From 3a4c813b5778eb000a862ee1355651525febe169 Mon Sep 17 00:00:00 2001 From: Shayne Caswell Date: Tue, 30 Jul 2013 12:53:57 -0400 Subject: [PATCH 1/7] Add -a option to CLI which will list all available modules in the module dir. Works in conjunction with -M option. --- chopshop | 13 ++++--- shop/ChopLib.py | 91 +++++++++++++++++++++++++++++++++++++------------ 2 files changed, 77 insertions(+), 27 deletions(-) mode change 100644 => 100755 shop/ChopLib.py diff --git a/chopshop b/chopshop index 4df0f72..e86c3af 100755 --- a/chopshop +++ b/chopshop @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/python # Copyright (c) 2013 The MITRE Corporation. All rights reserved. # @@ -56,7 +56,7 @@ import Queue import time #Chopshop Working Directory -- defaults to where script exists -CHOPSHOP_WD = os.path.realpath(os.path.dirname(sys.argv[0])) +CHOPSHOP_WD = os.path.realpath("/usr/local/libexec/chopshop") sys.path.append(CHOPSHOP_WD + '/shop') @@ -114,6 +114,8 @@ def main(): type="string", help="interface to listen on") optparser.add_option("-m", "--module_info", action="store_true", dest="modinfo", default=False,help="print information about module(s) and exit") + optparser.add_option("-a", "--all_module_list", action="store_true", dest="modlist", + default=False,help="print names of available module(s) and exit") optparser.add_option("-G", "--GMT", action="store_true", dest="GMT", default=False, help="timestamps in GMT (tsprnt and tsprettyprnt only)") optparser.add_option("-v", "--version", action="store_true", dest="version", @@ -137,11 +139,11 @@ def main(): print "ChopShop Version %s (Choplib: %s)" % (VERSION, choplib.version()) sys.exit() - if len(args) <= 0: + if len(args) <= 0 and not options.modlist: print "Module List Required" sys.exit(0) - if not options.modinfo: + if not options.modinfo and not options.modlist: if not options.interface: if not options.filename: #Nothing is set for input, attempt to read a list of files from stdin @@ -173,12 +175,13 @@ def main(): choplib.aslist = options.aslist choplib.longrun = options.longrun choplib.modinfo = options.modinfo + choplib.modlist = options.modlist choplib.GMT = options.GMT if len(args) > 1: choplib.bpf = args[0] choplib.modules = args[1] - else: + elif len(args) == 1: choplib.modules = args[0] if options.gui: diff --git a/shop/ChopLib.py b/shop/ChopLib.py old mode 100644 new mode 100755 index 962172c..2357510 --- a/shop/ChopLib.py +++ b/shop/ChopLib.py @@ -77,6 +77,7 @@ def __init__(self): 'longrun': False, 'interface': '', 'modinfo': False, + 'modlist': False, 'GMT': False, 'savefiles': False, #Should ChopShop handle the saving of files? 'text': False, @@ -183,6 +184,15 @@ def modinfo(self): def modinfo(self, v): self.options['modinfo'] = v + @property + def modlist(self): + """print information about available module(s) and exit.""" + return self.options['modlist'] + + @modlist.setter + def modlist(self, v): + self.options['modlist'] = v + @property def GMT(self): """timestamps in GMT (tsprnt and tsprettyprnt only).""" @@ -301,7 +311,7 @@ def send_finished_msg(self, data = {}, stop_seq = False): def run(self): surgeon = None - if not self.options['modinfo']: #No point in doing surgery if it's modinfo + if not self.options['modinfo'] and not self.options['modlist']: #No point in doing surgery if it's modinfo or modlist # Figure out where we're reading packets from if not self.options['interface']: if not self.options['filename']: @@ -371,6 +381,23 @@ def run(self): self.nidsp.join() return + if self.options['modlist']: + self.kill_lock.acquire(); + try: + self.tonids.put(['mod_list']) + resp = self.fromnids.get() #really just to make sure the