2023-06-09 19:39:54 -06:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
Enhancements to Command Execution and Logging Mechanisms
This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.
1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.
2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.
3. Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.
4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.
5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.
These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
2023-07-07 11:25:08 -06:00
|
|
|
require 'English'
|
2023-06-09 19:39:54 -06:00
|
|
|
require 'securerandom'
|
|
|
|
|
require 'digest'
|
|
|
|
|
require 'base64'
|
|
|
|
|
require 'openssl'
|
Enhancements to Command Execution and Logging Mechanisms
This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.
1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.
2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.
3. Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.
4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.
5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.
These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
2023-07-07 11:25:08 -06:00
|
|
|
require 'pty'
|
|
|
|
|
require 'expect'
|
2023-06-09 19:39:54 -06:00
|
|
|
|
|
|
|
|
# Utiltiies Module
|
Enhancements to Command Execution and Logging Mechanisms
This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.
1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.
2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.
3. Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.
4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.
5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.
These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
2023-07-07 11:25:08 -06:00
|
|
|
module Utilities # rubocop:disable Metrics/ModuleLength
|
2023-06-09 19:39:54 -06:00
|
|
|
# Converts speed from Gbps to Mbps if necessary
|
|
|
|
|
def convert_speed_to_mbps(speed)
|
2023-06-29 18:27:08 -06:00
|
|
|
return nil unless speed.is_a?(String) && speed.downcase.match?(/\A\d+(gbps|mbps)\z/i)
|
Major Refactoring and Feature Addition for Improved User Experience and Code Quality
This commit includes several significant changes aimed at improving the functionality, user experience, and code quality of our Ruby project.
1. Decryption Fix: We identified and resolved an issue where the database password was being decrypted multiple times, leading to connection problems. The code was refactored to ensure that decryption only occurs once, thereby enhancing the efficiency and reliability of our database connections.
2. Infinite Loop Resolution: We addressed a critical issue where the program would enter an infinite loop if the .env file was missing or contained incorrect information. The code was updated to handle these situations appropriately, providing meaningful feedback to the user and preventing unnecessary resource consumption.
3. .env File Handling Improvement: We improved the handling of the .env file, ensuring that the program can function correctly even in the absence of this file or if it contains incorrect data. This change enhances the robustness of our application.
4. Curses Alerts Integration: We integrated a new feature to display alerts in the terminal using the Curses library. These alerts can have different severity levels (info, warning, error), which are displayed in different colors (blue, yellow, red). This feature improves the user experience by providing clear and immediate feedback on the program's status.
5. Automatic Alert Dismissal: We implemented a feature where alerts automatically disappear after 5 seconds. This was achieved using Ruby threads, ensuring that the rest of the program is not blocked while the alert is displayed. This change enhances the user experience by preventing the screen from being cluttered with old alerts.
6. Debugging Libraries Exploration: We explored the possibility of using the Tracer and Debug libraries to trace the execution of the program and assist with debugging. While these libraries were not integrated in this commit, they remain a potential resource for future debugging efforts.
This commit represents a significant step forward in the development of our Ruby project, improving both the user experience and the quality of our codebase.
2023-06-12 15:31:34 -06:00
|
|
|
|
2023-06-29 18:27:08 -06:00
|
|
|
# Extract the numeric part and the unit from the speed
|
|
|
|
|
numeric_speed, unit = speed.downcase.match(/(\d+)(gbps|mbps)/i).captures
|
|
|
|
|
|
|
|
|
|
# Convert the numeric part to an integer
|
|
|
|
|
numeric_speed = numeric_speed.to_i
|
|
|
|
|
|
|
|
|
|
# If the unit is 'gbps', multiply the numeric part by 1000
|
|
|
|
|
numeric_speed *= 1000 if unit == 'gbps'
|
|
|
|
|
|
|
|
|
|
numeric_speed
|
2023-06-09 19:39:54 -06:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Converts an array of services into a hash
|
|
|
|
|
def services_to_hash(services)
|
|
|
|
|
services_hash = {}
|
|
|
|
|
services.each { |service| services_hash[service] = true }
|
|
|
|
|
services_hash
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Calculates total bandwidth from uplink and downlink speeds
|
|
|
|
|
def calculate_total_bandwidth(uplink_speed, downlink_speed)
|
|
|
|
|
uplink_speed + downlink_speed
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def generate_key
|
|
|
|
|
Base64.encode64(SecureRandom.bytes(32)).chomp
|
|
|
|
|
end
|
|
|
|
|
|
Implement Encryption for Sensitive Data and Switch to .env for Configuration Storage
This commit introduces several significant changes to improve the security and configuration management of the application.
Encryption of Sensitive Data: We've introduced encryption for sensitive data such as database passwords. This is done using the Blowfish algorithm. The encryption and decryption methods are added to the Utilities module. The encryption is applied when the user enters their database password during the first run setup. The encrypted password is then stored in the .env file. When the application needs to use the password, it is decrypted using the key that was generated during encryption.
Switch from YAML to .env for Configuration Storage: The application now uses a .env file for storing configuration data instead of a YAML file. This change was made to take advantage of the .env file's ability to store environment variables, which can be easily accessed by the application. The .env file stores the database username, encrypted password, encryption key, and database name.
First Run Setup Changes: The FirstRunInit class has been updated to ask the user for their database details, encrypt the password, and store these details in the .env file. It also checks if any of the necessary details are missing and runs the first run setup if they are.
Database Connection Testing: The DatabaseManager class now decrypts the password before using it to test the database connection. It also checks if the password or key are nil before attempting to decrypt the password.
Logging: A new LoggMan class has been added to handle logging. This class provides a simple method for logging messages, which can be used throughout the application to log errors or other important information.
Bug Fixes and Error Handling: Several bugs were fixed and error handling was improved. For example, a bug that caused the application to crash if the .env file was missing has been fixed. Also, the application now checks if the .env file exists and creates it if it doesn't.
These changes significantly improve the security, reliability, and usability of the application.
2023-06-11 15:46:53 -06:00
|
|
|
def encrypt_string_chacha20(data, key)
|
Major Refactoring and Feature Addition for Improved User Experience and Code Quality
This commit includes several significant changes aimed at improving the functionality, user experience, and code quality of our Ruby project.
1. Decryption Fix: We identified and resolved an issue where the database password was being decrypted multiple times, leading to connection problems. The code was refactored to ensure that decryption only occurs once, thereby enhancing the efficiency and reliability of our database connections.
2. Infinite Loop Resolution: We addressed a critical issue where the program would enter an infinite loop if the .env file was missing or contained incorrect information. The code was updated to handle these situations appropriately, providing meaningful feedback to the user and preventing unnecessary resource consumption.
3. .env File Handling Improvement: We improved the handling of the .env file, ensuring that the program can function correctly even in the absence of this file or if it contains incorrect data. This change enhances the robustness of our application.
4. Curses Alerts Integration: We integrated a new feature to display alerts in the terminal using the Curses library. These alerts can have different severity levels (info, warning, error), which are displayed in different colors (blue, yellow, red). This feature improves the user experience by providing clear and immediate feedback on the program's status.
5. Automatic Alert Dismissal: We implemented a feature where alerts automatically disappear after 5 seconds. This was achieved using Ruby threads, ensuring that the rest of the program is not blocked while the alert is displayed. This change enhances the user experience by preventing the screen from being cluttered with old alerts.
6. Debugging Libraries Exploration: We explored the possibility of using the Tracer and Debug libraries to trace the execution of the program and assist with debugging. While these libraries were not integrated in this commit, they remain a potential resource for future debugging efforts.
This commit represents a significant step forward in the development of our Ruby project, improving both the user experience and the quality of our codebase.
