From f004d81d3be9ff40830efb66c200a7a6552d72d0 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 9 Feb 2015 18:43:30 -0700 Subject: extract method to convert the event hash. --- app/workers/event_intake.rb | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/app/workers/event_intake.rb b/app/workers/event_intake.rb index 79be810..a4cbf67 100644 --- a/app/workers/event_intake.rb +++ b/app/workers/event_intake.rb @@ -5,11 +5,16 @@ class EventIntake from_queue "worker.events" def work(event_json) - logger.info event_json - json = JSON.parse(event_json) - json['type'] = json['type'].capitalize - event = Event.create!(json) - logger.info("Create Event: #{event.id}") + logger.info(event_json) + Event.create!(to_hash(event_json)) ack! end + + private + + def to_hash(json) + JSON.parse(json).tap do |event| + event['type'].capitalize! + end + end end -- cgit v1.2.3 From 72a1483c8f546fae6c93dcdf91cfd47c37bc2f90 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 9 Feb 2015 18:54:32 -0700 Subject: use agent registration to endpoint for registering fake agent. --- lib/fake_agent.rb | 11 +++++++++-- lib/tasks/agent.rake | 12 ++++++------ 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/lib/fake_agent.rb b/lib/fake_agent.rb index a3b4002..f5ce3db 100644 --- a/lib/fake_agent.rb +++ b/lib/fake_agent.rb @@ -2,13 +2,20 @@ require 'socket' class FakeAgent include PacketFu + DEFAULT_ENDPOINT='http://localhost:3000' attr_reader :id, :endpoint - def initialize(id, endpoint) - @id = id + def initialize(endpoint = DEFAULT_ENDPOINT) @endpoint = endpoint end + def register + url = "#{endpoint}/agents.json" + response = Typhoeus.post(url, body: { agent: { hostname: Socket.gethostname } }) + json = JSON.parse(response.body) + @id = json["id"] + end + def watch(directory) listener = Listen.to(directory, debug: true) do |modified, added, removed| publish_event(:modified, modified) diff --git a/lib/tasks/agent.rake b/lib/tasks/agent.rake index 1857454..482cd77 100644 --- a/lib/tasks/agent.rake +++ b/lib/tasks/agent.rake @@ -1,24 +1,24 @@ namespace :agent do require 'fake_agent' - ENDPOINT='http://localhost:3000' desc "watch all files" task watch: :environment do - agent = FakeAgent.new(Agent.first.id, ENDPOINT) + agent = FakeAgent.new + agent.register agent.watch(Dir.pwd) end desc "scan directory" task scan: :environment do - agent = FakeAgent.new(Agent.first.id, ENDPOINT) + agent = FakeAgent.new + agent.register agent.scan(Dir.pwd) end desc "scan network traffic" task :nfm do - id = Agent.first.id - agent = FakeAgent.new(id, ENDPOINT) - + agent = FakeAgent.new + agent.register agent.packet_capture('eth0') end end -- cgit v1.2.3 From 594d37bb40f3e3e0f15553383cf2a305d4d6742e Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 9 Feb 2015 19:43:03 -0700 Subject: extract api. --- app/controllers/agents/files_controller.rb | 28 ----------- app/controllers/agents_controller.rb | 58 ++++++---------------- app/controllers/api/agents/events_controller.rb | 19 +++++++ app/controllers/api/agents/files_controller.rb | 21 ++++++++ app/controllers/api/agents_controller.rb | 15 ++++++ app/controllers/dispositions_controller.rb | 42 ++++------------ app/models/agent.rb | 2 +- app/models/event.rb | 1 + app/views/agents/files/index.json.jbuilder | 4 -- app/views/agents/files/show.json.jbuilder | 6 --- app/views/agents/index.json.jbuilder | 4 -- app/views/agents/show.json.jbuilder | 1 - app/views/api/agents/create.json.jbuilder | 1 + app/views/api/agents/files/index.json.jbuilder | 4 ++ app/views/api/agents/files/show.json.jbuilder | 6 +++ app/views/api/agents/index.json.jbuilder | 4 ++ app/views/dispositions/index.json.jbuilder | 4 -- app/views/dispositions/show.json.jbuilder | 1 - config/routes.rb | 7 +++ .../20150204042612_add_agent_id_to_events.rb | 3 +- db/schema.rb | 4 +- lib/fake_agent.rb | 11 ++-- 22 files changed, 117 insertions(+), 129 deletions(-) delete mode 100644 app/controllers/agents/files_controller.rb create mode 100644 app/controllers/api/agents/events_controller.rb create mode 100644 app/controllers/api/agents/files_controller.rb create mode 100644 app/controllers/api/agents_controller.rb delete mode 100644 app/views/agents/files/index.json.jbuilder delete mode 100644 app/views/agents/files/show.json.jbuilder delete mode 100644 app/views/agents/index.json.jbuilder delete mode 100644 