functions finish + except Exception, e: + raise ChopLibException(e) + finally: + self.kill_lock.release() + + #Process 2 will quit after doing its job + + #Inform caller that the process is done + self.send_finished_msg() + #Surgeon should not be invoked so only need + #to cleanup nidsp + self.nidsp.join() else: self.kill_lock.acquire() try: @@ -519,27 +546,28 @@ def __nids_core_runner_(self, inq, outq, dataq, autostart = True): #Setup the modules args = options['modules'] mods = args.split(';') - try: - for mod in mods: - mod = mod.strip() - sindex = mod.find(' ') - if sindex != -1: - modl = [] - modl.append(self.__loadModules_(mod[0:sindex],mod_dir)) - modl.append(mod[sindex + 1:]) - modl.append(mod[0:sindex]) - module_list.append(modl) - else: - modl = [] - modl.append(self.__loadModules_(mod,mod_dir)) - modl.append("") - modl.append(mod) - module_list.append(modl) - except Exception, e: - outq.put(e) - sys.exit(-1) + if not args == '': + try: + for mod in mods: + mod = mod.strip() + sindex = mod.find(' ') + if sindex != -1: + modl = [] + modl.append(self.__loadModules_(mod[0:sindex],mod_dir)) + modl.append(mod[sindex + 1:]) + modl.append(mod[0:sindex]) + module_list.append(modl) + else: + modl = [] + modl.append(self.__loadModules_(mod,mod_dir)) + modl.append("") + modl.append(mod) + module_list.append(modl) + except Exception, e: + outq.put(e) + sys.exit(-1) - if len(module_list) == 0: + if len(module_list) == 0 and not options['modlist']: outq.put('Zero Length Module List') sys.exit(-1) @@ -584,7 +612,26 @@ def __nids_core_runner_(self, inq, outq, dataq, autostart = True): outq.put('fini') sys.exit(0) - + elif data[0] == 'mod_list': + all_mods = [] + for dirname, dirnames, filenames in os.walk(mod_dir): + for filename in filenames: + try: + nxt_mod_name = os.path.splitext(filename)[0] + mod_found = self.__loadModules_(nxt_mod_name, dirname) + if not nxt_mod_name in all_mods: + all_mods.append(nxt_mod_name); + except Exception, e: +# raise e + pass + if not all_mods: + chop.prnt("No modules found in directory") + else: + chop.prnt("Modules found in directory:") + chop.prnt(", ".join(all_mods)) + + outq.put('fini') + sys.exit(0) elif data[0] == 'cont': break elif data[0] == 'stop': #Some error must have occurred From 92fff789b6556cee6ff38c511a6ac0becb61a2a5 Mon Sep 17 00:00:00 2001 From: Shayne Caswell Date: Tue, 30 Jul 2013 12:55:46 -0400 Subject: [PATCH 2/7] Update chopshop docs to detail the -a option. --- docs/chopshop_docs/chopshop_usage.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/chopshop_docs/chopshop_usage.md b/docs/chopshop_docs/chopshop_usage.md index cd4d112..dafad8f 100644 --- a/docs/chopshop_docs/chopshop_usage.md +++ b/docs/chopshop_docs/chopshop_usage.md @@ -28,6 +28,8 @@ options: -i INTERFACE, --interface=INTERFACE interface to listen on -m, --module_info print information about module(s) and exit + -m, --all_module_list + print list of modules available and exit. Works with -M option. -G, --GMT timestamps in GMT (tsprnt and tsprettyprnt only) -v, --version print version and exit -g, --gui Enable ChopShop Gui From 9e52aec78f079e9281611345a16c20acdad477e9 Mon Sep 17 00:00:00 2001 From: Shayne Caswell Date: Tue, 30 Jul 2013 13:03:50 -0400 Subject: [PATCH 3/7] Reset chopshop WD and python loc. --- chopshop | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chopshop b/chopshop index e86c3af..1c8377b 100755 --- a/chopshop +++ b/chopshop @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python # Copyright (c) 2013 The MITRE Corporation. All rights reserved. # @@ -56,7 +56,7 @@ import Queue import time #Chopshop Working Directory -- defaults to where script exists -CHOPSHOP_WD = os.path.realpath("/usr/local/libexec/chopshop") +CHOPSHOP_WD = os.path.realpath(os.path.dirname(sys.argv[0])) sys.path.append(CHOPSHOP_WD + '/shop') From 4b19a5441b89a2b65617a52c8c78f73fa543b7a3 Mon Sep 17 00:00:00 2001 From: Shayne Caswell Date: Tue, 30 Jul 2013 19:08:28 -0400 Subject: [PATCH 4/7] Fix documentation. --- docs/chopshop_docs/chopshop_usage.