Permalink
Browse files

webif - push current version of webif from our setup

this is very specific to the honeynet project, so others who want to use it will probably want to modify it quite a bit...
  • Loading branch information...
1 parent 8084da4 commit 4e53a03eaf2b115564844473c07be35ecf16f4ec @rep committed Apr 5, 2012
View
@@ -12,6 +12,7 @@ def process_exception(self, request, exception):
response += "%s\n" % tb
print response
+ sys.stdout.flush()
if settings.DEBUG:
return HttpResponseServerError(response)
View
@@ -24,10 +24,13 @@ class User(Document):
username = StringField(max_length=30, required=True)
first_name = StringField(max_length=30)
last_name = StringField(max_length=30)
+ chapter = StringField(max_length=60, default='')
+ comment = StringField(max_length=100, default='')
+ activated_by = StringField(max_length=30, default='')
email = StringField()
password = StringField(max_length=128)
is_staff = BooleanField(default=False)
- is_active = BooleanField(default=True)
+ is_active = BooleanField(default=False)
is_superuser = BooleanField(default=False)
last_login = DateTimeField(default=datetime.datetime.now)
date_joined = DateTimeField(default=datetime.datetime.now)
View
@@ -1,11 +1,12 @@
+import collections
from mongoengine import *
from hpfeedauth import User
class TagRights(Document):
tag = StringField(max_length=50, required=True)
- subscribe = ListField(StringField())
- publish = ListField(StringField())
+ subscribe = ListField(StringField(), default=[])
+ publish = ListField(StringField(), default=[])
def __unicode__(self):
return self.tag
@@ -14,9 +15,10 @@ class AuthKey(Document):
owner = ReferenceField(User)
identifier = StringField(max_length=20, required=True)
secret = StringField(max_length=40, required=True)
- subscribe = ListField(StringField())
- publish = ListField(StringField())
+ subscribe = ListField(StringField(), default=[])
+ publish = ListField(StringField(), default=[])
comment = StringField(max_length=100, required=False)
+ template = BooleanField(default=False)
def __unicode__(self):
return '<AK: {0}{1}>'.format(self.identifier, ' ('+self.comment+')' if self.comment else '')
@@ -34,3 +36,50 @@ class Publog(Document):
chan = StringField(required=True)
identifier = StringField(max_length=20, required=True)
+class Channel(Document):
+ tstamp = DateTimeField()
+ creator = ReferenceField(User)
+ name = StringField()
+ description = StringField()
+ subscribe = ListField(StringField(), default=[])
+ publish = ListField(StringField(), default=[])
+ pubtags = ListField(StringField(), default=[])
+ subtags = ListField(StringField(), default=[])
+
+ def __unicode__(self):
+ return '<Channel: {0}>'.format(self.name)
+
+ def access_user(self, user):
+ out = set()
+ un = user.username
+ if un in self.publish: out.add('pub')
+ if un in self.subscribe: out.add('sub')
+ for tag in user.tags + ['anyone',]:
+ if tag in self.pubtags: out.add('pub')
+ if tag in self.subtags: out.add('sub')
+ return ','.join(out)
+
+ def access_dict(self):
+ useraxs = collections.defaultdict(set)
