xanthus 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: e366be3c9180e9788c19dfaa31e52222cd0782ce8cce0d99c3d05d6a509e8454
+  data.tar.gz: d44b89c4285251a10c172bea19064607f63f9b79e84ed1c8ee814f4296ec43eb
+SHA512:
+  metadata.gz: a16dd967a99ec4d5f20f949d42a803de47ca4e60265b7474e77bdef3bcfacced87da0d86d5b62371ff42b44b2f7c84a888e77bc08c738938098c002f61085561
+  data.tar.gz: 385c29998fe84c0a5d3c3c1c0c401587ce9c940f6b7e84527d161632c934a20b3d7815e0eb1d0ce6c4d71f2240e1cb9b24d00cf6561bda4b3deb87361cbf920f

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2019 Thomas Pasquier
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,222 @@
+# Xanthus: Automated Reproducible Data Generation for Evaluating Intrusion Detection Systems
+
+Fairly evaluating and comparing the efficacy of different intrusion detection systems (IDS) requires that experimental data
+be generated in a similar mechanism and/or shared across these systems.
+The reality, unfortunately, is that there exist few public repositories (e.g., DARPA 1998/1999/2000, KDD Cup99, DARPA TC Engagement 3)
+containing experimental data captured solely for the purpose of security analysis.
+Among those public data repositories, most are outdated because a tremendous amount of manual labor is almost always
+necessary to capture the data (e.g., DARPA TC program involves a number of teams from
+across the academia and the industry and it spans over many a year).
+Consequently, some newly-developed systems, in order to be able to compare against older systems,
+are evaluated using the data that is a decade or two older than the systems themselves
+(and usually and unsurprisingly exhibit good results).
+Given that there is a perpetual arms race between the defenders and the offenders in the realm of cyber security
+and that new cyber-threats are manufactured every day,
+a successful defence against a decade-old exploit is hardly an achievement.
+
+Many existing systems, acknowledging this fact and ready to showcase their detection capability,
+design their own experiments and produce their own dataset as a result.
+Although the experiments are sometimes carefully described in their associated publications (e.g., in academic projects),
+such dataset suffers from the following drawbacks:
+
+- In the cases where the dataset is made public, later systems can but consume only a subset of the dataset for analysis.
+Therefore, if they require e.g., additional features from the dataset in the analysis, they must rerun the experiments
+to capture the data themselves again, instead of simply re-using the available dataset.
+Moreover, some systems publish only pre-processed dataset, which usually eliminates information from the original,
+raw dataset that is not relevant to their analysis, even though such information may be relevant for other systems.
+
+- When raw dataset is made public, it provides later systems with richer information content.
+However, the underlying systems that capture the raw dataset (e.g., audit systems) are also constantly evolving,
+generating finer-grained, more accurate information or
+offering a completely different perspective through which one understands system behavior (e.g., provenance systems).
+Security systems that take advantage of such advancement in the underlying systems
+may very well find even the raw data provided by previous systems insufficient.
+
+- If later systems must resort to reproducing dataset themselves as a result of the reasons listed above,
+they need to rely on descriptions provided by previous systems to ensure high-fidelity experiment replay.
+Even if we assume that previous systems provide sufficiently detailed descriptions to understand the experiment
+(which certainly is not always the case),
+there still exist a number of challenges.
+
+    - The experiment must be conducted using the exact software involved with matching versions.
+    In many cases, security experts have since identified and patched vulnerabilities in the exploitable software
+    used in security-related experiments, and thus the software itself usually has been updated to a newer version.
+    Downgrading the target software and its dependencies is therefore necessary to reproduce the experiment. This
+    sometimes cannot be automatically configured through existing package management systems and requires significant
+    manual configuration.
+
+    - Some vulnerability may affect only a particular version of the operating system. This requirement no doubt
+    further complicates the experimental setup and demands additional engineering effort.
+
+    - Other controllable factors may be omitted in the description that may or may not affect the final results of the
+    experiment. For example, background activities may have been included in the dataset but was not discussed in detail.
+
+Before we go into any detail about using **Xanthus** for automated, reproducible data generation for security analysis,
+we describe a pipeline in which we create dataset for a *specific* attack in a push-button fashion. **Xanthus** is
+a higher-level abstracted framework that generates such a pipeline for *any* attack that existing or future IDS intend to
+evaluate.
+
+## Primer to Xanthus: A Specific Pipeline
+
+We introduce a specific pipeline that automates data capture for a particular attack.
+In this pipeline, we deploy virtual machines (VM), set up a virtual environment that recreates the attack scenario,
+and run the attack, while capturing data from a whole-system provenance capture system.
+Code is publicly available online at [GitHub](https://github.com/crimson-unicorn/demo/tree/master/wget).
+Please refer to the code while finishing off the rest of this section.
+
+### Prerequisites
+
+We assume that you understand the following terms and concepts.
+If not, click on the item that you do not understand to read more about it:
+
+* [Virtual machines](https://en.wikipedia.org/wiki/Virtual_machine)
+* [Makefile](https://en.wikipedia.org/wiki/Makefile)
+* [VirtualBox](https://www.virtualbox.org/manual/ch01.html)
+* [Vagrant](https://www.vagrantup.com/intro/index.html), [Vagrantfile](https://www.vagrantup.com/docs/vagrantfile/)
+and [provisioning](https://www.vagrantup.com/docs/provisioning/index.html)
+* [CamFlow](http://camflow.org)
+
+You may want to understand the following terms and concepts if you want to fully understand the attack
+that we will describe in the next section:
+
+* [Trojan software](https://en.wikipedia.org/wiki/Advanced_persistent_threat)
+and [reverse shell](https://resources.infosecinstitute.com/icmp-reverse-shell/#gref)
+
+### A Brief Attack Description
+
+You could better understand the pipeline with the knowledge of the attack that we would like to reproduce automatically.
+The attacker aims to invade a victim machine through a vulnerable (or exploitable) `wget`.
+The attacker sets up a malicious (or compromised) `HTTP` server that redirects any requests to a malicious `FTP` server
+that contains a `Debian` package with a Trojan backdoor.
+The package appears to be the same as its legitimate version and may even work the same way,
+but the moment the package is installed on the victim machine, it will initiate a reverse TCP connection to the attacker
+who is listening for connections and create a reverse shell that allows the attacker to infiltrate into the victim machine.
+
+When the victim machine attempts to download the benign package from the `HTTP` server using `wget`,
+`wget` allows arbitrary remote file upload to the host system.
+Meaning that, instead of fetching the intended benign package, it allows redirection of the `HTTP` server and downloads
+the malicious one.
+The user is unaware of such behavior and install the package through the package manager `dpkg`.
+The installed Trojan software establishes a connection to the attacker and the attack succeeds.
+
+### Software Involved
+
+* `wget` v1.17 or older
+* Any `Debian` package with a Trojan backdoor. The `Debian` package must be installable (both benign and malicious version).
+* Functioning `HTTP` and `FTP` server
+* `dpkg` package manager
+* `CamFlow` whole-system provenance capture system
+
+### Execution Platform
+
+As expected, `Debian` package can only run on any `Debian`-based operating systems. This particular pipeline is run on
+`Ubuntu 18.04` (both the client and the server).
+
+### The Pipeline
+
+#### Installation
+
+To run this pipeline, you need to install at least the following items:
+
+* `Vagrant`
+* Oracle `VirtualBox`
+
+#### Usage
+
+If you `git clone` the entire repository from [GitHub](https://github.com/crimson-unicorn/demo/), `cd` into `wget` directory.
+We assume this directory would be your working directory.
+
+We write a `Makefile` to run our attack scenario for many times. If you want to run it once only,
+modify this line: `[ $${cnt} -lt 25 ]` to `[ $${cnt} -lt 1 ]` in the `Makefile`.
+(In `Xanthus`, we would be able to configure this easily without actually modifying the code.)
+
+If you are running on `Mac`:
+```
+make test_mac
+```
+On `Linux`, you would run:
+```
+make test_linux
+```
+We do *not* support `Windows` operating system for now.
+You would locate the output data file in `data/` directory.
+
+#### Behind the Scenes
+
+This pipeline seems to be very user-friendly. So, one might ask, why do we bother to design and implement `Xanthus`?
+The truth is, we have done a lot of heavy-lifting for you behind the scenes. Let's take a closer look.
+
+The `Makefile` you run starts the `vagrant` process, which would boot up two virtual machines, one `server` and one
+`client` (now, take a look into `Vagrantfile`).
+
+The `server` machine is provisioned by `provision/server.sh` script.
+It configures an `FTP` and an `HTTP` server and puts the malicious `Debian` package in the `FTP` server.
+Of course, the user must provide the pipeline with the package.
+We build the package ourselves in [Kali Linux](https://en.wikipedia.org/wiki/Makefile)
+with [TheFatRat](https://github.com/Screetsec/TheFatRat). You are free to use any tools at your disposal.
+We also put the benign one in the `HTTP` server to trick the user to download it.
+
+The `client` machine involves more operations.
+First, unlike the `server` machine that simply uses a `Ubuntu 18.04` base operating system
+(as seen in `server.vm.box = "bento/ubuntu-18.04"`),
+the `client` machine uses our customized `VirtualBox` box called `michaelh/ubuncam`.
+This box is built with the following specifications:
+
+* It is built upon the original `Ubuntu 18.04` base box from `Vagrant`.
+* It is installed with `CamFlow` as its provenance-capture system.
+* It downgrades `wget` to its desired version (`v1.17`) that contains the vulnerability.
+* It can install `Debian` packages in the experiment.
+
+Note that it is always desirable to package such a box and upload it to the `VagrantCloud` so that we can
+configure once and reuse many times.
+One can always use a base box and configure the above specifications on-the-fly,
+but it is not guaranteed that the configuration would work in the distant future.
+For example, the link to download an older version of `wget` may expire without notice.
+`Xanthus` allows users to either provide a customized virtual box or configure a base box through provisioning.
+If an online configuration is provided, `Xanthus` would automatically generate a customized box for the user
+to prevent future re-configuration or possible failure in future configuration.
+
+The `client` machine runs the script in `provision/attack`.
+The user must provide such a script.
+In our case, we automatically generate attack scripts using `wget-attack-script-gen.py`.
+`Xanthus` allows users to provide logic to generate scripts or simply provide scripts to run during the experiment.
+
+## Xanthus
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/xanthus`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+### Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'xanthus'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install xanthus
+
+### Usage
+
+TODO: Write usage instructions here
+
+### Development
+
+After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+### Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/xanthus.
+
+### License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/bin/xanthus

@@ -0,0 +1,25 @@
+#!/usr/bin/env ruby
+
+require "xanthus"
+
+instruction = ARGV[0]
+param1 = ARGV[1]
+
+if (instruction == 'version')
+  Xanthus.version
+elsif (instruction == 'init')
+  Xanthus::Init.init param1
+elsif (instruction == 'run')
+  load('./.xanthus')
+elsif (instruction == 'help')
+  puts 'xanthus version | return version number.'
+  puts 'xanthus depencies | installation instruction for system dependencies.'
+  puts 'xanthus init <project name> | inialise a new project.'
+  puts 'xanthus run | run .xanthus file contained in the current folder.'
+elsif (instruction == 'dependencies')
+  puts 'You need to install the following software on your system for xanthus to run:'
+  puts 'git (see https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)'
+  puts 'git lfs (see https://help.github.com/en/articles/installing-git-large-file-storage)'
+  puts 'virtualbox (see https://www.virtualbox.org/wiki/Downloads)'
+  puts 'vagrant (see https://www.vagrantup.com/docs/installation/)'
+end

data/lib/xanthus.rb

@@ -0,0 +1,12 @@
+require "xanthus/version"
+require "xanthus/init"
+require "xanthus/virtual_machine"
+require "xanthus/job"
+require "xanthus/default"
+require "xanthus/github"
+require "xanthus/configuration"
+
+module Xanthus
+  class Error < StandardError; end
+  # Your code goes here...
+end

data/lib/xanthus/configuration.rb

@@ -0,0 +1,73 @@
+module Xanthus
+  class Configuration
+    attr_accessor :name
+    attr_accessor :authors
+    attr_accessor :description
+    attr_accessor :seed
+    attr_accessor :params
+    attr_accessor :vms
+    attr_accessor :scripts
+    attr_accessor :jobs
+    attr_accessor :github_conf
+
+    def initialize
+      @params = Hash.new
+      @vms = Hash.new
+      @scripts = Hash.new
+      @jobs = Hash.new
+    end
+
+    def vm name
+      vm = VirtualMachine.new
+      yield(vm)
+      vm.name = name
+      @vms[name] = vm
+    end
+
+    def script name
+      @scripts[name] = yield
+    end
+
+    def job name
+      v = Job.new
+      yield(v)
+      v.name = name
+      @jobs[name] = v
+    end
+
+    def github
+      github = GitHub.new
+      yield(github)
+      @github_conf = github
+    end
+
+    def to_readme_md
+      %Q{
+# #{@name}
+
+Authors: #{@authors}
+
+Seed: #{@seed}
+
+## Description
+
+#{@description}
+      }
+    end
+  end
+
+  def self.configure
+    config = Configuration.new
+    yield(config)
+    puts "Running experiment #{config.name} with seed #{config.seed}."
+    srand config.seed
+    config.github_conf.init(config) unless config.github_conf.nil?
+    config.jobs.each do |name,job|
+      for i in 0..(job.iterations-1) do
+        job.execute config, i
+      end
+    end
+    config.github_conf.tag  unless config.github_conf.nil?
+    config.github_conf.clean  unless config.github_conf.nil?
+  end
+end

data/lib/xanthus/default.rb

@@ -0,0 +1,21 @@
+module Xanthus
+CAMFLOW_START = %q{%{
+camflow -a true
+sleep 1
+}}
+
+CAMFLOW_STOP = %q{%{
+camflow -a false
+sleep 20
+}}
+
+SPADE_START = %q{%{
+echo spade | sudo -H -u spade ../SPADE/bin/spade start
+sleep 1
+}}
+
+SPADE_STOP = %q{%{
+echo spade | sudo -H -u spade ../SPADE/bin/spade stop
+sleep 20
+}}
+end