2023-06-12 15:31:34 -06:00
|
|
|
return nil if data.nil? || key.nil?
|
|
|
|
|
|
2023-06-09 19:39:54 -06:00
|
|
|
cipher = OpenSSL::Cipher.new('chacha20')
|
|
|
|
|
cipher.encrypt
|
Major Refactoring and Feature Addition for Improved User Experience and Code Quality
This commit includes several significant changes aimed at improving the functionality, user experience, and code quality of our Ruby project.
1. Decryption Fix: We identified and resolved an issue where the database password was being decrypted multiple times, leading to connection problems. The code was refactored to ensure that decryption only occurs once, thereby enhancing the efficiency and reliability of our database connections.
2. Infinite Loop Resolution: We addressed a critical issue where the program would enter an infinite loop if the .env file was missing or contained incorrect information. The code was updated to handle these situations appropriately, providing meaningful feedback to the user and preventing unnecessary resource consumption.
3. .env File Handling Improvement: We improved the handling of the .env file, ensuring that the program can function correctly even in the absence of this file or if it contains incorrect data. This change enhances the robustness of our application.
4. Curses Alerts Integration: We integrated a new feature to display alerts in the terminal using the Curses library. These alerts can have different severity levels (info, warning, error), which are displayed in different colors (blue, yellow, red). This feature improves the user experience by providing clear and immediate feedback on the program's status.
5. Automatic Alert Dismissal: We implemented a feature where alerts automatically disappear after 5 seconds. This was achieved using Ruby threads, ensuring that the rest of the program is not blocked while the alert is displayed. This change enhances the user experience by preventing the screen from being cluttered with old alerts.
6. Debugging Libraries Exploration: We explored the possibility of using the Tracer and Debug libraries to trace the execution of the program and assist with debugging. While these libraries were not integrated in this commit, they remain a potential resource for future debugging efforts.
This commit represents a significant step forward in the development of our Ruby project, improving both the user experience and the quality of our codebase.
2023-06-12 15:31:34 -06:00
|
|
|
cipher.key = Base64.decode64(key) # Decode the key from Base64
|
Implement Encryption for Sensitive Data and Switch to .env for Configuration Storage
This commit introduces several significant changes to improve the security and configuration management of the application.
Encryption of Sensitive Data: We've introduced encryption for sensitive data such as database passwords. This is done using the Blowfish algorithm. The encryption and decryption methods are added to the Utilities module. The encryption is applied when the user enters their database password during the first run setup. The encrypted password is then stored in the .env file. When the application needs to use the password, it is decrypted using the key that was generated during encryption.
Switch from YAML to .env for Configuration Storage: The application now uses a .env file for storing configuration data instead of a YAML file. This change was made to take advantage of the .env file's ability to store environment variables, which can be easily accessed by the application. The .env file stores the database username, encrypted password, encryption key, and database name.
First Run Setup Changes: The FirstRunInit class has been updated to ask the user for their database details, encrypt the password, and store these details in the .env file. It also checks if any of the necessary details are missing and runs the first run setup if they are.
Database Connection Testing: The DatabaseManager class now decrypts the password before using it to test the database connection. It also checks if the password or key are nil before attempting to decrypt the password.
Logging: A new LoggMan class has been added to handle logging. This class provides a simple method for logging messages, which can be used throughout the application to log errors or other important information.
Bug Fixes and Error Handling: Several bugs were fixed and error handling was improved. For example, a bug that caused the application to crash if the .env file was missing has been fixed. Also, the application now checks if the .env file exists and creates it if it doesn't.
These changes significantly improve the security, reliability, and usability of the application.
2023-06-11 15:46:53 -06:00
|
|
|
encrypted_data = cipher.update(data) + cipher.final
|
2023-06-09 19:39:54 -06:00
|
|
|
|
Implement Encryption for Sensitive Data and Switch to .env for Configuration Storage
This commit introduces several significant changes to improve the security and configuration management of the application.
Encryption of Sensitive Data: We've introduced encryption for sensitive data such as database passwords. This is done using the Blowfish algorithm. The encryption and decryption methods are added to the Utilities module. The encryption is applied when the user enters their database password during the first run setup. The encrypted password is then stored in the .env file. When the application needs to use the password, it is decrypted using the key that was generated during encryption.
Switch from YAML to .env for Configuration Storage: The application now uses a .env file for storing configuration data instead of a YAML file. This change was made to take advantage of the .env file's ability to store environment variables, which can be easily accessed by the application. The .env file stores the database username, encrypted password, encryption key, and database name.
First Run Setup Changes: The FirstRunInit class has been updated to ask the user for their database details, encrypt the password, and store these details in the .env file. It also checks if any of the necessary details are missing and runs the first run setup if they are.
Database Connection Testing: The DatabaseManager class now decrypts the password before using it to test the database connection. It also checks if the password or key are nil before attempting to decrypt the password.
Logging: A new LoggMan class has been added to handle logging. This class provides a simple method for logging messages, which can be used throughout the application to log errors or other important information.
Bug Fixes and Error Handling: Several bugs were fixed and error handling was improved. For example, a bug that caused the application to crash if the .env file was missing has been fixed. Also, the application now checks if the .env file exists and creates it if it doesn't.
These changes significantly improve the security, reliability, and usability of the application.
2023-06-11 15:46:53 -06:00
|
|
|
Base64.encode64(encrypted_data).chomp
|
Major Refactoring and Feature Addition for Improved User Experience and Code Quality
This commit includes several significant changes aimed at improving the functionality, user experience, and code quality of our Ruby project.
1. Decryption Fix: We identified and resolved an issue where the database password was being decrypted multiple times, leading to connection problems. The code was refactored to ensure that decryption only occurs once, thereby enhancing the efficiency and reliability of our database connections.
2. Infinite Loop Resolution: We addressed a critical issue where the program would enter an infinite loop if the .env file was missing or contained incorrect information. The code was updated to handle these situations appropriately, providing meaningful feedback to the user and preventing unnecessary resource consumption.
3. .env File Handling Improvement: We improved the handling of the .env file, ensuring that the program can function correctly even in the absence of this file or if it contains incorrect data. This change enhances the robustness of our application.
4. Curses Alerts Integration: We integrated a new feature to display alerts in the terminal using the Curses library. These alerts can have different severity levels (info, warning, error), which are displayed in different colors (blue, yellow, red). This feature improves the user experience by providing clear and immediate feedback on the program's status.
5. Automatic Alert Dismissal: We implemented a feature where alerts automatically disappear after 5 seconds. This was achieved using Ruby threads, ensuring that the rest of the program is not blocked while the alert is displayed. This change enhances the user experience by preventing the screen from being cluttered with old alerts.
6. Debugging Libraries Exploration: We explored the possibility of using the Tracer and Debug libraries to trace the execution of the program and assist with debugging. While these libraries were not integrated in this commit, they remain a potential resource for future debugging efforts.
This commit represents a significant step forward in the development of our Ruby project, improving both the user experience and the quality of our codebase.
2023-06-12 15:31:34 -06:00
|
|
|
rescue OpenSSL::Cipher::CipherError => e
|
2023-06-29 22:36:18 -06:00
|
|
|
@loggman.log_error("Failed to encrypt data: #{e.message}")
|
Major Refactoring and Feature Addition for Improved User Experience and Code Quality
This commit includes several significant changes aimed at improving the functionality, user experience, and code quality of our Ruby project.
1. Decryption Fix: We identified and resolved an issue where the database password was being decrypted multiple times, leading to connection problems. The code was refactored to ensure that decryption only occurs once, thereby enhancing the efficiency and reliability of our database connections.
2. Infinite Loop Resolution: We addressed a critical issue where the program would enter an infinite loop if the .env file was missing or contained incorrect information. The code was updated to handle these situations appropriately, providing meaningful feedback to the user and preventing unnecessary resource consumption.
