mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 00:24:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

support rules with type=regexp (closes #127)

Browse source
This commit is contained in:
evilsocket 2018-04-07 13:52:25 +02:00
parent cbc7724dde
commit a33c463ffb
Failed to generate hash of commit
9 changed files with 297 additions and 149 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
daemon/main.go
View file

@ -148,7 +148,7 @@ func onPacket(packet netfilter.NFPacket) {
}
if ok {
log.Important("%s new rule: %s if %s is %s", pers, action, log.Bold(string(r.Rule.What)), log.Yellow(string(r.Rule.With)))
log.Important("%s new rule: %s if %s", pers, action, r.Operator)
}
}
} else {
@ -160,7 +160,7 @@ func onPacket(packet netfilter.NFPacket) {
packet.SetVerdict(netfilter.NF_ACCEPT)
ruleName := log.Green(r.Name)
if r.Rule.What == rule.OpTrue {
if r.Operator.Operand == rule.OpTrue {
ruleName = log.Dim(r.Name)
}

11
daemon/rule/loader.go
View file

@ -62,6 +62,9 @@ func (l *Loader) Load(path string) error {
return fmt.Errorf("Error while parsing rule from %s: %s", fileName, err)
}
// make sure the rule is ready to be used
r.Operator.Compile()
log.Debug("Loaded rule from %s: %s", fileName, r.String())
l.rules[r.Name] = &r
}
@ -122,7 +125,13 @@ func (l *Loader) FindFirstMatch(con *conman.Connection) (match *Rule) {
defer l.RUnlock()
for _, rule := range l.rules {
if rule.Match(con) == true {
// if we already have a match, we don't need
// to evaluate 'allow' rules anymore, we only
// need to make sure there's no 'deny' rule
// matching this specific connection
if match != nil && rule.Action == Allow {
continue
} else if rule.Match(con) == true {
// only return if we found a deny
// rule, otherwise keep searching as we
// might have situations like:

91
daemon/rule/operator.go Normal file
View file

@ -0,0 +1,91 @@
package rule
import (
"fmt"
"regexp"
"github.com/evilsocket/opensnitch/daemon/conman"
"github.com/evilsocket/opensnitch/daemon/log"
)
type Type string
const (
Simple = Type("simple")
Regexp = Type("regexp")
Complex = Type("complex") // for future use
)
type Operand string
const (
OpTrue = Operand("true")
OpProcessPath = Operand("process.path")
OpUserId = Operand("user.id")
OpDstIP = Operand("dest.ip")
OpDstHost = Operand("dest.host")
OpDstPort = Operand("dest.port")
)
type opCallback func(value string) bool
type Operator struct {
Type Type `json:"type"`
Operand Operand `json:"operand"`
Data string `json:"data"`
cb opCallback
re *regexp.Regexp
}
func NewOperator(t Type, o Operand, data string) Operator {
op := Operator{
Type: t,
Operand: o,
Data: data,
}
op.Compile()
return op
}
func (o *Operator) Compile() {
if o.Type == Simple {
o.cb = o.simpleCmp
} else if o.Type == Regexp {
o.cb = o.reCmp
o.re = regexp.MustCompile(o.Data)
}
}
func (o *Operator) String() string {
how := "is"
if o.Type == Regexp {
how = "matches"
}
return fmt.Sprintf("%s %s %s", log.Bold(string(o.Operand)), how, log.Yellow(string(o.Data)))
}
func (o *Operator) simpleCmp(v string) bool {
return v == o.Data
}
func (o *Operator) reCmp(v string) bool {
return o.re.MatchString(v)
}
func (o *Operator) Match(con *conman.Connection) bool {
if o.Operand == OpTrue {
return true
} else if o.Operand == OpUserId {
return o.cb(fmt.Sprintf("%d", con.Entry.UserId))
} else if o.Operand == OpProcessPath {
return o.cb(con.Process.Path)
} else if o.Operand == OpDstIP {
return o.cb(con.DstIP.String())
} else if o.Operand == OpDstHost {
return o.cb(con.DstHost)
} else if o.Operand == OpDstPort {
return o.cb(fmt.Sprintf("%d", con.DstPort))
}
return false
}

57
daemon/rule/rule.go
View file

@ -8,22 +8,6 @@ import (
"github.com/evilsocket/opensnitch/daemon/ui/protocol"
)
type OperandType string
const (
OpTrue = OperandType("true")
OpProcessPath = OperandType("process.path")
OpUserId = OperandType("user.id")
OpDstIP = OperandType("dest.ip")
OpDstHost = OperandType("dest.host")
OpDstPort = OperandType("dest.port")
)
type Cmp struct {
What OperandType
With string
}
type Action string
const (
@ -39,13 +23,6 @@ const (
Always = Duration("always")
)
type Type string
const (
Simple = Type("simple")
Complex = Type("complex") // for future use
)
type Rule struct {
Created time.Time `json:"created"`
Updated time.Time `json:"updated"`
@ -53,53 +30,41 @@ type Rule struct {
Enabled bool `json:"enabled"`
Action Action `json:"action"`
Duration Duration `json:"duration"`
Type Type `json:"type"`
Rule Cmp `json:"rule"`
Operator Operator `json:"operator"`
}
func FromReply(reply *protocol.RuleReply) *Rule {
operator := NewOperator(
Type(reply.Operator.Type),
Operand(reply.Operator.Operand),
reply.Operator.Data)
return Create(
reply.Name,
Action(reply.Action),
Duration(reply.Duration),
Cmp{
What: OperandType(reply.What),
With: reply.Value,
},
operator,
)
}
func Create(name string, action Action, duration Duration, rule Cmp) *Rule {
func Create(name string, action Action, duration Duration, op Operator) *Rule {
return &Rule{
Created: time.Now(),
Enabled: true,
Name: name,
Action: action,
Duration: duration,
Type: Simple,
Rule: rule,
Operator: op,
}
}
func (r *Rule) String() string {
return fmt.Sprintf("%s: if(%s == '%s'){ %s %s }", r.Name, r.Rule.What, r.Rule.With, r.Action, r.Duration)
return fmt.Sprintf("%s: if(%s){ %s %s }", r.Name, r.Operator.String(), r.Action, r.Duration)
}
func (r *Rule) Match(con *conman.Connection) bool {
if r.Enabled == false {
return false
} else if r.Rule.What == OpTrue {
return true
} else if r.Rule.What == OpUserId {
return fmt.Sprintf("%d", con.Entry.UserId) == r.Rule.With
} else if r.Rule.What == OpProcessPath {
return con.Process.Path == r.Rule.With
} else if r.Rule.What == OpDstIP {
return con.DstIP.String() == r.Rule.With
} else if r.Rule.What == OpDstHost {
return con.DstHost == r.Rule.With
} else if r.Rule.What == OpDstPort {
return fmt.Sprintf("%d", con.DstPort) == r.Rule.With
}
return false
return r.Operator.Match(con)
}

