From 4b8f74d18c4cbc38c97a7c4826be0086b2ae0248 Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 9 May 2022 23:16:59 +0200 Subject: [PATCH 1/5] Improve tracer --- tracer/tracer.go | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 tracer/tracer.go diff --git a/tracer/tracer.go b/tracer/tracer.go new file mode 100644 index 0000000..48dae24 --- /dev/null +++ b/tracer/tracer.go @@ -0,0 +1,45 @@ +package tracer + +import ( + log "github.com/sirupsen/logrus" +) + +type Tracer struct { +} + +func Init() *Tracer { + return &Tracer{} +} + +func (tracer *Tracer) TraceEvent(event Event) { + log.WithFields(log.Fields{ + "status": event.Status.String(), + "event": event, + }).Info("New Event") +} + +type Event struct { + RemoteAddr string + Protocol string + Command string + Status Status + Msg string + ID string + Environ string + User string + Password string + Client string +} + +type Status int + +const ( + Start Status = iota + End + Stateless + Interaction +) + +func (status Status) String() string { + return [...]string{"Start", "End", "Stateless", "Interaction"}[status] +} From b43d09ecf260adc034f0183bf5d30a33c915b66f Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 9 May 2022 23:18:20 +0200 Subject: [PATCH 2/5] Configure tracer on secureShellStrategy.go --- protocols/secureShellStrategy.go | 75 +++++++++++++++----------------- 1 file changed, 34 insertions(+), 41 deletions(-) diff --git a/protocols/secureShellStrategy.go b/protocols/secureShellStrategy.go index 1540ef9..53a58fe 100644 --- a/protocols/secureShellStrategy.go +++ b/protocols/secureShellStrategy.go @@ -2,19 +2,21 @@ package protocols import ( "beelzebub/parser" + "beelzebub/tracer" "fmt" "github.com/gliderlabs/ssh" "github.com/google/uuid" log "github.com/sirupsen/logrus" "golang.org/x/crypto/ssh/terminal" "regexp" + "strings" "time" ) type SecureShellStrategy struct { } -func (SSHStrategy *SecureShellStrategy) Init(beelzebubServiceConfiguration parser.BeelzebubServiceConfiguration) error { +func (SSHStrategy *SecureShellStrategy) Init(beelzebubServiceConfiguration parser.BeelzebubServiceConfiguration, tr tracer.Tracer) error { go func() { server := &ssh.Server{ Addr: beelzebubServiceConfiguration.Address, @@ -23,14 +25,30 @@ func (SSHStrategy *SecureShellStrategy) Init(beelzebubServiceConfiguration parse Version: beelzebubServiceConfiguration.ServerVersion, Handler: func(sess ssh.Session) { uuidSession := uuid.New() - traceSessionStart(sess, uuidSession) + + tr.TraceEvent(tracer.Event{ + Msg: "New SSH Session", + Protocol: beelzebubServiceConfiguration.Protocol, + RemoteAddr: sess.RemoteAddr().String(), + Status: tracer.Start, + ID: uuidSession.String(), + Environ: strings.Join(sess.Environ(), ","), + User: sess.User(), + }) + term := terminal.NewTerminal(sess, buildPrompt(sess.User(), beelzebubServiceConfiguration.ServerName)) for { commandInput, err := term.ReadLine() if err != nil { break } - traceCommand(commandInput, uuidSession) + tr.TraceEvent(tracer.Event{ + Msg: "New SSH Command", + RemoteAddr: sess.RemoteAddr().String(), + Status: tracer.Interaction, + Command: commandInput, + ID: uuidSession.String(), + }) if commandInput == "exit" { break } @@ -47,10 +65,21 @@ func (SSHStrategy *SecureShellStrategy) Init(beelzebubServiceConfiguration parse } } } - traceSessionEnd(sess, uuidSession) + tr.TraceEvent(tracer.Event{ + Msg: "End SSH Session", + Status: tracer.End, + ID: uuidSession.String(), + }) }, PasswordHandler: func(ctx ssh.Context, password string) bool { - traceAttempt(ctx, password) + tr.TraceEvent(tracer.Event{ + Msg: "New SSH attempt", + Status: tracer.Stateless, + User: ctx.User(), + Password: password, + Client: ctx.ClientVersion(), + RemoteAddr: ctx.RemoteAddr().String(), + }) matched, err := regexp.MatchString(beelzebubServiceConfiguration.PasswordRegex, password) if err != nil { log.Errorf("Error regex: %s, %s", beelzebubServiceConfiguration.PasswordRegex, err.Error()) @@ -75,39 +104,3 @@ func (SSHStrategy *SecureShellStrategy) Init(beelzebubServiceConfiguration parse func buildPrompt(user string, serverName string) string { return fmt.Sprintf("%s@%s:~$ ", user, serverName) } - -func