Enhancements to Command Execution and Logging Mechanisms

This commit introduces several significant enhancements to the way commands are executed and logged in the application. The changes are primarily focused on improving the robustness, reliability, and transparency of the command execution process, as well as enhancing the quality and usefulness of the log output.

   1. Command Execution Enhancements: The use_sudo method has been refactored to handle commands that do not return any output. Previously, the method was designed to capture and return the output of the command being executed. However, some commands (such as modprobe) do not return any output, which caused issues with the previous implementation. The method now checks the exit status of the command to determine whether it was successful or not, and returns a success or failure message accordingly. This change improves the robustness of the command execution process and ensures that it can handle a wider range of commands.

   2. Error Handling Improvements: The use_sudo method now includes more comprehensive error handling. If a command fails to execute within a specified timeout period, an error message is logged and the method returns a failure message. Additionally, if a command fails to execute for any other reason, the method logs the error and returns a failure message with the command's exit status. These changes make it easier to identify and troubleshoot issues with command execution.

   3.  Logging Enhancements: The logging mechanism has been enhanced to provide more detailed and useful information. The use_sudo method now logs the command being executed and its outcome (success or failure). If a command fails, the method logs the command's exit status. These changes improve the transparency of the command execution process and make it easier to identify and troubleshoot issues.

   4. Code Refactoring: Several methods have been refactored for improved readability and maintainability. The use_sudo method has been refactored to reduce its complexity and improve its readability. The first_run_setup method has been refactored to ensure that the main interface name and the dummy interface name are properly passed to the setup_traffic_mirroring method.

   5. Bug Fixes: A bug in the create_dummy_interface method that caused it to return an array of Alert objects instead of the dummy interface name has been fixed. The method now correctly returns the dummy interface name.

These changes represent a significant improvement to the command execution and logging mechanisms in the application, and lay the groundwork for further enhancements in the future.
This commit is contained in:
VetheonGames 2023-07-07 11:25:08 -06:00
parent 762387fb1a
commit 54d348c99f
8 changed files with 246 additions and 129 deletions

