mirror of
https://github.com/adulau/aha.git
synced 2024-12-27 03:06:10 +00:00
AHA is now playing the game
This commit is contained in:
Gerard Wagener
parent
0171dd64d5
commit
10ebb80fa9
3 changed files with 52 additions and 6 deletions
|
|
@ -16,3 +16,7 @@ inqueue=/home/gerard/kernel/adaptive-honeypot/linux-2.6/in
|
||||||
|
|
||||||
[insults]
|
[insults]
|
||||||
maxidx = 3
|
maxidx = 3
|
||||||
|
|
||||||
|
[game]
|
||||||
|
cases=0.54
|
||||||
|
block=0.1
|
||||||
|
|
|
||||||
53
aha/aha.py
53
aha/aha.py
|
|
@ -9,12 +9,39 @@ from ahalib import *
|
||||||
|
|
||||||
class KernelEvents(ProcessEvent):
|
class KernelEvents(ProcessEvent):
|
||||||
|
|
||||||
def __init__(self,inqueue,outqueue,insultmaxidx):
|
def __init__(self,inqueue,outqueue,insultmaxidx,cases,block):
|
||||||
self.ahaa = AHAActions(inqueue,outqueue)
|
self.ahaa = AHAActions(inqueue,outqueue)
|
||||||
|
self.cases = cases
|
||||||
|
self.block = block
|
||||||
self.processtrees = ProcessTrees()
|
self.processtrees = ProcessTrees()
|
||||||
|
|
||||||
|
#Blocks the sys_execve calls according the game
|
||||||
|
def play(self):
|
||||||
|
#By default allow the system call
|
||||||
|
print "PLAY: mixed cases ",cases
|
||||||
|
print "PLAY: blockpr", blockpr
|
||||||
|
b = 0
|
||||||
|
x = random.random()
|
||||||
|
|
||||||
|
if x < self.cases:
|
||||||
|
print "PLAY: Cases choice: ",x
|
||||||
|
#i.e. in 0.54 blocking probability of 0.1 should be used
|
||||||
|
y = random.random()
|
||||||
|
print "PLAY: Blocking choice",y
|
||||||
|
if y < self.block:
|
||||||
|
b = 1
|
||||||
|
else:
|
||||||
|
# in the other cases another blocking probability should be used
|
||||||
|
y = random.random()
|
||||||
|
q = 1-self.block
|
||||||
|
print "PLAY: Other blocking probability should be used ",q
|
||||||
|
print "PLAY: Other blocking choice: ",y
|
||||||
|
if y < q:
|
||||||
|
b = 1
|
||||||
|
|
||||||
|
return b
|
||||||
|
|
||||||
def decision(self,filekey,msg):
|
def decision(self,filekey,msg):
|
||||||
print filekey
|
|
||||||
try:
|
try:
|
||||||
pid = int(msg['pid'][0])
|
pid = int(msg['pid'][0])
|
||||||
ppid = int(msg['ppid'][0])
|
ppid = int(msg['ppid'][0])
|
||||||
|
|
@ -26,7 +53,7 @@ class KernelEvents(ProcessEvent):
|
||||||
if type == 1:
|
if type == 1:
|
||||||
# Got sys_execve
|
# Got sys_execve
|
||||||
command = msg['file'][0]
|
command = msg['file'][0]
|
||||||
print "Got command: ",command
|
print "Got command: ",command, "in ",filekey
|
||||||
#Is there a new SSH connection?
|
#Is there a new SSH connection?
|
||||||
if msg['file'][0] == '/usr/sbin/sshd':
|
if msg['file'][0] == '/usr/sbin/sshd':
|
||||||
print "New user found pid=",pid,",ppid=",ppid
|
print "New user found pid=",pid,",ppid=",ppid
|
||||||
|
|
@ -37,7 +64,7 @@ class KernelEvents(ProcessEvent):
|
||||||
|
|
||||||
#is this process induced by clone or sys_execve related to a user?
