def test_get_json_by_time(self): plugin_cfg_path = os.getenv("RECCE7_PLUGIN_CONFIG") or "config/plugins.cfg" global_cfg_path = os.getenv("RECCE7_GLOBAL_CONFIG") or "config/global.cfg" global_config = GlobalConfig(plugin_cfg_path, global_cfg_path, True) global_config.read_global_config() global_config.read_plugin_config() test_start_date = datetime.datetime(1999, month=12, day=31, hour=23, minute=59, second=59) # successes = 0 # fails = 0 for count in range(0, 2): if count == 0: portnumber = 8082 elif count == 1: portnumber = 8083 else: portnumber = 8023 for x in range(0, 500): d = datetime.timedelta(weeks=x) query_date = test_start_date + d query_date_iso = query_date.isoformat() tableName = global_config.get_plugin_config(portnumber)["table"] query_string = "SELECT * FROM %s where (eventDateTime >= '%s')" % (tableName, query_date_iso) json_query = DatabaseHandler().query_db(query_string, db="TestDB.sqlite") for y in range(0, len(json_query) - 1): date = json_query[y].get("eventDateTime") self.assertGreaterEqual(date, query_date_iso)
class DatabaseHandler: def __init__(self): self.global_config = GlobalConfig() self.db_path = self.global_config['Database']['path'] self.log = Logger().get('reportserver.dao.DatabaseHandler.DatabaseHandler') # Connect to given database. # Defaults to the honeypot db, but another path can be passed in (mainly for testing). # Database needs to exist first. def connect(self, database_name): if (database_name == None): database_name = self.db_path if not os.path.exists(database_name): self.log.error("Database does not exist in path: " + database_name) return None try: conn = sqlite3.connect(database_name) except sqlite3.OperationalError as oe: self.log.error("****Problem connecting to database*** at: " + database_name) self.log.error(oe) else: return conn # Query DB and return JSON def query_db(self, query, args=(), one=False, db=None): #print ("#debug args are: " +str(args)) cur = self.connect(db).cursor() cur.execute(query, args) r = [dict((cur.description[i][0], value) \ for i, value in enumerate(row)) for row in cur.fetchall()] cur.connection.close() return (r[0] if r else None) if one else r # Unit of Measure could be "weeks", "days", "hours", "minutes". # Return all data from the DB within that measure of time as JSON. def get_json_by_time(self, portnumber, uom, units): begin_date_iso = dateTimeUtility.get_begin_date_iso(uom, units) tableName = self.global_config.get_plugin_config(portnumber)['table'] date_time_field = self.global_config.get_db_datetime_name() # query = query_db("SELECT * FROM %s where (datetime > '%s')" % (tableName, query_date_iso)) queryString = "SELECT * FROM %s where %s >= '%s' order by id, %s" % (tableName, date_time_field, begin_date_iso, date_time_field) #args = (tableName, date_time_field, begin_date_iso) self.log.info("queryString is: " + str(queryString)) #print ("args to use: " + str(args)) results = self.query_db(queryString) self.log.debug("results: " + str(results)) return results
class IpsManager: # Ips Manager: calls necessary managers and utilities to generate parameters for sql. # validPortNumbers = () def __init__(self): self.g_config = GlobalConfig() self.valid_port_numbers = self.g_config.get_ports() self.date_time_field = self.g_config.get_db_datetime_name() self.log = Logger().get('reportserver.manager.IpsManager.py') def get_data(self, ipaddress, uom, unit): self.log.info("Retrieving ipaddress data: " + str(ipaddress) + " uom: " + uom + " size: " + str(unit)) port_data = [] for port in self.valid_port_numbers: results = self.get_json_by_ip(port, ipaddress, uom, unit) items = utilities.process_data(results) port_data.append({port:items}) port_json = { 'ipaddress': str(ipaddress), 'timespan': uom + "=" + str(unit), 'ports':port_data } return port_json def get_json_by_ip(self, portnumber, ipaddress, uom, units): begin_date_iso = dateTimeUtility.get_begin_date_iso(uom, units) table_name = self.g_config.get_plugin_config(portnumber)['table'] date_time_field = self.g_config.get_db_datetime_name() # query = query_db("SELECT * FROM %s where (datetime > '%s')" % (tableName, query_date_iso)) queryString = "SELECT * FROM %s where %s >= '%s' and peerAddress = '%s' order by id, %s" % ( table_name, date_time_field, begin_date_iso, ipaddress, date_time_field) # args = (tableName, date_time_field, begin_date_iso) self.log.info("queryString is: " + str(queryString)) # print ("args to use: " + str(args)) results = DatabaseHandler().query_db(queryString) self.log.debug("results: " + str(results)) return results