app/views/agents/show.json.jbuilder create mode 100644 app/views/api/agents/create.json.jbuilder create mode 100644 app/views/api/agents/files/index.json.jbuilder create mode 100644 app/views/api/agents/files/show.json.jbuilder create mode 100644 app/views/api/agents/index.json.jbuilder delete mode 100644 app/views/dispositions/index.json.jbuilder delete mode 100644 app/views/dispositions/show.json.jbuilder diff --git a/app/controllers/agents/files_controller.rb b/app/controllers/agents/files_controller.rb deleted file mode 100644 index 0f493fb..0000000 --- a/app/controllers/agents/files_controller.rb +++ /dev/null @@ -1,28 +0,0 @@ -module Agents - class FilesController < ApplicationController - before_action :load_agent - before_action do - request.format = :json - end - - def index - end - - def show - @fingerprint = params[:id] - @file = Disposition.find_by(fingerprint: params[:id]) - message = { - agent_id: params[:id], - type: :lookup, - data: params[:data] - } - Publisher.publish("events.scanned.#{@agent.id}", message) - end - - private - - def load_agent - @agent = Agent.find(params[:agent_id]) - end - end -end diff --git a/app/controllers/agents_controller.rb b/app/controllers/agents_controller.rb index a76a7ae..4acef9d 100644 --- a/app/controllers/agents_controller.rb +++ b/app/controllers/agents_controller.rb @@ -1,74 +1,48 @@ class AgentsController < ApplicationController - before_action :set_agent, only: [:show, :edit, :update, :destroy] - - # GET /agents - # GET /agents.json def index @agents = Agent.all end - # GET /agents/1 - # GET /agents/1.json def show + @agent = Agent.find(params[:id]) end - # GET /agents/new def new @agent = Agent.new end - # GET /agents/1/edit def edit + @agent = Agent.find(params[:id]) end - # POST /agents - # POST /agents.json def create @agent = Agent.new(agent_params) - respond_to do |format| - if @agent.save - format.html { redirect_to @agent, notice: 'Agent was successfully created.' } - format.json { render :show, status: :created, location: @agent } - else - format.html { render :new } - format.json { render json: @agent.errors, status: :unprocessable_entity } - end + if @agent.save + redirect_to @agent, notice: 'Agent was successfully created.' + else + render :new end end - # PATCH/PUT /agents/1 - # PATCH/PUT /agents/1.json def update - respond_to do |format| - if @agent.update(agent_params) - format.html { redirect_to @agent, notice: 'Agent was successfully updated.' } - format.json { render :show, status: :ok, location: @agent } - else - format.html { render :edit } - format.json { render json: @agent.errors, status: :unprocessable_entity } - end + @agent = Agent.find(params[:id]) + if @agent.update(agent_params) + redirect_to @agent, notice: 'Agent was successfully updated.' + else + render :edit end end - # DELETE /agents/1 - # DELETE /agents/1.json def destroy + @agent = Agent.find(params[:id]) @agent.destroy - respond_to do |format| - format.html { redirect_to agents_url, notice: 'Agent was successfully destroyed.' } - format.json { head :no_content } - end + redirect_to agents_url, notice: 'Agent was successfully destroyed.' end private - # Use callbacks to share common setup or constraints between actions. - def set_agent - @agent = Agent.find(params[:id]) - end - # Never trust parameters from the scary internet, only allow the white list through. - def agent_params - params.require(:agent).permit(:hostname) - end + def agent_params + params.require(:agent).permit(:hostname) + end end diff --git a/app/controllers/api/agents/events_controller.rb b/app/controllers/api/agents/events_controller.rb new file mode 100644 index 0000000..255a5bc --- /dev/null +++ b/app/controllers/api/agents/events_controller.rb @@ -0,0 +1,19 @@ +module Api + module Agents + class EventsController < ApplicationController + def create + @agent = Agent.find(params[:agent_id]) + message = event_params.merge({agent_id: @agent.id}) + routing_key = "events.#{event_params[:type]}.