From 8b127f8fabbcdb338f317cf1098a934ecbad2ac0 Mon Sep 17 00:00:00 2001 From: iglocska Date: Tue, 30 Apr 2019 15:36:13 +0200 Subject: [PATCH] new: [yara] Added diagnostics --- .gitignore | 4 ++++ app/Controller/ServersController.php | 5 ++++- app/Model/Server.php | 7 +++++++ .../Elements/healthElements/diagnostics.ctp | 14 +++++++++++++ app/files/scripts/yaratest.py | 20 +++++++++++++++++++ 5 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 app/files/scripts/yaratest.py diff --git a/.gitignore b/.gitignore index a854af234..a96118a54 100755 --- a/.gitignore +++ b/.gitignore @@ -48,6 +48,10 @@ tools/mkdocs /app/files/scripts/mixbox/ /app/files/scripts/*.pyc /app/files/scripts/*.py~ +/app/files/scripts/__pycache__ +/app/files/scripts/yara/__pycache__ +/app/files/scripts/yara/*.pyc +/app/files/scripts/yara/*.py~ /app/files/scripts/mispzmq/* !/app/files/scripts/mispzmq/mispzmq.py !/app/files/scripts/mispzmq/mispzmqtest.py diff --git a/app/Controller/ServersController.php b/app/Controller/ServersController.php index 70bc5e127..9c0398dd2 100644 --- a/app/Controller/ServersController.php +++ b/app/Controller/ServersController.php @@ -878,6 +878,7 @@ class ServersController extends AppController $mixboxVersion = array(0 => __('Incorrect mixbox version installed, found $current, expecting $expected'), 1 => __('OK')); $maecVersion = array(0 => __('Incorrect maec version installed, found $current, expecting $expected'), 1 => __('OK')); $pymispVersion = array(0 => __('Incorrect PyMISP version installed, found $current, expecting $expected'), 1 => __('OK')); + $plyaraVersion = array(0 => __('Incorrect plyara version installed, found $current, expecting $expected'), 1 => __('OK')); $sessionErrors = array(0 => __('OK'), 1 => __('High'), 2 => __('Alternative setting used'), 3 => __('Test failed')); $moduleErrors = array(0 => __('OK'), 1 => __('System not enabled'), 2 => __('No modules found')); @@ -999,6 +1000,8 @@ class ServersController extends AppController // check if the STIX and Cybox libraries are working and the correct version using the test script stixtest.py $stix = $this->Server->stixDiagnostics($diagnostic_errors, $stixVersion, $cyboxVersion, $mixboxVersion, $maecVersion, $stix2Version, $pymispVersion); + $yaraStatus = $this->Server->yaraDiagnostics($diagnostic_errors); + // if GnuPG is set up in the settings, try to encrypt a test message $gpgStatus = $this->Server->gpgDiagnostics($diagnostic_errors); @@ -1018,7 +1021,7 @@ class ServersController extends AppController $sessionStatus = $this->Server->sessionDiagnostics($diagnostic_errors, $sessionCount); $this->set('sessionCount', $sessionCount); - $additionalViewVars = array('gpgStatus', 'sessionErrors', 'proxyStatus', 'sessionStatus', 'zmqStatus', 'stixVersion', 'cyboxVersion', 'mixboxVersion', 'maecVersion', 'stix2Version', 'pymispVersion', 'moduleStatus', 'gpgErrors', 'proxyErrors', 'zmqErrors', 'stixOperational', 'stix', 'moduleErrors', 'moduleTypes'); + $additionalViewVars = array('gpgStatus', 'sessionErrors', 'proxyStatus', 'sessionStatus', 'zmqStatus', 'stixVersion', 'cyboxVersion', 'mixboxVersion', 'maecVersion', 'stix2Version', 'pymispVersion', 'moduleStatus', 'yaraStatus', 'gpgErrors', 'proxyErrors', 'zmqErrors', 'stixOperational', 'stix', 'moduleErrors', 'moduleTypes'); } // check whether the files are writeable $writeableDirs = $this->Server->writeableDirsDiagnostics($diagnostic_errors); diff --git a/app/Model/Server.php b/app/Model/Server.php index bfb0f465a..25e83b7e3 100644 --- a/app/Model/Server.php +++ b/app/Model/Server.php @@ -4046,6 +4046,13 @@ class Server extends AppModel return $readableFiles; } + public function yaraDiagnostics(&$diagnostic_errors) + { + $scriptResult = shell_exec($this->getPythonVersion() . ' ' . APP . 'files' . DS . 'scripts' . DS . 'yaratest.py'); + $scriptResult = json_decode($scriptResult, true); + return array('operational' => $scriptResult['success'], 'plyara' => $scriptResult['plyara']); + } + public function stixDiagnostics(&$diagnostic_errors, &$stixVersion, &$cyboxVersion, &$mixboxVersion, &$maecVersion, &$stix2Version, &$pymispVersion) { $result = array(); diff --git a/app/View/Elements/healthElements/diagnostics.ctp b/app/View/Elements/healthElements/diagnostics.ctp index b50f7003c..a475b119e 100644 --- a/app/View/Elements/healthElements/diagnostics.ctp +++ b/app/View/Elements/healthElements/diagnostics.ctp @@ -253,6 +253,20 @@ } ?> +

+

+
+ ' . $message . ''; + ?> +
+

diff --git a/app/files/scripts/yaratest.py b/app/files/scripts/yaratest.py new file mode 100644 index 000000000..ab9968d75 --- /dev/null +++ b/app/files/scripts/yaratest.py @@ -0,0 +1,20 @@ +#!/usr/bin/env python3 + +import json +import sys +results = { + 'success': 1, + 'plyara': 0, +} +try: + import plyara + results['plyara'] = 1 +except Exception: + results['playara'] = 0 + results['success'] = 0 + +print(json.dumps({ + 'success': results['success'], + 'plyara': results['plyara'] +})) +sys.exit(0)