11
daemon/ui/client.go
View file

@ -20,13 +20,10 @@ import (
"google.golang.org/grpc/connectivity"
)
var clientDisconnectedRule = rule.Create("ui.client.disconnected", rule.Allow, rule.Once, rule.Cmp{
What: rule.OpTrue,
})
var clientErrorRule = rule.Create("ui.client.error", rule.Allow, rule.Once, rule.Cmp{
What: rule.OpTrue,
})
var (
clientDisconnectedRule = rule.Create("ui.client.disconnected", rule.Allow, rule.Once, rule.NewOperator(rule.Simple, rule.OpTrue, ""))
clientErrorRule = rule.Create("ui.client.error", rule.Allow, rule.Once, rule.NewOperator(rule.Simple, rule.OpTrue, ""))
)
type Client struct {
sync.Mutex

155
daemon/ui/protocol/ui.pb.go
View file

@ -12,6 +12,7 @@ It has these top-level messages:
PingRequest
PingReply
RuleRequest
RuleOperator
RuleReply
*/
package protocol
@ -292,18 +293,49 @@ func (m *RuleRequest) GetProcessArgs() []string {
return nil
}
type RuleOperator struct {
Type string `protobuf:"bytes,1,opt,name=type" json:"type,omitempty"`
Operand string `protobuf:"bytes,2,opt,name=operand" json:"operand,omitempty"`
Data string `protobuf:"bytes,3,opt,name=data" json:"data,omitempty"`
}
func (m *RuleOperator) Reset() { *m = RuleOperator{} }
func (m *RuleOperator) String() string { return proto.CompactTextString(m) }
func (*RuleOperator) ProtoMessage() {}
func (*RuleOperator) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{4} }
func (m *RuleOperator) GetType() string {
if m != nil {
return m.Type
}
return ""
}
func (m *RuleOperator) GetOperand() string {
if m != nil {
return m.Operand
}
return ""
}
func (m *RuleOperator) GetData() string {
if m != nil {
return m.Data
}
return ""
}
type RuleReply struct {
Name string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
Action string `protobuf:"bytes,2,opt,name=action" json:"action,omitempty"`
Duration string `protobuf:"bytes,3,opt,name=duration" json:"duration,omitempty"`
What string `protobuf:"bytes,4,opt,name=what" json:"what,omitempty"`
Value string `protobuf:"bytes,5,opt,name=value" json:"value,omitempty"`
Name string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
Action string `protobuf:"bytes,2,opt,name=action" json:"action,omitempty"`
Duration string `protobuf:"bytes,3,opt,name=duration" json:"duration,omitempty"`
Operator *RuleOperator `protobuf:"bytes,4,opt,name=operator" json:"operator,omitempty"`
}
func (m *RuleReply) Reset() { *m = RuleReply{} }
func (m *RuleReply) String() string { return proto.CompactTextString(m) }
func (*RuleReply) ProtoMessage() {}
func (*RuleReply) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{4} }
func (*RuleReply) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{5} }
func (m *RuleReply) GetName() string {
if m != nil {
@ -326,18 +358,11 @@ func (m *RuleReply) GetDuration() string {
return ""
}
func (m *RuleReply) GetWhat() string {
func (m *RuleReply) GetOperator() *RuleOperator {
if m != nil {
return m.What
return m.Operator
}
return ""
}
func (m *RuleReply) GetValue() string {
if m != nil {
return m.Value
}
return ""
return nil
}
func init() {
@ -345,6 +370,7 @@ func init() {
proto.RegisterType((*PingRequest)(nil), "protocol.PingRequest")