class _Framework: def __init__(self, plugin_cfg_path, global_cfg_path): self._global_config = GlobalConfig(plugin_cfg_path, global_cfg_path) self._plugin_imports = {} self._listener_list= {} self._running_plugins_list = [] self._data_manager = None self._shutting_down = False self._log = None self._pid = os.getpid() def start(self): self.set_shutdown_hook() print('Press Ctrl+C to exit.') if not self.drop_permissions(): return self._global_config.read_global_config() self.start_logging() self._global_config.read_plugin_config() self._data_manager = DataManager() self._data_manager.start() self.start_listeners() def start_logging(self): log_path = self._global_config['Framework']['logName'] log_level = self._global_config['Framework']['logLevel'] self._log = Logger(log_path, log_level).get('framework.frmwork.Framework') self._log.info('RECCE7 started (PID %d)' % self._pid) @staticmethod def drop_permissions(): if os.getuid() != 0: return True dist_name = os.getenv('RECCE7_OS_DIST') users_dict = { 'centos': ('nobody', 'nobody'), 'debian': ('nobody', 'nogroup') } if dist_name not in users_dict: print( 'Unable to lower permission level - not continuing as\n' 'superuser. Please set the environment variable\n' 'RECCE7_OS_DIST to one of:\n\tcentos\n\tdebian\n' 'or rerun as a non-superuser.') return False lowperm_user = users_dict[dist_name] nobody_uid = pwd.getpwnam(lowperm_user[0]).pw_uid nogroup_gid = grp.getgrnam(lowperm_user[1]).gr_gid os.setgroups([]) os.setgid(nogroup_gid) os.setuid(nobody_uid) os.umask(0o077) return True def create_import_entry(self, port, name, clsname): imp = import_module('plugins.' + name) self._plugin_imports[port] = getattr(imp, clsname) def start_listeners(self): ports = self._global_config.get_ports() for port in ports: plugin_config = self._global_config.get_plugin_config(port) module = plugin_config['module'] clsname = plugin_config['moduleClass'] self.create_import_entry(port, module, clsname) address = self._global_config['Framework']['listeningAddress'] listener = NetworkListener(address, plugin_config, self) listener.start() self._listener_list[port] = listener def set_shutdown_hook(self): signal.signal(signal.SIGINT, self.shutdown) def shutdown(self, *args): self._shutting_down = True self._log.debug('Shutting down network listeners') for listener in self._listener_list.values(): listener.shutdown() self._log.debug('Shutting down plugins') for plugin in self._running_plugins_list: plugin.shutdown() self._log.debug('Shutting down data manager') self._data_manager.shutdown() print('Goodbye!') # # Framework API # def get_config(self, port): """ Returns the configuration dictionary for the plugin running on the specified port. :param port: a port number associated with a loaded plugin :return: a plugin configuration dictionary """ return self._global_config.get_plugin_config(port) def spawn(self, socket, config): """ Spawns the plugin configured by 'config' with the provided (accepted) socket. :param socket: an open, accepted socket returned by socket.accept() :param config: the plugin configuration dictionary describing the plugin to spawn :return: a reference to the plugin that was spawned """ # ToDo Throw exception if plugin class not found plugin_class = self._plugin_imports[config['port']] plugin = plugin_class(socket, config, self) plugin.start() self._running_plugins_list.append(plugin) return plugin def insert_data(self, data): """ Inserts the provided data into the data queue so that it can be pushed to the database. :param data: data object to add to the database """ self._data_manager.insert_data(data) def plugin_stopped(self, plugin): """ Tells the framework that the specified plugin has stopped running and doesn't need to be shutdown explicitly on program exit. :param plugin: a reference to a plugin """ if self._shutting_down: return self._running_plugins_list.remove(plugin)