+ for un in self.publish: useraxs[un].add('pub')
+ for un in self.subscribe: useraxs[un].add('sub')
+ for k in useraxs: useraxs[k] = ','.join(useraxs[k])
+ return useraxs
+
+ def delete(self, *args, **kwargs):
+ # delete my name from all authkeys
+ aks = AuthKey.objects(Q(publish=self.name)|Q(subscribe=self.name))
+ for ak in aks:
+ if self.name in ak.publish: ak.publish.remove(self.name)
+ if self.name in ak.subscribe: ak.subscribe.remove(self.name)
+ ak.save()
+
+ super(Document, self).delete(*args, **kwargs)
+ # deleted
+
+ def anypub(self):
+ return 'anyone' in self.pubtags
+ def anysub(self):
+ return 'anyone' in self.subtags
+
+
View
@@ -6,7 +6,7 @@
import mongoengine
mongoengine.connect('hpfeeds')
-DEBUG = True
+DEBUG = False
TEMPLATE_DEBUG = DEBUG
ADMINS = (
@@ -56,9 +56,15 @@
INSTALLED_APPS = (
'django.contrib.sessions',
- 'webif.tabs'
+ 'webif.tabs',
+ 'webif'
)
LOGIN_URL = '/login/'
LOGIN_REDIRECT_URL = '/'
+EMAIL_HOST = ''
+EMAIL_PORT = 25
+SERVER_EMAIL = 'admin@hpfeeds.honeycloud.net'
+EMAIL_SUBJECT_PREFIX = '[hpfeeds] '
+
@@ -17,6 +17,7 @@
</a>
</blockquote>
<br />
+ <p>You can list <a href="{% url authkeys_all %}">all Authkeys</a> in the system as well.</p>
{% if authkeys %}
<p>You currently have the following Authkeys:</p>
<table class="list">
@@ -21,12 +21,18 @@
{% ifactivetab "menu" "home" %}Home{% else %}<a href="{% url index %}">Home</a>{% endifactivetab %}
</div>
{% if not user.is_anonymous %}
+ <div class="section{% ifactivetab "menu" "users" %} selected{% else %}{% endifactivetab %}">
+ {% ifactivetab "menu" "users" %}Users{% else %}<a href="{% url users %}">Users</a>{% endifactivetab %}
+ </div>
<div class="section{% ifactivetab "menu" "channels" %} selected{% else %}{% endifactivetab %}">
{% ifactivetab "menu" "channels" %}Channels{% else %}<a href="{% url channels %}">Channels</a>{% endifactivetab %}
</div>
<div class="section{% ifactivetab "menu" "authkeys" %} selected{% else %}{% endifactivetab %}">
{% ifactivetab "menu" "authkeys" %}Authkeys{% else %}<a href="{% url authkeys %}">Authkeys</a>{% endifactivetab %}
</div>
+ <div class="section{% ifactivetab "menu" "settings" %} selected{% else %}{% endifactivetab %}">
+ {% ifactivetab "menu" "settings" %}Settings{% else %}<a href="{% url settings %}">Settings</a>{% endifactivetab %}
+ </div>
{% endif %}
<div class="section">
{% if user.is_anonymous %}
@@ -11,13 +11,11 @@
Create Channel
</h1>
<br />
-<p>Every user can create channels and use them for his purpose. Users can delegate pub/sub access to other users. Channels generated like this will be prefixed with the username to disable channel name collisions.</p>
-<p>If you need/want a custom channel name, talk to the feed broker owner.</p>
+<p>Every user can create channels and use them for any purpose. Users can delegate pub/sub access to other users. Please use meaningful channel names (see existing channels).</p>
<br />
<form method="post">{% csrf_token %}
<table class="form">
{{ form.as_table }}
-<tr><td></td><td>e.g. channel "mwdata" becomes "usernameprefix.mwdata"</td></tr>
<tr><td></td><td>&nbsp;</td></tr>
