def hive_delete(): """Delete hiveid from Mongo and salt master""" json_response = {"success": False} hive_id = request.form.get('hive_id') if not hive_id: json_response['message'] = "Missing Hive ID" else: try: # Delete Jobs PepperJobs.objects(hive=hive_id).delete() # Delete Instances for instance in Hive.honeypots: instance.delete() # Delete Hive Hive.objects(id=hive_id).delete() # Remove Key pepper_api.delete_key(hive_id) json_response['success'] = True json_response['message'] = "Hive Deleted" except Exception as err: json_response['message'] = "Error Deleting Hive: {0}".format(err) return jsonify(json_response)
def poll_instances(): """ This sets up an async salt call that is saved as a job per instance. """ for instance in HoneypotInstance.objects(): try: hive = instance.hive if hive.salt_alive: container_name = instance.honeypot.container_name pepper_job_id = pepper_api.docker_state( str(hive.id), container_name) job = PepperJobs( hive=hive, job_type="Docker State", job_id=pepper_job_id, job_short="Scheduled Docker State on {0}".format( container_name), job_description= "Scheduled task to check Docker state for honeypot \ {0} on hive {1} with instance id: {2}".format( container_name, hive.name, instance.id)) job.save() else: instance.status = "Unresponsive Hive" instance.save() except Exception as err: error_message = "Error Checking Container State: {0}".format(err) logger.error(error_message) instance.status = error_message instance.save()
def jobs_payload(job_id): single_job = PepperJobs.objects(id=job_id).first() json_response = { "valid": True, "payload": single_job.job_response } return jsonify(json_response)
def hive_test(): """Add Docker Frame""" json_response = {"success": False} hive_id = request.form.get('hive_id') frame_state_file = request.form.get('frame_state_file') frame_id = request.form.get('frame_id') if not hive_id: json_response['message'] = "Missing Hive ID" else: try: frame = Frame.objects(id=frame_id).first() hive = Hive.objects(id=hive_id).first() if hive and frame: job_id = pepper_api.apply_state(hive_id, [frame_state_file]) job = PepperJobs( hive=hive, job_type="Apply Frame", job_id=job_id, job_short="Apply {0} state".format(frame.name), job_description="Apply {0} frame state to Hive {1}".format( frame.name, hive_id)) job.save() hive.frame = frame hive.save() json_response['success'] = True json_response['message'] = "Add Frame submitted \ with JID: {0}".format(job.id) except Exception as err: json_response['message'] = "Error Adding to swarm: {0}".format(err) return jsonify(json_response)
def check_jobs(): # Get all PepperJobs not marked as complete open_jobs = PepperJobs.objects(complete=False) for job in open_jobs: hive_id = str(job['hive']['id']) api_check = pepper_api.lookup_job(job.job_id) if job.job_type == "Docker State": # We need to parse the message as details are not in the API instance_id = job.job_description.split("id: ")[-1] if api_check: try: api_response = api_check[hive_id] if 'state' in api_response: container_state = api_response['state']['new'] else: container_state = api_response job.complete = True job.job_response = container_state job.completed_at = datetime.utcnow job.save() instance = HoneypotInstance.objects(id=instance_id).first() instance.status = container_state instance.save() except Exception as err: logger.error("Salt Error: {0} {1}".format(err, api_check)) else: hive_id = str(job['hive']['id']) if api_check: job.complete = True job.job_response = json.dumps(api_check['data'][hive_id], sort_keys=True, indent=4) job.completed_at = datetime.utcnow job.save()
def jobs_poll(): json_response = {"success": False, "job_complete": False} try: job_id = request.forms.get('job_id') job = PepperJobs.objects(id=job_id) api_check = pepper_api.lookup_job(job.job_id) hive_id = str(job['hive']['id']) if api_check: job.complete = True job.job_response = json.dumps( api_check['data'][hive_id], sort_keys=True, indent=4) job.completed_at = datetime.utcnow job.save() json_response['success'] = True json_response['job_complete'] = job.complete except Exception as err: json_response['message'] = err return jsonify(json_response)