View File

@ -15,76 +15,88 @@ include Utilities # rubocop:disable Style/MixinUsage
# binding.b(do: 'irb')
@loggman = LoggMan.new
# Create .env file if it doesn't exist
File.open('.env', 'w') {} unless File.exist?('.env')
begin
# Create .env file if it doesn't exist
File.open('.env', 'w') {} unless File.exist?('.env')
# Load environment variables from .env file
Dotenv.load
# Initialize AlertQueueManager, RingBuffer, and AlertManager
@alert_queue_manager = AlertQueueManager.new(@loggman)
# Initialize DatabaseManager
db_manager = DatabaseManager.new(@loggman, @alert_queue_manager)
# Get database details from environment variables
db_details = {
username: ENV['DB_USERNAME'],
password: ENV['DB_PASSWORD'],
key: ENV['DB_SECRET_KEY'],
database: ENV['DB_DATABASE']
}
# Decrypt password
dec_pass = decrypt_string_chacha20(db_details[:password], db_details[:key])
# If any of the necessary details are missing, run the first run setup
if db_details.values.any?(&:nil?)
@loggman.log_warn('Missing or incomplete configuration. Running first run setup.')
first_run_init = FirstRunInit.new(@loggman, @alert_queue_manager, db_manager)
first_run_init.run
# Reload environment variables after first run setup
# Load environment variables from .env file
Dotenv.load
# Initialize AlertQueueManager, RingBuffer, and AlertManager
@alert_queue_manager = AlertQueueManager.new(@loggman)
# Initialize DatabaseManager
db_manager = DatabaseManager.new(@loggman, @alert_queue_manager)
# Get database details from environment variables
db_details = {
username: ENV['DB_USERNAME'],
password: ENV['DB_PASSWORD'],
key: ENV['DB_SECRET_KEY'],
database: ENV['DB_DATABASE']
}
# Decrypt password again after potentially updating config
# Decrypt password
dec_pass = decrypt_string_chacha20(db_details[:password], db_details[:key])
# If any of the necessary details are missing, run the first run setup
if db_details.values.any?(&:nil?)
@loggman.log_warn('Missing or incomplete configuration. Running first run setup.')
first_run_init = FirstRunInit.new(@loggman, @alert_queue_manager, db_manager)
first_run_init.run
# Reload environment variables after first run setup
Dotenv.load
db_details = {
username: ENV['DB_USERNAME'],
password: ENV['DB_PASSWORD'],
key: ENV['DB_SECRET_KEY'],
database: ENV['DB_DATABASE']
}
# Decrypt password again after potentially updating config
dec_pass = decrypt_string_chacha20(db_details[:password], db_details[:key])
end
# Test connection
unless db_manager.test_db_connection(db_details[:username], dec_pass, db_details[:database])
@loggman.log_warn('Failed to connect to the database with existing configuration. Please re-enter your details.')
first_run_init = FirstRunInit.new(@loggman, @alert_queue_manager, db_manager)
first_run_init.run
# Reload environment variables after potentially updating config
Dotenv.load
db_details = {
username: ENV['DB_USERNAME'],
password: ENV['DB_PASSWORD'],
key: ENV['DB_SECRET_KEY'],
database: ENV['DB_DATABASE']
}
# Decrypt password again after potentially updating config
dec_pass = decrypt_string_chacha20(db_details[:password], db_details[:key])
end
# Test connection again after potentially updating config
if db_manager.test_db_connection(db_details[:username], dec_pass, db_details[:database])
@loggman.log_info('Successfully connected to the database.')
else
@loggman.log_error('Failed to connect to the database. Please check your configuration.')
exit 1
end
@loggman.log_warn('Program successfully ran with no errors')
# TODO: Add the rest of application logic here
# End of the program
# wait for the alert_queue_manager to block before we exit.
@alert_queue_manager.shutdown
# Shush Rubocop. I know I shouldn't rescue an exception. I am just using it to log exceptions so the
# program doesn't crash silently
rescue Exception => e # rubocop:disable Lint/RescueException
# Log the exception
@loggman.log_error("An unhandled exception has occurred: #{e.class}: #{e.message}")
@loggman.log_error(e.backtrace.join("\n"))
# Re-raise the original exception
raise
end
# Test connection
unless db_manager.test_db_connection(db_details[:username], dec_pass, db_details[:database])
@loggman.log_warn('Failed to connect to the database with existing configuration. Please re-enter your details.')
first_run_init = FirstRunInit.new(@loggman, @alert_queue_manager, db_manager)
first_run_init.run
# Reload environment variables after potentially updating config
Dotenv.load
db_details = {
username: ENV['DB_USERNAME'],
password: ENV['DB_PASSWORD'],
key: ENV['DB_SECRET_KEY'],
database: ENV['DB_DATABASE']
}
# Decrypt password again after potentially updating config
dec_pass = decrypt_string_chacha20(db_details[:password], db_details[:key])
end
# Test connection again after potentially updating config
if db_manager.test_db_connection(db_details[:username], dec_pass, db_details[:database])
@loggman.log_info('Successfully connected to the database.')
else
@loggman.log_error('Failed to connect to the database. Please check your configuration.')
exit 1
end
@loggman.log_warn('Program successfully ran with no errors')
# TODO: Add the rest of application logic here
# End of the program
# wait for the alert_queue_manager to block before we exit.
@alert_queue_manager.shutdown

View File

@ -38,5 +38,3 @@ gem 'flay', '~> 2.13'
gem 'pcaprub', '~> 0.13.1'
gem 'packetfu', '~> 2.0'
gem 'sudo', '~> 0.2.0'