3. .env File Handling Improvement: We improved the handling of the .env file, ensuring that the program can function correctly even in the absence of this file or if it contains incorrect data. This change enhances the robustness of our application.
4. Curses Alerts Integration: We integrated a new feature to display alerts in the terminal using the Curses library. These alerts can have different severity levels (info, warning, error), which are displayed in different colors (blue, yellow, red). This feature improves the user experience by providing clear and immediate feedback on the program's status.
5. Automatic Alert Dismissal: We implemented a feature where alerts automatically disappear after 5 seconds. This was achieved using Ruby threads, ensuring that the rest of the program is not blocked while the alert is displayed. This change enhances the user experience by preventing the screen from being cluttered with old alerts.
6. Debugging Libraries Exploration: We explored the possibility of using the Tracer and Debug libraries to trace the execution of the program and assist with debugging. While these libraries were not integrated in this commit, they remain a potential resource for future debugging efforts.
This commit represents a significant step forward in the development of our Ruby project, improving both the user experience and the quality of our codebase.
2023-06-12 15:31:34 -06:00
|
|
|
nil
|
2023-06-09 19:39:54 -06:00
|
|
|
end
|
|
|
|
|
|
Major Refactoring and Feature Addition for Improved User Experience and Code Quality
This commit includes several significant changes aimed at improving the functionality, user experience, and code quality of our Ruby project.
1. Decryption Fix: We identified and resolved an issue where the database password was being decrypted multiple times, leading to connection problems. The code was refactored to ensure that decryption only occurs once, thereby enhancing the efficiency and reliability of our database connections.
2. Infinite Loop Resolution: We addressed a critical issue where the program would enter an infinite loop if the .env file was missing or contained incorrect information. The code was updated to handle these situations appropriately, providing meaningful feedback to the user and preventing unnecessary resource consumption.
3. .env File Handling Improvement: We improved the handling of the .env file, ensuring that the program can function correctly even in the absence of this file or if it contains incorrect data. This change enhances the robustness of our application.
4. Curses Alerts Integration: We integrated a new feature to display alerts in the terminal using the Curses library. These alerts can have different severity levels (info, warning, error), which are displayed in different colors (blue, yellow, red). This feature improves the user experience by providing clear and immediate feedback on the program's status.
5. Automatic Alert Dismissal: We implemented a feature where alerts automatically disappear after 5 seconds. This was achieved using Ruby threads, ensuring that the rest of the program is not blocked while the alert is displayed. This change enhances the user experience by preventing the screen from being cluttered with old alerts.
6. Debugging Libraries Exploration: We explored the possibility of using the Tracer and Debug libraries to trace the execution of the program and assist with debugging. While these libraries were not integrated in this commit, they remain a potential resource for future debugging efforts.
This commit represents a significant step forward in the development of our Ruby project, improving both the user experience and the quality of our codebase.
2023-06-12 15:31:34 -06:00
|
|
|
def decrypt_string_chacha20(encrypted_data, key) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
|
|
|
|
|
return nil if encrypted_data.nil? || key.nil?
|
Implement Encryption for Sensitive Data and Switch to .env for Configuration Storage
This commit introduces several significant changes to improve the security and configuration management of the application.
Encryption of Sensitive Data: We've introduced encryption for sensitive data such as database passwords. This is done using the Blowfish algorithm. The encryption and decryption methods are added to the Utilities module. The encryption is applied when the user enters their database password during the first run setup. The encrypted password is then stored in the .env file. When the application needs to use the password, it is decrypted using the key that was generated during encryption.
Switch from YAML to .env for Configuration Storage: The application now uses a .env file for storing configuration data instead of a YAML file. This change was made to take advantage of the .env file's ability to store environment variables, which can be easily accessed by the application. The .env file stores the database username, encrypted password, encryption key, and database name.
First Run Setup Changes: The FirstRunInit class has been updated to ask the user for their database details, encrypt the password, and store these details in the .env file. It also checks if any of the necessary details are missing and runs the first run setup if they are.
Database Connection Testing: The DatabaseManager class now decrypts the password before using it to test the database connection. It also checks if the password or key are nil before attempting to decrypt the password.
Logging: A new LoggMan class has been added to handle logging. This class provides a simple method for logging messages, which can be used throughout the application to log errors or other important information.
Bug Fixes and Error Handling: Several bugs were fixed and error handling was improved. For example, a bug that caused the application to crash if the .env file was missing has been fixed. Also, the application now checks if the .env file exists and creates it if it doesn't.
These changes significantly improve the security, reliability, and usability of the application.
2023-06-11 15:46:53 -06:00
|
|
|
|
|
|
|
|
cipher = OpenSSL::Cipher.new('chacha20')
|
|
|
|
|
cipher.decrypt
|
Major Refactoring and Feature Addition for Improved User Experience and Code Quality
This commit includes several significant changes aimed at improving the functionality, user experience, and code quality of our Ruby project.
1. Decryption Fix: We identified and resolved an issue where the database password was being decrypted multiple times, leading to connection problems. The code was refactored to ensure that decryption only occurs once, thereby enhancing the efficiency and reliability of our database connections.
2. Infinite Loop Resolution: We addressed a critical issue where the program would enter an infinite loop if the .env file was missing or contained incorrect information. The code was updated to handle these situations appropriately, providing meaningful feedback to the user and preventing unnecessary resource consumption.
3. .env File Handling Improvement: We improved the handling of the .env file, ensuring that the program can function correctly even in the absence of this file or if it contains incorrect data. This change enhances the robustness of our application.
4. Curses Alerts Integration: We integrated a new feature to display alerts in the terminal using the Curses library. These alerts can have different severity levels (info, warning, error), which are displayed in different colors (blue, yellow, red). This feature improves the user experience by providing clear and immediate feedback on the program's status.
5. Automatic Alert Dismissal: We implemented a feature where alerts automatically disappear after 5 seconds. This was achieved using Ruby threads, ensuring that the rest of the program is not blocked while the alert is displayed. This change enhances the user experience by preventing the screen from being cluttered with old alerts.
6. Debugging Libraries Exploration: We explored the possibility of using the Tracer and Debug libraries to trace the execution of the program and assist with debugging. While these libraries were not integrated in this commit, they remain a potential resource for future debugging efforts.
This commit represents a significant step forward in the development of our Ruby project, improving both the user experience and the quality of our codebase.
2023-06-12 15:31:34 -06:00
|
|
|
cipher.key = Base64.decode64(key) # Decode the key from Base64
|
|
|
|
|
decrypted_data = cipher.update(Base64.decode64(encrypted_data)) + cipher.final
|
|
|
|
|
|
|
|
|
|
# Check if the decrypted data is valid ASCII
|
|
|
|
|
decrypted_data.force_encoding('UTF-8')
|
|
|
|
|
if decrypted_data.valid_encoding?
|
|
|
|
|
decrypted_data
|
|
|
|
|
else
|
2023-06-29 22:36:18 -06:00
|
|
|
@loggman.log_error("Decrypted data is not valid ASCII: #{decrypted_data.inspect}")
|
Major Refactoring and Feature Addition for Improved User Experience and Code Quality
This commit includes several significant changes aimed at improving the functionality, user experience, and code quality of our Ruby project.
1. Decryption Fix: We identified and resolved an issue where the database password was being decrypted multiple times, leading to connection problems. The code was refactored to ensure that decryption only occurs once, thereby enhancing the efficiency and reliability of our database connections.
2. Infinite Loop Resolution: We addressed a critical issue where the program would enter an infinite loop if the .env file was missing or contained incorrect information. The code was updated to handle these situations appropriately, providing meaningful feedback to the user and preventing unnecessary resource consumption.
3. .env File Handling Improvement: We improved the handling of the .env file, ensuring that the program can function correctly even in the absence of this file or if it contains incorrect data. This change enhances the robustness of our application.
