', self.get_c2_cert ) self.handle( 'get_root_cert', self.get_root_cert ) self.handle( 'update_profile', self.update_profile ) self.handle( 'get_profiles', self.get_profiles ) self.handle( 'get_supported_events', self.get_supported_events ) self.handle( 'get_capabilities', self.get_capabilities ) self.handle( 'get_quick_detects', self.get_quick_detects ) self.handle( 'del_sensor', self.del_sensor ) self.handle( 'refresh_all_installers', self.refresh_all_installers ) self.handle( 'set_installer_info', self.set_installer_info ) self.handle( 'del_installer', self.del_installer ) self.metricsUrl = resources.get( 'metrics_url', 'https://limacharlie.io/metrics/opensource' ) self.schedule( ( 60 * 60 ) + random.randint( 0, 60 * 60 ) , self.sendMetricsIfEnabled )
def __init__(self, beach_config, token, timeout=1000 * 10): self.token = token self.beach = Beach(beach_config, realm='hcp') self.vHandle = self.beach.getActorHandle( 'c2/admin/1.0', ident='cli/955f6e63-9119-4ba6-a969-84b38bfbcc05', timeout=timeout, nRetries=3)
def beach_cluster(request): global beach global h_hostmanager h_hostmanager = subprocess.Popen([ 'python', '-m', 'beach.hostmanager', os.path.join(curFileDir, 'simple.yaml'), '--log-level', '10' ]) beach = Beach(os.path.join(curFileDir, 'simple.yaml'), realm='global') def beach_teardown(): global beach global h_hostmanager beach.close() h_hostmanager.send_signal(signal.SIGQUIT) assert (0 == h_hostmanager.wait()) request.addfinalizer(beach_teardown)
dest='is_display_responses', help='if specified, all actor responses will be displayed') args = parser.parse_args() print("Launching LimaCharlie Appliance Test") printStep('BASE PLATFORM') if 0 == os.system('cqlsh %s -e "desc keyspaces" > /dev/null 2>&1' % getLocalIp()): printSuccess("Cassandra is running.") else: printFailure("Cassandra doesn't seem to be running.") BEACH = Beach(BEACH_CONFIG, 'hcp') resp = BEACH.getClusterHealth() if 0 != len(resp) and resp.values()[0] is not None: printSuccess('Beach cluster is running with %d node(s).' % len(resp)) else: printFailure("Beach cluster doesn't seem to be running.") if 0 == os.system( 'ps -elf | grep -E ".*endpoint_proxy.*" | grep -v grep > /dev/null' ): printSuccess('Sensor proxy is running.') else: printFailure("Sensor proxy doesn't seem to be running.") if 0 == os.system(
import json import yaml import time # Adding the beach lib directory relatively for this example curFileDir = os.path.dirname(os.path.abspath(__file__)) sys.path.append(os.path.join(curFileDir, '..', '..')) from beach.beach_api import Beach from beach.utils import _getIpv4ForIface print("Connecting to example beach.") # Note that we usually would not need to add the extraTmpSeedNode parameter in production # since your config file would be populated. Here to keep the config file simple and # portable we add our IP manually to operate in single-node mode. beach = Beach(os.path.join(curFileDir, 'simple.yaml'), realm='global') print("Creating ping actor in random beach node.") a1 = beach.addActor('Ping', 'pingers') print(json.dumps(a1, indent=4)) print("Creating pong actor in random beach node.") a2 = beach.addActor('Pong', 'pongers') print(json.dumps(a2, indent=4)) print("Idling for a few seconds...") time.sleep(30) print("Querying for beach directory.") d = beach.getDirectory() print(json.dumps(d, indent=4))
os.chdir(os.path.dirname(os.path.abspath(__file__))) urls = (r'/', 'Index', r'/dashboard', 'Dashboard', r'/sensor', 'Sensor', r'/search', 'Search', r'/sensor_state', 'SensorState', r'/timeline', 'Timeline', r'/objsearch', 'ObjSearch', r'/obj', 'ObjViewer', r'/lastevents', 'LastEvents', r'/event', 'EventView', r'/hostobjects', 'HostObjects', r'/detects_data', 'JsonDetects', r'/detects', 'ViewDetects', r'/detect', 'ViewDetect') web.config.debug = False app = web.application(urls, globals()) render = web.template.render('templates', base='base', globals={ 'json': json, 'tsToTime': tsToTime }) if len(sys.argv) < 2: print("Usage: python app.py beach_config [listen_port]") sys.exit() beach = Beach(sys.argv[1], realm='hcp') del (sys.argv[1]) model = beach.getActorHandle('models', nRetries=3, timeout=30, ident='lc/0bf01f7e-62bd-4cc4-9fec-4c52e82eb903') app.run()
import os import sys from beach.beach_api import Beach import logging REPO_ROOT = os.path.join( os.path.dirname( os.path.abspath( __file__ ) ), '..', '..' ) if 1 < len( sys.argv ): BEACH_CONFIG_FILE = os.path.abspath( sys.argv[ 1 ] ) else: BEACH_CONFIG_FILE = os.path.join( os.path.dirname( os.path.abspath( __file__ ) ), 'sample_cluster.yaml' ) beach = Beach( BEACH_CONFIG_FILE, realm = 'hcp' ) ####################################### # BeaconProcessor # This actor will process incoming # beacons from the sensors. # Parameters: # state_db: these are the connection # details for the mysql database # used to store the low-importance # data tracked at runtime. # _priv_key: the C2 private key. # task_back_timeout: the number of # seconds to wait during each # beacon to give a chance to any # detects to generate tasks for # the sensor to process right away. ####################################### print( beach.addActor( 'c2/BeaconProcessor',