View File

@ -2,18 +2,18 @@ GEM
remote: https://rubygems.org/
specs:
ast (2.4.2)
atk (4.1.7)
glib2 (= 4.1.7)
atk (4.1.8)
glib2 (= 4.1.8)
backport (1.2.0)
base64 (0.1.1)
benchmark (0.2.1)
cairo (1.17.8)
cairo (1.17.12)
native-package-installer (>= 1.0.3)
pkg-config (>= 1.2.2)
red-colors
cairo-gobject (4.1.7)
cairo-gobject (4.1.8)
cairo (>= 1.16.2)
glib2 (= 4.1.7)
glib2 (= 4.1.8)
console (1.17.2)
fiber-annotation
fiber-local
@ -32,23 +32,23 @@ GEM
path_expander (~> 1.0)
ruby_parser (~> 3.0)
sexp_processor (~> 4.0)
gdk3 (4.1.7)
cairo-gobject (= 4.1.7)
gdk_pixbuf2 (= 4.1.7)
pango (= 4.1.7)
gdk_pixbuf2 (4.1.7)
gio2 (= 4.1.7)
gio2 (4.1.7)
gdk3 (4.1.8)
cairo-gobject (= 4.1.8)
gdk_pixbuf2 (= 4.1.8)
pango (= 4.1.8)
gdk_pixbuf2 (4.1.8)
gio2 (= 4.1.8)
gio2 (4.1.8)
fiddle
gobject-introspection (= 4.1.7)
glib2 (4.1.7)
gobject-introspection (= 4.1.8)
glib2 (4.1.8)
native-package-installer (>= 1.0.3)
pkg-config (>= 1.3.5)
gobject-introspection (4.1.7)
glib2 (= 4.1.7)
gtk3 (4.1.7)
atk (= 4.1.7)
gdk3 (= 4.1.7)
gobject-introspection (4.1.8)
glib2 (= 4.1.8)
gtk3 (4.1.8)
atk (= 4.1.8)
gdk3 (= 4.1.8)
jaro_winkler (1.5.6)
json (2.6.3)
kramdown (2.4.0)
@ -56,25 +56,26 @@ GEM
kramdown-parser-gfm (1.1.0)
kramdown (~> 2.0)
kwalify (0.7.2)
language_server-protocol (3.17.0.3)
matrix (0.4.2)
mysql2 (0.5.5)
native-package-installer (1.1.5)
nokogiri (1.15.2-x86_64-linux)
native-package-installer (1.1.8)
nokogiri (1.15.3-x86_64-linux)
racc (~> 1.4)
openssl (3.1.0)
packetfu (2.0.0)
pcaprub (~> 0.13.1)
pango (4.1.7)
cairo-gobject (= 4.1.7)
gobject-introspection (= 4.1.7)
pango (4.1.8)
cairo-gobject (= 4.1.8)
gobject-introspection (= 4.1.8)
parallel (1.23.0)
parser (3.2.2.3)
ast (~> 2.4.1)
racc
path_expander (1.1.1)
pcaprub (0.13.1)
pkg-config (1.5.1)
racc (1.7.0)
pkg-config (1.5.2)
racc (1.7.1)
rainbow (3.1.1)
rbs (2.8.4)
red-colors (0.3.0)
@ -83,14 +84,15 @@ GEM
kwalify (~> 0.7.0)
parser (~> 3.2.0)
rainbow (>= 2.0, < 4.0)
regexp_parser (2.8.0)
regexp_parser (2.8.1)
reverse_markdown (2.1.1)
nokogiri
rexml (3.2.5)
rubocop (1.52.0)
rubocop (1.54.1)
json (~> 2.3)
language_server-protocol (>= 3.17.0)
parallel (~> 1.10)
parser (>= 3.2.0.0)
parser (>= 3.2.2.3)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 1.8, < 3.0)
rexml (>= 3.2.5, < 4.0)
@ -103,7 +105,7 @@ GEM
ruby_parser (3.20.2)
sexp_processor (~> 4.16)
securerandom (0.2.2)
sequel (5.69.0)
sequel (5.70.0)
sexp_processor (4.17.0)
solargraph (0.49.0)
backport (~> 1.2)
@ -121,7 +123,6 @@ GEM
thor (~> 1.0)
tilt (~> 2.0)
yard (~> 0.9, >= 0.9.24)
sudo (0.2.0)
thor (1.2.2)
tilt (2.2.0)
tracer (0.2.2)
@ -149,7 +150,6 @@ DEPENDENCIES
securerandom (~> 0.2.2)
sequel (~> 5.69)
solargraph (~> 0.49.0)
sudo (~> 0.2.0)
tracer (~> 0.2.2)
yaml (~> 0.2.1)