def instance_control(): json_response = {"success": False, "message": "No action taken"} instance_action = request.form.get('action') instance_id = request.form.get('instance_id') instance = HoneypotInstance.objects(id=instance_id).first() hive = instance.hive if not instance: json_response['message'] = "Unable to find valid hive or instance" return jsonify(json_response) if instance_action == "delete": # Trigger the container to close container_name = instance.honeypot.container_name remove_container = pepper_api.docker_remove(str(hive.id), container_name) if remove_container: # remove the instance from the hive honeypot list hive.update(pull__honeypots=instance) json_response["success"] = True json_response['message'] = "Removed instance of {0}".format( container_name) # Delete the instance instance.delete() hive.save() elif instance_action == "stop": container_name = instance.honeypot.container_name pepper_job_id = pepper_api.docker_control(str(hive.id), container_name, "stop") job = PepperJobs( hive=hive, job_type="Docker State", job_id=pepper_job_id, job_short="Setting Docker State on {0}".format(container_name), job_description="Setting Docker state for honeypot \ {0} on hive {1} with instance id: {2}".format( container_name, hive.name, instance.id)) job.save() json_response['success'] = True json_response[ 'message'] = "<strong>STOP</strong> requested for Honeypot \ <strong>{0}</strong> on Hive \ <strong>{1}</strong>".format( container_name, hive.name) instance.status = "Pending" elif instance_action == "start": container_name = instance.honeypot.container_name pepper_job_id = pepper_api.docker_control(str(hive.id), container_name, "start") job = PepperJobs( hive=hive, job_type="Docker State", job_id=pepper_job_id, job_short="Setting Docker State on {0}".format(container_name), job_description="Setting Docker state for honeypot \ {0} on hive {1} with instance id: {2}".format( container_name, hive.name, instance.id)) job.save() json_response['success'] = True json_response[ 'message'] = "<strong>START</strong> requested for Honeypot \ <strong>{0}</strong> on Hive \ <strong>{1}</strong>".format( container_name, hive.name) instance.status = "Pending" elif instance_action == "poll": container_name = instance.honeypot.container_name pepper_job_id = pepper_api.docker_state(str(hive.id), container_name) job = PepperJobs( hive=hive, job_type="Docker State", job_id=pepper_job_id, job_short="Checking Docker State on {0}".format(container_name), job_description="Checking Docker state for honeypot \ {0} on hive {1} with instance id: {2}".format( container_name, hive.name, instance.id)) job.save() json_response['success'] = True json_response[ 'message'] = "<strong>Checking</strong> state for Honeypot \ <strong>{0}</strong> on Hive \ <strong>{1}</strong>".format( container_name, hive.name) instance.status = "Pending" instance.save() hive.save() return jsonify(json_response)
def honeypot_deploy(honeypot_id): form_vars = request.form.to_dict() json_response = {"success": False} honeypot_details = Honeypot.objects(id=honeypot_id).first() if not honeypot_details: json_response['message'] = "Can not find honeypot" return jsonify(json_response) hive_id = request.form.get('target_hive') hive = Hive.objects(id=hive_id).first() if not hive: json_response['message'] = "Can not find Hive" return jsonify(json_response) # Does this hive have the correct frame installed if not hive.frame: json_response['message'] = "Can not find Hive" return jsonify(json_response) # Do we already have an instance of this honeypot type on this hive?# # Get it and its auth_key honeypot_instance = None for instance in hive.honeypots: if instance.honeypot.id == honeypot_details.id: honeypot_instance = instance auth_key = AuthKey.objects( identifier=str(honeypot_instance.id)).first() # Else we create an instance and a new auth_key if not honeypot_instance: # Create honeypot instance honeypot_instance = HoneypotInstance(honeypot=honeypot_details, hive=hive) honeypot_instance.save() instance_id = str(honeypot_instance.id) # Create an AuthKey auth_key = AuthKey(identifier=instance_id, secret=instance_id, publish=honeypot_details.channels) auth_key.save() instance_id = str(honeypot_instance.id) # Now add any Pillar States base_config = Config.objects.first() config_pillar = { "HIVEID": hive_id, "HONEYPOTID": honeypot_id, "INSTANCEID": instance_id, "HPFIDENT": instance_id, "HPFSECRET": instance_id, "HPFPORT": 10000, "HPFSERVER": base_config.broker_host } for field in form_vars.items(): if field[0].startswith('pillar-key'): key_id = field[0].split('-')[-1] key_name = field[1] key_value = request.form.get("pillar-value-{0}".format(key_id)) if key_name == '' or key_value == '': continue config_pillar[key_name] = key_value # update key / config and save again auth_key.save() honeypot_instance.hpfeeds = auth_key honeypot_instance.pillar = config_pillar honeypot_instance.save() # Create the job honeypot_state_file = 'honeypots/{0}/{1}'.format( honeypot_details.id, honeypot_details.honeypot_state_file) pillar_string = ", ".join( ('"{}": "{}"'.format(*i) for i in config_pillar.items())) try: job_id = pepper_api.apply_state( hive_id, [honeypot_state_file, "pillar={{{0}}}".format(pillar_string)]) hive = Hive.objects(id=hive_id).first() job = PepperJobs( hive=hive, job_id=job_id, job_type="Apply Honeypot", job_short="Apply State {0}".format(honeypot_details.name), job_description="Apply honeypot {0} to Hive {1}".format( honeypot_state_file, hive_id)) job.save() if honeypot_instance not in hive.honeypots: hive.honeypots.append(honeypot_instance) hive.save() json_response['success'] = True json_response['message'] = "Job Created with Job ID: {0}".format( str(job.id)) except Exception as err: json_response['message'] = "Error creating job: {0}".format(err) return jsonify(json_response)
def frame_deploy(frame_id): """Add Docker Frame""" form_vars = request.form.to_dict() json_response = {"success": False} hive_id = request.form.get('hive_id') frame_state_file = request.form.get('frame_state_file') frame_id = request.form.get('frame_id') frame_details = Frame.objects(id=frame_id).first() if not frame_details: json_response['message'] = "Can not find honeypot" hive_id = request.form.get('target_hive') hive = Hive.objects(id=hive_id).first() if not hive: json_response['message'] = "Can not find Hive" config_pillar = { "HIVEID": hive_id, "FRAMEID": frame_id } # Now add any Pillar States for field in form_vars.items(): if field[0].startswith('pillar-key'): key_id = field[0].split('-')[-1] key_name = field[1] key_value = request.form.get("pillar-value-{0}".format(key_id)) if key_name == '' or key_value == '': continue config_pillar[key_name] = key_value frame_state_file = 'frames/{0}/{1}'.format( frame_details.id, frame_details.frame_state_path ) pillar_string = ", ".join( ('"{}": "{}"'.format(*i) for i in config_pillar.items()) ) try: job_id = pepper_api.apply_state( hive_id, [ frame_state_file, "pillar={{{0}}}".format(pillar_string) ] ) hive = Hive.objects(id=hive_id).first() job = PepperJobs( hive=hive, job_id=job_id, job_type="Apply Frame", job_short="Apply State {0}".format(frame_details.name), job_description="Apply frame {0} to Hive {1}".format( frame_details, hive_id) ) job.save() hive.frame = frame_details hive.save() json_response['success'] = True json_response['message'] = "Job Created with Job ID: {0}".format( str(job.id) ) except Exception as err: json_response['message'] = "Error creating job: {0}".format(err) return jsonify(json_response)
def jobs_paginate(): # Used to check for query strings # for k, v in request.form.items(): # print(k, v) draw = request.form.get("draw") start_offset = int(request.form.get("start")) per_page = int(request.form.get("length")) # Calculate the correct page number start_offset = start_offset + per_page start_page = int(start_offset / per_page) # print(start_offset, start_page, per_page) # Check for a column sort order_by = request.form.get("order[0][column]") order_direction = request.form.get("order[0][dir]") if order_direction == "asc": direction = "+" else: direction = "-" column = [ "show_more", "hive_id", "job_type", "job_short", "created_at", "completed_at" ][int(order_by)] # Default sort if order_by == "0": order_string = "-created_at" else: order_string = "{0}{1}".format(direction, column) job_rows = PepperJobs.objects().order_by( order_string).paginate( page=start_page, per_page=per_page ) job_count = job_rows.total # This should be how many matched a search. If no search then total rows filtered_records = job_count # Collect all the rows together data_rows = [] for row in job_rows.items: try: single_row = { "DT_RowId": str(row.id), "hive_id": str(row.hive.name), "job_type": row.job_type, "job_short": row.job_short, "created_at": row.created_at, "completed_at": row.completed_at, "job_id": str(row.id) } data_rows.append(single_row) except Exception as err: error_message = "Error getting jobs: {0}".format(err) current_app.logger.error(error_message) print(error_message) continue # Final Json to return json_results = { "draw": draw, "recordsTotal": job_count, "recordsFiltered": filtered_records, "data": data_rows } return jsonify(json_results)