data/lib/xanthus/github.rb

@@ -0,0 +1,84 @@
+require 'fileutils'
+
+module Xanthus
+  class GitHub
+    attr_accessor :repo
+    attr_accessor :token
+    attr_accessor :folder
+
+    def initialize
+      @repo = ''
+      @token = ''
+      @folder = Time.now.strftime("%Y-%m-%d_%H-%M")
+    end
+
+    def lfs
+      system('git', 'lfs', 'install')
+      system('git', 'lfs', 'track', '*.tar.gz')
+      system('git', 'add', '.gitattributes')
+      system('git', 'push', "https://#{@token}@github.com/#{@repo}", 'master')
+    end
+
+    def xanthus_file
+      script = ''
+      File.readlines('../../.xanthus').each do |line|
+        script += line unless line.include? 'github.token'
+        script += "\t\tgithub.token = 'REMOVED'\n" unless !line.include? 'github.token'
+      end
+      File.open('.xanthus', 'w+') do |f|
+        f.write(script)
+      end
+      system('git', 'add', '.xanthus')
+      system('git', 'commit', '-m', "[Xanthus] :horse: pushed #{@folder}/.xanthus :horse:")
+      system('git', 'push', "https://#{@token}@github.com/#{@repo}", 'master')
+    end
+
+    def readme_file config
+      File.open('README.md', 'w+') do |f|
+        f.write(config.to_readme_md)
+      end
+      system('git', 'add', 'README.md')
+      system('git', 'commit', '-m', "[Xanthus] :horse: pushed #{@folder}/README.md :horse:")
+      system('git', 'push', "https://#{@token}@github.com/#{@repo}", 'master')
+    end
+
+    def init config
+      system('git', 'clone', "https://#{@token}@github.com/#{@repo}", 'repo')
+      Dir.chdir 'repo' do
+        self.lfs
+        FileUtils.mkdir_p @folder
+        Dir.chdir @folder do
+          self.xanthus_file
+          self.readme_file config
+        end
+      end
+    end
+
+    def add content
+      Dir.chdir 'repo' do
+        FileUtils.mkdir_p @folder
+        system('mv', "../#{content}", "#{@folder}/#{content}")
+        system('git', 'add', "#{@folder}/#{content}")
+        system('git', 'commit', '-m', "[Xanthus] :horse: pushed #{@folder}/#{content} :horse:")
+      end
+    end
+
+    def push
+      Dir.chdir 'repo' do
+        system('git', 'push', "https://#{@token}@github.com/#{@repo}", 'master')
+        system('rm', '-rf', @folder)
+      end
+    end
+
+    def tag
+      Dir.chdir 'repo' do
+        system('git', 'tag', '-a', "xanthus-#{@folder}", '-m', '"Xanthus automated dataset generation."')
+        system('git', 'push', '--tags', "https://#{@token}@github.com/#{@repo}")
+      end
+    end
+
+    def clean
+      system('rm', '-rf', 'repo')
+    end
+  end
+end