View File

@ -1,6 +1,6 @@
# frozen_string_literal: true
require_relative 'alert'
require_relative 'alert_manager'
require_relative 'logg_man'
# Class for managing the queue of alerts. This class also manages a little bit of concurrency

View File

@ -7,6 +7,7 @@ require_relative 'database_manager'
require_relative 'system_information_gather'
require_relative 'utilities'
require_relative 'alert_manager'
require_relative 'networking_genie'
# first run class
class FirstRunInit
@ -25,18 +26,18 @@ class FirstRunInit
first_run_setup
end
def first_run_setup # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
db_details = ask_for_db_details
def first_run_setup # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
ask_for_db_details
dec_pass = decrypt_string_chacha20(ENV['DB_PASSWORD'], ENV['DB_SECRET_KEY'])
connection_established = @db_manager.test_db_connection(ENV['DB_USERNAME'], dec_pass.to_s, ENV['DB_DATABASE'])
enc_pass = ENV['DB_PASSWORD']
enc_key = ENV['DB_SECRET_KEY']
dec_pass = decrypt_string_chacha20(enc_pass, enc_key)
until @db_manager.test_db_connection(ENV['DB_USERNAME'], dec_pass.to_s, ENV['DB_DATABASE'])
until connection_established
Curses.setpos(4, 0)
Curses.addstr("Whoops! We couldn't connect to the database with the details you provided. Please try again!")
alert = Alert.new("We couldn't connect to the database with the details you provided Please try again!", :warning)
@alert_queue_manager.enqueue_alert(alert)
Curses.refresh
new_db_details = ask_for_db_details
db_details.merge!(new_db_details) # Update db_details with new details
ask_for_db_details
connection_established = @db_manager.test_db_connection(ENV['DB_USERNAME'], dec_pass.to_s, ENV['DB_DATABASE'])
end
@db_manager.create_system_info_table
@ -55,6 +56,15 @@ class FirstRunInit
@db_manager.store_system_info(system_info)
@db_manager.store_services(services)
# ask for sudo permissions to setup the networking stuff we need
ask_for_sudo(@loggman)
# Set up networking
networking_genie = NetworkingGenie.new(@loggman, @alert_queue_manager)
main_interface = networking_genie.find_main_interface
dummy_interface = networking_genie.create_dummy_interface('netrave0')
networking_genie.setup_traffic_mirroring(main_interface, dummy_interface)
end
def ask_for_db_details # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
@ -64,8 +74,6 @@ class FirstRunInit
Curses.setpos(1, 0)
Curses.addstr('Please enter your database username: ')
Curses.refresh
alert = Alert.new('This is a test alert', :error)
@alert_queue_manager.enqueue_alert(alert)
username = DCI.catch_input(true)
@loggman.log_info('Database Username entered!')

View File

@ -3,9 +3,20 @@
require 'logger'
# LoggMan class for handling logs
# Yes I am aware that this is a strange thing to do, wrap the stdlib Logger like this...
# I like to call my logger with LoggMan, don't judge me.
class LoggMan
def initialize
@logger = Logger.new('netrave.log')
@logger.formatter = proc do |severity, datetime, _progname, msg|
date_format = datetime.strftime('%Y-%m-%d %H:%M:%S')
if msg.is_a?(Exception)
backtrace = msg.backtrace.map { |line| "\n\t#{line}" }.join
"[#{severity}] (#{date_format}) #{msg.message} (#{msg.class})#{backtrace}"
else
"[#{severity}] (#{date_format}) #{msg}\n"
end
end
end
def log_info(message)