proto.RegisterType((*PingReply)(nil), "protocol.PingReply")
proto.RegisterType((*RuleRequest)(nil), "protocol.RuleRequest")
proto.RegisterType((*RuleOperator)(nil), "protocol.RuleOperator")
proto.RegisterType((*RuleReply)(nil), "protocol.RuleReply")
}
@ -456,51 +482,54 @@ var _UI_serviceDesc = grpc.ServiceDesc{
func init() { proto.RegisterFile("ui.proto", fileDescriptor0) }
var fileDescriptor0 = []byte{
// 734 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x94, 0x5f, 0x8f, 0xe3, 0x34,
0x14, 0xc5, 0xb7, 0xff, 0xf2, 0xe7, 0xa6, 0x2d, 0x60, 0x76, 0x20, 0x74, 0x85, 0xb6, 0xdb, 0x15,
0x68, 0xc4, 0x43, 0x1f, 0x06, 0x04, 0xbb, 0xab, 0x95, 0xd0, 0x8c, 0x34, 0xd2, 0x54, 0x08, 0xa9,
0x0a, 0x1a, 0x5e, 0xa3, 0x24, 0xb6, 0x5a, 0x6b, 0xda, 0x24, 0xf8, 0x3a, 0x03, 0x79, 0xe0, 0x9d,
0x4f, 0xc2, 0xe7, 0x44, 0xbe, 0x4e, 0xda, 0x30, 0xd0, 0x95, 0xfa, 0x54, 0x9f, 0x73, 0xfd, 0xbb,
0x49, 0x8f, 0x9d, 0x0b, 0x5e, 0x25, 0x97, 0xa5, 0x2a, 0x74, 0xc1, 0x3c, 0xfa, 0xc9, 0x8a, 0xdd,
0xe2, 0x2f, 0x0f, 0xe0, 0x17, 0x9d, 0x68, 0x89, 0x5a, 0x66, 0xc8, 0xbe, 0x82, 0x29, 0x4f, 0xc4,
0xbe, 0xc8, 0xe3, 0x47, 0xa1, 0x50, 0x16, 0x79, 0xd8, 0x9b, 0xf7, 0x2e, 0xfd, 0x68, 0x62, 0xdd,
0x5f, 0xad, 0xc9, 0x3e, 0x03, 0xa7, 0x2a, 0xb5, 0xdc, 0x8b, 0xb0, 0x3f, 0xef, 0x5d, 0x0e, 0xa3,
0x46, 0xb1, 0xd7, 0x30, 0xe1, 0x39, 0xc6, 0x4a, 0x60, 0x59, 0xe4, 0x28, 0x30, 0x1c, 0x50, 0x79,
0xcc, 0x73, 0x8c, 0x5a, 0x8f, 0xcd, 0x21, 0xc8, 0x8a, 0x3c, 0x17, 0x99, 0x96, 0x45, 0x8e, 0xe1,
0x90, 0xb6, 0x74, 0x2d, 0x16, 0x82, 0x2b, 0x37, 0x79, 0xa1, 0x04, 0x0f, 0x47, 0x54, 0x6d, 0x25,
0x9b, 0x81, 0x97, 0x64, 0x99, 0x28, 0xb5, 0xe0, 0xa1, 0x43, 0xa5, 0x83, 0x36, 0x14, 0x57, 0x45,
0x59, 0x0a, 0x1e, 0xba, 0x96, 0x6a, 0x24, 0x7b, 0x01, 0xbe, 0xaa, 0x76, 0x22, 0xde, 0x4a, 0x8d,
0xa1, 0x67, 0x31, 0x63, 0xdc, 0x49, 0x8d, 0xec, 0x25, 0x04, 0x54, 0xdc, 0x4b, 0x34, 0x6f, 0xec,
0x53, 0x19, 0x8c, 0xf5, 0x33, 0x39, 0xec, 0x3d, 0x78, 0x69, 0x1d, 0x53, 0x62, 0x21, 0xcc, 0x07,
0x97, 0xc1, 0xd5, 0xab, 0x65, 0x9b, 0xdf, 0xf2, 0x98, 0xdd, 0xf2, 0xa6, 0x5e, 0x1b, 0xf7, 0x36,
0xd7, 0xaa, 0x8e, 0xdc, 0xd4, 0x2a, 0x76, 0x03, 0x90, 0xd6, 0x71, 0xc2, 0xb9, 0x12, 0x88, 0x61,
0x40, 0xfc, 0xeb, 0x13, 0xfc, 0xb5, 0xdd, 0x65, 0x3b, 0xf8, 0x69, 0xab, 0xd9, 0x5b, 0x70, 0xd3,
0x3a, 0xde, 0x16, 0xa8, 0xc3, 0x31, 0x35, 0x98, 0x9f, 0x68, 0x70, 0x57, 0xa0, 0xb6, 0xb4, 0x93,
0x92, 0x68, 0xd0, 0xb2, 0x50, 0x3a, 0x9c, 0x7c, 0x10, 0x5d, 0x17, 0xea, 0x88, 0x1a, 0xc1, 0xbe,
0x07, 0x27, 0xad, 0xe3, 0x4a, 0xf2, 0x70, 0x4a, 0xe4, 0xcb, 0x13, 0xe4, 0xbd, 0xe4, 0x16, 0x1c,
0xa5, 0x66, 0xcd, 0x7e, 0x82, 0x49, 0x5a, 0xc7, 0xe2, 0x0f, 0x91, 0x55, 0x3a, 0x49, 0x77, 0x22,
0xfc, 0x88, 0xf0, 0xaf, 0x4f, 0xe0, 0xb7, 0x87, 0x8d, 0xb6, 0xcb, 0x38, 0xed, 0x58, 0xb3, 0x77,
0x30, 0xee, 0xe6, 0xca, 0x3e, 0x86, 0xc1, 0x83, 0xa8, 0x9b, 0x5b, 0x69, 0x96, 0xec, 0x39, 0x8c,
0x1e, 0x93, 0x5d, 0xd5, 0x5e, 0x45, 0x2b, 0xde, 0xf5, 0xdf, 0xf4, 0x66, 0xef, 0x61, 0xfa, 0xef,
0x4c, 0xcf, 0xa2, 0xdf, 0x42, 0xd0, 0x09, 0xf4, 0x7c, 0xf4, 0x10, 0xe8, 0x59, 0xe8, 0x1b, 0x80,
0x63, 0xa2, 0x67, 0x91, 0x3f, 0xc2, 0x27, 0xff, 0x09, 0xf3, 0x9c, 0x06, 0x8b, 0x15, 0x04, 0x6b,
0x99, 0x6f, 0x22, 0xf1, 0x5b, 0x25, 0x50, 0xb3, 0x29, 0xf4, 0x25, 0x27, 0x72, 0x18, 0xf5, 0x25,