|
#is this process induced by clone or sys_execve related to a user?
|
||||||
if self.processtrees.searchTree(pid,ppid) == False:
|
if self.processtrees.searchTree(pid,ppid) == False:
|
||||||
#print "Process belongs to the system, allow it"
|
print "Process belongs to the system, allow it"
|
||||||
#Note the process could also belong to a local
|
#Note the process could also belong to a local
|
||||||
#connected user
|
#connected user
|
||||||
self.ahaa.create_message(filekey,block=0, exitcode=0,
|
self.ahaa.create_message(filekey,block=0, exitcode=0,
|
||||||
|
|
@ -45,7 +72,18 @@ class KernelEvents(ProcessEvent):
|
||||||
return
|
return
|
||||||
else:
|
else:
|
||||||
print "Process belongs to a user, play"
|
print "Process belongs to a user, play"
|
||||||
#TODO add default action
|
shouldBlock = self.play()
|
||||||
|
if shouldBlock:
|
||||||
|
print "User process is artifically blocked ..."
|
||||||
|
self.ahaa.create_message(filekey,block=1,
|
||||||
|
exitcode=KERNEL_ERRORS.EACESS,insult=0,
|
||||||
|
substitue=0)
|
||||||
|
return
|
||||||
|
else:
|
||||||
|
print "User process is allowed ..."
|
||||||
|
self.ahaa.create_message(filekey,block=0,exitcode=0,insult=0,
|
||||||
|
substitue=0)
|
||||||
|
return
|
||||||
except KeyError,e:
|
except KeyError,e:
|
||||||
print "EXCEPTION: KeyError"
|
print "EXCEPTION: KeyError"
|
||||||
except IndexError,w:
|
except IndexError,w:
|
||||||
|
|
@ -104,12 +142,15 @@ if __name__ == '__main__':
|
||||||
inqueue = c.get('common','inqueue')
|
inqueue = c.get('common','inqueue')
|
||||||
outqueue = c.get('common','outqueue')
|
outqueue = c.get('common','outqueue')
|
||||||
insultmaxidx = int(c.get('insults','maxidx'))
|
insultmaxidx = int(c.get('insults','maxidx'))
|
||||||
|
cases = float(c.get('game','cases'))
|
||||||
|
blockpr = float(c.get('game','block'))
|
||||||
|
|
||||||
print "Setting up listeners..."
|
print "Setting up listeners..."
|
||||||
wm = WatchManager()
|
wm = WatchManager()
|
||||||
mask = IN_CLOSE_WRITE # watched events
|
mask = IN_CLOSE_WRITE # watched events
|
||||||
|
|
||||||
notifier = Notifier(wm, KernelEvents(inqueue,outqueue,insultmaxidx))
|
notifier = Notifier(wm, KernelEvents(inqueue,outqueue,insultmaxidx,
|
||||||
|
cases,blockpr))
|
||||||
wdd = wm.add_watch(outqueue, mask, rec=True)
|
wdd = wm.add_watch(outqueue, mask, rec=True)
|
||||||
|
|
||||||
print "Waiting for events..."
|
print "Waiting for events..."
|
||||||
|
|
|
||||||
|
|
@ -37,6 +37,7 @@ class AHAActions:
|
||||||
|
|
||||||
#Can trow IOError
|
#Can trow IOError
|
||||||
def create_message(self,filename,block,exitcode,substitue,insult):
|
def create_message(self,filename,block,exitcode,substitue,insult):
|
||||||
|
print "CREATE_MESSAGE ",filename,"block=",block
|
||||||
try:
|
try:
|
||||||
reply = ReplyMessage(block=block,exitcode=exitcode,substitue=substitue,
|
reply = ReplyMessage(block=block,exitcode=exitcode,substitue=substitue,
|
||||||
insult = insult)
|
insult = insult)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue