Rooba
/
cowrie
mirror of https://github.com/cowrie/cowrie.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Workaround for missing log entries by adding a direct method to communicating 

with the dbloggers, thus avoiding twisted context/scope problems


git-svn-id: https://kippo.googlecode.com/svn/trunk@199 951d7100-d841-11de-b865-b3884708a8e2
This commit is contained in:
desaster 2011-02-06 09:04:44 +00:00
parent dbf8e84d88
commit 3f74d2cd44
2 changed files with 33 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
kippo/core/dblog.py
View File

@ -12,6 +12,10 @@ class DBLogger(object):
'^New connection: ([0-9.]+):([0-9]+) \(([0-9.]+):([0-9]+)\) ' + \ '^New connection: ([0-9.]+):([0-9]+) \(([0-9.]+):([0-9]+)\) ' + \
'\[session: ([0-9]+)\]$') '\[session: ([0-9]+)\]$')
self.re_sessionlog = re.compile('.*HoneyPotTransport,([0-9]+),[0-9.]+$') self.re_sessionlog = re.compile('.*HoneyPotTransport,([0-9]+),[0-9.]+$')
# :dispatch: means the message has been delivered directly via
# logDispatch, instead of relying on the twisted logging, which breaks
# on scope changes.
self.re_map = [(re.compile(x[0]), x[1]) for x in ( self.re_map = [(re.compile(x[0]), x[1]) for x in (
('^connection lost$', ('^connection lost$',
self._connectionLost), self._connectionLost),
@ -21,9 +25,9 @@ class DBLogger(object):
self.handleLoginSucceeded), self.handleLoginSucceeded),
('^Opening TTY log: (?P<logfile>.*)$', ('^Opening TTY log: (?P<logfile>.*)$',
self.handleTTYLogOpened), self.handleTTYLogOpened),
('^Command found: (?P<input>.*)$', ('^:dispatch: Command found: (?P<input>.*)$',
self.handleCommand), self.handleCommand),
('^Command not found: (?P<input>.*)$', ('^:dispatch: Command not found: (?P<input>.*)$',
self.handleUnknownCommand), self.handleUnknownCommand),
('^INPUT \((?P<realm>[a-zA-Z0-9]+)\): (?P<input>.*)$', ('^INPUT \((?P<realm>[a-zA-Z0-9]+)\): (?P<input>.*)$',
self.handleInput), self.handleInput),
@ -34,6 +38,15 @@ class DBLogger(object):
)] )]
self.start(cfg) self.start(cfg)
def logDispatch(self, sessionid, msg):
if sessionid not in self.sessions.keys():
return
for regex, func in self.re_map:
match = regex.match(msg)
if match:
func(self.sessions[sessionid], match.groupdict())
break
def start(): def start():
pass pass

21
kippo/core/honeypot.py
View File

@ -122,8 +122,10 @@ class HoneyPotShell(object):
cmdclass = self.honeypot.getCommand(cmd, envvars['PATH'].split(':')) cmdclass = self.honeypot.getCommand(cmd, envvars['PATH'].split(':'))
if cmdclass: if cmdclass:
print 'Command found: %s' % (line,) print 'Command found: %s' % (line,)
self.honeypot.logDispatch('Command found: %s' % (line,))
self.honeypot.call_command(cmdclass, *rargs) self.honeypot.call_command(cmdclass, *rargs)
else: else:
self.honeypot.logDispatch('Command not found: %s' % (line,))
print 'Command not found: %s' % (line,) print 'Command not found: %s' % (line,)
if len(line): if len(line):
self.honeypot.writeln('bash: %s: command not found' % cmd) self.honeypot.writeln('bash: %s: command not found' % cmd)
@ -241,19 +243,25 @@ class HoneyPotProtocol(recvline.HistoricRecvLine):
self.password_input = False self.password_input = False
self.cmdstack = [] self.cmdstack = []
def logDispatch(self, msg):
transport = self.terminal.transport.session.conn.transport
msg = ':dispatch: ' + msg
transport.factory.logDispatch(transport.transport.sessionno, msg)
def connectionMade(self): def connectionMade(self):
recvline.HistoricRecvLine.connectionMade(self) recvline.HistoricRecvLine.connectionMade(self)
self.displayMOTD() self.displayMOTD()
self.cmdstack = [HoneyPotShell(self)] self.cmdstack = [HoneyPotShell(self)]
transport = self.terminal.transport.session.conn.transport
# You are in a maze of twisty little passages, all alike # You are in a maze of twisty little passages, all alike
p = self.terminal.transport.session.conn.transport.transport.getPeer() p = transport.transport.getPeer()
# real source IP of client # real source IP of client
self.realClientIP = p.host self.realClientIP = p.host
self.clientVersion = \ self.clientVersion = transport.otherVersionString
self.terminal.transport.session.conn.transport.otherVersionString
# source IP of client in user visible reports (can be fake or real) # source IP of client in user visible reports (can be fake or real)
cfg = config() cfg = config()
@ -492,6 +500,11 @@ class HoneyPotSSHFactory(factory.SSHFactory):
'ssh-connection': connection.SSHConnection, 'ssh-connection': connection.SSHConnection,
} }
# Special delivery to the loggers to avoid scope problems
def logDispatch(self, sessionid, msg):
for dblog in self.dbloggers:
dblog.logDispatch(sessionid, msg)
def __init__(self): def __init__(self):
cfg = config() cfg = config()
@ -512,6 +525,7 @@ class HoneyPotSSHFactory(factory.SSHFactory):
print 'pass.db backed up to %s.bak' % (passdb_file,) print 'pass.db backed up to %s.bak' % (passdb_file,)
# load db loggers # load db loggers
self.dbloggers = []
for x in cfg.sections(): for x in cfg.sections():
if not x.startswith('database_'): if not x.startswith('database_'):
continue continue
@ -526,6 +540,7 @@ class HoneyPotSSHFactory(factory.SSHFactory):
'kippo.dblog.%s' % (engine,), 'kippo.dblog.%s' % (engine,),
globals(), locals(), ['dblog']).DBLogger(lcfg) globals(), locals(), ['dblog']).DBLogger(lcfg)
log.startLoggingWithObserver(dblogger.emit, setStdout=False) log.startLoggingWithObserver(dblogger.emit, setStdout=False)
self.dbloggers.append(dblogger)
def buildProtocol(self, addr): def buildProtocol(self, addr):
# FIXME: try to mimic something real 100% # FIXME: try to mimic something real 100%