0x67, 0xdf, 0xc0, 0x08, 0x75, 0xa2, 0x91, 0xc0, 0xe0, 0xea, 0xf9, 0xff, 0x1d, 0x67, 0x64, 0xb7,
0x2c, 0x5e, 0x80, 0x6f, 0x5b, 0x95, 0xbb, 0xfa, 0x69, 0xa3, 0xc5, 0xdf, 0x7d, 0x08, 0xa2, 0x6a,
0x27, 0xda, 0x07, 0xcd, 0xe0, 0x30, 0x8e, 0x9a, 0x17, 0x3d, 0x68, 0x76, 0x01, 0x0e, 0xaa, 0x2c,
0x96, 0x25, 0x3d, 0xd5, 0x8f, 0x46, 0xa8, 0xb2, 0x55, 0xc9, 0xbe, 0x00, 0xcf, 0xd8, 0x74, 0xad,
0xcd, 0x88, 0x99, 0x44, 0x2e, 0xaa, 0x8c, 0x6e, 0xed, 0x05, 0x38, 0x1c, 0xb5, 0x21, 0x86, 0x96,
0xe0, 0xa8, 0x2d, 0x61, 0x6c, 0xfa, 0x86, 0x46, 0x54, 0x70, 0x39, 0x6a, 0xfa, 0x44, 0x9a, 0x12,
0x35, 0x73, 0x6c, 0x33, 0x8e, 0x9a, 0x9a, 0x7d, 0x0e, 0x6e, 0x85, 0x42, 0xc5, 0xd2, 0x8e, 0x94,
0x49, 0xe4, 0x18, 0xb9, 0xe2, 0xec, 0x4b, 0x80, 0x52, 0x15, 0x99, 0x40, 0x34, 0x35, 0x8f, 0x6a,
0x7e, 0xe3, 0xac, 0x38, 0x7b, 0x05, 0xe3, 0xb6, 0x5c, 0x26, 0x7a, 0x4b, 0x43, 0xc5, 0x8f, 0x82,
0xc6, 0x5b, 0x27, 0x7a, 0xdb, 0xdd, 0x92, 0xa8, 0x0d, 0xd2, 0x64, 0x39, 0x6e, 0xb9, 0x56, 0x1b,
0x5c, 0xfc, 0x09, 0xbe, 0xcd, 0xc9, 0xa4, 0xc8, 0x60, 0x98, 0x27, 0x7b, 0xd1, 0x24, 0x44, 0x6b,
0x33, 0x86, 0x13, 0x1a, 0x99, 0x4d, 0x3a, 0x8d, 0x32, 0x89, 0xf2, 0x4a, 0x25, 0x54, 0x19, 0xd8,
0x44, 0x5b, 0x6d, 0xfa, 0xfc, 0xbe, 0x4d, 0x74, 0x93, 0x0e, 0xad, 0x8f, 0x77, 0xc2, 0x26, 0x63,
0xc5, 0x15, 0x42, 0xff, 0x7e, 0xc5, 0xbe, 0x83, 0xa1, 0x39, 0x4a, 0x76, 0x71, 0x3c, 0xef, 0xce,
0x2d, 0x99, 0x7d, 0xfa, 0xd4, 0x2e, 0x77, 0xf5, 0xe2, 0x19, 0xfb, 0x01, 0xdc, 0x6b, 0x7c, 0x30,
0x6f, 0xdf, 0x05, 0x3b, 0xa7, 0xde, 0x05, 0x0f, 0x7f, 0x72, 0xf1, 0x2c, 0x75, 0xc8, 0xfd, 0xf6,
0x9f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xde, 0xff, 0xa2, 0x11, 0xac, 0x06, 0x00, 0x00,
// 773 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x54, 0x61, 0x8f, 0xdb, 0x44,
0x10, 0x6d, 0x72, 0x89, 0x63, 0x8f, 0x93, 0x03, 0x96, 0x5e, 0x31, 0xa9, 0x50, 0xd3, 0x54, 0xa0,
0x13, 0x1f, 0xee, 0x43, 0x40, 0xd0, 0x56, 0x95, 0xd0, 0x55, 0xaa, 0xd4, 0x08, 0x21, 0x22, 0xa3,
0xf2, 0xd5, 0x5a, 0x7b, 0x57, 0x77, 0xab, 0xe6, 0xbc, 0x66, 0x67, 0x5d, 0xe1, 0x5f, 0x00, 0xbf,
0x84, 0xdf, 0x89, 0x76, 0xd6, 0x76, 0xcc, 0x41, 0x90, 0xf2, 0x29, 0xfb, 0xde, 0xcc, 0x7b, 0xb1,
0xdf, 0x8e, 0x07, 0xc2, 0x5a, 0x5d, 0x55, 0x46, 0x5b, 0xcd, 0x42, 0xfa, 0x29, 0xf4, 0x7e, 0xfd,
0x67, 0x08, 0xf0, 0x8b, 0xe5, 0x56, 0xa1, 0x55, 0x05, 0xb2, 0x2f, 0xe1, 0x5c, 0x70, 0x79, 0xa7,
0xcb, 0xec, 0x83, 0x34, 0xa8, 0x74, 0x99, 0x8c, 0x56, 0xa3, 0xcb, 0x28, 0x5d, 0x78, 0xf6, 0x57,
0x4f, 0xb2, 0x47, 0x10, 0xd4, 0x95, 0x55, 0x77, 0x32, 0x19, 0xaf, 0x46, 0x97, 0x93, 0xb4, 0x45,
0xec, 0x19, 0x2c, 0x44, 0x89, 0x99, 0x91, 0x58, 0xe9, 0x12, 0x25, 0x26, 0x67, 0x54, 0x9e, 0x8b,
0x12, 0xd3, 0x8e, 0x63, 0x2b, 0x88, 0x0b, 0x5d, 0x96, 0xb2, 0xb0, 0x4a, 0x97, 0x98, 0x4c, 0xa8,
0x65, 0x48, 0xb1, 0x04, 0x66, 0xea, 0xa6, 0xd4, 0x46, 0x8a, 0x64, 0x4a, 0xd5, 0x0e, 0xb2, 0x25,
0x84, 0xbc, 0x28, 0x64, 0x65, 0xa5, 0x48, 0x02, 0x2a, 0xf5, 0xd8, 0xa9, 0x84, 0xd1, 0x55, 0x25,
0x45, 0x32, 0xf3, 0xaa, 0x16, 0xb2, 0xc7, 0x10, 0x99, 0x7a, 0x2f, 0xb3, 0x5b, 0x65, 0x31, 0x09,
0xbd, 0xcc, 0x11, 0x6f, 0x95, 0x45, 0xf6, 0x04, 0x62, 0x2a, 0xde, 0x29, 0x74, 0x4f, 0x1c, 0x51,
0x19, 0x1c, 0xf5, 0x13, 0x31, 0xec, 0x15, 0x84, 0x79, 0x93, 0x51, 0x62, 0x09, 0xac, 0xce, 0x2e,