4. Curses Alerts Integration: We integrated a new feature to display alerts in the terminal using the Curses library. These alerts can have different severity levels (info, warning, error), which are displayed in different colors (blue, yellow, red). This feature improves the user experience by providing clear and immediate feedback on the program's status.
5. Automatic Alert Dismissal: We implemented a feature where alerts automatically disappear after 5 seconds. This was achieved using Ruby threads, ensuring that the rest of the program is not blocked while the alert is displayed. This change enhances the user experience by preventing the screen from being cluttered with old alerts.
6. Debugging Libraries Exploration: We explored the possibility of using the Tracer and Debug libraries to trace the execution of the program and assist with debugging. While these libraries were not integrated in this commit, they remain a potential resource for future debugging efforts.
This commit represents a significant step forward in the development of our Ruby project, improving both the user experience and the quality of our codebase.
2023-06-12 15:31:34 -06:00
|
|
|
nil
|
|
|
|
|
end
|
|
|
|
|
rescue OpenSSL::Cipher::CipherError => e
|
2023-06-29 22:36:18 -06:00
|
|
|
@loggman.log_error("Failed to decrypt data: #{e.message}")
|
Major Refactoring and Feature Addition for Improved User Experience and Code Quality
This commit includes several significant changes aimed at improving the functionality, user experience, and code quality of our Ruby project.
1. Decryption Fix: We identified and resolved an issue where the database password was being decrypted multiple times, leading to connection problems. The code was refactored to ensure that decryption only occurs once, thereby enhancing the efficiency and reliability of our database connections.
2. Infinite Loop Resolution: We addressed a critical issue where the program would enter an infinite loop if the .env file was missing or contained incorrect information. The code was updated to handle these situations appropriately, providing meaningful feedback to the user and preventing unnecessary resource consumption.
3. .env File Handling Improvement: We improved the handling of the .env file, ensuring that the program can function correctly even in the absence of this file or if it contains incorrect data. This change enhances the robustness of our application.
4. Curses Alerts Integration: We integrated a new feature to display alerts in the terminal using the Curses library. These alerts can have different severity levels (info, warning, error), which are displayed in different colors (blue, yellow, red). This feature improves the user experience by providing clear and immediate feedback on the program's status.
5. Automatic Alert Dismissal: We implemented a feature where alerts automatically disappear after 5 seconds. This was achieved using Ruby threads, ensuring that the rest of the program is not blocked while the alert is displayed. This change enhances the user experience by preventing the screen from being cluttered with old alerts.
6. Debugging Libraries Exploration: We explored the possibility of using the Tracer and Debug libraries to trace the execution of the program and assist with debugging. While these libraries were not integrated in this commit, they remain a potential resource for future debugging efforts.
This commit represents a significant step forward in the development of our Ruby project, improving both the user experience and the quality of our codebase.
2023-06-12 15:31:34 -06:00
|
|
|
nil
|
|
|
|
|
end
|
|
|
|
|
|
Enhancements to Command Execution and Logging Mechanisms
This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.
1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.
2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.
3. Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.
4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.
5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.
These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
2023-07-07 11:25:08 -06:00
|
|
|
def ask_for_sudo(logger) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
|
2023-06-29 22:36:18 -06:00
|
|
|
@loggman = logger
|
Enhancements to Command Execution and Logging Mechanisms
This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.
1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.
2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.
3. Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.
4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.
5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.
These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
2023-07-07 11:25:08 -06:00
|
|
|
@loggman.log_info('Asking for sudo and explaining why...')
|
|
|
|
|
lines = [
|
|
|
|
|
'We require sudo permissions to complete certain steps.',
|
|
|
|
|
'Granting a program sudo access is a significant decision.',
|
|
|
|
|
'We treat your sudo password with the utmost care.',
|
|
|
|
|
'We handle it "As a Bomb".',
|
|
|
|
|
'',
|
|
|
|
|
'As soon as we receive your sudo password, it is encrypted.',
|
|
|
|
|
'The unencrypted password is then wiped from the system.',
|
|
|
|
|
'This includes the sudo cache.',
|
|
|
|
|
'When we need to use your sudo password, we decrypt it.',
|
|
|
|
|
'We use it, and then immediately wipe it again.',
|
|
|
|
|
'We only ever store the encrypted version of your password.',
|
|
|
|
|
'We delete even that as soon as we finish the operations.',
|
|
|
|
|
'However, even with these precautions, there is always a risk.',
|
|
|
|
|
'If an attacker were to gain access to this program,',
|
|
|
|
|
'they could potentially decrypt your password.',
|
|
|
|
|
'Therefore, you should only enter your sudo password',
|
|
|
|
|
'if you fully understand and accept these risks.',
|
|
|
|
|
'',
|
|
|
|
|
'',
|
|
|
|
|
'Please enter your sudo password ONLY if you understand',
|
|
|
|
|
'and accept the risks described above: '
|
|
|
|
|
]
|
|
|
|
|
Curses.clear
|
|
|
|
|
lines.each_with_index do |line, index|
|
|
|
|
|
Curses.setpos(index, 0) # Move the cursor to the beginning of the next line
|
|
|
|
|
Curses.addstr(line)
|
|
|
|
|
end
|
Implement Secure Sudo Usage, Error Handling in NetworkingGenie Class, and Create New Sudo Methods in Utilities Module
This commit introduces substantial enhancements to both the NetworkingGenie class and the Utilities module, focusing on the secure usage of sudo permissions, improved error handling, and the creation of new sudo methods.
1. Secure Sudo Usage: The `use_sudo` method from the Utilities module is now integrated within the `find_main_interface`, `create_dummy_interface`, and `setup_traffic_mirroring` methods of the NetworkingGenie class. This method ensures that commands requiring sudo permissions are executed securely. It achieves this by encrypting the sudo password, using it for the required command, and then immediately clearing it from memory. This approach significantly enhances the security of operations that require elevated permissions.
2. New Sudo Methods in Utilities Module: This commit introduces several new methods in the Utilities module to handle sudo operations securely. The `ask_for_sudo`, `test_sudo`, `deescalate_sudo`, and `use_sudo` methods have been created. These methods handle the secure acquisition, testing, de-escalation, and usage of sudo permissions, respectively. They ensure that sudo operations are performed securely and efficiently, with the sudo password being encrypted and cleared from memory immediately after use.
3. Improved Error Handling: The error handling within the `setup_traffic_mirroring` method has been refined. Now, when an exception is raised during the execution of a command, the error message is not only logged using the LoggMan logger but also an alert is enqueued into the AlertQueueManager. This dual approach ensures that errors are properly logged for debugging purposes and also communicated to the user in real-time.
4. AlertQueueManager Integration: The `initialize` method of NetworkingGenie has been updated to accept an `alert_queue_manager` parameter. This allows the NetworkingGenie class to enqueue alerts directly into the AlertQueueManager, thereby improving the communication of errors and important information to the user.
5. Dummy Interface Creation: The `create_dummy_interface` method now checks if the dummy interface already exists before attempting to create it. This prevents unnecessary system calls and potential errors.
These modifications significantly contribute to the overall security and reliability of the NETRAVE system. They ensure that network setup and traffic mirroring operations are performed securely and efficiently, with clear and immediate communication of any issues that may occur.
2023-07-05 17:40:03 -06:00
|
|
|
# use the dynamic curses input gem in secure mode to collect the sudo password
|
|
|
|
|
sudo_password = DCI.catch_input(false)
|
|
|
|
|
@loggman.log_info('Sudo password received. (This log entry will be removed)')
|
Enhancements to Command Execution and Logging Mechanisms
This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.
1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.
2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.
3. Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.
4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.
5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.
