Merge pull request #43 from aau-network-security/glider_extended

Glider extended merging to glider integration

build/docker/entrypoint.sh

@@ -1,5 +1,6 @@
 #!/bin/sh
 
+
 # wait for the database to be up
 if [ $DB_HOST ]
 then

configs/samples/configuration-template.yml

@@ -0,0 +1,84 @@
+---
+version: 1
+type: template
+# RiotPot configuration file.
+# This file can be used as a template for further implementations and as a record of
+# documentation for internal structure when in doubt on usage.
+
+# 50 characters minimum long RANDOM string used to generate cryptographic signatures.
+secret: 
+
+riotpot:
+  # If this boolean is set to a falsy value then `start` must be filled with the
+  # list of services desired to be loaded and run at start, and `emulators` with
+  # the list of available services to the app.
+  autod: false
+  local_build_on: 1
+
+  # The name of the services is the name of the folder in which the plugin
+  # is stored, inside the `pkg/` folder.
+  # Example:
+  #   * if the plugin is stored in: `pkg/telnetd`
+  #   * then place: `- telnetd`
+
+  # mode of operation allowed for Riotpot run
+  allowed_modes:
+    - low
+    - high
+    - hybrid
+
+
+  #Services which will run at start. For all the services, set `autod` to `true`.
+  # enter them separated by space
+  boot: httpd echod telnetd mqttd coapd modbusd
+
+  # `start` contains a list of services desired to be run
+  # on-start.  
+  start:
+
+  # enter the name of the image comma seprated by it's docker registry name
+  # seprated by it's ip address, IP addresses should be in range 10.5.0.10-10.5.0.20
+  # and unique for each contianer image name
+  images:
+    - mqtt, eclipse-mosquitto, 10.5.0.10
+    - http, httpd, 10.5.0.12
+    # - modbus, oitc/modbus-server, 10.5.0.11
+
+  start_images: mqtt http kota
+
+  # Fill the mode, low, high or hybrid, to be used in containerized mode
+  mode: low
+
+  # Contains a list of available services in the application.
+  # This gives the user the ability to navigate or load
+  # just the emulators that appear in this list, wether or not
+  # the emulator plugin appears in the binary.
+  #
+  # Add here the emulator plugins you have included on the binary.
+  emulators:
+    - httpd
+    - echod
+    - sshd
+    - telnetd
+    - mqttd
+    - coapd
+    - modbusd
+
+# The `databases` object contains a number of object defined database
+# connection information. As the name indicates, `default` will be the default
+# database used to store logs, binary entries, etc.
+databases:
+  - identity: 
+    # Name of the targeted database
+    dbname: postgres
+    # RiotPot only supports `postgres` currently.
+    engine: postgres
+    # IP or container name in the same network.
+    host: localhost
+    # Connection port to the database host.
+    port: 5432
+    # User and password to access the database.
+    # NOTE: Do not hard-code the values in this file. Please do make
+    # use of `.env` file for this purpose in production.
+    username: superuser
+    password: password

configs/samples/configuration.yml

@@ -21,20 +21,33 @@ riotpot:
   #   * if the plugin is stored in: `pkg/telnetd`
   #   * then place: `- telnetd`
 
+  # mode of operation allowed for Riotpot run
+  allowed_modes:
+    - low
+    - high
+    - hybrid
+
+
+  #Services which will run at start. For all the services, set `autod` to `true`.
+  # enter them separated by space
+  boot: 
+
   # `start` contains a list of services desired to be run
-  # on-start. For all the services, set `autod` to `true`.
+  # on-start.  
   start:
-    - httpd
-    - echod
-    - telnetd
-    - mqttd
-    - coapd
-    -   
 
+  # enter the name of the image comma seprated by it's docker registry name
+  # seprated by it's ip address, IP addresses should be in range 10.5.0.10-10.5.0.20
+  # and unique for each contianer image name
   images:
-    - mqtt, eclipse-mosquitto
-    - modbus, oitc/modbus-server
-    - http, httpd
+    - mqtt, eclipse-mosquitto, 10.5.0.10
+    - http, httpd, 10.5.0.12
+    # - modbus, oitc/modbus-server, 10.5.0.11
+
+  start_images: http
+
+  # Fill the mode, low, high or hybrid, to be used in containerized mode
+  mode: hybrid
 