data/lib/xanthus/init.rb

@@ -0,0 +1,147 @@
+require 'fileutils'
+
+module Xanthus
+  class Init
+    @@name
+
+    def self.header file
+      file.write("# -*- mode: ruby -*-\n")
+      file.write("# vi: set ft=ruby\n\n")
+    end
+
+    def self.config file
+      script = %Q{
+# -*- mode: ruby -*-
+# vi: set ft=ruby
+
+Xanthus.configure do |config|
+  config.name = '#{@@name}'
+  config.authors = 'John Doe'
+  config.description = %q{
+Describe my super experiment.
+
+It is very cool and interesting!
+}
+  config.seed = #{Random.new_seed}
+
+  config.script :pre do
+    %q{%{
+      mkdir wgets
+      cd wgets
+    }}
+  end
+
+  config.script :camflow_start do
+    Xanthus::CAMFLOW_START
+  end
+
+  config.script :spade_start do
+    Xanthus::SPADE_START
+  end
+
+  config.script :normal do
+    %q{
+    2.times.collect do
+      'wget http://www.google.com'
+    end
+    }
+  end
+
+  config.script :attack do
+    %q{
+    2.times.collect do
+      'wget http://www.google.com'
+    end
+    }
+  end
+
+  config.script :camflow_stop do
+    Xanthus::CAMFLOW_STOP
+  end
+
+  config.script :spade_stop do
+    Xanthus::SPADE_STOP
+  end
+
+  config.script :post do
+    %q{%{
+      cd ..
+      rm -rf wgets
+    }}
+  end
+
+  config.script :server do
+    %q{%{
+      mkdir test
+    }}
+  end
+
+  config.vm :camflow do |vm|
+    vm.box = 'michaelh/ubuncam'
+    vm.version = '0.0.3'
+    vm.ip = '192.168.33.8'
+  end
+
+  config.vm :spade do |vm|
+    vm.box = 'michaelh/spade'
+    vm.memory = 8192
+    vm.version = '0.0.3'
+    vm.ip = '192.168.33.8'
+  end
+
+  config.vm :server do |vm|
+    vm.box = 'bento/ubuntu-18.04'
+    vm.version = '201812.27.0'
+    vm.ip = '192.168.33.3'
+  end
+
+  config.job :normal_camflow do |job|
+    job.iterations = 2
+    job.tasks = {camflow: [:pre, :camflow_start, :normal, :camflow_stop, :post]}
+    job.outputs = {camflow: {config: '/etc/camflow.ini', trace: '/tmp/audit.log'}}
+  end
+
+  config.job :attack_camflow do |job|
+    job.iterations = 2
+    job.tasks = {server: [:server], camflow: [:pre, :camflow_start, :attack, :camflow_stop, :post]}
+    job.outputs = {camflow: {config: '/etc/camflow.ini', trace: '/tmp/audit.log'}}
+  end
+
+  config.job :normal_spade do |job|
+    job.iterations = 2
+    job.tasks = {spade: [:pre, :spade_start, :normal, :spade_stop, :post]}
+    job.outputs = {spade: {trace: '/tmp/audit_cmd.avro'}}
+  end
+
+  config.job :attack_spade do |job|
+    job.iterations = 2
+    job.tasks = {server: [:server], spade: [:pre, :spade_start, :attack, :spade_stop, :post]}
+    job.outputs = {spade: {trace: '/tmp/audit_cmd.avro'}}
+  end
+
+  config.github do |github|
+    github.repo = '<ADD GITHUB REPO user/name>'
+    github.token = '<ADD GITHUB TOKEN>'
+  end
+end
+}
+      file.write(script)
+    end
+
+    def self.init name
+      @@name = name
+      abort("Error: #{@@name} already exists.") unless !File.exists? name
+      FileUtils.mkdir_p @@name
+      Dir.chdir @@name do
+        puts "Creating experiment #{@@name}..."
+        File.open('.xanthus', 'w+') do |f|
+          self.header f