traceAttempt(ctx ssh.Context, password string) { - log.WithFields(log.Fields{ - "remoteAddr": ctx.RemoteAddr(), - "user": ctx.User(), - "password": password, - "client": ctx.ClientVersion(), - }).Info("New SSH attempt") -} - -func traceSessionStart(sess ssh.Session, uuidSession uuid.UUID) { - log.WithFields(log.Fields{ - "uuidSession": uuidSession, - "remoteAddr": sess.RemoteAddr(), - "command": sess.Command(), - "environ": sess.Environ(), - "user": sess.User(), - }).Info("New SSH Session") -} - -func traceSessionEnd(sess ssh.Session, uuidSession uuid.UUID) { - log.WithFields(log.Fields{ - "uuidSession": uuidSession, - "remoteAddr": sess.RemoteAddr(), - "command": sess.Command(), - "environ": sess.Environ(), - "user": sess.User(), - }).Info("End SSH Session") -} - -func traceCommand(command string, uuidSession uuid.UUID) { - log.WithFields(log.Fields{ - "uuidSession": uuidSession, - "command": command, - }).Info("New SSH Command") -} From a68ee305caba012960096c190c9ebe1c7c1b1c1c Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 9 May 2022 23:18:48 +0200 Subject: [PATCH 3/5] Configured tracer into protocolStrategy.go --- protocols/protocolStrategy.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/protocols/protocolStrategy.go b/protocols/protocolStrategy.go index 55fd83b..29da640 100644 --- a/protocols/protocolStrategy.go +++ b/protocols/protocolStrategy.go @@ -1,7 +1,10 @@ package protocols -import "beelzebub/parser" +import ( + "beelzebub/parser" + "beelzebub/tracer" +) type ServiceStrategy interface { - Init(beelzebubServiceConfiguration parser.BeelzebubServiceConfiguration) error + Init(beelzebubServiceConfiguration parser.BeelzebubServiceConfiguration, tracer tracer.Tracer) error } From 1d0447693533c32c84b2d3ffe552dc7213f267b2 Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 9 May 2022 23:19:19 +0200 Subject: [PATCH 4/5] Injected tracer dependency into protocolManager.go --- protocols/protocolManager.go | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/protocols/protocolManager.go b/protocols/protocolManager.go index 51e2105..a9b0566 100644 --- a/protocols/protocolManager.go +++ b/protocols/protocolManager.go @@ -1,13 +1,19 @@ package protocols -import "beelzebub/parser" +import ( + "beelzebub/parser" + "beelzebub/tracer" +) type ProtocolManager struct { strategy ServiceStrategy + tracer *tracer.Tracer } func (pm *ProtocolManager) InitServiceManager() *ProtocolManager { - return &ProtocolManager{} + return &ProtocolManager{ + tracer: tracer.Init(), + } } func (pm *ProtocolManager) SetProtocolStrategy(strategy ServiceStrategy) { @@ -15,5 +21,5 @@ func (pm *ProtocolManager) SetProtocolStrategy(strategy ServiceStrategy) { } func (pm *ProtocolManager) InitService(beelzebubServiceConfiguration parser.BeelzebubServiceConfiguration) error { - return pm.strategy.Init(beelzebubServiceConfiguration) + return pm.strategy.Init(beelzebubServiceConfiguration, *pm.tracer) } From e1a1f20e6cdce7909855eb208813ece057502cbc Mon Sep 17 00:00:00 2001 From: Mario Date: Mon, 9 May 2022 23:21:14 +0200 Subject: [PATCH 5/5] Added tracer dependency into hypertextTransferProtocolStrategy.go --- protocols/hypertextTransferProtocolStrategy.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/protocols/hypertextTransferProtocolStrategy.go b/protocols/hypertextTransferProtocolStrategy.go index a5fca0e..bfd7f86 100644 --- a/protocols/hypertextTransferProtocolStrategy.go +++ b/protocols/hypertextTransferProtocolStrategy.go @@ -2,6 +2,7 @@ package protocols import ( "beelzebub/parser" + "beelzebub/tracer" "fmt" log "github.com/sirupsen/logrus" "io" @@ -15,7 +16,7 @@ type HypertextTransferProtocolStrategy struct { beelzebubServiceConfiguration parser.BeelzebubServiceConfiguration } -func (httpStrategy HypertextTransferProtocolStrategy) Init(beelzebubServiceConfiguration parser.BeelzebubServiceConfiguration) error { +func (httpStrategy HypertextTransferProtocolStrategy) Init(beelzebubServiceConfiguration parser.BeelzebubServiceConfiguration, tr tracer.Tracer) error { httpStrategy.beelzebubServiceConfiguration = beelzebubServiceConfiguration httpStrategy.serverMux = http.NewServeMux()