g_metrics = info print("Done processing metris.") def periodicUpdate(): while True: updateMetrics() gevent.sleep(SEC_PER_GEN) ############################################################################### # BOILER PLATE ############################################################################### urls = (r'/', 'Index', r'/info', 'GetClusterInfo') web.config.debug = False app = web.application(urls, globals()) render = web.template.render('%s/templates/' % g_current_dir, globals={}) if len(sys.argv) < 2: print("Dashboard takes single argument: cluster config file.") sys.exit() beach = Beach(sys.argv[-1]) sys.argv.pop() os.chdir(g_current_dir) gevent.spawn(periodicUpdate) app.run()
def init(self, parameters, resources): self.beach_api = Beach(self._beach_config_path, realm='hcp') self.handle('reg_detect', self.handleRegDetect) self.handle('reg_inv', self.handleRegInvestigation) self.handle('unreg_detect', self.handleRegDetect) self.handle('unreg_inv', self.handleUnRegInvestigation)
dest='source') parser.add_argument( '-i', '--ident', type=str, required=False, default='endpointproxy/8e7a890b-8016-4396-b012-aec73d055dd6', help='Beach identity to use to request list of endpoints.', dest='ident') parser.add_argument( '-u', '--update', type=int, required=False, default=60, help='refresh list of available endpoints every X seconds.', dest='update') arguments = parser.parse_args() currentEndpoints = Set() beach = Beach(arguments.config, realm='hcp') endpointActors = beach.getActorHandle('c2/endpoint', nRetries=3, timeout=30, ident=arguments.ident) updateEndpoints(endpointActors, arguments.update) proxy = LcEndpointProxy(arguments.source, currentEndpoints) proxy.start() gevent.wait()
def init(self, parameters): self.beach_api = Beach(parameters['beach_config'], realm='hcp') self.handle('reg_detect', self.handleRegDetect) self.handle('reg_inv', self.handleRegInvestigation) self.handle('unreg_detect', self.handleRegDetect) self.handle('unreg_inv', self.handleUnRegInvestigation)
ENABLE_GET = args.withGet if args.sslSelfSigned: if not os.path.isfile(args.sslCert) and not os.path.isfile( args.sslKey): print("Generating self-signed certs.") if 0 != os.system( 'openssl req -x509 -days 36500 -newkey rsa:4096 -keyout %s -out %s -nodes -sha256 -subj "/C=US/ST=CA/L=Mountain View/O=refractionPOINT/CN=restbridge.beach" > /dev/null 2>&1' % (args.sslKey, args.sslCert)): print("Failed to generate self-signed certificate.") if os.path.isfile(args.sslCert) and os.path.isfile(args.sslKey): print("Using SSL cert/key: %s and %s" % (args.sslCert, args.sslKey)) from web.wsgiserver import CherryPyWSGIServer CherryPyWSGIServer.ssl_certificate = args.sslCert CherryPyWSGIServer.ssl_private_key = args.sslKey else: print("No SSL cert/key at %s and %s so using normal HTTP." % (args.sslCert, args.sslKey)) urls = ( r'/(.*)', 'Bridge', ) web.config.debug = False app = web.application(urls, globals()) beach = Beach(args.configFile, realm=args.realm) handle_cache = {} os.chdir(g_current_dir) app.run()
def __init__(self, configFile, realm=None): cmd.Cmd.__init__(self) self.realm = 'global' self.updatePrompt() self.beach = Beach(configFile)
userConf = yaml.parse(f.read()) if 'config' in userConf: conf = userConf['config'] else: conf = args.config if conf is None: parser.error('no config specified and ~/.beach is not a valid config.') else: if args.req_realm is None and args.req_cat is None and args.req_cmd is None and args.req_ident is None: app = BeachShell(conf) app.cmdloop() elif args.req_realm is None or args.req_cat is None or args.req_cmd is None: parser.error('--req-* components missing to execute a request.') else: beach = Beach(conf, realm=args.req_realm) h = beach.getActorHandle(args.req_cat, ident=args.req_ident, timeout=args.req_timeout) if 0 == h.getNumAvailable(): h.close() beach.close() eprint("no actors available in category") sys.exit(1) if args.is_broadcast: futures = h.requestFromAll(args.req_cmd, data=args.req_data) else: resp = h.request(args.req_cmd, data=args.req_data) h.close()
# This will set the host as a beach node. import sys import os import json import yaml import time # Adding the beach lib directory relatively for this example curFileDir = os.path.dirname(os.path.abspath(__file__)) sys.path.append(os.path.join(curFileDir, '..', '..')) from beach.beach_api import Beach print("Connecting to example beach.") beach = Beach(os.path.join(curFileDir, 'multinode.yaml'), realm='global') print("Creating ping actor in resource beach node.") a1 = beach.addActor('Ping', 'pingers', strategy='resource') print(json.dumps(a1, indent=4)) print("Creating pong actor in affinity( pingers ) beach node.") a2 = beach.addActor('Pong', 'pongers', strategy='affinity', strategy_hint='pingers') print(json.dumps(a2, indent=4)) print("Creating pong actor in isolation.") a3 = beach.addActor('Pong', 'pongers', isIsolated=True) print(json.dumps(a3, indent=4))