Class: Mu::Command::Cmd_runanalysis
- Inherits:
-
Mu::Command
- Object
- Mu::Command
- Mu::Command::Cmd_runanalysis
- Defined in:
- lib/mu/command/cmd_runanalysis.rb
Constant Summary
Constants inherited from Mu::Command
Constants included from Helper
Instance Attribute Summary collapse
-
#api ⇒ Object
Returns the value of attribute api.
-
#docroot ⇒ Object
Returns the value of attribute docroot.
-
#host ⇒ Object
Returns the value of attribute host.
-
#password ⇒ Object
Returns the value of attribute password.
-
#username ⇒ Object
Returns the value of attribute username.
Attributes inherited from Mu::Command
Instance Method Summary collapse
-
#cmd_help(argv) ⇒ Object
displays command-line help * argv = command-line arguments.
-
#cmd_run(argv) ⇒ Object
capture has a set of three commands that are used to generate packet captures, poll the status and return the resulting file ex: * argv = command-line arguments, requires a command (-c) argument * command=run returns the job_id * command=status (called after ‘run’), requires the job_id (-u) argument * command=get (called when status returns “Finished”), requires the job_id (-u) argument * port = the Mu interface on which to capture packets.
-
#log(message = "", level = nil) ⇒ Object
logging in this script.
Methods inherited from Mu::Command
Methods included from Helper
#ask, #bin2hex, #error, #escape, #format_float, #get_file_as_string_array, #make_xml, #msg, #shift, #to_boolean
Constructor Details
This class inherits a constructor from Mu::Command
Instance Attribute Details
#api ⇒ Object
Returns the value of attribute api.
8 9 10 |
# File 'lib/mu/command/cmd_runanalysis.rb', line 8 def api @api end |
#docroot ⇒ Object
Returns the value of attribute docroot.
8 9 10 |
# File 'lib/mu/command/cmd_runanalysis.rb', line 8 def docroot @docroot end |
#host ⇒ Object
Returns the value of attribute host.
8 9 10 |
# File 'lib/mu/command/cmd_runanalysis.rb', line 8 def host @host end |
#password ⇒ Object
Returns the value of attribute password.
8 9 10 |
# File 'lib/mu/command/cmd_runanalysis.rb', line 8 def password @password end |
#username ⇒ Object
Returns the value of attribute username.
8 9 10 |
# File 'lib/mu/command/cmd_runanalysis.rb', line 8 def username @username end |
Instance Method Details
#cmd_help(argv) ⇒ Object
displays command-line help
* argv = command-line arguments
12 13 14 |
# File 'lib/mu/command/cmd_runanalysis.rb', line 12 def cmd_help argv help end |
#cmd_run(argv) ⇒ Object
capture has a set of three commands that are used to generate packet captures, poll the status and return the resulting file ex:
* argv = command-line arguments, requires a command (-c) argument
* command=run returns the job_id
* command=status (called after 'run'), requires the job_id (-u) argument
* command=get (called when status returns "Finished"), requires the job_id (-u) argument
* port = the Mu interface on which to capture packets
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 |
# File 'lib/mu/command/cmd_runanalysis.rb', line 30 def cmd_run argv setup argv # set all params archive = @hash['archive'] if archive == nil archive = false end = @hash['archive_options'] directory = @hash['directory'] force = @hash['force'] interval = @hash['interval'] output = @hash['output'] prepend = @hash['prepend'] template = @hash['template'] uuid = @hash['uuid'] verify = @hash['verify'] if verify == nil verify = false end verifyonly = @hash['verifyonly'] if verifyonly == nil verifyonly = false end # set any timers to minimum non psychotic numbers sleeptime = 10 # 10 sec if force != nil force = Integer(force) if force < 1 force = 1 end else force = 0 end if interval != nil interval = Integer(interval) if interval < 5 interval = 5 end if interval < sleeptime sleeptime = interval end else interval = 0 end # my_uuid_hash is a hash that will contain the name, and uuid of the test to run my_name => my_uuid my_uuid_hash = {} # determine proper execution path: uuid, template, or directory if directory != nil # load all xml files in directory and add uuids to execution list files = Dir.glob(File.join(@hash["directory"],"","*.xml")) files.each do | file | response = @api.import_templates(file) log response, Logger::DEBUG doc = make_xml(response) unless doc.xpath("//model_object").empty? doc.xpath("//model_object").each do |node| my_uuid = node.xpath("uuid").text my_name = node.xpath("name").text my_type = node.xpath("type").text if my_type=="Analysis" log "type = #{my_type} uuid = #{my_uuid} name = #{my_name}", Logger::DEBUG my_uuid_hash[my_uuid] = my_name end end end end end if template != nil # import template file into mu and add all uuids to list response = @api.import_templates(template) log response, Logger::DEBUG doc = make_xml(response) unless doc.xpath("//model_object").empty? doc.xpath("//model_object").each do |node| my_uuid = node.xpath("uuid").text my_name = node.xpath("name").text my_type = node.xpath("type").text if my_type=="Analysis" log "type = #{my_type} uuid = #{my_uuid} name = #{my_name}", Logger::DEBUG my_uuid_hash[my_uuid] = my_name end end end end if uuid != nil # add all uuids to list if uuid =~ /,/ list = uuid.split(",") list.each do | my_uuid | response = @api.get_name(my_uuid) my_uuid_hash[my_uuid] = response end else # add single uuid to list response = @api.get_name(uuid) my_uuid_hash[uuid] = response