diff --git a/win7/Miniport/ghostport.inf b/win7/Miniport/ghostport.inf index 4868579..b130a8f 100644 --- a/win7/Miniport/ghostport.inf +++ b/win7/Miniport/ghostport.inf @@ -29,7 +29,7 @@ Signature = "$Windows NT$" Class = SCSIAdapter ClassGUID = {4D36E97B-E325-11CE-BFC1-08002BE10318} Provider = %Ghost% -DriverVer = 03/22/2013,0.2.0.1 +DriverVer = 03/27/2013,0.3 CatalogFile.NTamd64 = ghostport-amd64.cat diff --git a/win7/PythonBindings/ghostwatch.py b/win7/PythonBindings/ghostwatch.py index 896ce85..64ac0ea 100644 --- a/win7/PythonBindings/ghostwatch.py +++ b/win7/PythonBindings/ghostwatch.py @@ -5,6 +5,7 @@ import sys from time import sleep import socket +import _winreg # General parameters LOGFILE = None @@ -15,10 +16,10 @@ GHOST_DEVICE_ID = 0 # HPfeeds parameters -HPFEEDS_HOST = 'hpfriends.honeycloud.net' -HPFEEDS_PORT = 20000 -HPFEEDS_IDENT = 'wWLnJ949' -HPFEEDS_SECRET = 'yjniQJ6WzZybYy6q' +HPFEEDS_HOST = 'your_broker' +HPFEEDS_PORT = 10000 +HPFEEDS_IDENT = 'your_ident' +HPFEEDS_SECRET = 'your_secret' HPFEEDS_REPORT_CHANNEL = 'ghost.reports' HPFEEDS_STATUS_CHANNEL = 'ghost.status' @@ -28,19 +29,29 @@ else: logging.basicConfig(stream = sys.stderr, level = logging.INFO) -logger = logging.getLogger('ghostwatch') -hpc = hpfeeds.new(HPFEEDS_HOST, HPFEEDS_PORT, HPFEEDS_IDENT, HPFEEDS_SECRET) +logger = logging.getLogger('ghostwatch') def create_status_update(action): status_update = {'action': action, 'hostname': socket.gethostname()} return json.dumps(status_update) + +def activate_readonly(): + try: + key = _winreg.OpenKey(_winreg.HKEY_LOCAL_MACHINE, r'SYSTEM\CurrentControlSet\services\ghostreadonly\Parameters', 0, _winreg.KEY_SET_VALUE) + _winreg.SetValueEx(key, 'BlockWriteToRemovable', 0, _winreg.REG_DWORD, 1) + _winreg.CloseKey(key) + except WindowsError: + logger.info('Ghostreadonly not installed or broken') def onincident(details): logger.warning('Detection! PID %d, TID %d' % (details['PID'], details['TID'])) + activate_readonly() wire_report = dict(details) wire_report['Ident'] = HPFEEDS_IDENT - hpc.publish(HPFEEDS_REPORT_CHANNEL, json.dumps(wire_report)) - hpc.publish(HPFEEDS_STATUS_CHANNEL, create_status_update('detection')) + incident_hpc = hpfeeds.new(HPFEEDS_HOST, HPFEEDS_PORT, HPFEEDS_IDENT, HPFEEDS_SECRET) + incident_hpc.publish(HPFEEDS_REPORT_CHANNEL, json.dumps(wire_report)) + incident_hpc.publish(HPFEEDS_STATUS_CHANNEL, create_status_update('detection')) + incident_hpc.close() def main(): logger.info('Initializing Ghost...') @@ -49,11 +60,18 @@ def main(): logger.info('Ready') while True: logger.info('Mounting the virtual device') + + hpc = hpfeeds.new(HPFEEDS_HOST, HPFEEDS_PORT, HPFEEDS_IDENT, HPFEEDS_SECRET) hpc.publish(HPFEEDS_STATUS_CHANNEL, create_status_update('mount')) + hpc.close() + g.run(onincident) logger.info('Virtual device removed') + + hpc = hpfeeds.new(HPFEEDS_HOST, HPFEEDS_PORT, HPFEEDS_IDENT, HPFEEDS_SECRET) hpc.publish(HPFEEDS_STATUS_CHANNEL, create_status_update('remove')) hpc.close() + sleep(GHOST_INTERVAL) # Loop diff --git a/win7/PythonBindings/process_reports.py b/win7/PythonBindings/process_reports.py index 2fda127..e4e4b01 100755 --- a/win7/PythonBindings/process_reports.py +++ b/win7/PythonBindings/process_reports.py @@ -8,10 +8,10 @@ DB_HOST = 'localhost' DB_PORT = 27017 -HPFEEDS_HOST = 'hpfriends.honeycloud.net' -HPFEEDS_PORT = 20000 -HPFEEDS_IDENT = 'n8AY3Kuw' -HPFEEDS_SECRET = 'zEzb23Ta8QhJBaC9' +HPFEEDS_HOST = 'your_broker' +HPFEEDS_PORT = 10000 +HPFEEDS_IDENT = 'your_ident' +HPFEEDS_SECRET = 'your_secret' HPFEEDS_REPORT_CHANNEL = 'ghost.reports' HPFEEDS_STATUS_CHANNEL = 'ghost.status' diff --git a/win7/Readonly/ghostreadonly.inf b/win7/Readonly/ghostreadonly.inf index 41f77d7..f8a37f3 100644 --- a/win7/Readonly/ghostreadonly.inf +++ b/win7/Readonly/ghostreadonly.inf @@ -30,7 +30,8 @@ Class = DiskDrive ClassGUID = {4D36E967-E325-11CE-BFC1-08002BE10318} ;ClassGUID = {4D36E97B-E325-11CE-BFC1-08002BE10318} Provider = %Ghost% -DriverVer=12/17/2012,0.1 +DriverVer=03/27/2013,0.3 +CatalogFile.NTamd64 = ghostreadonly-amd64.cat [SourceDisksNames] diff --git a/win7/Webadmin/serve.py b/win7/Webadmin/serve.py index c68fa87..f8ca407 100644 --- a/win7/Webadmin/serve.py +++ b/win7/Webadmin/serve.py @@ -29,7 +29,9 @@ def machinetable(): @bottle.route('/dismiss/') def dismiss(obj_id): - db.reports.remove({'_id': ObjectId(obj_id)}) + report = db.reports.find_one({'_id': ObjectId(obj_id)}) + report['Dismissed'] = True + db.reports.save(report) @bottle.route('/report/') def report(machine_ident): diff --git a/win7/version.h b/win7/version.h index 51729f4..027dd8f 100644 --- a/win7/version.h +++ b/win7/version.h @@ -29,7 +29,7 @@ #define VERSION_H -#define GHOST_VERSION "0.2" +#define GHOST_VERSION "0.3" #endif