From da4c77d51f971e6abe838db76d55c7fc4c103d5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20Lindh=C3=A9?= Date: Tue, 31 Oct 2017 13:50:36 +0100 Subject: Repo cleanup --- script/investigate.sh | 8 ++++---- script/livegraph.sh | 6 +++--- script/measure-packets.sh | 23 +++++++++++------------ script/modbus.bro | 42 +++++++++++++++++++++--------------------- script/pasad-parsed.bro | 28 ++++++++++++++-------------- script/pasad-simple.bro | 16 ++++++++-------- script/run-midbro.sh | 4 ++-- 7 files changed, 63 insertions(+), 64 deletions(-) (limited to 'script') diff --git a/script/investigate.sh b/script/investigate.sh index 9f67949..ced1449 100755 --- a/script/investigate.sh +++ b/script/investigate.sh @@ -6,7 +6,7 @@ then echo "and stores both the data and a plot in the current directory." echo echo "Usage: $0 DUMP IP ADDR" - echo "Example: $0 packets_00014_20161128135616.cap 192.168.215.66 64" + echo "Example: $0 livedata.cap 192.168.0.53 64" exit fi @@ -21,9 +21,9 @@ FILTER_MACHINE=$2 FILTER_REGISTER=$3 BRODIR=$(realpath "$(dirname "$0")/../..") -BROSCRIPT_BASE=${BRODIR}/broccoli/script/modbus.bro +BROSCRIPT_BASE=${BRODIR}/script/modbus.bro -TMPDIR=$(mktemp --tmpdir --directory pasad.XXXX) +TMPDIR=$(mktemp --tmpdir --directory midbro.XXXX) TMPDIR_BRO=${TMPDIR}/bro BROSCRIPT_MOD=${TMPDIR}/modbus.bro @@ -43,7 +43,7 @@ cd "${TMPDIR_BRO}" bro -r "${CAPTURE_FILE}" "${BROSCRIPT_MOD}" > /dev/null echo " * Extracting data ..." -tail -n +9 "${TMPDIR_BRO}/pasad-parsed.log" | cut -f 5 > "${OUTFILE_DAT}" +tail -n +9 "${TMPDIR_BRO}/midbro-parsed.log" | cut -f 5 > "${OUTFILE_DAT}" echo "${OUTFILE_DAT}" echo " * Generating graph ..." diff --git a/script/livegraph.sh b/script/livegraph.sh index 67111bc..54560af 100755 --- a/script/livegraph.sh +++ b/script/livegraph.sh @@ -2,7 +2,7 @@ if [[ $# -ne 1 ]] then - echo "Reads the sensor.dat and distance.dat from a running Pasad" + echo "Reads the sensor.dat and distance.dat" echo "instance and draws a graph from them." echo echo "Usage:" @@ -17,10 +17,10 @@ then fi function plot() { - scp -i /home/andreas/.ssh/pasadpi_rsa -P 8022 "${SCP_EXPR}/sensor.dat" "${SCP_EXPR}/distance.dat" . + scp -i /path/to/id_rsa -P 8022 "${SCP_EXPR}/sensor.dat" "${SCP_EXPR}/distance.dat" . tail -1000 sensor.dat > sensor-1000.dat tail -1000 distance.dat > distance-1000.dat - echo "set terminal png; set yrange [17000:17300]; set y2range [0:300]; set ytics nomirror; set y2tics nomirror; set title 'Midbro/PASAD demo'; set ylabel 'sensor value'; set y2label 'distance'; plot 'sensor-1000.dat' using 0:1 with line title 'sensor value', 'distance-1000.dat' using 0:1 axis x1y2 with line title 'distance'" | gnuplot > live-tmp.png + echo "set terminal png; set yrange [17000:17300]; set y2range [0:300]; set ytics nomirror; set y2tics nomirror; set title 'Midbro demo'; set ylabel 'sensor value'; set y2label 'distance'; plot 'sensor-1000.dat' using 0:1 with line title 'sensor value', 'distance-1000.dat' using 0:1 axis x1y2 with line title 'distance'" | gnuplot > live-tmp.png mv live-tmp.png live.png } diff --git a/script/measure-packets.sh b/script/measure-packets.sh index b3df4be..e401d12 100644 --- a/script/measure-packets.sh +++ b/script/measure-packets.sh @@ -11,7 +11,7 @@ function execute_command { # bash -c "$@" - ssh -i ~/.ssh/pasadpi_rsa pi@pasadpi2 "sudo bash -c '$@'" + ssh -i ~/.ssh/id_rsa pi@raspberry "sudo bash -c '$@'" } function measure_packets { @@ -20,14 +20,13 @@ function measure_packets { BRO_PID=$(execute_command "bro -i \"${BRO_INTERFACE}\" -C -b Log::default_writer=Log::WRITER_NONE \"${BRO_SCRIPT}\" > ${BRO_DIR}/bro-out.txt 2> ${BRO_DIR}/bro-err.txt & echo \$!") - PASAD_PID="" - if [[ -n "${PASAD}" ]] + IDS_PID="" + if [[ -n "${IDS}" ]] then - # We also want to execute a Pasad instance # Wait for Bro to be ready execute_command "tail -f ${BRO_DIR}/bro-err.txt | while read LOGLINE ; do [[ \"\${LOGLINE}\" == *\"listening on \"* ]] && pkill -P \$\$ tail ; done" - # Start Pasad - PASAD_PID=$(execute_command "${PASAD} > ${BRO_DIR}/pasad-out.txt 2> ${BRO_DIR}/pasad-err.txt & echo \$!") + # Start IDS + IDS_PID=$(execute_command "${IDS} > ${BRO_DIR}/ids-out.txt 2> ${BRO_DIR}/ids-err.txt & echo \$!") fi tcpreplay -i ${TCPREPLAY_INTERFACE} -M ${TCPREPLAY_SPEED} -L ${TCPREPLAY_COUNT} ${TCPREPLAY_DUMP} > /dev/null 2> /dev/null @@ -39,9 +38,9 @@ function measure_packets { PCPU=$(execute_command "ps -q ${BRO_PID} -o pcpu --no-headers") done - if [[ -n "${PASAD_PID}" ]] + if [[ -n "${IDS_PID}" ]] then - execute_command "kill -SIGINT \"${PASAD_PID}\"" + execute_command "kill -SIGINT \"${IDS_PID}\"" fi execute_command "kill -SIGINT \"${BRO_PID}\"" execute_command "while kill -0 ${BRO_PID} 2>/dev/null ; do sleep 0.1 ; done" @@ -55,13 +54,13 @@ then echo "received and handled by Bro." echo echo "Usage:" - echo " $0 SCRIPT BIFACE DUMP TIFACE [PASAD]" + echo " $0 SCRIPT BIFACE DUMP TIFACE" echo "Arguments:" echo " SCRIPT the Bro script to execute" echo " BIFACE the interface for Bro to listen on" echo " DUMP the network dump to replay" echo " TIFACE the interface for tcpreplay to replay to" - echo " PASAD the Pasad command to execute (optional)" + echo " IDS the IDS command to execute (optional)" exit 1 fi @@ -69,10 +68,10 @@ BRO_SCRIPT=$1 BRO_INTERFACE=$2 TCPREPLAY_DUMP=$3 TCPREPLAY_INTERFACE=$4 -PASAD="" +IDS="" if [[ $# -eq 5 ]] then - PASAD=$5 + IDS=$5 fi SPEEDS=(100 50 25) diff --git a/script/modbus.bro b/script/modbus.bro index d258de3..3bb5b9a 100644 --- a/script/modbus.bro +++ b/script/modbus.bro @@ -3,7 +3,7 @@ @load frameworks/communication/listen @load base/protocols/modbus -module Pasad; +module Midbro; redef Pcap::bufsize = 256; @@ -44,29 +44,29 @@ export { } redef record connection += { - pasad: Info &default=Info(); + midbro: Info &default=Info(); }; redef Communication::nodes += { - ["pasad"] = [$host = 127.0.0.1, $events = /pasad/, $connect=F, $ssl=F] + ["midbro"] = [$host = 127.0.0.1, $events = /midbro/, $connect=F, $ssl=F] }; ## CUSTOM EVENTS -event pasad_register_received(data: RegisterData) { - Log::write(Pasad::LOG, data); +event modbus_register_received(data: RegisterData) { + Log::write(Midbro::LOG, data); if(verbose) print fmt("Received address=%d, register=%d", data$address, data$register); } -event pasad_unmatched_response(tid: count) { +event modbus_unmatched_response(tid: count) { if(verbose) print fmt("Unmatched response: tid=%d", tid); } ## CUSTOM FUNCTIONS -function pasad_check_filter(ip: addr, start_address: count, quantity: count) : bool { +function modbus_check_filter(ip: addr, start_address: count, quantity: count) : bool { if (!enable_filtering) return T; if (ip != filter_ip_addr) @@ -79,7 +79,7 @@ function pasad_check_filter(ip: addr, start_address: count, quantity: count) : b return filter_mem_addr < start_address + quantity; } -function pasad_generate_event(transaction: Transaction, c: connection, +function midbro_generate_event(transaction: Transaction, c: connection, headers: ModbusHeaders, registers: ModbusRegisters, regtype: string, i: count) { local data = RegisterData( @@ -89,21 +89,21 @@ function pasad_generate_event(transaction: Transaction, c: connection, $address=transaction$start_address + i, $register=registers[i] ); - event pasad_register_received(data); + event modbus_register_received(data); } -function pasad_generate_events(transaction: Transaction, c: connection, +function midbro_generate_events(transaction: Transaction, c: connection, headers: ModbusHeaders, registers: ModbusRegisters, regtype: string) { # TODO: check registers size if (enable_filtering) { if(verbose) print fmt("%d %d %d", filter_mem_addr, transaction$start_address, transaction$quantity); - pasad_generate_event(transaction, c, headers, registers, regtype, + midbro_generate_event(transaction, c, headers, registers, regtype, filter_mem_addr - transaction$start_address); } else { local i = 0; while (i < transaction$quantity) { - pasad_generate_event(transaction, c, headers, registers, regtype, i); + midbro_generate_event(transaction, c, headers, registers, regtype, i); ++i; } } @@ -112,12 +112,12 @@ function pasad_generate_events(transaction: Transaction, c: connection, ## EVENT HANDLERS event bro_init() &priority=5 { - Log::create_stream(Pasad::LOG, [$columns=RegisterData, $path="pasad-parsed"]); + Log::create_stream(Midbro::LOG, [$columns=RegisterData, $path="midbro-parsed"]); } event modbus_read_holding_registers_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count) { - if (!pasad_check_filter(c$id$resp_h, start_address, quantity)) { + if (!midbro_check_filter(c$id$resp_h, start_address, quantity)) { if(verbose) print fmt("Filtered %s/%d/%d", c$id$resp_h, start_address, quantity); return; @@ -128,23 +128,23 @@ event modbus_read_holding_registers_request(c: connection, $start_address=start_address, $quantity=quantity ); - c$pasad$transactions[tid] = transaction; + c$midbro$transactions[tid] = transaction; } event modbus_read_holding_registers_response(c: connection, headers: ModbusHeaders, registers: ModbusRegisters) { - if (!pasad_check_filter(c$id$resp_h, 0, 0)) { + if (!midbro_check_filter(c$id$resp_h, 0, 0)) { if(verbose) print fmt("Filtered %s", c$id$resp_h); return; } local tid = headers$tid; - if (tid !in c$pasad$transactions) { - event pasad_unmatched_response(tid); + if (tid !in c$midbro$transactions) { + event midbro_unmatched_response(tid); return; } - local transaction = c$pasad$transactions[tid]; - delete c$pasad$transactions[tid]; - pasad_generate_events(transaction, c, headers, registers, "h"); + local transaction = c$midbro$transactions[tid]; + delete c$midbro$transactions[tid]; + midbro_generate_events(transaction, c, headers, registers, "h"); } diff --git a/script/pasad-parsed.bro b/script/pasad-parsed.bro index 88b1be1..33e4745 100644 --- a/script/pasad-parsed.bro +++ b/script/pasad-parsed.bro @@ -2,7 +2,7 @@ ## value. The correct register count is not checked and might lead to indexing ## errors. -module Pasad; +module Midbro; ## DATA STRUCTURES @@ -30,24 +30,24 @@ export { } redef record connection += { - pasad: Info &default=Info(); + midbro: Info &default=Info(); }; ## CUSTOM EVENTS -event pasad_entry(entry: Entry) +event midbro_entry(entry: Entry) { - Log::write(Pasad::LOG, entry); + Log::write(Midbro::LOG, entry); } -event pasad_unmatched(tid: count) +event midbro_unmatched(tid: count) { print fmt("Unmatched response: tid=%d", tid); } ## CUSTOM FUNCTIONS -function pasad_generate_events(transaction: Transaction, c: connection, headers: ModbusHeaders, registers: ModbusRegisters, regtype: string) +function midbro_generate_events(transaction: Transaction, c: connection, headers: ModbusHeaders, registers: ModbusRegisters, regtype: string) { # TODO: check registers size local i = 0; @@ -60,7 +60,7 @@ function pasad_generate_events(transaction: Transaction, c: connection, headers: $address=transaction$start_address + i, $register=registers[i] ); - event pasad_entry(entry); + event midbro_entry(entry); ++i; } } @@ -69,7 +69,7 @@ function pasad_generate_events(transaction: Transaction, c: connection, headers: event bro_init() &priority=5 { - Log::create_stream(Pasad::LOG, [$columns=Entry, $path="pasad-parsed"]); + Log::create_stream(Midbro::LOG, [$columns=Entry, $path="midbro-parsed"]); } event modbus_read_holding_registers_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count) @@ -79,18 +79,18 @@ event modbus_read_holding_registers_request(c: connection, headers: ModbusHeader $start_address=start_address, $quantity=quantity ); - c$pasad$transactions[tid] = transaction; + c$midbro$transactions[tid] = transaction; } event modbus_read_holding_registers_response(c: connection, headers: ModbusHeaders, registers: ModbusRegisters) { local tid = headers$tid; - if ( tid !in c$pasad$transactions ) + if ( tid !in c$midbro$transactions ) { - event pasad_unmatched(tid); + event midbro_unmatched(tid); return; } - local transaction = c$pasad$transactions[tid]; - delete c$pasad$transactions[tid]; - pasad_generate_events(transaction, c, headers, registers, "h"); + local transaction = c$midbro$transactions[tid]; + delete c$midbro$transactions[tid]; + midbro_generate_events(transaction, c, headers, registers, "h"); } diff --git a/script/pasad-simple.bro b/script/pasad-simple.bro index db3b4be..4a0505a 100644 --- a/script/pasad-simple.bro +++ b/script/pasad-simple.bro @@ -5,7 +5,7 @@ ## requests and responses are exchanged within the same connection. I am not ## sure whether this really holds. -module Pasad; +module Midbro; export { redef enum Log::ID += { LOG }; @@ -25,12 +25,12 @@ export { } redef record connection += { - pasad: Info &optional; + midbro: Info &optional; }; event bro_init() &priority=5 { - Log::create_stream(Pasad::LOG, [$columns=Info, $path="pasad-simple"]); + Log::create_stream(Midbro::LOG, [$columns=Info, $path="midbro-simple"]); } event modbus_read_holding_registers_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count) @@ -44,13 +44,13 @@ event modbus_read_holding_registers_request(c: connection, headers: ModbusHeader $ip_orig=c$id$orig_h, $ip_resp=c$id$resp_h ]; - c$pasad = rec; + c$midbro = rec; } event modbus_read_holding_registers_response(c: connection, headers: ModbusHeaders, registers: ModbusRegisters) { - c$pasad$tid_response = headers$tid; - c$pasad$ts_response = network_time(); - c$pasad$registers = registers; - Log::write(Pasad::LOG, c$pasad); + c$midbro$tid_response = headers$tid; + c$midbro$ts_response = network_time(); + c$midbro$registers = registers; + Log::write(Midbro::LOG, c$midbro); } diff --git a/script/run-midbro.sh b/script/run-midbro.sh index a9bb008..9d5d4b0 100644 --- a/script/run-midbro.sh +++ b/script/run-midbro.sh @@ -16,10 +16,10 @@ SCRIPT=$(realpath $2) BRODIR=$(realpath "$(dirname "$0")/../..") BROLOG=$(realpath bro.log) -MIDBRO=${BRODIR}/broccoli/bin/midbropasad +MIDBRO=${BRODIR}/bin/midbro MIDBROLOG=$(realpath midbro.log) -TMPDIR=$(mktemp --directory --tmpdir pasad.XXXX) +TMPDIR=$(mktemp --directory --tmpdir midbro.XXXX) echo "* Starting Bro in background ..." cd "${TMPDIR}" && sudo bro -i "${INTERFACE}" "${SCRIPT}" > ${BROLOG} 2>&1 & -- cgit v1.2.1