Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 33866ea
Showing
70 changed files
with
24,226 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
Original Authors | ||
-------- ------- | ||
Martin Kacer <kacer.martin[AT]gmail.com> | ||
Philippe Langlois <philippe.langlois[AT]p1sec.com> | ||
|
||
Special thanks to | ||
----------------- | ||
Telestax - jSS7, jDiameter opensource project | ||
|
||
|
||
Contributors | ||
------------ | ||
|
||
|
||
Acknowledgements | ||
---------------- | ||
The work is copyrighted also with all right by the original authors: | ||
Martin Kacer <kacer.martin[AT]gmail.com> | ||
Philippe Langlois <philippe.langlois[AT]p1sec.com> | ||
|
||
P1 Security grants to H21 lab the transferable, irrevocable, perpetual, | ||
royalty-free right to use, modify, copy, sell, and distribute | ||
the Original work and Contributions under the terms of any OSI | ||
recognized Open Source License or any commercial use license. |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
# SigFW | ||
Open Source SS7/Diameter firewall | ||
|
||
## Build instructions | ||
|
||
### Prerequisities | ||
Install Maven | ||
|
||
(Optional) Netbeans IDE for developers | ||
|
||
### Clone source code | ||
git clone https://github.com/P1sec/SigFW | ||
|
||
### Build SS7FW project | ||
```bash | ||
cd ./SigFW/ss7fw/ss7fw.ss7fw-core_jar_1.0.0-SNAPSHOT | ||
mvn clean install -Dmaven.test.skip=true | ||
``` | ||
|
||
### Run SS7FW project | ||
```bash | ||
mvn exec:java -Dexec.mainClass="ss7fw.SS7Firewall" | ||
mvn exec:java -Dexec.mainClass="ss7fw.SS7ClientLiveInput" | ||
mvn exec:java -Dexec.mainClass="ss7fw.SS7Server" | ||
``` | ||
|
||
### Replay traffic from pcap | ||
```bash | ||
cd ./input | ||
mkfifo pipe | ||
tshark -T ek -x -j "" -r ./input/sigtran.pcap > sigtran.json | ||
cat ./input/sigtran.json > pipe | ||
``` | ||
|
||
![](https://github.com/P1sec/SigFW/blob/master/docs/running_from_netbeans.gif) | ||
|
||
### Build DiameterFW project | ||
```bash | ||
cd ./SigFW/diameterfw/diameterfw.diameterfw-core_jar_1.0.0-SNAPSHOT | ||
mvn clean install -Dmaven.test.skip=true | ||
``` | ||
|
||
### Run DiameterFW project | ||
```bash | ||
mvn exec:java -Dexec.mainClass="diameterfw.DiameterFirewall" | ||
mvn exec:java -Dexec.mainClass="diameterfw.DiameterClientLiveInput" | ||
mvn exec:java -Dexec.mainClass="diameterfw.DiameterServer" | ||
``` | ||
|
||
### Replay traffic from pcap | ||
```bash | ||
cd ./input | ||
mkfifo pipe | ||
tshark -T ek -x -j "" -r ./input/diameter.pcap > diameter.json | ||
cat ./input/diameter.json > pipe | ||
``` | ||
|
||
### Security | ||
For both SS7FW and DiameterFW before using. | ||
|
||
realm.properties: Change the username, password for firewall API | ||
|
||
sigfw.json: Generate new Public, Private Keys. Change the mThreat salt | ||
|
||
Jetty: Change the certificate | ||
|
||
### To test the encryption, signatures | ||
Instead of SS7Firewall run SS7FirewallFirstInstance and SS7FirewallSecondInstance | ||
|
||
Instead of DiameterFirewall run DiameterFirewallFirstInstance and DiameterFirewallSecondInstance | ||
|
||
## Limitations | ||
Program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. | ||
|
||
## License | ||
SigFW is licensed under dual license policy. The default license is the Free Open Source GNU Affero GPL v3.0. Alternatively a commercial license can be obtained from P1 Security S.A.S. | ||
|
||
## Attribution | ||
For the list of contributors, see the AUTHORS file. | ||
|
||
Original work was created by Martin Kacer, Philippe Langlois | ||
|
||
Copyright 2017, P1 Security S.A.S and individual contributors | ||
|
||
We would like to thanks for everyone supporting this project. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
#!/bin/sh | ||
