RubyGems - thm - Versions diffs - 0.1.8 - Mend

thm 0.1.8

Files changed (34) hide show

checksums.yaml +7 -0
data/README.1ST +38 -0
data/README.md +59 -0
data/bin/thm-consumer +89 -0
data/bin/thm-pcap +67 -0
data/bin/thm-producer +102 -0
data/bin/thm-session +319 -0
data/bin/thm-useradmin +75 -0
data/config.rb +30 -0
data/datalayerlight.rb +143 -0
data/js/JSXTransformer.js +15919 -0
data/js/chartkick.js +829 -0
data/js/files/authenticate.jsx +30 -0
data/js/jquery.min.js +5 -0
data/js/marked.min.js +6 -0
data/js/react.js +19602 -0
data/lib/thm.rb +49 -0
data/lib/thm/consumer.rb +228 -0
data/lib/thm/dataservices.rb +73 -0
data/lib/thm/localmachine.rb +170 -0
data/lib/thm/producer.rb +198 -0
data/lib/thm/version.rb +14 -0
data/service_definitions.csv +6366 -0
data/sql/geoipdata-monetdb.sql +111 -0
data/sql/threatmonitor-monetdb.sql +174 -0
data/sql/threatmonitor-mysql.sql +156 -0
data/stylesheets/screen.css +150 -0
data/thm-authentication.rb +65 -0
data/thm-authorization.rb +173 -0
data/thm-privileges.rb +97 -0
data/views/authenticate.slim +18 -0
data/views/dashboard.erb +69 -0
data/views/logout.slim +10 -0
metadata +237 -0

data/thm-authentication.rb ADDED Viewed

@@ -0,0 +1,65 @@
+########################################################################
+#
+# Author: Brian Hood
+#
+# Description: Threatmonitor User Administration
+#
+# Extends the functionality of the Thm module adding Authorization
+# Adding Authentication to the Privileges model
+#
+########################################################################
+require "#{File.dirname(__FILE__)}/lib/thm.rb"
+require "#{File.dirname(__FILE__)}/config.rb"
+require "#{File.dirname(__FILE__)}/thm-privileges.rb"
+#require File.expand_path(File.join(
+#          File.dirname(__FILE__),
+#          "/lib/thm.rb")
+module Thm::Authorization
+  class Authentication < Thm::DataServices
+    attr_reader :thmsession
+    attr_accessor :thmsesslock
+    def initialize
+      super
+      @debug = 1
+    end
+    def login(username, password)
+      obj = Thm::Authorization::Privileges.new
+      pwhash = obj.mkhash(password)
+      sqlusrcnt = "SELECT count(*) as num FROM users WHERE username = '#{username}' AND password = '#{pwhash}'"
+      resusrcnt = @conn.query("#{sqlusrcnt}")
+      rowusrcnt = resusrcnt.fetch_hash
+      puts "#{rowusrcnt["num"].to_i}"
+      if rowusrcnt["num"].to_i == 1
+        puts "Authentication Success"
+        @thmsession = Tools::guid.to_s
+        @thmsesslock = "OK"
+      else
+        @thmsession = "failure"
+        @thmsesslock = "FAILURE"
+        puts "\e[1;31m\Failure to Authenticate \e[0m\ "
+      end
+    end
+    def login_session?
+      if @thmsession != "failure" or @thmsession != nil
+        return true
+      else
+        return false
+      end
+    end
+    def logout
+      @thmsession = nil
+      @thmsesslock = "DEADBEEF"
+    end
+  end
+end

