def test_get_json_by_time(self):
plugin_cfg_path = os.getenv("RECCE7_PLUGIN_CONFIG") or "config/plugins.cfg"
global_cfg_path = os.getenv("RECCE7_GLOBAL_CONFIG") or "config/global.cfg"
global_config = GlobalConfig(plugin_cfg_path, global_cfg_path, True)
global_config.read_global_config()
global_config.read_plugin_config()
test_start_date = datetime.datetime(1999, month=12, day=31, hour=23, minute=59, second=59)
# successes = 0
# fails = 0
for count in range(0, 2):
if count == 0:
portnumber = 8082
elif count == 1:
portnumber = 8083
else:
portnumber = 8023
for x in range(0, 500):
d = datetime.timedelta(weeks=x)
query_date = test_start_date + d
query_date_iso = query_date.isoformat()
tableName = global_config.get_plugin_config(portnumber)["table"]
query_string = "SELECT * FROM %s where (eventDateTime >= '%s')" % (tableName, query_date_iso)
json_query = DatabaseHandler().query_db(query_string, db="TestDB.sqlite")
for y in range(0, len(json_query) - 1):
date = json_query[y].get("eventDateTime")
self.assertGreaterEqual(date, query_date_iso)
class DatabaseHandler:
def __init__(self):
self.global_config = GlobalConfig()
self.db_path = self.global_config['Database']['path']
self.log = Logger().get('reportserver.dao.DatabaseHandler.DatabaseHandler')
# Connect to given database.
# Defaults to the honeypot db, but another path can be passed in (mainly for testing).
# Database needs to exist first.
def connect(self, database_name):
if (database_name == None):
database_name = self.db_path
if not os.path.exists(database_name):
self.log.error("Database does not exist in path: " + database_name)
return None
try:
conn = sqlite3.connect(database_name)
except sqlite3.OperationalError as oe:
self.log.error("****Problem connecting to database*** at: " + database_name)
self.log.error(oe)
else:
return conn
# Query DB and return JSON
def query_db(self, query, args=(), one=False, db=None):
#print ("#debug args are: " +str(args))
cur = self.connect(db).cursor()
cur.execute(query, args)
r = [dict((cur.description[i][0], value) \
for i, value in enumerate(row)) for row in cur.fetchall()]
cur.connection.close()
return (r[0] if r else None) if one else r
# Unit of Measure could be "weeks", "days", "hours", "minutes".
# Return all data from the DB within that measure of time as JSON.
def get_json_by_time(self, portnumber, uom, units):
begin_date_iso = dateTimeUtility.get_begin_date_iso(uom, units)
tableName = self.global_config.get_plugin_config(portnumber)['table']
date_time_field = self.global_config.get_db_datetime_name()
# query = query_db("SELECT * FROM %s where (datetime > '%s')" % (tableName, query_date_iso))
queryString = "SELECT * FROM %s where %s >= '%s' order by id, %s" % (tableName, date_time_field, begin_date_iso, date_time_field)
#args = (tableName, date_time_field, begin_date_iso)
self.log.info("queryString is: " + str(queryString))
#print ("args to use: " + str(args))
results = self.query_db(queryString)
self.log.debug("results: " + str(results))
return results
class IpsManager:
# Ips Manager: calls necessary managers and utilities to generate parameters for sql.
#
validPortNumbers = ()
def __init__(self):
self.g_config = GlobalConfig()
self.valid_port_numbers = self.g_config.get_ports()
self.date_time_field = self.g_config.get_db_datetime_name()
self.log = Logger().get('reportserver.manager.IpsManager.py')
def get_data(self, ipaddress, uom, unit):
self.log.info("Retrieving ipaddress data: " + str(ipaddress) + " uom: " + uom + " size: " + str(unit))
port_data = []
for port in self.valid_port_numbers:
results = self.get_json_by_ip(port, ipaddress, uom, unit)
items = utilities.process_data(results)
port_data.append({port:items})
port_json = {
'ipaddress': str(ipaddress),
'timespan': uom + "=" + str(unit),
'ports':port_data
}
return port_json
def get_json_by_ip(self, portnumber, ipaddress, uom, units):
begin_date_iso = dateTimeUtility.get_begin_date_iso(uom, units)
table_name = self.g_config.get_plugin_config(portnumber)['table']
date_time_field = self.g_config.get_db_datetime_name()
# query = query_db("SELECT * FROM %s where (datetime > '%s')" % (tableName, query_date_iso))
queryString = "SELECT * FROM %s where %s >= '%s' and peerAddress = '%s' order by id, %s" % (
table_name, date_time_field, begin_date_iso, ipaddress, date_time_field)
# args = (tableName, date_time_field, begin_date_iso)
self.log.info("queryString is: " + str(queryString))
# print ("args to use: " + str(args))
results = DatabaseHandler().query_db(queryString)
self.log.debug("results: " + str(results))
return results
class _Framework:
def __init__(self, plugin_cfg_path, global_cfg_path):
self._global_config = GlobalConfig(plugin_cfg_path, global_cfg_path)
self._plugin_imports = {}
self._listener_list= {}
self._running_plugins_list = []
self._data_manager = None
self._shutting_down = False
self._log = None
self._pid = os.getpid()
def start(self):
self.set_shutdown_hook()
print('Press Ctrl+C to exit.')