These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
2023-07-07 11:25:08 -06:00
|
|
|
@loggman.log_info("Entered sudo password: #{sudo_password}")
|
|
|
|
|
|
|
|
|
|
# Generate a new secret key
|
|
|
|
|
key = SecureRandom.random_bytes(32) # generates a random string of 32 bytes
|
|
|
|
|
|
|
|
|
|
# encode the key for storage
|
|
|
|
|
@secret_key = Base64.encode64(key)
|
2023-06-29 22:36:18 -06:00
|
|
|
|
Implement Secure Sudo Usage, Error Handling in NetworkingGenie Class, and Create New Sudo Methods in Utilities Module
This commit introduces substantial enhancements to both the NetworkingGenie class and the Utilities module, focusing on the secure usage of sudo permissions, improved error handling, and the creation of new sudo methods.
1. Secure Sudo Usage: The `use_sudo` method from the Utilities module is now integrated within the `find_main_interface`, `create_dummy_interface`, and `setup_traffic_mirroring` methods of the NetworkingGenie class. This method ensures that commands requiring sudo permissions are executed securely. It achieves this by encrypting the sudo password, using it for the required command, and then immediately clearing it from memory. This approach significantly enhances the security of operations that require elevated permissions.
2. New Sudo Methods in Utilities Module: This commit introduces several new methods in the Utilities module to handle sudo operations securely. The `ask_for_sudo`, `test_sudo`, `deescalate_sudo`, and `use_sudo` methods have been created. These methods handle the secure acquisition, testing, de-escalation, and usage of sudo permissions, respectively. They ensure that sudo operations are performed securely and efficiently, with the sudo password being encrypted and cleared from memory immediately after use.
3. Improved Error Handling: The error handling within the `setup_traffic_mirroring` method has been refined. Now, when an exception is raised during the execution of a command, the error message is not only logged using the LoggMan logger but also an alert is enqueued into the AlertQueueManager. This dual approach ensures that errors are properly logged for debugging purposes and also communicated to the user in real-time.
4. AlertQueueManager Integration: The `initialize` method of NetworkingGenie has been updated to accept an `alert_queue_manager` parameter. This allows the NetworkingGenie class to enqueue alerts directly into the AlertQueueManager, thereby improving the communication of errors and important information to the user.
5. Dummy Interface Creation: The `create_dummy_interface` method now checks if the dummy interface already exists before attempting to create it. This prevents unnecessary system calls and potential errors.
These modifications significantly contribute to the overall security and reliability of the NETRAVE system. They ensure that network setup and traffic mirroring operations are performed securely and efficiently, with clear and immediate communication of any issues that may occur.
2023-07-05 17:40:03 -06:00
|
|
|
# Encrypt the sudo password right away and store it in an environment variable
|
2023-06-29 22:36:18 -06:00
|
|
|
encrypted_sudo_password = encrypt_string_chacha20(sudo_password, @secret_key)
|
Enhancements to Command Execution and Logging Mechanisms
This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.
1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.
2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.
3. Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.
4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.
5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.
These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
2023-07-07 11:25:08 -06:00
|
|
|
@loggman.log_info("Encrypted sudo password: #{encrypted_sudo_password}")
|
2023-06-29 22:36:18 -06:00
|
|
|
ENV['SPW'] = encrypted_sudo_password
|
Enhancements to Command Execution and Logging Mechanisms
This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.
1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.
2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.
3. Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.
4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.
5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.
These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
2023-07-07 11:25:08 -06:00
|
|
|
ENV['SDSECRET_KEY'] = @secret_key
|
2023-06-29 22:36:18 -06:00
|
|
|
|
Implement Secure Sudo Usage, Error Handling in NetworkingGenie Class, and Create New Sudo Methods in Utilities Module
This commit introduces substantial enhancements to both the NetworkingGenie class and the Utilities module, focusing on the secure usage of sudo permissions, improved error handling, and the creation of new sudo methods.
1. Secure Sudo Usage: The `use_sudo` method from the Utilities module is now integrated within the `find_main_interface`, `create_dummy_interface`, and `setup_traffic_mirroring` methods of the NetworkingGenie class. This method ensures that commands requiring sudo permissions are executed securely. It achieves this by encrypting the sudo password, using it for the required command, and then immediately clearing it from memory. This approach significantly enhances the security of operations that require elevated permissions.
2. New Sudo Methods in Utilities Module: This commit introduces several new methods in the Utilities module to handle sudo operations securely. The `ask_for_sudo`, `test_sudo`, `deescalate_sudo`, and `use_sudo` methods have been created. These methods handle the secure acquisition, testing, de-escalation, and usage of sudo permissions, respectively. They ensure that sudo operations are performed securely and efficiently, with the sudo password being encrypted and cleared from memory immediately after use.
3. Improved Error Handling: The error handling within the `setup_traffic_mirroring` method has been refined. Now, when an exception is raised during the execution of a command, the error message is not only logged using the LoggMan logger but also an alert is enqueued into the AlertQueueManager. This dual approach ensures that errors are properly logged for debugging purposes and also communicated to the user in real-time.
4. AlertQueueManager Integration: The `initialize` method of NetworkingGenie has been updated to accept an `alert_queue_manager` parameter. This allows the NetworkingGenie class to enqueue alerts directly into the AlertQueueManager, thereby improving the communication of errors and important information to the user.
5. Dummy Interface Creation: The `create_dummy_interface` method now checks if the dummy interface already exists before attempting to create it. This prevents unnecessary system calls and potential errors.
These modifications significantly contribute to the overall security and reliability of the NETRAVE system. They ensure that network setup and traffic mirroring operations are performed securely and efficiently, with clear and immediate communication of any issues that may occur.
2023-07-05 17:40:03 -06:00
|
|
|
# Clear the unencrypted sudo password from memory
|
|
|
|
|
sudo_password.replace(' ' * sudo_password.length)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def test_sudo
|
|
|
|
|
# Run a simple ls command with sudo privileges to test
|
|
|
|
|
use_sudo('ls')
|
|
|
|
|
|
2023-06-29 22:36:18 -06:00
|
|
|
true
|
Enhancements to Command Execution and Logging Mechanisms
This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.
1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.
2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.
3. Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.
4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.
5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.
These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
2023-07-07 11:25:08 -06:00
|
|
|
rescue PTY::ChildExited
|
2023-06-29 22:36:18 -06:00
|
|
|
false
|
|
|
|
|
end
|
|
|
|
|
|
Implement Secure Sudo Usage, Error Handling in NetworkingGenie Class, and Create New Sudo Methods in Utilities Module
This commit introduces substantial enhancements to both the NetworkingGenie class and the Utilities module, focusing on the secure usage of sudo permissions, improved error handling, and the creation of new sudo methods.
1. Secure Sudo Usage: The `use_sudo` method from the Utilities module is now integrated within the `find_main_interface`, `create_dummy_interface`, and `setup_traffic_mirroring` methods of the NetworkingGenie class. This method ensures that commands requiring sudo permissions are executed securely. It achieves this by encrypting the sudo password, using it for the required command, and then immediately clearing it from memory. This approach significantly enhances the security of operations that require elevated permissions.
2. New Sudo Methods in Utilities Module: This commit introduces several new methods in the Utilities module to handle sudo operations securely. The `ask_for_sudo`, `test_sudo`, `deescalate_sudo`, and `use_sudo` methods have been created. These methods handle the secure acquisition, testing, de-escalation, and usage of sudo permissions, respectively. They ensure that sudo operations are performed securely and efficiently, with the sudo password being encrypted and cleared from memory immediately after use.
3. Improved Error Handling: The error handling within the `setup_traffic_mirroring` method has been refined. Now, when an exception is raised during the execution of a command, the error message is not only logged using the LoggMan logger but also an alert is enqueued into the AlertQueueManager. This dual approach ensures that errors are properly logged for debugging purposes and also communicated to the user in real-time.
