def __init__(self, sample):
peekaboo_config = get_config()
ruleset_config = PeekabooRulesetConfiguration(peekaboo_config.ruleset_config)
ruleset_config.parse()
self.sample = sample
self.config = ruleset_config.get_config()
self.one_analysis_tool = OneAnalysis()
def chown2me():
""" Acquire ownership of all directories under /tmp with the prefix "amavis-". """
# TODO: Find a better solution to acquire ownership and only for the directory currently in use.
logger.debug('Invoking chown2me...')
config = get_config()
proc = subprocess.Popen(config.chown2me_exec,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
proc.wait()
if proc.returncode != 0:
logger.error('chown2me exited with code %d' % proc.returncode)
def __init__(self,
server_address,
request_handler_cls,
bind_and_activate=True):
self.config = get_config()
create_workers(self.config.worker_count)
# We can only accept 2 * worker_count connections.
self.request_queue_size = self.config.worker_count * 2
self.allow_reuse_address = True
SocketServer.ThreadingUnixStreamServer.__init__(
self,
server_address,
request_handler_cls,
bind_and_activate=bind_and_activate)
def known(config, s):
tb = traceback.extract_stack()
tb = tb[-1]
position = "%s:%s" % (tb[2], tb[1])
db = get_config().get_db_con()
if db.known(s):
sample_info = db.sample_info_fetch(s)
return RuleResult(position,
result=sample_info.get_result(),
reason=sample_info.reason,
further_analysis=False)
return RuleResult(position,
result=Result.unknown,
reason="Datei ist dem System noch nicht bekannt",
further_analysis=True)
def __init__(self, file_path, sock=None):
self.__path = file_path
self.__config = get_config()
self.__db_con = self.__config.get_db_con()
self.__meta_info = None
self.__wd = None
self.__filename = os.path.basename(self.__path)
# A symlink that points to the actual file named
# sha256sum.suffix
self.__symlink = None
self.__result = ruleset.Result.unchecked
self.__report = [] # Peekaboo's own report
self.__socket = sock
# Additional attributes for a sample object (e. g. meta info)
self.__attributes = {}
self.initialized = False
self.meta_info_loaded = False
def submit_to_cuckoo(sample):
"""
Submit a file or directory to Cuckoo for behavioural analysis.
:param sample: Path to a file or a directory.
:return: The job ID used by Cuckoo to identify this analysis task.
"""
config = get_config()
try:
proc = config.cuckoo_submit
proc.append(sample)
p = subprocess.Popen(proc,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
p.wait()
except Exception as e:
raise CuckooAnalysisFailedException(e)
if not p.returncode == 0:
# TODO: tell opponent on socket that file has not been checked.
raise CuckooAnalysisFailedException(
'cuckoo submit returned a non-zero return code.')
else:
out, err = p.communicate()
logger.debug("cuckoo submit STDOUT: %s" % out)
logger.debug("cuckoo submit STDERR: %s" % err)
# process output to get job ID
patterns = list()
# Example: Success: File "/var/lib/peekaboo/.bashrc" added as task with ID #4
patterns.append(
".*Success.*: File .* added as task with ID #([0-9]*).*")
patterns.append(".*added as task with ID ([0-9]*).*")
matcher = MultiRegexMatcher(patterns)
response = out.replace("\n", "")
m = matcher.match(response)
logger.debug('Pattern %d matched.' % matcher.matched_pattern)
if m:
job_id = int(m.group(1))
return job_id
raise CuckooAnalysisFailedException(
'Unable to extract job ID from given string %s' % response)
def _parse(self):
"""
Reads the JSON report from Cuckoo and loads it into the Sample object.
"""
config = get_config()
cuckoo_report = os.path.join(
config.cuckoo_storage,
'analyses/%d/reports/report.json' % self.job_id)
if not os.path.isfile(cuckoo_report):
raise OSError('Cuckoo report not found at %s.' % cuckoo_report)
else:
logger.debug('Accessing Cuckoo report for task %d at %s ' %
(self.job_id, cuckoo_report))
self.file_path = cuckoo_report
with open(cuckoo_report) as data:
try:
report = json.load(data)
self.report = report
except ValueError as e:
logger.exception(e)