if not self.drop_permissions():
return
self._global_config.read_global_config()
self.start_logging()
self._global_config.read_plugin_config()
self._data_manager = DataManager()
self._data_manager.start()
self.start_listeners()
def start_logging(self):
log_path = self._global_config['Framework']['logName']
log_level = self._global_config['Framework']['logLevel']
self._log = Logger(log_path, log_level).get('framework.frmwork.Framework')
self._log.info('RECCE7 started (PID %d)' % self._pid)
@staticmethod
def drop_permissions():
if os.getuid() != 0:
return True
dist_name = os.getenv('RECCE7_OS_DIST')
users_dict = {
'centos': ('nobody', 'nobody'),
'debian': ('nobody', 'nogroup')
}
if dist_name not in users_dict:
print(
'Unable to lower permission level - not continuing as\n'
'superuser. Please set the environment variable\n'
'RECCE7_OS_DIST to one of:\n\tcentos\n\tdebian\n'
'or rerun as a non-superuser.')
return False
lowperm_user = users_dict[dist_name]
nobody_uid = pwd.getpwnam(lowperm_user[0]).pw_uid
nogroup_gid = grp.getgrnam(lowperm_user[1]).gr_gid
os.setgroups([])
os.setgid(nogroup_gid)
os.setuid(nobody_uid)
os.umask(0o077)
return True
def create_import_entry(self, port, name, clsname):
imp = import_module('plugins.' + name)
self._plugin_imports[port] = getattr(imp, clsname)
def start_listeners(self):
ports = self._global_config.get_ports()
for port in ports:
plugin_config = self._global_config.get_plugin_config(port)
module = plugin_config['module']
clsname = plugin_config['moduleClass']
self.create_import_entry(port, module, clsname)
address = self._global_config['Framework']['listeningAddress']
listener = NetworkListener(address, plugin_config, self)
listener.start()
self._listener_list[port] = listener
def set_shutdown_hook(self):
signal.signal(signal.SIGINT, self.shutdown)
def shutdown(self, *args):
self._shutting_down = True
self._log.debug('Shutting down network listeners')
for listener in self._listener_list.values():
listener.shutdown()
self._log.debug('Shutting down plugins')
for plugin in self._running_plugins_list:
plugin.shutdown()
self._log.debug('Shutting down data manager')
self._data_manager.shutdown()
print('Goodbye!')
#
# Framework API
#
def get_config(self, port):
"""
Returns the configuration dictionary for the plugin
running on the specified port.
:param port: a port number associated with a loaded plugin
:return: a plugin configuration dictionary
"""
return self._global_config.get_plugin_config(port)
def spawn(self, socket, config):
"""
Spawns the plugin configured by 'config' with the provided
(accepted) socket.
:param socket: an open, accepted socket returned by
socket.accept()
:param config: the plugin configuration dictionary describing
the plugin to spawn
:return: a reference to the plugin that was spawned
"""
# ToDo Throw exception if plugin class not found
plugin_class = self._plugin_imports[config['port']]
plugin = plugin_class(socket, config, self)
plugin.start()
self._running_plugins_list.append(plugin)
return plugin
def insert_data(self, data):
"""
Inserts the provided data into the data queue so that it can
be pushed to the database.
:param data: data object to add to the database
"""
self._data_manager.insert_data(data)
def plugin_stopped(self, plugin):
"""
Tells the framework that the specified plugin has stopped
running and doesn't need to be shutdown explicitly on program
exit.
:param plugin: a reference to a plugin
"""
if self._shutting_down:
return
self._running_plugins_list.remove(plugin)