+          self.config f
+        end
+      end
+      puts 'Experiment created.'
+      puts "Edit #{@@name}/.xanthus to configure your experiment."
+      puts 'To run your experiment "xanthus run".'
+    end
+  end
+end

data/lib/xanthus/job.rb

@@ -0,0 +1,103 @@
+require 'fileutils'
+
+module Xanthus
+  class Job
+    attr_accessor :name
+    attr_accessor :iterations
+    attr_accessor :tasks
+    attr_accessor :outputs
+
+    def initialize
+      @iterations = 0
+      @tasks = Hash.new
+      @outputs = Hash.new
+    end
+
+    def output_script outputs
+      script = ''
+      outputs.each do |name, path|
+        script += "cp -f #{path} /vagrant/output/#{name}.data\n"
+      end
+      return script
+    end
+
+    def setup_env machine, scripts, config
+      puts 'Setting up task on machine '+machine.to_s+'...'
+      script = ''
+      scripts.each do |t|
+        v = eval(config.scripts[t])
+        if v.kind_of?(Array)
+          v.each do |w|
+            script+=w+"\n"
+          end
+        else
+          script+=v
+        end
+      end
+      script += self.output_script(@outputs[machine]) unless  @outputs[machine].nil?
+
+      script_to_clean = script
+      script = ''
+      script_to_clean.each_line do |s|
+        script += s.strip + "\n" unless s=="\n"
+      end
+      script = script.gsub "\n\n", "\n"
+
+      FileUtils.mkdir_p machine.to_s
+      Dir.chdir machine.to_s do
+        FileUtils.mkdir_p 'output'
+        puts 'Creating provision files...'
+        File.open('Vagrantfile', 'w+') do |f|
+          f.write(config.vms[machine].to_vagrant)
+        end
+        File.open('provision.sh', 'w+') do |f|
+          f.write(script)
+        end
+      end
+    end
+
+    def run machine
+      Dir.chdir machine.to_s do
+        system('vagrant', 'up')
+      end
+    end
+
+    def halt machine
+      Dir.chdir machine.to_s do
+        system('vagrant', 'halt')
+      end
+    end
+
+    def destroy machine
+      Dir.chdir machine.to_s do
+        system('vagrant', 'destroy', '-f')
+        system('rm', '-rf', '.vagrant')
+      end
+    end
+
+    def execute config, iteration
+      puts "Running job #{name.to_s}-#{iteration.to_s}..."
+      FileUtils.mkdir_p 'tmp'
+      Dir.chdir 'tmp' do
+        @tasks.each do |machine, templates|
+          self.setup_env machine, templates, config
+        end
+        @tasks.each do |machine, templates|
+          self.run machine
+        end
+        @tasks.each do |machine, templates|
+          self.halt machine
+        end
+        @tasks.each do |machine, templates|
+          self.destroy machine
+        end
+      end
+      system('mv', 'tmp', "#{name.to_s}-#{iteration.to_s}")
+      system('tar', '-czvf', "#{name.to_s}-#{iteration.to_s}.tar.gz", "#{name.to_s}-#{iteration.to_s}")
+      system('rm', '-rf', "#{name.to_s}-#{iteration.to_s}")
+      config.github_conf.add("#{name.to_s}-#{iteration.to_s}.tar.gz") unless config.github_conf.nil?
+      config.github_conf.push unless config.github_conf.nil?
+      puts "Job #{name.to_s}-#{iteration.to_s} done."
+    end
+  end
+end

data/lib/xanthus/version.rb

@@ -0,0 +1,7 @@
+module Xanthus
+  VERSION = "0.1.0"
+
+  def self.version
+    puts VERSION
+  end
+end

data/lib/xanthus/virtual_machine.rb

@@ -0,0 +1,42 @@
+module Xanthus
+  class VirtualMachine
+    attr_accessor :name
+    attr_accessor :box
+    attr_accessor :version
+    attr_accessor :cpus
+    attr_accessor :cpu_cap
+    attr_accessor :memory
+    attr_accessor :ip
+    attr_accessor :gui
+
+    def initialize
+      @name = :default
+      @box = 'jhcook/fedora27'
+      @version = '4.13.12.300'
+      @ip = '192.168.33.8'
+      @memory = 4096
+      @cpus = 2
+      @cpu_cap = 70
+      @gui = false
+    end
+
+    def to_vagrant
+%Q{
+Vagrant.configure(2) do |config|
+  config.vm.box = "#{@box}"
+  config.vm.box_version = "#{@version}"
+  config.vm.network "private_network", ip: "#{@ip}"
+
+  config.vm.provider "virtualbox" do |vb|
+   vb.gui = #{@gui}
+   vb.memory = #{@memory}
+   vb.customize ["modifyvm", :id, "--cpuexecutioncap", "#{@cpu_cap}"]
+   vb.cpus = #{@cpus}
+   vb.name = "#{@name}"
+  end
+  config.vm.provision "shell", path: "provision.sh"
+end
+}
+    end
+  end
+end

metadata

@@ -0,0 +1,85 @@
+--- !ruby/object:Gem::Specification
+name: xanthus
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Thomas Pasquier
+- Xueyuan "Michael" Han
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-03-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: Automated intrusion detection dataset generation framework.
+email:
+- thomas.pasquier@bristol.ac.uk
+executables:
+- xanthus
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- bin/xanthus
+- lib/xanthus.rb
+- lib/xanthus/configuration.rb
+- lib/xanthus/default.rb
+- lib/xanthus/github.rb
+- lib/xanthus/init.rb
+- lib/xanthus/job.rb
+- lib/xanthus/version.rb
+- lib/xanthus/virtual_machine.rb
+homepage: http://camflow.org
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: Automated intrusion detection dataset generation framework.
+test_files: []