0xe3, 0xcd, 0xd3, 0xab, 0x2e, 0xbf, 0xab, 0x43, 0x76, 0x57, 0xaf, 0x9b, 0x9d, 0x63, 0xdf, 0x94,
0xd6, 0x34, 0xe9, 0x2c, 0xf7, 0x88, 0xbd, 0x06, 0xc8, 0x9b, 0x8c, 0x0b, 0x61, 0x24, 0x62, 0x12,
0x93, 0xfe, 0xd9, 0x11, 0xfd, 0xb5, 0xef, 0xf2, 0x0e, 0x51, 0xde, 0x61, 0xf6, 0x02, 0x66, 0x79,
0x93, 0xdd, 0x6a, 0xb4, 0xc9, 0x9c, 0x0c, 0x56, 0x47, 0x0c, 0xde, 0x6a, 0xb4, 0x5e, 0x1d, 0xe4,
0x04, 0x5a, 0x69, 0xa5, 0x8d, 0x4d, 0x16, 0xff, 0x2b, 0xdd, 0x69, 0x73, 0x90, 0x3a, 0xc0, 0xbe,
0x83, 0x20, 0x6f, 0xb2, 0x5a, 0x89, 0xe4, 0x9c, 0x94, 0x4f, 0x8e, 0x28, 0xdf, 0x29, 0xe1, 0x85,
0xd3, 0xdc, 0x9d, 0xd9, 0x8f, 0xb0, 0xc8, 0x9b, 0x4c, 0xfe, 0x2e, 0x8b, 0xda, 0xf2, 0x7c, 0x2f,
0x93, 0x8f, 0x48, 0xfe, 0xd5, 0x11, 0xf9, 0x9b, 0xbe, 0xd1, 0xbb, 0xcc, 0xf3, 0x01, 0xb5, 0x7c,
0x09, 0xf3, 0x61, 0xae, 0xec, 0x63, 0x38, 0x7b, 0x2f, 0x9b, 0x76, 0x2a, 0xdd, 0x91, 0x3d, 0x84,
0xe9, 0x07, 0xbe, 0xaf, 0xbb, 0x51, 0xf4, 0xe0, 0xe5, 0xf8, 0xf9, 0x68, 0xf9, 0x0a, 0xce, 0xff,
0x99, 0xe9, 0x49, 0xea, 0x17, 0x10, 0x0f, 0x02, 0x3d, 0x5d, 0xda, 0x07, 0x7a, 0x92, 0xf4, 0x39,
0xc0, 0x21, 0xd1, 0x93, 0x94, 0x3f, 0xc0, 0x27, 0xff, 0x0a, 0xf3, 0x14, 0x83, 0xf5, 0x16, 0xe2,
0x9d, 0x2a, 0x6f, 0x52, 0xf9, 0x5b, 0x2d, 0xd1, 0xb2, 0x73, 0x18, 0x2b, 0x41, 0xca, 0x49, 0x3a,
0x56, 0x82, 0x7d, 0x0d, 0x53, 0xb4, 0xdc, 0x22, 0x09, 0xe3, 0xcd, 0xc3, 0xff, 0xba, 0xce, 0xd4,
0xb7, 0xac, 0x1f, 0x43, 0xe4, 0xad, 0xaa, 0x7d, 0x73, 0xdf, 0x68, 0xfd, 0xd7, 0x18, 0xe2, 0xb4,
0xde, 0xcb, 0xee, 0x8f, 0x96, 0xd0, 0xaf, 0xa3, 0xf6, 0x41, 0x7b, 0xcc, 0x2e, 0x20, 0x40, 0x53,
0x64, 0xaa, 0xa2, 0x7f, 0x8d, 0xd2, 0x29, 0x9a, 0x62, 0x5b, 0xb1, 0xcf, 0x21, 0x74, 0x34, 0x8d,
0xb5, 0x5b, 0x31, 0x8b, 0x74, 0x86, 0xa6, 0xa0, 0xa9, 0xbd, 0x80, 0x40, 0xa0, 0x75, 0x8a, 0x89,
0x57, 0x08, 0xb4, 0x5e, 0xe1, 0x68, 0xfa, 0x86, 0xa6, 0x54, 0x98, 0x09, 0xb4, 0xf4, 0x89, 0xb4,
0x25, 0x32, 0x0b, 0xbc, 0x99, 0x40, 0x4b, 0x66, 0x9f, 0xc1, 0xac, 0x46, 0x69, 0x32, 0xe5, 0x57,
0xca, 0x22, 0x0d, 0x1c, 0xdc, 0x0a, 0xf6, 0x05, 0x40, 0x65, 0x74, 0x21, 0x11, 0x5d, 0x2d, 0xa4,
0x5a, 0xd4, 0x32, 0x5b, 0xc1, 0x9e, 0xc2, 0xbc, 0x2b, 0x57, 0xdc, 0xde, 0xd2, 0x52, 0x89, 0xd2,
0xb8, 0xe5, 0x76, 0xdc, 0xde, 0x0e, 0x5b, 0xb8, 0xb9, 0x41, 0xda, 0x2c, 0x87, 0x96, 0x6b, 0x73,
0x83, 0xeb, 0x1d, 0xcc, 0x5d, 0x4e, 0x3f, 0x57, 0xd2, 0x70, 0xab, 0x0d, 0x63, 0x30, 0xb1, 0x4d,
0x25, 0xdb, 0x90, 0xe8, 0xec, 0x96, 0x9e, 0x76, 0xf5, 0x52, 0xb4, 0x09, 0x75, 0xd0, 0x75, 0x0b,
0x6e, 0x39, 0xe5, 0x13, 0xa5, 0x74, 0x5e, 0xff, 0x31, 0x82, 0xc8, 0x47, 0xef, 0x2e, 0x86, 0xc1,
0xa4, 0xe4, 0x77, 0xbd, 0x9f, 0x3b, 0xbb, 0xcd, 0xce, 0x69, 0x0b, 0xb7, 0x76, 0x2d, 0x72, 0x97,
0x24, 0x6a, 0xc3, 0xa9, 0xe2, 0x1d, 0x7b, 0xcc, 0x36, 0x10, 0xea, 0xf6, 0x19, 0x29, 0xf4, 0x78,
0xf3, 0xe8, 0x30, 0x1c, 0xc3, 0x37, 0x48, 0xfb, 0xbe, 0x0d, 0xc2, 0xf8, 0xdd, 0x96, 0x7d, 0x0b,
0x13, 0x37, 0x27, 0xec, 0xe2, 0xd0, 0x3f, 0x18, 0xc1, 0xe5, 0xa7, 0xf7, 0xe9, 0x6a, 0xdf, 0xac,
0x1f, 0xb0, 0xef, 0x61, 0x76, 0x8d, 0xef, 0x9d, 0xf1, 0x50, 0x38, 0x18, 0xa9, 0xa1, 0xb0, 0x7f,
0xdd, 0xf5, 0x83, 0x3c, 0x20, 0xf6, 0x9b, 0xbf, 0x03, 0x00, 0x00, 0xff, 0xff, 0x7a, 0xe4, 0xf0,
0xb4, 0x09, 0x07, 0x00, 0x00,
}