   # Contains a list of available services in the application.
   # This gives the user the ability to navigate or load

deployments/demo.go

@@ -0,0 +1,117 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"log"
+	"strings"
+	// "gopkg.in/yaml.v3"
+	// "github.com/gobuffalo/packr"
+	errors "github.com/riotpot/tools/errors"
+	"github.com/riotpot/tools/environ"
+	"github.com/riotpot/tools/arrays"
+	"github.com/riotpot/internal/configuration"
+)
+
+func main() {
+	// Resets the existing settings from previous runs
+	environ.ExecuteCmd("cp", "../configs/samples/configuration-template.yml", "../configs/samples/configuration.yml")
+	environ.ExecuteCmd("cp", "docker-compose-template.yml", "docker-compose.yml")
+
+	profile, err := configuration.NewProfile()
+	errors.Raise(err)
+
+	sett, err := configuration.NewSettings()
+	errors.Raise(err)
+	// box := packr.NewBox("../configs/samples")
+	// data, err := box.Find("configuration.yml")
+
+	// err = yaml.Unmarshal(data, &sett)
+
+	// errors.Raise(err)
+	a := configuration.Autopilot{
+		Profile:  profile,
+		Settings: sett,
+	}
+
+	a.Greeting()
+	a.Settings.Riotpot.Start = arrays.StringToArray(a.Settings.Riotpot.Boot)
+	fmt.Println(a.Settings.Riotpot.Start)
+	a.RegisterPlugins()
+	a.DiscoverImages()
+	a.DiscoverRunningMode()
+	a.SetLoadedPlugins()
+	// fmt.Println(a.loaded_plugins)
+	input_mode := a.CheckInteractionMode()
+	existing_mode := a.Settings.Riotpot.Mode
+	target_change := "s/mode: "+existing_mode+"/mode: "+input_mode+"/g"
+	environ.ExecuteCmd("sed","-i", "-e", target_change, "../configs/samples/configuration.yml")
+
+	if input_mode == "low" {
+		fmt.Printf("Plugins available to run %q\n", a.Settings.Riotpot.Start)
+
+		// user decided to provide plugins manually
+		plugins_selected := a.GetPluginsFromUser()
+		target_change = "s/boot: "+a.Settings.Riotpot.Boot+"/boot: "+strings.Join(plugins_selected, " ")+"/g"
+		environ.ExecuteCmd("sed","-i", "-e", target_change, "../configs/samples/configuration.yml")
+	} else if input_mode == "high" {
+		fmt.Printf("\nDocker containers available to run ")
+		fmt.Println(sett.GetDockerImages())
+		fmt.Printf("\n")
+		images := a.GetContainersFromUser()
+		target_change = "s/start_images: "+a.Settings.Riotpot.Start_images+"/start_images: "+strings.Join(images, " ")+"/g"
+		environ.ExecuteCmd("sed","-i", "-e", target_change, "../configs/samples/configuration.yml")
+		FillConfig(images, &a)
+	} else if input_mode == "hybrid" {
+		fmt.Printf("Plugins available to run %q\n", a.Settings.Riotpot.Start)
+
+		// user decided to provide plugins manually
+		plugins_selected := a.GetPluginsFromUser()
+		target_change = "s/boot: "+a.Settings.Riotpot.Boot+"/boot: "+strings.Join(plugins_selected, " ")+"/g"
+		environ.ExecuteCmd("sed","-i", "-e", target_change, "../configs/samples/configuration.yml")
+
+		fmt.Printf("\nDocker containers available to run ")
+		fmt.Println(sett.GetDockerImages())
+		fmt.Printf("\n")
+		images := a.GetContainersFromUser()
+		target_change = "s/start_images: "+a.Settings.Riotpot.Start_images+"/start_images: "+strings.Join(images, " ")+"/g"
+		environ.ExecuteCmd("sed","-i", "-e", target_change, "../configs/samples/configuration.yml")
+		FillConfig(images, &a)
+	}
+
+	fmt.Printf("Perfect!, now run the command 'docker-compose -f docker-compose.yml up -d --build'")
+}
+
+func FillConfig(images []string, a *configuration.Autopilot) {
+	file, err := os.OpenFile("docker-compose.yml", os.O_WRONLY|os.O_APPEND, 0644)
+	if err != nil {
+		log.Fatalf("failed opening file: %s", err)
+	}
+	defer file.Close()
+
+	for _,image := range images {
+		_, err = file.WriteString("\n")
+		_, err = file.WriteString("\n")
+		image_tag := "  "+image+":"
+		_, err = file.WriteString(image_tag)
+		_, err = file.WriteString("\n")
+		uri := a.Settings.GetContainerURI(image)
+		image_option := "    image: "+uri
+		_, err = file.WriteString(image_option)
+		_, err = file.WriteString("\n")
+		networks_tag := "    networks:"
+		_, err = file.WriteString(networks_tag)
+		_, err = file.WriteString("\n")
+		_, err = file.WriteString("      honeypot:")
+		_, err = file.WriteString("\n")
+		ip := a.Settings.GetContainerIP(image)
+		ip_addr_tag := "        ipv4_address: "+ip
+		_, err = file.WriteString(ip_addr_tag)
+	}
+
+
+	// _, err = file.WriteString("The Go language was conceived in September 2007 by Robert Griesemer, Rob Pike, and Ken Thompson at Google.")
+	if err != nil {
+		log.Fatalf("failed writing to file: %s", err)
+	}
+}