data/thm-authorization.rb ADDED Viewed

@@ -0,0 +1,173 @@
+########################################################################
+#
+# Author: Brian Hood
+#
+# Description: Threatmonitor Authorization
+#
+# Extends the functionality of the Thm module adding Authorization
+#
+########################################################################
+require 'digest'
+require "#{File.dirname(__FILE__)}/lib/thm.rb"
+require 'pp'
+puts "\e[1;33m\Threatmonitor - User Administration\e[0m\ "
+puts "\e[1;33m\===================================\e[0m\ \n\n"
+module Thm::Authorization
+  class AuthTemplate < Thm::DataServices
+    def initialize
+      super
+      @debug = 1
+    end
+    def setup_privileges(name, obj)
+      data = obj.new
+      actiontemplate = { 'userdata' => {
+              'type' => "#{data.type}",
+              'group' => "#{data.group}",
+              'password' => "#{data.password}"
+            }
+      }
+      #pp actiontemplate
+      if @debug == 1
+        puts "Action template User data"
+        puts "User: #{name}"
+        puts "Type: #{actiontemplate["userdata"]["type"]}"
+        puts "Group: #{actiontemplate["userdata"]["group"]}"
+        puts "Password: #{actiontemplate["userdata"]["password"]}"
+      end
+      case actiontemplate["userdata"]["type"]
+      when "adduser"
+        sqlid = "SELECT gid FROM groups WHERE groupname = '#{actiontemplate["userdata"]["group"]}';"
+        resgid = @conn.query("#{sqlid}")
+        rowgid = resgid.fetch_hash
+        puts "#{rowgid["gid"].to_i}"
+        if rowgid["gid"] =~ /^[0-9]*$/ # Check the value is numeric
+          sqlidcnt = "SELECT count(*) as num FROM groups WHERE groupname = '#{actiontemplate["userdata"]["group"]}';"
+          resgidcnt = @conn.query("#{sqlidcnt}")
+          rowgidcnt = resgidcnt.fetch_hash
+          puts "#{rowgidcnt["num"].to_i}"
+          if rowgidcnt["num"].to_i == 1
+            sql = "INSERT INTO users (username, password, gid) VALUES ('#{name}', '#{actiontemplate["userdata"]["password"]}', #{rowgid["gid"]});"
+            begin
+              @conn.query("#{sql}")
+              @conn.commit
+            rescue
+              puts "There was a issue adding user check database privileges"
+            end
+          else
+            puts "Group #{actiontemplate["userdata"]["group"]} doesn't exist"
+          end
+        else
+          puts "Group #{actiontemplate["userdata"]["group"]} invalid GID ?"
+        end
+      when "userexists?"
+        sqlchkname = "SELECT COUNT(*) as num FROM users WHERE username = '#{name}';"
+        reschkname = @conn.query("#{sqlchkname}")
+        rowchknamecnt = reschkname.fetch_hash
+        puts "#{rowchknamecnt["num"].to_i}"
+        if rowchknamecnt["num"].to_i == 0
+          puts "User #{name} doesn't exist"
+          return false
+        else
+          return true
+        end
+      when "deleteuser"
+        if self.user_exists?("#{name}") == true
+          sqldeluser = "DELETE FROM users WHERE username = '#{name}';"
+          begin
+            @conn.query("#{sqldeluser}")
+            @conn.commit
+            puts "User #{name} deleted"
+          rescue
+            puts "Error deleting User #{name}"
+          end
+        end
+      when "listusers"
+        sqllsusers = "SELECT uid, username FROM users;"
+        reslsusers = @conn.query("#{sqllsusers}")
+        puts "\n"
+        puts "\e[1;38m|       Users Table        |\e[0m\ \n"
+        puts "\e[1;38m\\==========================/\e[0m\ "
+        while row = reslsusers.fetch_hash do
+          puts "UID: #{row["uid"]} Username: #{row["username"]}"
+        end
+        puts "\n"
+      when "listgroups"
+        sqllsusers = "SELECT gid, groupname FROM groups;"
+        reslsusers = @conn.query("#{sqllsusers}")
+        puts "\n"
+        puts "\e[1;38m|       Groups Table        |\e[0m\ \n"
+        puts "\e[1;38m\\==========================/\e[0m\ "
+        while row = reslsusers.fetch_hash do
+          puts "GID: #{row["gid"]} Groupname: #{row["groupname"]}"
+        end
+        puts "\n"
+      when "groupexists?"
+        sqlchkname = "SELECT COUNT(*) as num FROM groups WHERE groupname = '#{name}';"
+        reschkname = @conn.query("#{sqlchkname}")
+        rowchknamecnt = reschkname.fetch_hash
+        puts "#{rowchknamecnt["num"].to_i}"
+        if rowchknamecnt["num"].to_i == 0
+          if actiontemplate["userdata"]["msg"] == true
+            puts "Group #{name} doesn't exist"
+          end
+          return false
+        else
+          return true
+        end
+      when "deletegroup"
+        puts "#{name}"
+        if self.group_exists?("#{name}") == true
+          sqldelgroup = "DELETE FROM groups WHERE groupname = '#{name}';"
+          begin
+            @conn.query("#{sqldelgroup}")
+            @conn.commit
+            puts "Group #{name} deleted"
+          rescue
+            puts "Error deleting Group #{name}"
+          end
+        end
+      when "addgroup"
+        sqlidcnt = "SELECT count(*) as num FROM groups WHERE groupname = '#{name}';"
+        resgidcnt = @conn.query("#{sqlidcnt}")
+        rowgidcnt = resgidcnt.fetch_hash
+        puts "#{rowgidcnt["num"].to_i}"
+        if rowgidcnt["num"].to_i == 0
+          sqladdgroup = "INSERT INTO groups (groupname) VALUES ('#{name}');"
+          begin
+            @conn.query("#{sqladdgroup}")
+            @conn.commit
+          rescue
+            puts "There was a issue adding group check database privileges"
+          end
+        else
+          puts "Group #{actiontemplate["userdata"]["group"]} doesn't exist"
+        end
+      end
+    end
+    # Build a class object using a Flat scope so we can pass through variables
+    # Then pass it as an object to setup_privileges
+    def objbuilder(user, type="", group="", password="")
+    # user becomes group when adding / deleting groups
+    # objbuilder("#{@thmgroupname}", "addgroup")
+      designobj = Class.new do
+        attr_reader :type, :group, :password
+          define_method :initialize do
+            instance_variable_set("@type", "#{type}")
+            instance_variable_set("@group", "#{group}")
+            instance_variable_set("@password", "#{password}")
+          end
+      end
+      setup_privileges("#{user}", designobj)
+    end
+  end
+end