#{@agent.id}" + Publisher.publish(routing_key, message) + render nothing: true + end + + private + + def event_params + params[:event] + end + end + end +end diff --git a/app/controllers/api/agents/files_controller.rb b/app/controllers/api/agents/files_controller.rb new file mode 100644 index 0000000..fd7410c --- /dev/null +++ b/app/controllers/api/agents/files_controller.rb @@ -0,0 +1,21 @@ +module Api + module Agents + class FilesController < ApplicationController + before_action do + request.format = :json + end + + def show + @agent = Agent.find(params[:agent_id]) + @fingerprint = params[:id] + @file = Disposition.find_by(fingerprint: params[:id]) + message = { + agent_id: params[:id], + type: :lookup, + data: params[:data] + } + Publisher.publish("events.scanned.#{@agent.id}", message) + end + end + end +end diff --git a/app/controllers/api/agents_controller.rb b/app/controllers/api/agents_controller.rb new file mode 100644 index 0000000..16174b1 --- /dev/null +++ b/app/controllers/api/agents_controller.rb @@ -0,0 +1,15 @@ +module Api + class AgentsController < ApplicationController + #before_action do + #request.format = :json + #end + + def create + @agent = Agent.create!(agent_params) + end + + def agent_params + params.require(:agent).permit(:hostname) + end + end +end diff --git a/app/controllers/dispositions_controller.rb b/app/controllers/dispositions_controller.rb index 116b7bb..17f8657 100644 --- a/app/controllers/dispositions_controller.rb +++ b/app/controllers/dispositions_controller.rb @@ -1,68 +1,46 @@ class DispositionsController < ApplicationController before_action :set_disposition, only: [:show, :edit, :update, :destroy] - # GET /dispositions - # GET /dispositions.json def index @dispositions = Disposition.all end - # GET /dispositions/1 - # GET /dispositions/1.json def show end - # GET /dispositions/new def new @disposition = Disposition.new @states = Disposition.states end - # GET /dispositions/1/edit def edit @states = Disposition.states end - # POST /dispositions - # POST /dispositions.json def create fingerprint = disposition_params[:fingerprint] Publisher.publish("commands.poke.#{fingerprint}", disposition_params) - respond_to do |format| - format.html { redirect_to dispositions_path, notice: 'Disposition was successfully created.' } - format.json { head :no_content } - end + redirect_to dispositions_path, notice: 'Disposition was successfully created.' end - # PATCH/PUT /dispositions/1 - # PATCH/PUT /dispositions/1.json def update Publisher.publish("poke", disposition_params) - respond_to do |format| - format.html { redirect_to dispositions_path, notice: 'Disposition was successfully updated.' } - format.json { head :no_content } - end + redirect_to dispositions_path, notice: 'Disposition was successfully updated.' end - # DELETE /dispositions/1 - # DELETE /dispositions/1.json def destroy @disposition.destroy - respond_to do |format| - format.html { redirect_to dispositions_url, notice: 'Disposition was successfully destroyed.' } - format.json { head :no_content } - end + redirect_to dispositions_url, notice: 'Disposition was successfully destroyed.' end private - # Use callbacks to share common setup or constraints between actions. - def set_disposition - @disposition = Disposition.find_by(fingerprint: params[:id]) - end - # Never trust parameters from the scary internet, only allow the white list through. - def disposition_params - params.require(:disposition).permit(:fingerprint, :state) - end + def set_disposition + @disposition = Disposition.find_by(fingerprint: params[:id]) + end + + def disposition_params + params.require(:disposition).permit(:fingerprint, :state) + end end diff --git a/app/models/agent.rb b/app/models/agent.rb index e5832da..d33a970 100644 --- a/app/models/agent.rb +++ b/app/models/agent.rb @@ -1,3 +1,3 @@ class Agent < ActiveRecord::Base - has_many :events + has_many :events, dependent: :destroy end diff --git a/app/models/event.rb b/app/models/event.rb index 3e55383..0377c25 100644 --- a/app/models/event.rb +++ b/app/models/event.rb @@ -1,3 +1,4 @@ class Event < ActiveRecord::Base belongs_to :agent + validates_presence_of :agent end diff --git a/app/views/agents/files/index.json.jbuilder b/app/views/agents/files/index.json.jbuilder deleted file mode 100644 index 6551a44..0000000 --- a/app/views/agents/files/index.json.jbuilder +++ /dev/null @@ -1,4 +0,0 @@ -json.array!