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/chopshop_docs/chopshop_usage.md b/docs/chopshop_docs/chopshop_usage.md index dafad8f..c1fb667 100644 --- a/docs/chopshop_docs/chopshop_usage.md +++ b/docs/chopshop_docs/chopshop_usage.md @@ -28,8 +28,8 @@ options: -i INTERFACE, --interface=INTERFACE interface to listen on -m, --module_info print information about module(s) and exit - -m, --all_module_list - print list of modules available and exit. Works with -M option. + -a, --all_module_list + print list of modules available and exit. -G, --GMT timestamps in GMT (tsprnt and tsprettyprnt only) -v, --version print version and exit -g, --gui Enable ChopShop Gui From 282e22cac527a4d74dd03bd964918ae13a3f54cd Mon Sep 17 00:00:00 2001 From: Shayne Caswell Date: Tue, 30 Jul 2013 20:13:51 -0400 Subject: [PATCH 5/7] Revise module list function not to look in subdirectories of modules dir, since modules are not loaded from subdirs. --- shop/ChopLib.py | 1 + 1 file changed, 1 insertion(+) diff --git a/shop/ChopLib.py b/shop/ChopLib.py index 2357510..16f2b75 100755 --- a/shop/ChopLib.py +++ b/shop/ChopLib.py @@ -624,6 +624,7 @@ def __nids_core_runner_(self, inq, outq, dataq, autostart = True): except Exception, e: # raise e pass + break # only search mod_dir - no any subdirs - as modules are not available recursively if not all_mods: chop.prnt("No modules found in directory") else: From 8a86d7fb39d1bfa4efb68d93263df3c9c80546e2 Mon Sep 17 00:00:00 2001 From: Shayne Caswell Date: Mon, 5 Aug 2013 07:43:26 -0400 Subject: [PATCH 6/7] Print out directory being searched for modules when -a flag is passed. --- shop/ChopLib.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/shop/ChopLib.py b/shop/ChopLib.py index 16f2b75..c1310c9 100755 --- a/shop/ChopLib.py +++ b/shop/ChopLib.py @@ -626,9 +626,9 @@ def __nids_core_runner_(self, inq, outq, dataq, autostart = True): pass break # only search mod_dir - no any subdirs - as modules are not available recursively if not all_mods: - chop.prnt("No modules found in directory") + chop.prnt("No modules found in '%s'" % mod_dir) else: - chop.prnt("Modules found in directory:") + chop.prnt("Modules found in '%s'" % mod_dir) chop.prnt(", ".join(all_mods)) outq.put('fini') From 5878aa85659025b6cd75601621fe5ce7b33b22f4 Mon Sep 17 00:00:00 2001 From: Shayne Caswell Date: Mon, 5 Aug 2013 07:51:09 -0400 Subject: [PATCH 7/7] Print out module directory before walking it. --- shop/ChopLib.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/shop/ChopLib.py b/shop/ChopLib.py index c1310c9..f4aed10 100755 --- a/shop/ChopLib.py +++ b/shop/ChopLib.py @@ -614,6 +614,7 @@ def __nids_core_runner_(self, inq, outq, dataq, autostart = True): sys.exit(0) elif data[0] == 'mod_list': all_mods = [] + chop.prnt("Searching for modules in '%s'" % mod_dir) for dirname, dirnames, filenames in os.walk(mod_dir): for filename in filenames: try: @@ -626,9 +627,9 @@ def __nids_core_runner_(self, inq, outq, dataq, autostart = True): pass break # only search mod_dir - no any subdirs - as modules are not available recursively if not all_mods: - chop.prnt("No modules found in '%s'" % mod_dir) + chop.prnt("No modules found") else: - chop.prnt("Modules found in '%s'" % mod_dir) + chop.prnt("Modules found: ") chop.prnt(", ".join(all_mods)) outq.put('fini')