# | ||
# 00-header - create the header of the MOTD | ||
# Copyright (C) 2009-2010 Canonical Ltd. | ||
# | ||
# Authors: Dustin Kirkland <kirkland@canonical.com> | ||
# | ||
# This program is free software; you can redistribute it and/or modify | ||
# it under the terms of the GNU General Public License as published by | ||
# the Free Software Foundation; either version 2 of the License, or | ||
# (at your option) any later version. | ||
# | ||
# This program is distributed in the hope that it will be useful, | ||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
# GNU General Public License for more details. | ||
# | ||
# You should have received a copy of the GNU General Public License along | ||
# with this program; if not, write to the Free Software Foundation, Inc., | ||
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
|
||
[ -r /etc/lsb-release ] && . /etc/lsb-release | ||
|
||
if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then | ||
# Fall back to using the very slow lsb_release utility | ||
DISTRIB_DESCRIPTION=$(lsb_release -s -d) | ||
fi | ||
|
||
#printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)" | ||
|
||
printf "SigFW\n" | ||
printf "Open Source SS7/Diameter firewall\n" | ||
printf "Original work was created by Martin Kacer, Philippe Langlois\n" | ||
printf "Copyright 2017, P1 Security S.A.S and individual contributors\n" | ||
printf "See the AUTHORS in the distribution for a full listing of individual contributors.\n" | ||
printf "\n" | ||
printf "SigFW is licensed under dual license policy. The default license is\n" | ||
printf "the Free Open Source GNU Affero GPL v3.0. Alternatively a commercial license\n" | ||
printf "can be obtained from P1 Security S.A.S.\n" | ||
printf "\n" | ||
printf "\n" | ||
printf "Interfaces:\n" | ||
printf " enp0s3 - management (SSH, Web)\n" | ||
printf " enp0s8 - signalling (SigFW could be reconfigured here)\n" | ||
printf " enp0s9 - passive signalling (port-mirrored traffic)\n" | ||
printf "\n" | ||
printf "To access Kibana:\n" | ||
printf " http://<host>:5601/\n" | ||
printf "\n" | ||
printf "To access API\n" | ||
printf " https://<host>:8443/ss7fw_api/1.0/get_status\n" | ||
printf "\n" | ||
printf "To check if services are running:\n" | ||
printf " sudo service tshark_to_ss7fw status\n" | ||
printf " sudo service tshark_to_ek status\n" | ||
printf " sudo service ss7fw status\n" | ||
printf " sudo service ss7server status\n" | ||
printf " sudo service ss7client status\n" | ||
printf "\n" | ||
printf "To replay the pcap on passive interface:\n" | ||
printf " sudo tcpreplay --intf1=enp0s9 sigtran.pcap\n" | ||
printf "\n" | ||
printf "Description:\n" | ||
printf " By default only SS7FW is enabled. The SS7FW is in passive mode.\n" | ||
printf " DiameterFW code is present but configured as service system service.\n" | ||
printf " Tshark is capturing traffic on enp0s9 and pushing into ElasticSearch.\n" | ||
printf " Second instance of tshark is pushing capture into named pipe of SS7FW.\n" | ||
printf " The SS7FW consist of ss7client, ss7firewall, ss7server. ss7client replay\n" | ||
printf " the captured traffic from enp0s9 towards ss7firewall and ss7server on\n" | ||
printf " localhost.\n" | ||
printf "\n" | ||
printf " SS7FW is located in /opt/SigFW/ss7fw/\n" | ||
printf " DiameterFW is located in /opt/SigFW/diameterfw/\n" | ||
printf "\n" | ||
printf " Before first run or if the IP has changed, modify /etc/kibana/kibana.yml" | ||
printf "\n" | ||
printf "\n" | ||
printf "To access logs:\n" | ||
printf " tail -f /opt/SigFW/ss7fw/ss7fw.ss7fw-core_jar_1.0.0-SNAPSHOT/ss7fw.log\n" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
#!/bin/bash - | ||
i=0 | ||
while read line; do | ||
# process only non empty lines because of older tshark release | ||
if [ ! -z "$line" ]; then | ||
c=$(printf '%s\n%s\n' "$c" "$line") | ||
i=$((i+1)) | ||
|
||
# curl only every X seconds | ||
# the better solution is to use logstash or multithreaded client | ||
if !((i % 2)) && !((SECONDS % 10)) && [[ -v c ]]; then | ||
#printf '%s\n' "$c" | ||
printf '%s\n' "$c" | curl -o /dev/null --silent -XPUT http://localhost:9200/_bulk --data-binary @- & | ||