(@files) do |file| - json.extract! agent, :fingerprint, :state - json.url agent_file_url([agent, file], format: :json) -end diff --git a/app/views/agents/files/show.json.jbuilder b/app/views/agents/files/show.json.jbuilder deleted file mode 100644 index 8c6f501..0000000 --- a/app/views/agents/files/show.json.jbuilder +++ /dev/null @@ -1,6 +0,0 @@ -if @file - json.extract! @file, :fingerprint, :state -else - json.fingerprint @fingerprint - json.state "unknown" -end diff --git a/app/views/agents/index.json.jbuilder b/app/views/agents/index.json.jbuilder deleted file mode 100644 index 65f6f60..0000000 --- a/app/views/agents/index.json.jbuilder +++ /dev/null @@ -1,4 +0,0 @@ -json.array!(@agents) do |agent| - json.extract! agent, :id, :hostname - json.url agent_url(agent, format: :json) -end diff --git a/app/views/agents/show.json.jbuilder b/app/views/agents/show.json.jbuilder deleted file mode 100644 index f156cb0..0000000 --- a/app/views/agents/show.json.jbuilder +++ /dev/null @@ -1 +0,0 @@ -json.extract! @agent, :id, :hostname, :created_at, :updated_at diff --git a/app/views/api/agents/create.json.jbuilder b/app/views/api/agents/create.json.jbuilder new file mode 100644 index 0000000..f156cb0 --- /dev/null +++ b/app/views/api/agents/create.json.jbuilder @@ -0,0 +1 @@ +json.extract! @agent, :id, :hostname, :created_at, :updated_at diff --git a/app/views/api/agents/files/index.json.jbuilder b/app/views/api/agents/files/index.json.jbuilder new file mode 100644 index 0000000..6551a44 --- /dev/null +++ b/app/views/api/agents/files/index.json.jbuilder @@ -0,0 +1,4 @@ +json.array!(@files) do |file| + json.extract! agent, :fingerprint, :state + json.url agent_file_url([agent, file], format: :json) +end diff --git a/app/views/api/agents/files/show.json.jbuilder b/app/views/api/agents/files/show.json.jbuilder new file mode 100644 index 0000000..8c6f501 --- /dev/null +++ b/app/views/api/agents/files/show.json.jbuilder @@ -0,0 +1,6 @@ +if @file + json.extract! @file, :fingerprint, :state +else + json.fingerprint @fingerprint + json.state "unknown" +end diff --git a/app/views/api/agents/index.json.jbuilder b/app/views/api/agents/index.json.jbuilder new file mode 100644 index 0000000..65f6f60 --- /dev/null +++ b/app/views/api/agents/index.json.jbuilder @@ -0,0 +1,4 @@ +json.array!(@agents) do |agent| + json.extract! agent, :id, :hostname + json.url agent_url(agent, format: :json) +end diff --git a/app/views/dispositions/index.json.jbuilder b/app/views/dispositions/index.json.jbuilder deleted file mode 100644 index d4350e1..0000000 --- a/app/views/dispositions/index.json.jbuilder +++ /dev/null @@ -1,4 +0,0 @@ -json.array!(@dispositions) do |disposition| - json.extract! disposition, :fingerprint, :state - json.url disposition_url(disposition, format: :json) -end diff --git a/app/views/dispositions/show.json.jbuilder b/app/views/dispositions/show.json.jbuilder deleted file mode 100644 index 7046781..0000000 --- a/app/views/dispositions/show.json.jbuilder +++ /dev/null @@ -1 +0,0 @@ -json.extract! @disposition, :fingerprint, :state diff --git a/config/routes.rb b/config/routes.rb index ae0a4cb..9092e9b 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -4,6 +4,13 @@ Rails.application.routes.draw do resources :files, only: [:index, :show], controller: 'agents/files' end + namespace :api do + resources :agents, only: [:create] do + resources :events, only: [:create], controller: 'agents/events' + resources :files, only: [:show], controller: 'agents/files' + end + end + resources :dispositions root 'agents#index' end diff --git a/db/migrate/20150204042612_add_agent_id_to_events.rb b/db/migrate/20150204042612_add_agent_id_to_events.rb index 40b4125..957473e 100644 --- a/db/migrate/20150204042612_add_agent_id_to_events.rb +++ b/db/migrate/20150204042612_add_agent_id_to_events.rb @@ -1,5 +1,6 @@ class AddAgentIdToEvents < ActiveRecord::Migration def change - add_reference :events, :agent, index: true + add_column :events, :agent_id, :uuid, null: false + add_index :events, :agent_id end end diff --git a/db/schema.rb b/db/schema.rb index d62cc41..2621851 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -30,12 +30,14 @@ ActiveRecord::Schema.define(version: 20150207194524) do t.datetime "updated_at", null: false end + add_index "dispositions", ["fingerprint"], name: "index_dispositions_on_fingerprint", unique: true, using: :btree + create_table "events", id: :uuid, default: "uuid_generate_v4()", force: :cascade do |t| t.string "type" t.json "data" t.datetime "created_at", null: false t.datetime "updated_at", null: false - t.integer "agent_id" + t.uuid "agent_id", null: false end add_index "events", ["agent_id"], name: "index_events_on_agent_id", using: :btree diff --git a/lib/fake_agent.rb b/lib/fake_agent.rb index f5ce3db..ecc9e47 100644 --- a/lib/fake_agent.rb +++ b/lib/fake_agent.rb @@ -10,8 +10,7 @@ class FakeAgent end def register - url = "#{endpoint}/agents.json" - response = Typhoeus.post(url, body: { agent: { hostname: Socket.gethostname } }) + response = Typhoeus.post(registration_url, body: { agent: { hostname: Socket.gethostname } }) json = JSON.parse(response.body) @id = json["id"] end @@ -113,10 +112,14 @@ class FakeAgent end def file_query_url(fingerprint) - "#{endpoint}/agents/#{id}/files/#{fingerprint}" + "#{endpoint}/api/agents/#{id}/files/#{fingerprint}" end def event_url - "#{endpoint}/agents/#{id}/events/" + "#{endpoint}/api/agents/#{id}/events/" + end + + def registration_url + "#{endpoint}/api/agents" end end -- cgit v1.2.3 From 9061437f38cd7d4775fc4599e8c557fda9ed4743 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 9 Feb 2015 19:56:17 -0700 Subject: add lograge. --- Gemfile | 1 + Gemfile.lock | 5 +++++ config/application.rb | 1 + 3 files changed, 7 insertions(+) diff --git a/Gemfile b/Gemfile index 812b7f0..f45e50c 100644 --- a/Gemfile +++ b/Gemfile @@ -24,6 +24,7 @@ gem 'jbuilder', '~> 2.0' gem 'sdoc', '~> 0.4.0', group: :doc gem 'typhoeus' gem 'listen' +gem 'lograge' # Use ActiveModel has_secure_password # gem 'bcrypt', '~> 3.1.7' diff --git a/Gemfile.lock b/Gemfile.lock index 709cd85..cc375da 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -94,6 +94,10 @@ GEM celluloid (>= 0.15.2) rb-fsevent (>= 0.9.3) rb-inotify (>= 0.9) + lograge (0.3.1) + actionpack (>= 3) + activesupport (>= 3) + railties (>= 3) loofah (2.0.1) nokogiri (>= 1.5.9) mail (2.6.3) @@ -213,6 +217,7 @@ DEPENDENCIES jbuilder (~> 2.0) jquery-rails listen + lograge packetfu pcaprub pg diff --git a/config/application.rb b/config/application.rb index a4c3856..8ffec33 100644 --- a/config/application.rb +++ b/config/application.rb @@ -30,5 +30,6 @@ module Malwer # Do not swallow errors in after_commit/after_rollback callbacks. config.active_record.raise_in_transactional_callbacks = true + config.lograge.enabled = true end end -- cgit v1.2.3 From 99eb8e0e8ba68bfdc6f97d58af2e7a1d7ba2e3ba Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 9 Feb 2015 19:56:40 -0700 Subject: specifiy correct agent id in lookup event. --- app/controllers/api/agents/files_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/agents/files_controller.rb b/app/controllers/api/agents/files_controller.rb index fd7410c..1329d04 100644 --- a/app/controllers/api/agents/files_controller.rb +++ b/app/controllers/api/agents/files_controller.rb @@ -10,7 +10,7 @@ module Api @fingerprint = params[:id] @file = Disposition.find_by(fingerprint: params[:id]) message = { - agent_id: params[:id], + agent_id: @agent.id, type: :lookup, data: params[:data] } -- cgit v1.2.3 From 64dd29d70ddda6f4927e9352e3e90c4f87b5041a Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 9 Feb 2015 20:00:21 -0700 Subject: display created at for agents and sort by created_at descending. --- app/controllers/agents_controller.rb | 2 +- app/views/agents/index.html.erb | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/app/controllers/agents_controller.rb b/app/controllers/agents_controller.rb index 4acef9d..dc2717a 100644 --- a/app/controllers/agents_controller.rb +++ b/app/controllers/agents_controller.rb @@ -1,6 +1,6 @@ class AgentsController < ApplicationController def index - @agents = Agent.all + @agents = Agent.all.order(created_at: :desc) end def show diff --git a/app/views/agents/index.html.erb b/app/views/agents/index.html.erb index 3a6b738..75adfdb 100644 --- a/app/views/agents/index.html.erb +++ b/app/views/agents/index.html.erb @@ -9,15 +9,16 @@ Hostname - + Created At + <% @agents.each do |agent| %> - <%= agent.hostname %> + <%= link_to agent.hostname, agent_path(agent) %> + <%= agent.created_at %> <%= link_to 'Events', agent_events_path(agent) %> - <%= link_to 'Show', agent %> <%= link_to 'Edit', edit_agent_path(agent) %> <%= link_to 'Destroy', agent, method: :delete, data: { confirm: 'Are you sure?' } %> -- cgit v1.2.3 From 34f53efff788b7558f63d973aad1f3475c27c125 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 9 Feb 2015 20:25:22 -0700 Subject: extract message objects to publish. --- app/controllers/agents/events_controller.rb | 8 +++++--- app/controllers/api/agents/events_controller.rb | 9 ++++++--- app/controllers/api/agents/files_controller.rb | 7 +++---- app/controllers/application_controller.rb | 6 ++++++ app/controllers/dispositions_controller.rb | 11 ++++++++--- app/models/event_message.rb | 25 +++++++++++++++++++++++++ app/models/poke_message.rb | 23 +++++++++++++++++++++++ app/services/publisher.rb | 4 ++-- 8 files changed, 78 insertions(+), 15 deletions(-) create mode 100644 app/models/event_message.rb create mode 100644 app/models/poke_message.rb diff --git a/app/controllers/agents/events_controller.rb b/app/controllers/agents/events_controller.rb index 6827938..30ca295 100644 --- a/app/controllers/agents/events_controller.rb +++ b/app/controllers/agents/events_controller.rb @@ -11,9 +11,11 @@ module Agents end def create - message = event_params.merge({agent_id: @agent.id}) - routing_key = "events.#{event_params[:type]}.#{@agent.id}" - Publisher.publish(routing_key, message) + publish(EventMessage.new( + agent_id: @agent.id, + event_type: event_params[:event_type], + data: event_params[:data] + )) redirect_to agent_events_url, notice: 'Event was successfully created.' end diff --git a/app/controllers/api/agents/events_controller.rb b/app/controllers/api/agents/events_controller.rb index 255a5bc..ca9b829 100644 --- a/app/controllers/api/agents/events_controller.rb +++ b/app/controllers/api/agents/events_controller.rb @@ -3,9 +3,12 @@ module Api class EventsController < ApplicationController def create @agent = Agent.find(params[:agent_id]) - message = event_params.merge({agent_id: @agent.id}) - routing_key = "events.#{event_params[:type]}.#{@agent.id}" - Publisher.publish(routing_key, message) + publish(EventMessage.new( + agent_id: @agent.id, + event_type: event_params[:event_type], + data: event_params[:data] + )) + render nothing: true end diff --git a/app/controllers/api/agents/files_controller.rb b/app/controllers/api/agents/files_controller.rb index 1329d04..b111048 100644 --- a/app/controllers/api/agents/files_controller.rb +++ b/app/controllers/api/agents/files_controller.rb @@ -9,12 +9,11 @@ module Api @agent = Agent.find(params[:agent_id]) @fingerprint = params[:id] @file = Disposition.find_by(fingerprint: params[:id]) - message = { + publish(EventMessage.new( agent_id: @agent.id, - type: :lookup, + event_type: :scanned, data: params[:data] - } - Publisher.publish("events.scanned.#{@agent.id}", message) + )) end end end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 84e9c93..8ce68a5 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -3,4 +3,10 @@ class ApplicationController < ActionController::Base # For APIs, you may want to use :null_session instead. #protect_from_forgery with: :exception protect_from_forgery with: :null_session + + protected + + def publish(message) + Publisher.publish(message) + end end diff --git a/app/controllers/dispositions_controller.rb b/app/controllers/dispositions_controller.rb index 17f8657..e63f696 100644 --- a/app/controllers/dispositions_controller.rb +++ b/app/controllers/dispositions_controller.rb @@ -18,14 +18,19 @@ class DispositionsController < ApplicationController end def create - fingerprint = disposition_params[:fingerprint] - Publisher.publish("commands.poke.#{fingerprint}", disposition_params) + publish(PokeMessage.new( + fingerprint: disposition_params[:fingerprint], + state: disposition_params[:state], + )) redirect_to dispositions_path, notice: 'Disposition was successfully created.' end def update - Publisher.publish("poke", disposition_params) + publish(PokeMessage.new( + fingerprint: disposition_params[:fingerprint], + state: disposition_params[:state], + )) redirect_to dispositions_path, notice: 'Disposition was successfully updated.' end diff --git a/app/models/event_message.rb b/app/models/event_message.rb new file mode 100644 index 0000000..0a0c9ae --- /dev/null +++ b/app/models/event_message.rb @@ -0,0 +1,25 @@ +class EventMessage + attr_reader :agent_id, :event_type, :data + + def initialize(agent_id:, event_type:, data: {}) + @agent_id = agent_id + @event_type = event_type + @data = data + end + + def routing_key + "events.#{event_type}.