end end if my_uuid_hash.empty? log "no valid test option selected, please specify directory, template file, or uuid" help exit else log "#{my_uuid_hash.size} tests in queue." end # now we run all the tests #log "RUNNING" results = {} map = my_uuid_hash.each_pair do |key,value| t1 = Time.now.localtime.tv_sec confidence_level_5,confidence_level_4,confidence_level_3,confidence_level_2,confidence_level_1 = 0, 0, 0, 0, 0 suspend_time = t1 polling_time = t1 if prepend != nil name = "#{prepend}#{value}" else name = "#{value}#{Time.now.localtime}" end if @@output_dir != nil name = "#{@@output_dir}/#{prepend}#{value}" end log "my name = #{name} with uuid = #{key}", Logger::DEBUG # need to set new host values if host values are present hosts = @hash['hosts'] if hosts != nil log "SET ALL HOSTS USING: #{hosts}", Logger::DEBUG new_uuid = set_hosts(key,hosts) end verify_good = false log "verify = #{verify} and verifyonly = #{verifyonly}" if verify || verifyonly log "verify = #{verify} and verifyonly = #{verifyonly}" verify_good = verify_analysis(key,name) end if verifyonly log "Verify Only! executing next test." next end if verify && !verify_good log "Analysis #{name} failed to verify! Executing next test." next end run = true run_uuid = "" run_uuid = @api.run(key, URI.encode(name)) while run sleep(sleeptime) status = @api.status(run_uuid) log status t2 = Time.now.localtime.tv_sec log t2-t1 if interval > 0 if t2-polling_time > interval faults = @api.get_faults(run_uuid) log faults, Logger::DEBUG # faults should be an xml doc already unless faults.xpath("//fault_list_summary").empty? count = 0 confidence_level_5,confidence_level_4,confidence_level_3,confidence_level_2,confidence_level_1 = 0, 0, 0, 0, 0 faults.xpath("//tba_fault").each do | node | count += 1 confidence_level = node.xpath("confidence_level").text title = node.xpath("title").text fault_detection = node.xpath("fault_detection").text fault_isolation = node.xpath("fault_isolation").text attack_type = node.xpath("attack_type").text if confidence_level =~ /5/ confidence_level_5 += 1 elsif confidence_level =~ /4/ confidence_level_4 += 1 elsif confidence_level =~ /3/ confidence_level_3 += 1 elsif confidence_level =~ /2/ confidence_level_2 += 1 elsif confidence_level =~ /1/ confidence_level_1 += 1 end end log "Current fault count: #{count}, confidence_level 5: #{confidence_level_5}"+ ", confidence_level 4: #{confidence_level_4}, confidence_level 3: #{confidence_level_3}"+ ", confidence_level 2: #{confidence_level_2}, confidence_level 1: #{confidence_level_1}" end polling_time = Time.now.localtime.tv_sec end end if status =~ /ABORTED/ or status =~ /FINISHED/ or status =~ /FAILED/ run = false elsif status =~ /SUSPENDED/ log "SUSPEND--->" if t2-suspend_time > force*60 response = @api.resume(run_uuid) log response suspend_time = Time.now.localtime.tv_sec end end end # now we pull results for run and tabulate fault list if needed if archive evts = false pcaps = false samples = false logo = false audit = false sign = false if =~ /evts/ evts = true end if =~ /pcaps/ pcaps = true end if =~ /samples/ samples = true end if =~ /logo/ logo = true end if =~ /audit/ audit = true end if =~ /sign/ sign = true end log "evts = #{evts}, pcaps = #{pcaps}, samples = #{samples}, logo = #{logo}, audit = #{audit}, sign = #{sign}", Logger::DEBUG job_id = @api.archive("run",run_uuid,"",name,"Run via Mu Ruby Gem API #{Time.now}",evts,pcaps,samples,logo,audit,sign) job = true count = 0 while job job_status = @api.archive("status", job_id) log "archive job_status = #{job_status}" if job_status =~ /Finished/ job = false end sleep(sleeptime) count += 1 if count > 30 job = false end end if File.exists?(name) && File.directory?(name) log "directiry #{name} already exists", Logger::DEBUG else log "creating directory for archive results: #{name}", Logger::DEBUG Dir.mkdir(name) end response = @api.archive("get",job_id,name) end faults = @api.get_faults(run_uuid) log faults, Logger::DEBUG # faults should be an xml doc already unless faults.xpath("//fault_list_summary").empty? count = 0 confidence_level_5,confidence_level_4,confidence_level_3,confidence_level_2,confidence_level_1 = 0, 0, 0, 0, 0 faults.xpath("//tba_fault").each do | node | count += 1 confidence_level = node.xpath("confidence_level").text title = node.xpath("title").text fault_detection = node.xpath("fault_detection").text fault_isolation = node.xpath("fault_isolation").text attack_type = node.xpath("attack_type").text if confidence_level =~ /5/ confidence_level_5 += 1 elsif confidence_level =~ /4/ confidence_level_4 += 1 elsif confidence_level =~ /3/ confidence_level_3 += 1 elsif confidence_level =~ /2/ confidence_level_2 += 1 elsif confidence_level =~ /1/ confidence_level_1 += 1 end end log "Ending fault countfor #{name}: #{count}, confidence_level 5: #{confidence_level_5}"+ ", confidence_level 4: #{confidence_level_4}, confidence_level 3: #{confidence_level_3}"+ ", confidence_level 2: #{confidence_level_2}, confidence_level 1: #{confidence_level_1}" end end #response = @api.capture(command, port, job_id) return "RUN" end |
#log(message = "", level = nil) ⇒ Object
logging in this script
17 18 19 20 |
# File 'lib/mu/command/cmd_runanalysis.rb', line 17 def log(="",level=nil) msg , level File.open(@@output_log, "a") {|f| f.write() } end |