9
proto/ui.proto
View file

@ -47,10 +47,15 @@ message RuleRequest {
repeated string process_args = 10;
}
message RuleOperator {
string type = 1;
string operand = 2;
string data = 3;
}
message RuleReply {
string name = 1;
string action = 2;
string duration = 3;
string what = 4;
string value = 5;
RuleOperator operator = 4;
}

31
ui/dialogs/prompt.py
View file

@ -147,7 +147,7 @@ class PromptDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
def _on_apply_clicked(self):
self._rule = ui_pb2.RuleReply(name="user.choice")
action_idx = self._action_combo.currentIndex()
if action_idx == 0:
self._rule.action = "allow"
@ -161,29 +161,34 @@ class PromptDialog(QtWidgets.QDialog, uic.loadUiType(DIALOG_UI_PATH)[0]):
self._rule.duration = "until restart"
else:
self._rule.duration = "always"
what_idx = self._what_combo.currentIndex()
if what_idx == 0:
self._rule.what = "process.path"
self._rule.value = self._con.process_path
self._rule.operator.type = "simple"
self._rule.operator.operand = "process.path"
self._rule.operator.data = self._con.process_path
elif what_idx == 1:
self._rule.what = "user.id"
self._rule.value = "%s" % self._con.user_id
self._rule.operator.type = "simple"
self._rule.operator.operand = "user.id"
self._rule.operator.data = "%s" % self._con.user_id
elif what_idx == 2:
self._rule.what = "dest.port"
self._rule.value = "%s" % self._con.dst_port
self._rule.operator.type = "simple"
self._rule.operator.operand = "dest.port"
self._rule.operator.data = "%s" % self._con.dst_port
elif what_idx == 3:
self._rule.what = "dest.ip"
self._rule.value = self._con.dst_ip
self._rule.operator.type = "simple"
self._rule.operator.operand = "dest.ip"
self._rule.operator.data = self._con.dst_ip
else:
self._rule.what = "dest.host"
self._rule.value = self._con.dst_host
self._rule.operator.type = "simple"
self._rule.operator.operand = "dest.host"
self._rule.operator.data = self._con.dst_host
self._rule.name = slugify("%s %s %s" % (self._rule.action, self._rule.what, self._rule.value))
self._rule.name = slugify("%s %s %s" % (self._rule.action, self._rule.operator.type, self._rule.operator.data))
self.hide()
# signal that the user took a decision and