#{agent_id}" + end + + def to_hash + { + agent_id: agent_id, + event_type: event_type, + data: data + } + end + + def to_json + to_hash.to_json + end +end diff --git a/app/models/poke_message.rb b/app/models/poke_message.rb new file mode 100644 index 0000000..b134ba9 --- /dev/null +++ b/app/models/poke_message.rb @@ -0,0 +1,23 @@ +class PokeMessage + attr_reader :fingerprint, :state + + def initialize(fingerprint:, state: ) + @fingerprint = fingerprint + @state = state + end + + def routing_key + "commands.poke.#{fingerprint}" + end + + def to_hash + { + fingerprint: fingerprint, + state: state + } + end + + def to_json + to_hash.to_json + end +end diff --git a/app/services/publisher.rb b/app/services/publisher.rb index 704f1e3..1c384dd 100644 --- a/app/services/publisher.rb +++ b/app/services/publisher.rb @@ -1,7 +1,7 @@ class Publisher - def self.publish(routing_key, message = {}) + def self.publish(message) exchange = channel.topic("malwer") - exchange.publish(message.to_json, routing_key: routing_key) + exchange.publish(message.to_json, routing_key: message.routing_key) end def self.channel -- cgit v1.2.3 From 41c8858025eb14cab34635b058ccf761dd04eb90 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 9 Feb 2015 20:36:18 -0700 Subject: use api controller and log errors in fake agent. --- app/controllers/api/agents/files_controller.rb | 2 +- app/controllers/api/agents_controller.rb | 6 +----- app/controllers/api/api_controller.rb | 5 +++++ app/controllers/application_controller.rb | 1 - app/models/event_message.rb | 2 +- app/models/scanned.rb | 2 ++ lib/fake_agent.rb | 10 ++++++++-- 7 files changed, 18 insertions(+), 10 deletions(-) create mode 100644 app/controllers/api/api_controller.rb create mode 100644 app/models/scanned.rb diff --git a/app/controllers/api/agents/files_controller.rb b/app/controllers/api/agents/files_controller.rb index b111048..c13eac9 100644 --- a/app/controllers/api/agents/files_controller.rb +++ b/app/controllers/api/agents/files_controller.rb @@ -1,6 +1,6 @@ module Api module Agents - class FilesController < ApplicationController + class FilesController < ApiController before_action do request.format = :json end diff --git a/app/controllers/api/agents_controller.rb b/app/controllers/api/agents_controller.rb index 16174b1..a7307f0 100644 --- a/app/controllers/api/agents_controller.rb +++ b/app/controllers/api/agents_controller.rb @@ -1,9 +1,5 @@ module Api - class AgentsController < ApplicationController - #before_action do - #request.format = :json - #end - + class AgentsController < ApiController def create @agent = Agent.create!(agent_params) end diff --git a/app/controllers/api/api_controller.rb b/app/controllers/api/api_controller.rb new file mode 100644 index 0000000..0316222 --- /dev/null +++ b/app/controllers/api/api_controller.rb @@ -0,0 +1,5 @@ +module Api + class ApiController < ApplicationController + protect_from_forgery with: :null_session + end +end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 8ce68a5..209ec89 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,7 +2,6 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. #protect_from_forgery with: :exception - protect_from_forgery with: :null_session protected diff --git a/app/models/event_message.rb b/app/models/event_message.rb index 0a0c9ae..75bd9ac 100644 --- a/app/models/event_message.rb +++ b/app/models/event_message.rb @@ -14,7 +14,7 @@ class EventMessage def to_hash { agent_id: agent_id, - event_type: event_type, + type: event_type, data: data } end diff --git a/app/models/scanned.rb b/app/models/scanned.rb new file mode 100644 index 0000000..cfe1b87 --- /dev/null +++ b/app/models/scanned.rb @@ -0,0 +1,2 @@ +class Scanned < Event +end diff --git a/lib/fake_agent.rb b/lib/fake_agent.rb index ecc9e47..2cf3309 100644 --- a/lib/fake_agent.rb +++ b/lib/fake_agent.rb @@ -44,6 +44,8 @@ class FakeAgent when "unknown" puts "file is unknown" end + rescue StandardError => error + log_error(error) end def sniff(interface) @@ -85,8 +87,8 @@ class FakeAgent } Typhoeus.post(event_url, body: body) end - rescue => e - puts "#{e.message} #{e.backtrace.join(' ')}" + rescue StandardError => error + log_error(error) end def fingerprint_for(file) @@ -122,4 +124,8 @@ class FakeAgent def registration_url "#{endpoint}/api/agents" end + + def log_error(error) + puts "#{error.message} #{error.backtrace.join(' ')}" + end end -- cgit v1.2.3 From 2b679683b19322a568225a69949e5d8ed61fe9a9 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 9 Feb 2015 20:40:06 -0700 Subject: protect from