View File

@ -3,12 +3,13 @@
require 'English'
require 'socket'
require_relative 'logg_man'
require_relative 'alert'
require_relative 'alert_queue_manager'
require_relative 'alert_manager'
# The class for setting up all the necessary system networking stuff for NETRAVE to work with without
# interferring with the rest of the system
class NetworkingGenie
attr_accessor :main_interface, :dummy_interface
include Utilities
def initialize(logger, alert_queue_manager)
@ -17,12 +18,16 @@ class NetworkingGenie
end
def find_main_interface # rubocop:disable Metrics/MethodLength
alert = Alert.new('Identifying the main network interface...', :info)
@alert_queue_manager.enqueue_alert(alert)
@loggman.log_info('Identifying main network interface...')
route_info = `routel`.split("\n")
default_route = route_info.find { |line| line.include?('default') }
if default_route
main_interface = default_route.split.last
@loggman.log_info("Main network interface identified: #{main_interface}")
@loggman.log_info("Main network interface identified as: #{main_interface}")
alert = Alert.new("Main network interface identified as: #{main_interface}", :info)
@alert_queue_manager.enqueue_alert(alert)
main_interface
else
@loggman.log_error('Failed to identify main network interface.')
@ -33,7 +38,9 @@ class NetworkingGenie
nil
end
def create_dummy_interface(interface_name = 'dummy0')
def create_dummy_interface(interface_name = 'netrave0') # rubocop:disable Metrics/MethodLength
alert = Alert.new('Creating the NETRAVE dummy interface...', :info)
@alert_queue_manager.enqueue_alert(alert)
# Check if the dummy module is loaded
use_sudo('modprobe dummy')
@ -41,7 +48,7 @@ class NetworkingGenie
if `ip link show #{interface_name}`.empty?
# Create the dummy interface
use_sudo("ip link add #{interface_name} type dummy")
@dummy_interface = interface_name
# Set the interface up
use_sudo("ip link set #{interface_name} up")
else
@ -49,14 +56,17 @@ class NetworkingGenie
alert = Alert.new("Interface #{interface_name} already exists.", :info)
@alert_queue_manager.enqueue_alert(alert)
end
# Return the name of the dummy interface
interface_name
end
def setup_traffic_mirroring(main_interface, dummy_interface) # rubocop:disable Metrics/MethodLength
commands = [
"tc qdisc del dev #{main_interface} ingress",
"tc qdisc add dev #{main_interface} handle ffff: ingress",
"tc filter add dev #{main_interface} parent ffff: u32 match
u32 0 0 action mirred egress mirror dev #{dummy_interface}"
"tc filter add dev #{main_interface} parent ffff: u32 match " \
"u32 0 0 action mirred egress mirror dev #{dummy_interface}"
]
begin