c= | ||
i=0 | ||
fi | ||
fi | ||
done | ||
|
||
#echo $c | ||
if [[ -v c ]]; then | ||
# #printf '%s\n' "$c" | ||
printf '%s\n' "$c" | curl -o /dev/null --silent -XPUT http://localhost:9200/_bulk --data-binary @- & | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
#!/usr/bin/env bash | ||
|
||
if [[ $# -ne 1 ]] ; then | ||
echo "usage: template.sh node" | ||
exit | ||
fi | ||
|
||
curl -XPUT 'http://'$1'/_template/packets-template' -d ' | ||
{ | ||
"template": "packets-*", | ||
"mappings": { | ||
"_default_": { | ||
"dynamic": "true", | ||
"dynamic_date_formats" : [ | ||
"yyyy-MM-dd HH:mm:SS" | ||
], | ||
"dynamic_templates": [ | ||
{ | ||
"string_fields": { | ||
"match": "*", | ||
"match_mapping_type": "string", | ||
"mapping": { | ||
"index": "not_analyzed", | ||
"omit_norms": true, | ||
"type": "string" | ||
} | ||
} | ||
} | ||
], | ||
"properties": { | ||
"@version": { | ||
"type": "string", | ||
"index": "not_analyzed" | ||
} | ||
} | ||
}, | ||
"my_mapping": { | ||
"numeric_detection": true, | ||
"dynamic": "true", | ||
"properties": { | ||
"timestamp": { | ||
"type": "date" | ||
}, | ||
"layers": { | ||
"properties": { | ||
"tcap": { | ||
"properties": { | ||
"tcap_opCode_tcap_localValue": { | ||
"type": "integer" | ||
} | ||
} | ||
}, | ||
"gsm_map": { | ||
"properties": { | ||
"gsm_old_opCode_gsm_old_localValue": { | ||
"type": "integer" | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
}' | ||
|
||
echo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
[Unit] | ||
Description=SS7FW client service | ||
|
||
[Service] | ||
User=p1sec | ||
Group=p1sec | ||
WorkingDirectory=/opt/SigFW/ss7fw/ss7fw.ss7fw-core_jar_1.0.0-SNAPSHOT | ||
ExecStart=/usr/bin/mvn exec:java -Dexec.mainClass="ss7fw.SS7ClientLiveInput" | ||
#Restart=always | ||
StandardOutput=null | ||
Restart=on-failure | ||
|
||
[Install] | ||
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
[Unit] | ||
Description=SS7FW service | ||
|
||
[Service] | ||
User=p1sec | ||
Group=p1sec | ||
WorkingDirectory=/opt/SigFW/ss7fw/ss7fw.ss7fw-core_jar_1.0.0-SNAPSHOT | ||
ExecStart=/usr/bin/mvn exec:java -Dexec.mainClass="ss7fw.SS7Firewall" | ||
#Restart=always | ||
StandardOutput=null | ||
Restart=on-failure | ||
|
||
[Install] | ||
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
[Unit] | ||
Description=SS7FW server service | ||
|
||
[Service] | ||
User=p1sec | ||
Group=p1sec | ||
WorkingDirectory=/opt/SigFW/ss7fw/ss7fw.ss7fw-core_jar_1.0.0-SNAPSHOT | ||
ExecStart=/usr/bin/mvn exec:java -Dexec.mainClass="ss7fw.SS7Server" | ||
#Restart=always | ||
StandardOutput=null | ||
Restart=on-failure | ||
|
||
[Install] | ||
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
[Unit] | ||
Description=tshark to elasticsearch | ||
|
||
[Service] | ||
User=p1sec | ||
Group=p1sec | ||
WorkingDirectory=/opt/SigFW/VM/ | ||
ExecStart=/opt/SigFW/VM/tshark_to_ek.sh | ||
#Restart=always | ||
StandardOutput=null | ||
Restart=on-failure | ||
|
||
[Install] | ||
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/bin/bash - | ||
tshark -i enp0s9 -T ek -l | /opt/SigFW/VM/line_curl.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
[Unit] | ||
Description=tshark to SS7FW | ||
|
||
[Service] | ||
User=p1sec | ||
Group=p1sec | ||
WorkingDirectory=/opt/SigFW/VM/ | ||
ExecStart=/opt/SigFW/VM/tshark_to_ss7fw.sh | ||
#Restart=always | ||
StandardOutput=null | ||
Restart=on-failure | ||
|
||
[Install] | ||
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/bin/bash - | ||
tshark -i enp0s9 -T ek -x -j " " -l > /opt/SigFW/ss7fw/ss7fw.ss7fw-core_jar_1.0.0-SNAPSHOT/input/pipe |
7 changes: 7 additions & 0 deletions
7
diameterfw/diameterfw.diameterfw-core_jar_1.0.0-SNAPSHOT/.gitignore
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
target/ | ||
XmlDiameterClientLiveInput/ | ||
XmlDiameterFirewall/ | ||
*.last | ||
input/* | ||
127*.xml | ||
server*.xml |
Oops, something went wrong.