<tr><td></td><td><input type="submit" value="Create" /></td></tr>
</table>
@@ -1,5 +1,6 @@
{% extends "base.html" %}
{% load tabs %}
+{% load hpfeed %}
{% block menubar %}
{{ block.super }}
{% endblock %}
@@ -8,13 +9,15 @@
<div>
<h1>
<div class="subtitle">edit</div>
- Channel {{ ch }}
+ Channel {{ ch.name }}
</h1>
+ <h3>Desription:</h3>
+ <p>{{ ch.description|bbcode }}</p>
<br />
<p>Here you can see which other users and which of your Authkeys have access to the channel.</p>
<p>You can give another user access to this channel, or assign access to one of your <a href="{% url authkeys %}">Authkeys</a>.</p>
- <div style="float:left;width:440px;margin-right:20px;">
+ <div style="">
<h3>Users</h3>
{% if users %}
<table class="list">
@@ -36,26 +39,16 @@
<br />
</div>
- <div style="float:left;width:440px;">
- <h3>Authkeys</h3>
-{% if aks %}
-<table class="list">
-<tr class="head"><th>Authkey Identifier</th><th>Access</th></tr>
-{% for i in aks %}<tr class="{% cycle '' 'alt' %}"><td>{{ i.0 }}</td><td>{{ i.1 }}</td></tr>
-{% endfor %}
-</table>
-{% else %}
-<p>Currently no Authkey has access to this channel.</p>
-{% endif %}
-<p>Assign access to an Authkey:</p>
+<h3 style="clear:both;">Channel Settings</h3>
<form method="post">{% csrf_token %}
<table class="form">
-{{ form2.as_table }}
+<tr><td>Anyone may publish to this channel.</td><td><input type="checkbox" name="anypub" value="yes" {% if ch.anypub %}checked{%endif%} /></td></tr>
+<tr><td>Anyone may subscribe to this channel.</td><td><input type="checkbox" name="anysub" value="yes" {% if ch.anysub %}checked{%endif%} /></td></tr>
+<tr><td>Description:</td><td><textarea name="description" style="width:500px; height:200px;">{{ ch.description }}</textarea></td></tr>
<tr><td></td><td>&nbsp;</td></tr>
-<tr><td></td><td><input type="submit" name="ak" value="Assign Access" /></td></tr>
+<tr><td></td><td><input type="submit" name="ak" value="Update" /></td></tr>
</table>
</form>
</div>
- </div>
{% endblock %}
@@ -1,5 +1,6 @@
{% extends "base.html" %}
{% load tabs %}
+{% load hpfeed %}
{% block menubar %}
{% activetab "menu" "channels" %}
{{ block.super }}
@@ -21,13 +22,23 @@
<p>You have access to the following channels:</p>
<table class="list">
<tr class="head"><th>Channel</th><th>Access</th><th></th></tr>
-{% for c in channels %}<tr class="{% cycle '' 'alt' %}"><td>{{ c.0 }}</td><td>{{ c.1 }}</td><td><a href="{% url editchan c.0 %}">Edit</a>&nbsp;<a href="{% url deletechan c.0 %}">Delete</a></td></tr>
+{% for c in channels %}<tr class="{% cycle '' 'alt' %}"><td>{{ c.name }}</td><td>{{ c|access_chan_user:user }}</td><td><a href="{% url editchan c.name %}">Edit</a>&nbsp;<a href="{% url deletechan c.name %}">Delete</a></td></tr>
{% endfor %}
</table>
{% else %}
<p>You don't have access to any channels.</p>
{% endif %}
+{% if restchans %}
+ <p>Other channels on this hpfeeds instance:</p>
+<table class="list">
+<tr class="head"><th>Channel</th><th>Access</th><th></th></tr>