77
ui/ui_pb2.py
View file

@ -19,7 +19,7 @@ DESCRIPTOR = _descriptor.FileDescriptor(
name='ui.proto',
package='protocol',
syntax='proto3',
serialized_pb=_b('\n\x08ui.proto\x12\x08protocol\"\xa3\x06\n\nStatistics\x12\x16\n\x0e\x64\x61\x65mon_version\x18\x01 \x01(\t\x12\x0e\n\x06uptime\x18\x02 \x01(\x04\x12\x15\n\rdns_responses\x18\x03 \x01(\x04\x12\x13\n\x0b\x63onnections\x18\x04 \x01(\x04\x12\x0f\n\x07ignored\x18\x05 \x01(\x04\x12\x10\n\x08\x61\x63\x63\x65pted\x18\x06 \x01(\x04\x12\x0f\n\x07\x64ropped\x18\x07 \x01(\x04\x12\x11\n\trule_hits\x18\x08 \x01(\x04\x12\x13\n\x0brule_misses\x18\t \x01(\x04\x12\x33\n\x08\x62y_proto\x18\n \x03(\x0b\x32!.protocol.Statistics.ByProtoEntry\x12\x37\n\nby_address\x18\x0b \x03(\x0b\x32#.protocol.Statistics.ByAddressEntry\x12\x31\n\x07\x62y_host\x18\x0c \x03(\x0b\x32 .protocol.Statistics.ByHostEntry\x12\x31\n\x07\x62y_port\x18\r \x03(\x0b\x32 .protocol.Statistics.ByPortEntry\x12/\n\x06\x62y_uid\x18\x0e \x03(\x0b\x32\x1f.protocol.Statistics.ByUidEntry\x12=\n\rby_executable\x18\x0f \x03(\x0b\x32&.protocol.Statistics.ByExecutableEntry\x1a.\n\x0c\x42yProtoEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x04:\x02\x38\x01\x1a\x30\n\x0e\x42yAddressEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x04:\x02\x38\x01\x1a-\n\x0b\x42yHostEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x04:\x02\x38\x01\x1a-\n\x0b\x42yPortEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x04:\x02\x38\x01\x1a,\n\nByUidEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x04:\x02\x38\x01\x1a\x33\n\x11\x42yExecutableEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x04:\x02\x38\x01\">\n\x0bPingRequest\x12\n\n\x02id\x18\x01 \x01(\x04\x12#\n\x05stats\x18\x02 \x01(\x0b\x32\x14.protocol.Statistics\"\x17\n\tPingReply\x12\n\n\x02id\x18\x01 \x01(\x04\"\xc6\x01\n\x0bRuleRequest\x12\x10\n\x08protocol\x18\x01 \x01(\t\x12\x0e\n\x06src_ip\x18\x02 \x01(\t\x12\x10\n\x08src_port\x18\x03 \x01(\r\x12\x0e\n\x06\x64st_ip\x18\x04 \x01(\t\x12\x10\n\x08\x64st_host\x18\x05 \x01(\t\x12\x10\n\x08\x64st_port\x18\x06 \x01(\r\x12\x0f\n\x07user_id\x18\x07 \x01(\r\x12\x12\n\nprocess_id\x18\x08 \x01(\r\x12\x14\n\x0cprocess_path\x18\t \x01(\t\x12\x14\n\x0cprocess_args\x18\n \x03(\t\"X\n\tRuleReply\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0e\n\x06\x61\x63tion\x18\x02 \x01(\t\x12\x10\n\x08\x64uration\x18\x03 \x01(\t\x12\x0c\n\x04what\x18\x04 \x01(\t\x12\r\n\x05value\x18\x05 \x01(\t2s\n\x02UI\x12\x34\n\x04Ping\x12\x15.protocol.PingRequest\x1a\x13.protocol.PingReply\"\x00\x12\x37\n\x07\x41skRule\x12\x15.protocol.RuleRequest\x1a\x13.protocol.RuleReply\"\x00\x62\x06proto3')
serialized_pb=_b('\n\x08ui.proto\x12\x08protocol\"\xa3\x06\n\nStatistics\x12\x16\n\x0e\x64\x61\x65mon_version\x18\x01 \x01(\t\x12\x0e\n\x06uptime\x18\x02 \x01(\x04\x12\x15\n\rdns_responses\x18\x03 \x01(\x04\x12\x13\n\x0b\x63onnections\x18\x04 \x01(\x04\x12\x0f\n\x07ignored\x18\x05 \x01(\x04\x12\x10\n\x08\x61\x63\x63\x65pted\x18\x06 \x01(\x04\x12\x0f\n\x07\x64ropped\x18\x07 \x01(\x04\x12\x11\n\trule_hits\x18\x08 \x01(\x04\x12\x13\n\x0brule_misses\x18\t \x01(\x04\x12\x33\n\x08\x62y_proto\x18\n \x03(\x0b\x32!.protocol.Statistics.ByProtoEntry\x12\x37\n\nby_address\x18\x0b \x03(\x0b\x32#.protocol.Statistics.ByAddressEntry\x12\x31\n\x07\x62y_host\x18\x0c \x03(\x0b\x32 .protocol.Statistics.ByHostEntry\x12\x31\n\x07\x62y_port\x18\r \x03(\x0b\x32 .protocol.Statistics.ByPortEntry\x12/\n\x06\x62y_uid\x18\x0e \x03(\x0b\x32\x1f.protocol.Statistics.ByUidEntry\x12=\n\rby_executable\x18\x0f \x03(\x0b\x32&.protocol.Statistics.ByExecutableEntry\x1a.\n\x0c\x42yProtoEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x04:\x02\x38\x01\x1a\x30\n\x0e\x42yAddressEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x04:\x02\x38\x01\x1a-\n\x0b\x42yHostEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x04:\x02\x38\x01\x1a-\n\x0b\x42yPortEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x04:\x02\x38\x01\x1a,\n\nByUidEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x04:\x02\x38\x01\x1a\x33\n\x11\x42yExecutableEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x04:\x02\x38\x01\">\n\x0bPingRequest\x12\n\n\x02id\x18\x01 \x01(\x04\x12#\n\x05stats\x18\x02 \x01(\x0b\x32\x14.protocol.Statistics\"\x17\n\tPingReply\x12\n\n\x02id\x18\x01 \x01(\x04\"\xc6\x01\n\x0bRuleRequest\x12\x10\n\x08protocol\x18\x01 \x01(\t\x12\x0e\n\x06src_ip\x18\x02 \x01(\t\x12\x10\n\x08src_port\x18\x03 \x01(\r\x12\x0e\n\x06\x64st_ip\x18\x04 \x01(\t\x12\x10\n\x08\x64st_host\x18\x05 \x01(\t\x12\x10\n\x08\x64st_port\x18\x06 \x01(\r\x12\x0f\n\x07user_id\x18\x07 \x01(\r\x12\x12\n\nprocess_id\x18\x08 \x01(\r\x12\x14\n\x0cprocess_path\x18\t \x01(\t\x12\x14\n\x0cprocess_args\x18\n \x03(\t\";\n\x0cRuleOperator\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x0f\n\x07operand\x18\x02 \x01(\t\x12\x0c\n\x04\x64\x61ta\x18\x03 \x01(\t\"e\n\tRuleReply\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0e\n\x06\x61\x63tion\x18\x02 \x01(\t\x12\x10\n\x08\x64uration\x18\x03 \x01(\t\x12(\n\x08operator\x18\x04 \x01(\x0b\x32\x16.protocol.RuleOperator2s\n\x02UI\x12\x34\n\x04Ping\x12\x15.protocol.PingRequest\x1a\x13.protocol.PingReply\"\x00\x12\x37\n\x07\x41skRule\x12\x15.protocol.RuleRequest\x1a\x13.protocol.RuleReply\"\x00\x62\x06proto3')
)
@ -539,6 +539,51 @@ _RULEREQUEST = _descriptor.Descriptor(
)
_RULEOPERATOR = _descriptor.Descriptor(
name='RuleOperator',
full_name='protocol.RuleOperator',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='type', full_name='protocol.RuleOperator.type', index=0,
number=1, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='operand', full_name='protocol.RuleOperator.operand', index=1,
number=2, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='data', full_name='protocol.RuleOperator.data', index=2,
number=3, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[],
enum_types=[
],
options=None,
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=1118,
serialized_end=1177,
)
_RULEREPLY = _descriptor.Descriptor(
name='RuleReply',
full_name='protocol.RuleReply',
@ -568,16 +613,9 @@ _RULEREPLY = _descriptor.Descriptor(
is_extension=False, extension_scope=None,
options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='what', full_name='protocol.RuleReply.what', index=3,
number=4, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='value', full_name='protocol.RuleReply.value', index=4,
number=5, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
name='operator', full_name='protocol.RuleReply.operator', index=3,
number=4, type=11, cpp_type=10, label=1,
has_default_value=False, default_value=None,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
options=None, file=DESCRIPTOR),
@ -593,8 +631,8 @@ _RULEREPLY = _descriptor.Descriptor(
extension_ranges=[],
oneofs=[
],
serialized_start=1118,
serialized_end=1206,
serialized_start=1179,
serialized_end=1280,
)
_STATISTICS_BYPROTOENTRY.containing_type = _STATISTICS
@ -610,10 +648,12 @@ _STATISTICS.fields_by_name['by_port'].message_type = _STATISTICS_BYPORTENTRY
_STATISTICS.fields_by_name['by_uid'].message_type = _STATISTICS_BYUIDENTRY
_STATISTICS.fields_by_name['by_executable'].message_type = _STATISTICS_BYEXECUTABLEENTRY
_PINGREQUEST.fields_by_name['stats'].message_type = _STATISTICS
_RULEREPLY.fields_by_name['operator'].message_type = _RULEOPERATOR
DESCRIPTOR.message_types_by_name['Statistics'] = _STATISTICS
DESCRIPTOR.message_types_by_name['PingRequest'] = _PINGREQUEST
DESCRIPTOR.message_types_by_name['PingReply'] = _PINGREPLY
DESCRIPTOR.message_types_by_name['RuleRequest'] = _RULEREQUEST
DESCRIPTOR.message_types_by_name['RuleOperator'] = _RULEOPERATOR
DESCRIPTOR.message_types_by_name['RuleReply'] = _RULEREPLY
_sym_db.RegisterFileDescriptor(DESCRIPTOR)
@ -693,6 +733,13 @@ RuleRequest = _reflection.GeneratedProtocolMessageType('RuleRequest', (_message.
))
_sym_db.RegisterMessage(RuleRequest)
RuleOperator = _reflection.GeneratedProtocolMessageType('RuleOperator', (_message.Message,), dict(
DESCRIPTOR = _RULEOPERATOR,
__module__ = 'ui_pb2'
# @@protoc_insertion_point(class_scope:protocol.RuleOperator)
))
_sym_db.RegisterMessage(RuleOperator)
RuleReply = _reflection.GeneratedProtocolMessageType('RuleReply', (_message.Message,), dict(
DESCRIPTOR = _RULEREPLY,
__module__ = 'ui_pb2'
@ -720,8 +767,8 @@ _UI = _descriptor.ServiceDescriptor(
file=DESCRIPTOR,
index=0,
options=None,
serialized_start=1208,
serialized_end=1323,
serialized_start=1282,
serialized_end=1397,
methods=[
_descriptor.MethodDescriptor(
name='Ping',