4. AlertQueueManager Integration: The `initialize` method of NetworkingGenie has been updated to accept an `alert_queue_manager` parameter. This allows the NetworkingGenie class to enqueue alerts directly into the AlertQueueManager, thereby improving the communication of errors and important information to the user.
5. Dummy Interface Creation: The `create_dummy_interface` method now checks if the dummy interface already exists before attempting to create it. This prevents unnecessary system calls and potential errors.
These modifications significantly contribute to the overall security and reliability of the NETRAVE system. They ensure that network setup and traffic mirroring operations are performed securely and efficiently, with clear and immediate communication of any issues that may occur.
2023-07-05 17:40:03 -06:00
|
|
|
def deescalate_sudo
|
2023-06-29 22:36:18 -06:00
|
|
|
# Retrieve the encrypted sudo password from the environment variable
|
|
|
|
|
encrypted_sudo_password = ENV['SPW']
|
|
|
|
|
|
Enhancements to Command Execution and Logging Mechanisms
This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.
1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.
2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.
3. Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.
4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.
5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.
These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
2023-07-07 11:25:08 -06:00
|
|
|
# Retrieve the secret key from the environment variable
|
|
|
|
|
@secret_key = ENV['SDSECRET_KEY']
|
|
|
|
|
|
2023-06-29 22:36:18 -06:00
|
|
|
# Decrypt the sudo password
|
|
|
|
|
sudo_password = decrypt_string_chacha20(encrypted_sudo_password, @secret_key)
|
|
|
|
|
|
Implement Secure Sudo Usage, Error Handling in NetworkingGenie Class, and Create New Sudo Methods in Utilities Module
This commit introduces substantial enhancements to both the NetworkingGenie class and the Utilities module, focusing on the secure usage of sudo permissions, improved error handling, and the creation of new sudo methods.
1. Secure Sudo Usage: The `use_sudo` method from the Utilities module is now integrated within the `find_main_interface`, `create_dummy_interface`, and `setup_traffic_mirroring` methods of the NetworkingGenie class. This method ensures that commands requiring sudo permissions are executed securely. It achieves this by encrypting the sudo password, using it for the required command, and then immediately clearing it from memory. This approach significantly enhances the security of operations that require elevated permissions.
2. New Sudo Methods in Utilities Module: This commit introduces several new methods in the Utilities module to handle sudo operations securely. The `ask_for_sudo`, `test_sudo`, `deescalate_sudo`, and `use_sudo` methods have been created. These methods handle the secure acquisition, testing, de-escalation, and usage of sudo permissions, respectively. They ensure that sudo operations are performed securely and efficiently, with the sudo password being encrypted and cleared from memory immediately after use.
3. Improved Error Handling: The error handling within the `setup_traffic_mirroring` method has been refined. Now, when an exception is raised during the execution of a command, the error message is not only logged using the LoggMan logger but also an alert is enqueued into the AlertQueueManager. This dual approach ensures that errors are properly logged for debugging purposes and also communicated to the user in real-time.
4. AlertQueueManager Integration: The `initialize` method of NetworkingGenie has been updated to accept an `alert_queue_manager` parameter. This allows the NetworkingGenie class to enqueue alerts directly into the AlertQueueManager, thereby improving the communication of errors and important information to the user.
5. Dummy Interface Creation: The `create_dummy_interface` method now checks if the dummy interface already exists before attempting to create it. This prevents unnecessary system calls and potential errors.
These modifications significantly contribute to the overall security and reliability of the NETRAVE system. They ensure that network setup and traffic mirroring operations are performed securely and efficiently, with clear and immediate communication of any issues that may occur.
2023-07-05 17:40:03 -06:00
|
|
|
# Invalidate the user's cached credentials
|
Enhancements to Command Execution and Logging Mechanisms
This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.
1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.
2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.
3. Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.
4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.
5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.
These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
2023-07-07 11:25:08 -06:00
|
|
|
PTY.spawn('sudo -S -k') do |r, w, _pid|
|
|
|
|
|
w.sync = true
|
|
|
|
|
r.expect(/password/) { w.puts sudo_password }
|
|
|
|
|
end
|
Implement Secure Sudo Usage, Error Handling in NetworkingGenie Class, and Create New Sudo Methods in Utilities Module
This commit introduces substantial enhancements to both the NetworkingGenie class and the Utilities module, focusing on the secure usage of sudo permissions, improved error handling, and the creation of new sudo methods.
1. Secure Sudo Usage: The `use_sudo` method from the Utilities module is now integrated within the `find_main_interface`, `create_dummy_interface`, and `setup_traffic_mirroring` methods of the NetworkingGenie class. This method ensures that commands requiring sudo permissions are executed securely. It achieves this by encrypting the sudo password, using it for the required command, and then immediately clearing it from memory. This approach significantly enhances the security of operations that require elevated permissions.
2. New Sudo Methods in Utilities Module: This commit introduces several new methods in the Utilities module to handle sudo operations securely. The `ask_for_sudo`, `test_sudo`, `deescalate_sudo`, and `use_sudo` methods have been created. These methods handle the secure acquisition, testing, de-escalation, and usage of sudo permissions, respectively. They ensure that sudo operations are performed securely and efficiently, with the sudo password being encrypted and cleared from memory immediately after use.
3. Improved Error Handling: The error handling within the `setup_traffic_mirroring` method has been refined. Now, when an exception is raised during the execution of a command, the error message is not only logged using the LoggMan logger but also an alert is enqueued into the AlertQueueManager. This dual approach ensures that errors are properly logged for debugging purposes and also communicated to the user in real-time.
4. AlertQueueManager Integration: The `initialize` method of NetworkingGenie has been updated to accept an `alert_queue_manager` parameter. This allows the NetworkingGenie class to enqueue alerts directly into the AlertQueueManager, thereby improving the communication of errors and important information to the user.
5. Dummy Interface Creation: The `create_dummy_interface` method now checks if the dummy interface already exists before attempting to create it. This prevents unnecessary system calls and potential errors.
These modifications significantly contribute to the overall security and reliability of the NETRAVE system. They ensure that network setup and traffic mirroring operations are performed securely and efficiently, with clear and immediate communication of any issues that may occur.
2023-07-05 17:40:03 -06:00
|
|
|
|
2023-06-29 22:36:18 -06:00
|
|
|
# Clear the sudo password from memory
|
|
|
|
|
sudo_password.replace(' ' * sudo_password.length)
|
|
|
|
|
|
Enhancements to Command Execution and Logging Mechanisms
This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.
1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.
2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.
3. Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.
4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.
5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.
These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
2023-07-07 11:25:08 -06:00
|
|
|
# Remove the encrypted sudo password and the secret key from the environment variables
|
2023-06-29 22:36:18 -06:00
|
|
|
ENV.delete('SPW')
|
Enhancements to Command Execution and Logging Mechanisms
This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.
1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.
2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.
3. Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.
4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.
5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.
These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
2023-07-07 11:25:08 -06:00
|
|
|
ENV.delete('SECRET_KEY')
|
2023-06-29 22:36:18 -06:00
|
|
|
end
|
Implement Secure Sudo Usage, Error Handling in NetworkingGenie Class, and Create New Sudo Methods in Utilities Module
This commit introduces substantial enhancements to both the NetworkingGenie class and the Utilities module, focusing on the secure usage of sudo permissions, improved error handling, and the creation of new sudo methods.
1. Secure Sudo Usage: The `use_sudo` method from the Utilities module is now integrated within the `find_main_interface`, `create_dummy_interface`, and `setup_traffic_mirroring` methods of the NetworkingGenie class. This method ensures that commands requiring sudo permissions are executed securely. It achieves this by encrypting the sudo password, using it for the required command, and then immediately clearing it from memory. This approach significantly enhances the security of operations that require elevated permissions.