+{% for c in restchans %}<tr class="{% cycle '' 'alt' %}"><td>{{ c.name }}</td><td>{{ c|access_chan_user:user }}</td><td><a href="{% url editchan c.name %}">Edit</a>&nbsp;<a href="{% url deletechan c.name %}">Delete</a></td></tr>
+{% endfor %}
+</table>
+
+{% else %}
+{% endif %}
</div>
{% endblock %}
@@ -1,5 +1,6 @@
{% extends "base.html" %}
{% load tabs %}
+{% load hpfeed %}
{% block menubar %}
{{ block.super }}
{% endblock %}
@@ -16,28 +17,44 @@
<tr><td>Secret:</td><td>{{ ak.secret }}</td></tr>
<tr><td>Comment:</td><td>{{ ak.comment }}</td></tr>
</table>
-{% if addedaccess %}
+{% if updated %}
<br />
-<p>Added access to channel {{ chan }}. <a href="{% url editak ak.identifier %}">Back.</a></p>
+<p>Authkey access was updated. <a href="{% url editak ak.identifier %}">Back.</a></p>
{% else %}
-{% if axs %}
+<form method="post">{% csrf_token %}
+
+{% if achans %}
<p>The Authkey has access to the following channels:</p>
<table class="list">
-<tr class="head"><th>Channel</th><th>Access</th></tr>
-{% for i in axs %}<tr class="{% cycle '' 'alt' %}"><td>{{ i.0 }}</td><td>{{ i.1 }}</td></tr>
+<tr class="head"><th width="50%">Channel</th><th>Access</th></tr>
+{% for i in achans %}<tr class="{% cycle '' 'alt' %}"><td>{{ i }}</td><td>
+<input type="checkbox" name="{{ i }}|sub" value="1" {% if i in ak.subscribe %}checked{% endif %} {% if not 'sub' in i|access_chan_name_user:user %}disabled="true"{% endif %}/> subscribe&nbsp;
+<input type="checkbox" name="{{ i }}|pub" value="1" {% if i in ak.publish %}checked{% endif %} {% if not 'pub' in i|access_chan_name_user:user %}disabled="true"{% endif %}/> publish
+</td></tr>
{% endfor %}
+<tr><td>&nbsp;</td><td><input type="submit" name="u" value="Update" /></td></tr>
</table>
{% else %}
<p>Currently the Authkey has no access rights.</p>
{% endif %}
<br />
-<p>Add access to a channel:</p>
-<form method="post">{% csrf_token %}
-<table class="form">
-{{ form.as_table }}
-<tr><td></td><td>&nbsp;</td></tr>
-<tr><td></td><td><input type="submit" name="u" value="Assign Access" /></td></tr>
+
+{% if ochans %}
+<p>Add other channels to this Authkey:</p>
+<table class="list">
+<tr class="head"><th width="50%">Channel</th><th>Access</th></tr>
+{% for i in ochans %}<tr class="{% cycle '' 'alt' %}"><td>{{ i }}</td><td>
+<input type="checkbox" name="{{ i }}|sub" value="1" {% if not 'sub' in i|access_chan_name_user:user %}disabled="true"{% endif %}/> subscribe&nbsp;
+<input type="checkbox" name="{{ i }}|pub" value="1" {% if not 'pub' in i|access_chan_name_user:user %}disabled="true"{% endif %}/> publish
+&nbsp;
+</td></tr>
+{% endfor %}
+<tr><td>&nbsp;</td><td><input type="submit" name="u" value="Add" /></td></tr>
</table>
+{% else %}
+<p>There are no other channels to be added.</p>
+{% endif %}
+
</form>
{% endif %}
</div>
View
@@ -10,30 +10,45 @@
<div class="subtitle">generic, live, authenticated</div>
HP Datafeeds
</h1>
- <p>The "hpfeeds" project implements a lightweight authenticated publish/subscribe protocol for exchanging live datafeeds.
+ {% if user.is_anonymous %}
+ <p>The <b>hpfeeds</b> project implements a <b>lightweight authenticated publish/subscribe protocol</b> for exchanging <b>live</b> datafeeds.