data/thm-privileges.rb ADDED Viewed

@@ -0,0 +1,97 @@
+########################################################################
+#
+# Author: Brian Hood
+#
+# Description: Threatmonitor User Administration
+#
+# Extends the functionality of the Thm module adding Authorization
+# Adding User / Group Privileges functionality
+#
+########################################################################
+require "#{File.dirname(__FILE__)}/thm-authorization.rb"
+module Thm::Authorization
+  class Privileges < AuthTemplate
+      puts "\e[1;34m\ Manage User / Group Privileges \e[0m\ \n\n"
+      def mkhash(payload)
+        hash = Digest::SHA512.new
+        puts "Password Omitted !"
+        hash.update("#{payload}")
+      end
+      def user_exists?(name)
+        objbuilder("#{name}", "userexists?", msg=false)
+      end
+      def add_user
+        while buf = Readline.readline("\e[1;36m\Add User: \e[0m\ ", true)
+          @thmusername = buf
+          while buf2 = Readline.readline("\e[1;36m\Existing Group: \e[0m\ ", true)
+            @thmgroupname = buf2
+            break
+          end
+          if self.user_exists?("#{@thmusername}"); puts "Exiting ... Can't create duplicate users ?"; exit; end
+          break
+        end
+      end
+      #def update_user; end
+      #alias_method :modify_user, :update_user
+      def delete_user
+        while buf = Readline.readline("\e[1;36m\Remove User: \e[0m\ ", true)
+          @thmusername = buf
+          objbuilder("#{@thmusername}", "deleteuser")
+          break
+        end
+      end
+      def set_password(prompt="\e[1;36m\Password: \e[0m\ ")
+        print prompt
+        plain = STDIN.noecho(&:gets).chomp
+        @thmpassword = mkhash(plain)
+        objbuilder("#{@thmusername}", "adduser", "#{@thmgroupname}", "#{@thmpassword}")
+      end
+      def list_users
+        objbuilder("system", "listusers")
+      end
+      def list_groups
+        objbuilder("system", "listgroups")
+      end
+      def group_exists?(name)
+        objbuilder("#{name}", "groupexists?")
+      end
+      def add_group
+        while buf = Readline.readline("\e[1;36m\Add Group: \e[0m\ ", true)
+          @thmgroupname = buf
+          if self.group_exists?("#{@thmgroupname}") == true
+            puts "Exiting Group exists ..."
+          end
+          if self.group_exists?("#{@thmgroupname}"); puts "Exiting ... Can't create duplicate groups ?"; exit; end
+          objbuilder("#{@thmgroupname}", "addgroup")
+          break
+        end
+      end
+      def delete_group
+        while buf = Readline.readline("\e[1;36m\Delete Group: \e[0m\ ", true)
+          @thmgroupname = buf
+          objbuilder("#{@thmgroupname}", "deletegroup")
+          break
+        end
+      end
+  end
+end

data/views/authenticate.slim ADDED Viewed

@@ -0,0 +1,18 @@
+doctype 5
+html
+  head
+    title Threatmonitor Suite - Login
+    link rel="stylesheet" href="stylesheets/screen.css" type="text/css" media="screen"
+    script src="js/react.js"
+    script src="js/JSXTransformer.js"
+    script src="js/jquery.min.js"
+    script src="js/marked.min.js"
+  body
+    h2 Threatmonitor Suite Login
+    #content
+    div id="content"
+    script type="text/jsx" src="js/files/authenticate.jsx"