2. New Sudo Methods in Utilities Module: This commit introduces several new methods in the Utilities module to handle sudo operations securely. The `ask_for_sudo`, `test_sudo`, `deescalate_sudo`, and `use_sudo` methods have been created. These methods handle the secure acquisition, testing, de-escalation, and usage of sudo permissions, respectively. They ensure that sudo operations are performed securely and efficiently, with the sudo password being encrypted and cleared from memory immediately after use.
3. Improved Error Handling: The error handling within the `setup_traffic_mirroring` method has been refined. Now, when an exception is raised during the execution of a command, the error message is not only logged using the LoggMan logger but also an alert is enqueued into the AlertQueueManager. This dual approach ensures that errors are properly logged for debugging purposes and also communicated to the user in real-time.
4. AlertQueueManager Integration: The `initialize` method of NetworkingGenie has been updated to accept an `alert_queue_manager` parameter. This allows the NetworkingGenie class to enqueue alerts directly into the AlertQueueManager, thereby improving the communication of errors and important information to the user.
5. Dummy Interface Creation: The `create_dummy_interface` method now checks if the dummy interface already exists before attempting to create it. This prevents unnecessary system calls and potential errors.
These modifications significantly contribute to the overall security and reliability of the NETRAVE system. They ensure that network setup and traffic mirroring operations are performed securely and efficiently, with clear and immediate communication of any issues that may occur.
2023-07-05 17:40:03 -06:00
|
|
|
|
Enhancements to Command Execution and Logging Mechanisms
This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.
1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.
2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.
3. Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.
4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.
5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.
These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
2023-07-07 11:25:08 -06:00
|
|
|
def use_sudo(command) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
|
|
|
|
|
@secret_key = ENV['SDSECRET_KEY']
|
Implement Secure Sudo Usage, Error Handling in NetworkingGenie Class, and Create New Sudo Methods in Utilities Module
This commit introduces substantial enhancements to both the NetworkingGenie class and the Utilities module, focusing on the secure usage of sudo permissions, improved error handling, and the creation of new sudo methods.
1. Secure Sudo Usage: The `use_sudo` method from the Utilities module is now integrated within the `find_main_interface`, `create_dummy_interface`, and `setup_traffic_mirroring` methods of the NetworkingGenie class. This method ensures that commands requiring sudo permissions are executed securely. It achieves this by encrypting the sudo password, using it for the required command, and then immediately clearing it from memory. This approach significantly enhances the security of operations that require elevated permissions.
2. New Sudo Methods in Utilities Module: This commit introduces several new methods in the Utilities module to handle sudo operations securely. The `ask_for_sudo`, `test_sudo`, `deescalate_sudo`, and `use_sudo` methods have been created. These methods handle the secure acquisition, testing, de-escalation, and usage of sudo permissions, respectively. They ensure that sudo operations are performed securely and efficiently, with the sudo password being encrypted and cleared from memory immediately after use.
3. Improved Error Handling: The error handling within the `setup_traffic_mirroring` method has been refined. Now, when an exception is raised during the execution of a command, the error message is not only logged using the LoggMan logger but also an alert is enqueued into the AlertQueueManager. This dual approach ensures that errors are properly logged for debugging purposes and also communicated to the user in real-time.
4. AlertQueueManager Integration: The `initialize` method of NetworkingGenie has been updated to accept an `alert_queue_manager` parameter. This allows the NetworkingGenie class to enqueue alerts directly into the AlertQueueManager, thereby improving the communication of errors and important information to the user.
5. Dummy Interface Creation: The `create_dummy_interface` method now checks if the dummy interface already exists before attempting to create it. This prevents unnecessary system calls and potential errors.
These modifications significantly contribute to the overall security and reliability of the NETRAVE system. They ensure that network setup and traffic mirroring operations are performed securely and efficiently, with clear and immediate communication of any issues that may occur.
2023-07-05 17:40:03 -06:00
|
|
|
# Retrieve the encrypted sudo password from the environment variable
|
|
|
|
|
encrypted_sudo_password = ENV['SPW']
|
|
|
|
|
|
|
|
|
|
# Decrypt the sudo password
|
|
|
|
|
sudo_password = decrypt_string_chacha20(encrypted_sudo_password, @secret_key)
|
|
|
|
|
|
Enhancements to Command Execution and Logging Mechanisms
This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.
1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.
2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.
3. Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.
4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.
5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.
These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
2023-07-07 11:25:08 -06:00
|
|
|
# this is only here for debugging
|
|
|
|
|
@loggman.log_info("Decrypted sudo password: #{sudo_password}")
|
|
|
|
|
|
|
|
|
|
# Log the command
|
|
|
|
|
@loggman.log_info("Running command: #{command}")
|
|
|
|
|
|
Implement Secure Sudo Usage, Error Handling in NetworkingGenie Class, and Create New Sudo Methods in Utilities Module
This commit introduces substantial enhancements to both the NetworkingGenie class and the Utilities module, focusing on the secure usage of sudo permissions, improved error handling, and the creation of new sudo methods.
1. Secure Sudo Usage: The `use_sudo` method from the Utilities module is now integrated within the `find_main_interface`, `create_dummy_interface`, and `setup_traffic_mirroring` methods of the NetworkingGenie class. This method ensures that commands requiring sudo permissions are executed securely. It achieves this by encrypting the sudo password, using it for the required command, and then immediately clearing it from memory. This approach significantly enhances the security of operations that require elevated permissions.
2. New Sudo Methods in Utilities Module: This commit introduces several new methods in the Utilities module to handle sudo operations securely. The `ask_for_sudo`, `test_sudo`, `deescalate_sudo`, and `use_sudo` methods have been created. These methods handle the secure acquisition, testing, de-escalation, and usage of sudo permissions, respectively. They ensure that sudo operations are performed securely and efficiently, with the sudo password being encrypted and cleared from memory immediately after use.
3. Improved Error Handling: The error handling within the `setup_traffic_mirroring` method has been refined. Now, when an exception is raised during the execution of a command, the error message is not only logged using the LoggMan logger but also an alert is enqueued into the AlertQueueManager. This dual approach ensures that errors are properly logged for debugging purposes and also communicated to the user in real-time.
4. AlertQueueManager Integration: The `initialize` method of NetworkingGenie has been updated to accept an `alert_queue_manager` parameter. This allows the NetworkingGenie class to enqueue alerts directly into the AlertQueueManager, thereby improving the communication of errors and important information to the user.
5. Dummy Interface Creation: The `create_dummy_interface` method now checks if the dummy interface already exists before attempting to create it. This prevents unnecessary system calls and potential errors.
These modifications significantly contribute to the overall security and reliability of the NETRAVE system. They ensure that network setup and traffic mirroring operations are performed securely and efficiently, with clear and immediate communication of any issues that may occur.
2023-07-05 17:40:03 -06:00
|
|
|
# Use the sudo password to run the command
|
Enhancements to Command Execution and Logging Mechanisms
This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.
1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.
2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.
3. Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.
4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.
5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.
