Class: Honeycomb::Honeypot::Manage

Inherits:
Object
  • Object
show all
Defined in:
lib/honeycomb/honeypot/manage.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(db_path = nil, bin_path = nil, username = nil, key = nil, servers = nil, base_path = nil) ⇒ Manage

This initializes a Honeycomb::Interact object and sets all the necessary variables which are used by other methods of the object.

Variables and their purpose:

  • db_path - Path where databases are stored/saved

  • bin_path - Path where binaries are stored/saved

  • username - Username to connect to remote honeypot servers

  • key - Path to private key which is used for connections to honeypot

servers

  • servers - Array of servers to connect to

  • base_path - Base location where Dionaea is installed to (Default per installation instructions: /opt/dionaea)



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/honeycomb/honeypot/manage.rb', line 42

def initialize(db_path = nil, bin_path = nil, username = nil, key = nil, 
               servers = nil, base_path = nil)
  self.db_path = Honeycomb::Env::CONFIG[:download_databases] ||
    self.db_path = Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('logsql/').to_s ||
      db_path
  self.bin_path = Honeycomb::Env::CONFIG[:download_binaries] ||
    self.bin_path = Pathname.new(__FILE__).dirname.dirname.dirname.dirname.expand_path.join('data').join('binaries/').to_s ||
      bin_path
  self.username = Honeycomb::Env::CONFIG["honey_config"]["username"] || 
    username
  self.key = Honeycomb::Env::CONFIG["honey_config"]["key"] || key
  self.servers = Honeycomb::Env::CONFIG["honey_config"]["servers"] || 
    servers
  self.base_path = Honeycomb::Env::CONFIG["honey_config"]["path"] ||
    base_path
end

Instance Attribute Details

#base_pathObject

Returns the value of attribute base_path.



28
29
30
 
# File 'lib/honeycomb/honeypot/manage.rb', line 28

def base_path
  @base_path
end

#bin_pathObject

Returns the value of attribute bin_path.



28
29
30
 
# File 'lib/honeycomb/honeypot/manage.rb', line 28

def bin_path
  @bin_path
end

#db_pathObject

Returns the value of attribute db_path.



28
29
30
 
# File 'lib/honeycomb/honeypot/manage.rb', line 28

def db_path
  @db_path
end

#keyObject

Returns the value of attribute key.



28
29
30
 
# File 'lib/honeycomb/honeypot/manage.rb', line 28

def key
  @key
end

#serversObject

Returns the value of attribute servers.



28
29
30
 
# File 'lib/honeycomb/honeypot/manage.rb', line 28

def servers
  @servers
end

#usernameObject

Returns the value of attribute username.



28
29
30
 
# File 'lib/honeycomb/honeypot/manage.rb', line 28

def username
  @username
end

Instance Method Details

#check_diskspaceObject

This method will query the diskspace on all remote servers by calling the internal ssh_command method. It executes the command ‘df -h /’ and parses the results. The response is then parsed to return the total percentage of diskspace being used currently on each host.

Arguments:

  • None

Returns:

  • [ {:server => “Server Hostname”, :result =>

Multiple strings with the results are outputted to the screen.



187
188
189
190
191
192
193
194
195
196
197
 
# File 'lib/honeycomb/honeypot/manage.rb', line 187

def check_diskspace
  response = self.ssh_command("df -h /") 
  all_usage = []
  response.each do |server_hash|
    usage = server_hash[:result]
    if usage =~ /^(\/\w+)+.+\S+\s+\S+\s+\S+\s+(([0-9]+)%)/m
      all_usage << {:server => server_hash[:server], :result => $2}
    end
  end
  all_usage
end

#download_binaries(server = self.servers) ⇒ Object

This method will attempt to download all binaries from all servers specified in Honeycomb::Interact.servers.

It will attempt to store all binaries into the folder specified in Honeycomb::Interact.bin_path.

Additionally, rsync is utilized to transfer these files. It was chosen to use rsync over scp in order to limit the amount of bandwidth used between the client and servers.

Arguments:

  • server - Array of servers to query



71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
# File 'lib/honeycomb/honeypot/manage.rb', line 71

def download_binaries(server = self.servers)
  server.each do |server|
    tries = 0
    puts "Downloading binaries from #{server} ..."
    begin
      Open3::popen3("rsync -v --force --ignore-errors --times -r -u -e \"ssh -i #{self.key}\" #{self.username}@#{server}:#{self.base_path}/var/dionaea/binaries/ #{self.bin_path}") { |stdin, stdout, stderr|
        puts stdout.read.strip
        puts stderr.read.strip
      }
    rescue
      tries += 1
      retry if tries <= 3
      puts "Unable to connect. Moving on ..."
      next
    end
  end
end

#download_databases(server = self.servers) ⇒ Object

This method will attempt to download all databases from all servers specified in Honeycomb::Interact.servers.

It will attempt to store all binaries into the folder specified in Honeycomb::Interact.db_path.

Additionally, scp is utilized to transfer these files. During tests, it was discovered that rsync had less than ideal results when downloading these files. While the transfer would appear to occur without error, the databases were often found to be corrupt.

Arguments:

  • server - Array of servers to query



102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
# File 'lib/honeycomb/honeypot/manage.rb', line 102

def download_databases(server = self.servers)
  server.each do |server|
    tries = 0
    begin
      Net::SSH.start(server, self.username, :keys => self.key) do |session|
        puts "Downloading database from #{server} ..."
        session.scp.download!(base_path + "/var/dionaea/logsql.sqlite", 
                              self.db_path + "#{server}.sqlite")
      end
    rescue Errno::ETIMEDOUT
      tries += 1
      retry if tries <= 3
      puts "Unable to connect. Moving on ..."
      next
    rescue Exception => e
      puts "Error encountered: #{e.message}"
      next
    end
  end
end

#execute_command(command) ⇒ Object

This method will execute a command via ssh on all servers specified in the Honeycomb::Interact.servers variable. This command calls the internal ssh_command method in order to properly function.

Argument:

  • command - Command to execute

Returns:

  • Nothing

Multiple strings with the results are outputted to the screen.



134
135
136
137
138
139
140
 
# File 'lib/honeycomb/honeypot/manage.rb', line 134

def execute_command(command)
  response = self.ssh_command(command)
  response.each do |server_hash|
    puts "Executing #{command} on #{server_hash[:server]}:"
    puts "\t#{server_hash[:result].gsub!(/\n/,"\n\t")}"
  end
end

#ssh_command(command) ⇒ Object

This method is used internally by the execute_command method. It will take a command as an argument and execute it on ever server that is stored in Honeycomb::Interact.servers. The results are stored in a hash which is returned in an Array.

Argument:

  • command - Command to be executed

Returns:

  • Array of hashes -

    => <server_name>, :result => <result_of_command> 


153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
 
# File 'lib/honeycomb/honeypot/manage.rb', line 153

def ssh_command(command)
  results = []
  self.servers.each do |server|
    begin
      Net::SSH.start(server, self.username, :keys => self.key) do |session|
        session.exec command do |ch, stream, data|
        if stream == :stderr
            results << {:server => server, :result => "ERROR: #{data}"}
          else
            results << {:server => server, :result => data}
          end
        end
      end
    rescue 
      next
    end
  end
  return results
end