data/views/dashboard.erb ADDED Viewed

@@ -0,0 +1,69 @@
+<html>
+  <head>
+    <title>Threatmonitor Suite - Dashboard</title>
+    <link rel="stylesheet" href="stylesheets/screen.css" type="text/css" media="screen">
+    <script src="js/react.js"></script>
+    <script src="js/JSXTransformer.js"></script>
+    <script src="js/jquery.min.js"></script>
+    <script src="js/marked.min.js"></script>
+    <script src="js/jsapi.js"></script>
+    <script src="js/chartkick.js"></script>
+  </head>
+  <body>
+    <h3>Threatmonitor - Overview</h3>
+    <div id="content" style='width:100%; overflow:off;'>
+    <p align="left">Protocol data</p>
+    <table width="100%">
+      <tr><td colspan="2">Geo Location</td></tr>
+      <tr>
+        <td colspan="2" width="100%">
+        <div align="left" id="contentgeo" style='width:100%; height:100%; transform:scale(0.9);'>
+          <%= geo_chart @rowgeocount, id: "contentgeo", height: "400px", width: "400px" %>
+        </div></td>
+        </td>
+      </tr>
+      <tr><td>UDP Packets</td><td>TCP Packets</td></tr>
+      <tr>
+        <td width="50%">
+        <div align="left" id="content1" style='width:100%; height:100%; transform:scale(0.9);'>
+          <%= pie_chart @rowusrcnt, id: "content1", height: "400px", width: "400px" %>
+        </div></td>
+        <td width="50%">
+        <div align="left" id="content2" style='width:100%; height:100%; transform:scale(0.9);'>
+          <%= pie_chart @rowusrcnt2, id: "content2", height: "400px", width: "400px" %>
+        </div>
+        </td>
+      </tr>
+      <tr><td>Top TCP/IP Talkers</td><td>Top UDP/IP Talkers</td></tr>
+      <tr>
+        <td width="50%" height="50%">
+        <div align="left" id="content5" style='width:100%; height:100%; transform:scale(0.9);'>
+          <%= column_chart @rowusrcnt5, id: "content5", colors: ["orange", "#ed7718"] %>
+        </div></td>
+        <td width="50%" height="50%">
+        <div align="left" id="content6" style='width:100%; height:100%; transform:scale(0.9);'>
+          <%= column_chart @rowusrcnt6, id: "content6", colors: ["purple", "#78099d"] %>
+        </div></td>
+      </tr>
+      <tr><td>UDP Services</td><td>TCP Services</td></tr>
+      <tr>
+        <td width="50%" height="50%">
+        <div align="left" id="content3" style='width:100%; height:100%; transform:scale(0.9);'>
+          <%= bar_chart @rowusrcnt3, id: "content3", colors: ["green", "#177925"] %>
+        </div></td>
+        <td width="50%" height="50%">
+        <div align="left" id="content4" style='width:100%; height:100%; transform:scale(0.9);'>
+          <%= bar_chart @rowusrcnt4, id: "content4", colors: ["red", "#b80000"] %>
+        </div></td>
+      </tr>
+    </table>
+    </div>
+    <script type="text/jsx">
+    </script>
+  </body>
+</html>

data/views/logout.slim ADDED Viewed

@@ -0,0 +1,10 @@
+doctype 5
+html
+  head
+    title Threatmonitor Suite - Dashboard
+    link rel="stylesheet" href="stylesheets/screen.css" type="text/css" media="screen"
+  body
+    h5 Logging out ...
+    #content

metadata ADDED Viewed

@@ -0,0 +1,237 @@
+--- !ruby/object:Gem::Specification
+name: thm
+version: !ruby/object:Gem::Version
+  version: 0.1.8
+platform: ruby
+authors:
+- puppetpies
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2015-07-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.4'
+- !ruby/object:Gem::Dependency
+  name: rake-compiler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: bunny
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: amqp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: pcap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+- !ruby/object:Gem::Dependency
+  name: guid
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: eventmachine
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: chartkick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: slim
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: Threatmonitor - Packet Capture / Analysis Suite
+email: brianh6854@googlemail.com
+executables:
+- thm-consumer
+- thm-pcap
+- thm-producer
+- thm-session
+- thm-useradmin
+extensions: []
+extra_rdoc_files:
+- README.md
+- README.1ST
+files:
+- README.1ST
+- README.md
+- bin/thm-consumer
+- bin/thm-pcap
+- bin/thm-producer
+- bin/thm-session
+- bin/thm-useradmin
+- config.rb
+- datalayerlight.rb
+- js/JSXTransformer.js
+- js/chartkick.js
+- js/files/authenticate.jsx
+- js/jquery.min.js
+- js/marked.min.js
+- js/react.js
+- lib/thm.rb
+- lib/thm/consumer.rb
+- lib/thm/dataservices.rb
+- lib/thm/localmachine.rb
+- lib/thm/producer.rb
+- lib/thm/version.rb
+- service_definitions.csv
+- sql/geoipdata-monetdb.sql
+- sql/threatmonitor-monetdb.sql
+- sql/threatmonitor-mysql.sql
+- stylesheets/screen.css
+- thm-authentication.rb
+- thm-authorization.rb
+- thm-privileges.rb
+- views/authenticate.slim
+- views/dashboard.erb
+- views/logout.slim
+homepage: https://github.com/puppetpies/threatmonitor
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements:
+- libpcap
+rubyforge_project:
+rubygems_version: 2.2.2
+signing_key:
+specification_version: 4
+summary: Packet Data Analysis
+test_files: []