forgery and cache ip and hostname on fake agent. --- app/controllers/api/agents/events_controller.rb | 2 +- app/controllers/api/api_controller.rb | 7 ++++++- app/controllers/application_controller.rb | 2 +- lib/fake_agent.rb | 10 +++++++--- 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/app/controllers/api/agents/events_controller.rb b/app/controllers/api/agents/events_controller.rb index ca9b829..60b9195 100644 --- a/app/controllers/api/agents/events_controller.rb +++ b/app/controllers/api/agents/events_controller.rb @@ -1,6 +1,6 @@ module Api module Agents - class EventsController < ApplicationController + class EventsController < ApiController def create @agent = Agent.find(params[:agent_id]) publish(EventMessage.new( diff --git a/app/controllers/api/api_controller.rb b/app/controllers/api/api_controller.rb index 0316222..6954700 100644 --- a/app/controllers/api/api_controller.rb +++ b/app/controllers/api/api_controller.rb @@ -1,5 +1,10 @@ module Api - class ApiController < ApplicationController + class ApiController < ActionController::Base protect_from_forgery with: :null_session + protected + + def publish(message) + Publisher.publish(message) + end end end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 209ec89..54093eb 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,7 +1,7 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. - #protect_from_forgery with: :exception + protect_from_forgery with: :exception protected diff --git a/lib/fake_agent.rb b/lib/fake_agent.rb index 2cf3309..bfa20d3 100644 --- a/lib/fake_agent.rb +++ b/lib/fake_agent.rb @@ -10,7 +10,7 @@ class FakeAgent end def register - response = Typhoeus.post(registration_url, body: { agent: { hostname: Socket.gethostname } }) + response = Typhoeus.post(registration_url, body: { agent: { hostname: hostname } }) json = JSON.parse(response.body) @id = json["id"] end @@ -80,7 +80,7 @@ class FakeAgent data: { fingerprint: fingerprint_for(file), path: file, - hostname: Socket.gethostname, + hostname: hostname, ip_addresses: ip_addresses, } } @@ -98,8 +98,12 @@ class FakeAgent sha end + def hostname + @hostname ||= Socket.gethostname + end + def ip_addresses - Socket.ip_address_list.find_all { |x| x.ipv4? }.map { |x| x.ip_address } + @ipaddresses ||= Socket.ip_address_list.find_all { |x| x.ipv4? }.map { |x| x.ip_address } end def disposition_for(file) -- cgit v1.2.3 From 1191ba363f3ef5229807aeeae10fc922249275d8 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 9 Feb 2015 20:43:38 -0700 Subject: sort dispositions. --- app/controllers/dispositions_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/dispositions_controller.rb b/app/controllers/dispositions_controller.rb index e63f696..dc3112a 100644 --- a/app/controllers/dispositions_controller.rb +++ b/app/controllers/dispositions_controller.rb @@ -2,7 +2,7 @@ class DispositionsController < ApplicationController before_action :set_disposition, only: [:show, :edit, :update, :destroy] def index - @dispositions = Disposition.all + @dispositions = Disposition.all.order(:fingerprint) end def show -- cgit v1.2.3 From 05b427bd4d9f9c4ea60f9485f06d68de0b689d28 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 9 Feb 2015 20:46:57 -0700 Subject: use type param. --- app/controllers/agents/events_controller.rb | 2 +- app/controllers/api/agents/events_controller.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/agents/events_controller.rb b/app/controllers/agents/events_controller.rb index 30ca295..f695feb 100644 --- a/app/controllers/agents/events_controller.rb +++ b/app/controllers/agents/events_controller.rb @@ -13,7 +13,7 @@ module Agents def create publish(EventMessage.new( agent_id: @agent.id, - event_type: event_params[:event_type], + event_type: event_params[:type], data: event_params[:data] )) redirect_to agent_events_url, notice: 'Event was successfully created.' diff --git a/app/controllers/api/agents/events_controller.rb b/app/controllers/api/agents/events_controller.rb index 60b9195..56b566f 100644 --- a/app/controllers/api/agents/events_controller.rb +++ b/app/controllers/api/agents/events_controller.rb @@ -5,7 +5,7 @@ module Api @agent = Agent.find(params[:agent_id]) publish(EventMessage.new( agent_id: @agent.id, - event_type: event_params[:event_type], + event_type: event_params[:type], data: event_params[:data] )) -- cgit v1.2.3