View File

@ -1,13 +1,15 @@
# frozen_string_literal: true
require 'English'
require 'securerandom'
require 'digest'
require 'base64'
require 'openssl'
require 'sudo'
require 'pty'
require 'expect'
# Utiltiies Module
module Utilities
module Utilities # rubocop:disable Metrics/ModuleLength
# Converts speed from Gbps to Mbps if necessary
def convert_speed_to_mbps(speed)
return nil unless speed.is_a?(String) && speed.downcase.match?(/\A\d+(gbps|mbps)\z/i)
@ -75,17 +77,53 @@ module Utilities
nil
end
def ask_for_sudo(logger)
def ask_for_sudo(logger) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
@loggman = logger
@loggman.log_info('Asking for sudo password... (This log entry will be removed)')
Curses.addstr('Please enter your sudo password: ')
@loggman.log_info('Asking for sudo and explaining why...')
lines = [
'We require sudo permissions to complete certain steps.',
'Granting a program sudo access is a significant decision.',
'We treat your sudo password with the utmost care.',
'We handle it "As a Bomb".',
'',
'As soon as we receive your sudo password, it is encrypted.',
'The unencrypted password is then wiped from the system.',
'This includes the sudo cache.',
'When we need to use your sudo password, we decrypt it.',
'We use it, and then immediately wipe it again.',
'We only ever store the encrypted version of your password.',
'We delete even that as soon as we finish the operations.',
'However, even with these precautions, there is always a risk.',
'If an attacker were to gain access to this program,',
'they could potentially decrypt your password.',
'Therefore, you should only enter your sudo password',
'if you fully understand and accept these risks.',
'',
'',
'Please enter your sudo password ONLY if you understand',
'and accept the risks described above: '
]
Curses.clear
lines.each_with_index do |line, index|
Curses.setpos(index, 0) # Move the cursor to the beginning of the next line
Curses.addstr(line)
end
# use the dynamic curses input gem in secure mode to collect the sudo password
sudo_password = DCI.catch_input(false)
@loggman.log_info('Sudo password received. (This log entry will be removed)')
@loggman.log_info("Entered sudo password: #{sudo_password}")
# Generate a new secret key
key = SecureRandom.random_bytes(32) # generates a random string of 32 bytes
# encode the key for storage
@secret_key = Base64.encode64(key)
# Encrypt the sudo password right away and store it in an environment variable
encrypted_sudo_password = encrypt_string_chacha20(sudo_password, @secret_key)
@loggman.log_info("Encrypted sudo password: #{encrypted_sudo_password}")
ENV['SPW'] = encrypted_sudo_password
ENV['SDSECRET_KEY'] = @secret_key
# Clear the unencrypted sudo password from memory
sudo_password.replace(' ' * sudo_password.length)
@ -96,7 +134,7 @@ module Utilities
use_sudo('ls')
true
rescue Sudo::Wrapper::InvalidPassword
rescue PTY::ChildExited
false
end
@ -104,32 +142,72 @@ module Utilities
# Retrieve the encrypted sudo password from the environment variable
encrypted_sudo_password = ENV['SPW']
# Retrieve the secret key from the environment variable
@secret_key = ENV['SDSECRET_KEY']
# Decrypt the sudo password
sudo_password = decrypt_string_chacha20(encrypted_sudo_password, @secret_key)
# Invalidate the user's cached credentials
Sudo::Wrapper.run('sudo -k', password: sudo_password)
PTY.spawn('sudo -S -k') do |r, w, _pid|
w.sync = true
r.expect(/password/) { w.puts sudo_password }
end
# Clear the sudo password from memory
sudo_password.replace(' ' * sudo_password.length)
# Remove the encrypted sudo password from the environment variables
# Remove the encrypted sudo password and the secret key from the environment variables
ENV.delete('SPW')
ENV.delete('SECRET_KEY')
end
def use_sudo(command)
def use_sudo(command) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
@secret_key = ENV['SDSECRET_KEY']
# Retrieve the encrypted sudo password from the environment variable
encrypted_sudo_password = ENV['SPW']
# Decrypt the sudo password
sudo_password = decrypt_string_chacha20(encrypted_sudo_password, @secret_key)
# this is only here for debugging
@loggman.log_info("Decrypted sudo password: #{sudo_password}")
# Log the command
@loggman.log_info("Running command: #{command}")
# Use the sudo password to run the command
result = Sudo::Wrapper.run(command, password: sudo_password)
exit_status = nil
begin
Timeout.timeout(60) do
PTY.spawn("sudo -S #{command} 2>&1") do |r, w, pid|
w.sync = true
r.expect(/password/) { w.puts sudo_password }
while IO.select([r], nil, nil, 0.1)
output = r.read_nonblock(1000)
output.each_line { |line| @loggman.log_info("Command output: #{line.strip}") }
end
begin
Process.wait(pid)
exit_status = $CHILD_STATUS.exitstatus
ensure
# Clear the sudo password from memory
sudo_password.replace(' ' * sudo_password.length)
end
end
end
rescue Timeout::Error
@loggman.log_error("Command '#{command}' timed out")
rescue Errno::EIO
# This error is expected when the process has finished
end
# Clear the sudo password from memory
sudo_password.replace(' ' * sudo_password.length)
if exit_status&.zero?
@loggman.log_info("Command '#{command}' completed successfully")
else
@loggman.log_error("Command '#{command}' failed with exit status #{exit_status}")
end
result
exit_status
end
end