deployments/docker-compose-template.yml

@@ -0,0 +1,85 @@
+# This Docker Compose file is meant to be used on a development 
+# environment for testing.
+# This environment includes a fake local network, a local database and
+# a volume mounted with the code to see changes on the go.
+version: "3.8"
+
+volumes:
+  postgres_data:
+
+networks:
+  honeypot:
+    name: honeypot
+    ipam:
+      config:
+        - subnet: 10.5.0.0/16
+
+services:
+
+  # Tcpdump host that stores all the stuff that happens
+  # in the network
+  tcpdump:
+    image: kaazing/tcpdump
+    network_mode: "host"
+    volumes:
+        - ../tcpdump:/tcpdump
+    # Run tcdump in autorotating mode, with gzip compression
+    # The files will be rotated every 24h or 500MB and named
+    # after the timestamp when the file is created.
+    command: [
+      "-z", "gzip", # compress to gzip
+      "-G", "86400", # 24h in seconds
+      "-C", "500", # maximum file size
+      "-W", "10", # ignored, only affects the name
+      "-v", # verbose
+      "-i", "any", # any interface
+      "-w", "tcpdump/trace_%Y_%m_%d_%H_%M_%S.pcap" # trace_<timestamp>.pcap
+    ]
+
+  # RIoTPot is the container for the central node
+  riotpot:
+    build:
+      context: ..
+      dockerfile: ./build/docker/Dockerfile
+    image: riotpot:development
+    #command: 
+    restart: always
+    ports:
+      # Ports under 60 might see errors when unquoted
+      # https://stackoverflow.com/questions/58810789/quotes-on-docker-compose-yml-ports-make-any-difference
+      - "7:7"
+      # - "22:22"
+      - "23:23"
+      - "502:502"
+      - "8080:8080"
+      - "1883:1883"
+      - "5683:5683"
+    env_file:
+    - ../build/env/.env
+    networks:
+      honeypot:
+        # give a static IP to the honeypot so we can find it
+        # and attack it seamlessly
+        ipv4_address: 10.5.0.6
+
+  postgres:
+    image: postgres:latest
+    environment:
+      - POSTGRES_USER=superuser
+      - POSTGRES_PASSWORD=password
+      - POSTGRES_DB=postgres
+    volumes:
+      - postgres_data:/var/lib/postgresql/data/
+    networks:
+      honeypot:
+
+  attacker:
+    build:
+      context: ..
+      dockerfile: ./build/docker/Dockerfile.attacker
+    stdin_open: true  # docker -i
+    tty: true         # docker -t
+    volumes:
+      - ../test/pkg/services/mqtt:/riotpot/
+    networks:
+      honeypot:

deployments/docker-compose.yml

@@ -4,6 +4,16 @@
 # a volume mounted with the code to see changes on the go.
 version: "3.8"
 
+volumes:
+  postgres_data:
+
+networks:
+  honeypot:
+    name: honeypot
+    ipam:
+      config:
+        - subnet: 10.5.0.0/16
+
 services:
 
   # Tcpdump host that stores all the stuff that happens
@@ -38,7 +48,7 @@ services:
       # Ports under 60 might see errors when unquoted
       # https://stackoverflow.com/questions/58810789/quotes-on-docker-compose-yml-ports-make-any-difference
       - "7:7"
-      - "22:22"
+      # - "22:22"
       - "23:23"
       - "502:502"
       - "8080:8080"
@@ -73,13 +83,9 @@ services:
       - ../test/pkg/services/mqtt:/riotpot/
     networks:
       honeypot:
-
-volumes:
-  postgres_data:
 
-networks:
-  honeypot:
-    name: honeypot
-    ipam:
-      config:
-        - subnet: 10.5.0.0/16
+  http:
+    image: httpd
+    networks:
+      honeypot:
+        ipv4_address: 10.5.0.12