These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
2023-07-07 11:25:08 -06:00
|
|
|
exit_status = nil
|
|
|
|
|
begin
|
|
|
|
|
Timeout.timeout(60) do
|
|
|
|
|
PTY.spawn("sudo -S #{command} 2>&1") do |r, w, pid|
|
|
|
|
|
w.sync = true
|
|
|
|
|
r.expect(/password/) { w.puts sudo_password }
|
|
|
|
|
while IO.select([r], nil, nil, 0.1)
|
|
|
|
|
output = r.read_nonblock(1000)
|
|
|
|
|
output.each_line { |line| @loggman.log_info("Command output: #{line.strip}") }
|
|
|
|
|
end
|
|
|
|
|
begin
|
|
|
|
|
Process.wait(pid)
|
|
|
|
|
exit_status = $CHILD_STATUS.exitstatus
|
|
|
|
|
ensure
|
|
|
|
|
# Clear the sudo password from memory
|
|
|
|
|
sudo_password.replace(' ' * sudo_password.length)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
rescue Timeout::Error
|
|
|
|
|
@loggman.log_error("Command '#{command}' timed out")
|
|
|
|
|
rescue Errno::EIO
|
|
|
|
|
# This error is expected when the process has finished
|
|
|
|
|
end
|
Implement Secure Sudo Usage, Error Handling in NetworkingGenie Class, and Create New Sudo Methods in Utilities Module
This commit introduces substantial enhancements to both the NetworkingGenie class and the Utilities module, focusing on the secure usage of sudo permissions, improved error handling, and the creation of new sudo methods.
1. Secure Sudo Usage: The `use_sudo` method from the Utilities module is now integrated within the `find_main_interface`, `create_dummy_interface`, and `setup_traffic_mirroring` methods of the NetworkingGenie class. This method ensures that commands requiring sudo permissions are executed securely. It achieves this by encrypting the sudo password, using it for the required command, and then immediately clearing it from memory. This approach significantly enhances the security of operations that require elevated permissions.
2. New Sudo Methods in Utilities Module: This commit introduces several new methods in the Utilities module to handle sudo operations securely. The `ask_for_sudo`, `test_sudo`, `deescalate_sudo`, and `use_sudo` methods have been created. These methods handle the secure acquisition, testing, de-escalation, and usage of sudo permissions, respectively. They ensure that sudo operations are performed securely and efficiently, with the sudo password being encrypted and cleared from memory immediately after use.
3. Improved Error Handling: The error handling within the `setup_traffic_mirroring` method has been refined. Now, when an exception is raised during the execution of a command, the error message is not only logged using the LoggMan logger but also an alert is enqueued into the AlertQueueManager. This dual approach ensures that errors are properly logged for debugging purposes and also communicated to the user in real-time.
4. AlertQueueManager Integration: The `initialize` method of NetworkingGenie has been updated to accept an `alert_queue_manager` parameter. This allows the NetworkingGenie class to enqueue alerts directly into the AlertQueueManager, thereby improving the communication of errors and important information to the user.
5. Dummy Interface Creation: The `create_dummy_interface` method now checks if the dummy interface already exists before attempting to create it. This prevents unnecessary system calls and potential errors.
These modifications significantly contribute to the overall security and reliability of the NETRAVE system. They ensure that network setup and traffic mirroring operations are performed securely and efficiently, with clear and immediate communication of any issues that may occur.
2023-07-05 17:40:03 -06:00
|
|
|
|
Enhancements to Command Execution and Logging Mechanisms
This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.
1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.
2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.
3. Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.
4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.
5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.
These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
2023-07-07 11:25:08 -06:00
|
|
|
if exit_status&.zero?
|
|
|
|
|
@loggman.log_info("Command '#{command}' completed successfully")
|
|
|
|
|
else
|
|
|
|
|
@loggman.log_error("Command '#{command}' failed with exit status #{exit_status}")
|
|
|
|
|
end
|
Implement Secure Sudo Usage, Error Handling in NetworkingGenie Class, and Create New Sudo Methods in Utilities Module
This commit introduces substantial enhancements to both the NetworkingGenie class and the Utilities module, focusing on the secure usage of sudo permissions, improved error handling, and the creation of new sudo methods.
1. Secure Sudo Usage: The `use_sudo` method from the Utilities module is now integrated within the `find_main_interface`, `create_dummy_interface`, and `setup_traffic_mirroring` methods of the NetworkingGenie class. This method ensures that commands requiring sudo permissions are executed securely. It achieves this by encrypting the sudo password, using it for the required command, and then immediately clearing it from memory. This approach significantly enhances the security of operations that require elevated permissions.
2. New Sudo Methods in Utilities Module: This commit introduces several new methods in the Utilities module to handle sudo operations securely. The `ask_for_sudo`, `test_sudo`, `deescalate_sudo`, and `use_sudo` methods have been created. These methods handle the secure acquisition, testing, de-escalation, and usage of sudo permissions, respectively. They ensure that sudo operations are performed securely and efficiently, with the sudo password being encrypted and cleared from memory immediately after use.
3. Improved Error Handling: The error handling within the `setup_traffic_mirroring` method has been refined. Now, when an exception is raised during the execution of a command, the error message is not only logged using the LoggMan logger but also an alert is enqueued into the AlertQueueManager. This dual approach ensures that errors are properly logged for debugging purposes and also communicated to the user in real-time.
4. AlertQueueManager Integration: The `initialize` method of NetworkingGenie has been updated to accept an `alert_queue_manager` parameter. This allows the NetworkingGenie class to enqueue alerts directly into the AlertQueueManager, thereby improving the communication of errors and important information to the user.
5. Dummy Interface Creation: The `create_dummy_interface` method now checks if the dummy interface already exists before attempting to create it. This prevents unnecessary system calls and potential errors.
These modifications significantly contribute to the overall security and reliability of the NETRAVE system. They ensure that network setup and traffic mirroring operations are performed securely and efficiently, with clear and immediate communication of any issues that may occur.
2023-07-05 17:40:03 -06:00
|
|
|
|
Enhancements to Command Execution and Logging Mechanisms
This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.
1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.
2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.
3. Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.
4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.
5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.
These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
2023-07-07 11:25:08 -06:00
|
|
|
exit_status
|
Implement Secure Sudo Usage, Error Handling in NetworkingGenie Class, and Create New Sudo Methods in Utilities Module
This commit introduces substantial enhancements to both the NetworkingGenie class and the Utilities module, focusing on the secure usage of sudo permissions, improved error handling, and the creation of new sudo methods.
1. Secure Sudo Usage: The `use_sudo` method from the Utilities module is now integrated within the `find_main_interface`, `create_dummy_interface`, and `setup_traffic_mirroring` methods of the NetworkingGenie class. This method ensures that commands requiring sudo permissions are executed securely. It achieves this by encrypting the sudo password, using it for the required command, and then immediately clearing it from memory. This approach significantly enhances the security of operations that require elevated permissions.
2. New Sudo Methods in Utilities Module: This commit introduces several new methods in the Utilities module to handle sudo operations securely. The `ask_for_sudo`, `test_sudo`, `deescalate_sudo`, and `use_sudo` methods have been created. These methods handle the secure acquisition, testing, de-escalation, and usage of sudo permissions, respectively. They ensure that sudo operations are performed securely and efficiently, with the sudo password being encrypted and cleared from memory immediately after use.
3. Improved Error Handling: The error handling within the `setup_traffic_mirroring` method has been refined. Now, when an exception is raised during the execution of a command, the error message is not only logged using the LoggMan logger but also an alert is enqueued into the AlertQueueManager. This dual approach ensures that errors are properly logged for debugging purposes and also communicated to the user in real-time.
4. AlertQueueManager Integration: The `initialize` method of NetworkingGenie has been updated to accept an `alert_queue_manager` parameter. This allows the NetworkingGenie class to enqueue alerts directly into the AlertQueueManager, thereby improving the communication of errors and important information to the user.
5. Dummy Interface Creation: The `create_dummy_interface` method now checks if the dummy interface already exists before attempting to create it. This prevents unnecessary system calls and potential errors.
These modifications significantly contribute to the overall security and reliability of the NETRAVE system. They ensure that network setup and traffic mirroring operations are performed securely and efficiently, with clear and immediate communication of any issues that may occur.
2023-07-05 17:40:03 -06:00
|
|
|
end
|
2023-06-09 19:39:54 -06:00
|
|
|
end
|