We tried to design a simple wire-format so that everyone is able to subscribe to the feeds with his favorite language in <i>almost no time.</i></p>
<p>Different feeds are separated by <i>channels</i> and support arbitrary binary payloads. This means that the channel users have to decide about the structure of data. This could for example be done by choosing a serialization format.</p>
<p>Access to channels is given to so-called <i>Authkeys</i> which essentially are pairs of an identifier and a secret. The secret is sent to the server by hashing it together with a per-connection nonce. This way no eavesdroppers can obtain valid credentials. Optionally the protocol can be run on top of SSL/TLS, of course.</p>
<p>To support multiple data sources and sinks per user we manage the Authkeys in this webinterface after a quick login with a user account. User accounts are only needed for the webinterface - to use the data feed channels, only Authkeys are necessary. Different Authkeys can be granted distinct access rights for channels.</p>
+ <p><b>The system you are accessing right now is a HP internal-only setup.</b> Every account needs to be accepted by an HP member. This means you are only eligible to register if you are an HP member or you have an agreement to get access for some specific project (e.g. GSOC).</p>
+ <br />
+
+<blockquote class="button">
+ <a href="{% url register %}">
+ Register an account now »
+ </a>
+</blockquote>
+ {% else %}
+ <h3>Welcome to hpfeeds, {{ user.username }}.</h3>
+ <p>Please visit the <a href="http://redmine.honeynet.org/projects/hpfeeds/wiki">hpfeeds Redmine project</a> for further information on the protocol. The code and an example client is available from the <a href="https://github.com/rep/hpfeeds">git repository</a> at Github.</p>
+ <p>Every hpfeed user should keep an eye on the yet inactive registrations and accept those from fellow HP members.</p>
+ <p>Contact Mark regarding any further questions and assistance. Enjoy!</p>
+ <br />
+ <p>The feedbroker instance on this setup runs on port: 10000</p>
+ <pre>python feed.py --host hpfeeds.honeycloud.net -p 10000 -c dionaea.capture -i identifier -s secret subscribe</pre>
+ {% endif %}
</div>
<div style="float:left;width:220px;">
<h3 style="">Statistics</h3>
<div style="float:right">{{ stats.glastopf_dorks.total }}</div>
Glastopf dorks:<br />
- <div style="float:right">{{ stats.mwcapture.total }}</div>
+ <div style="float:right">{{ stats.dionaea_capture.total }}</div>
Malware captures:<br />
- <div style="float:right">{{ stats.mwcapture.hour }}</div>
- ... last hour:<br />
- <div style="float:right">{{ stats.mwcapture.day }}</div>
- ... last day:<br />
- <div style="float:right">{{ stats.mwcapture.week }}</div>
- ... last week:<br />
- <div style="float:right">{{ stats.mwbinary_sensorunique.total }}</div>
+ <div style="float:right">{{ stats.dionaea_shellcodeprofiles.total }}</div>
+ Shellcodes:<br />
+ <div style="float:right">{{ stats.dionaea_dcerpcrequests.total }}</div>
+ DCERPC requests:<br />
+ <div style="float:right">{{ stats.mwbinary_dionaea_sensorunique.total }}</div>
Sensor-unique binaries:<br />
<br clear="all">
- <a style="font-size:13px;" href="ex/">Statistics sink »</a>
<h3>Account</h3>
{% if user.is_anonymous %}
@@ -11,9 +11,10 @@
Generate Authkey
</h1>
<br />
-<p>Give a comment for the new Authkey to remember its purpose. The identifier and secret will be autogenerated.</p>
-<br />
<form method="post">{% csrf_token %}
+<p>Want to automatically assign publish/subscribe access rights to this authkey based on a template? Choose one below.</p>
+<p>Also give a comment for the new Authkey to remember its purpose. The identifier and secret will be autogenerated.</p>
+<br />
<table class="form">
{{ form.as_table }}
<tr><td></td><td>&nbsp;</td></tr>
@@ -16,6 +16,7 @@
<div style="float:left;">
<h1>Registration</h1>
<br />
-<p>Registration completed. You may now <a href="{% url log-in %}">login.</a></p>
+<p>Registration completed. Your account is marked as inactive and needs to be accepted by an already registered member. It is probably best if you ping someone to do this.</p>
+<p>When your account is activated you can login <a href="{% url log-in %}">here</a>.</p>
</div>
{% endblock %}
Oops, something went wrong.

0 comments on commit 4e53a03

Please sign in to comment.