Documentation
¶
Index ¶
- func InitDB(ConnectionString string) (*gorp.DbMap, error)
- func InsertSession(db *gorp.DbMap, browserSession *BrowserSession) error
- func InsertUser(db *gorp.DbMap, user *User) error
- type BrowserSession
- type CatalogFile
- type CertificateTrustList
- type Customer
- type ExecutableFile
- type FileToCounterSignerMap
- type FileToSignerMap
- type FileToSystemMap
- type PasswordReset
- type ProcessEvent
- type Rule
- type RuleSet
- type Signer
- type System
- type SystemSet
- type Task
- type Updates
- type User
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func InsertSession ¶
func InsertSession(db *gorp.DbMap, browserSession *BrowserSession) error
InsertSession adds a broser session to the DB
Types ¶
type BrowserSession ¶
type BrowserSession struct {
ID int64 // TODO Need to use random, non-repeating numbers for the ID
NonceHash []byte // Random value to avoid session hijacking, since the session ID really should be at least 128-bits
UserID int64 // Ties this back to the user that logged in
CreationDate int64 // For expiration purposes
LastActive int64 // Need to keep track of this so we don't log the user out while they are doing something
IP []byte // Keep track of where this was originally logged in from
UserAgent []byte // Keep track of what browser was used to login with
}
BrowserSession keeps track of browser sessions where a user has logged in TODO ONEDAY I tried researching best practices regarding what to keep in the cookie, and what to store in the DB, and couldn't find anything. So I've taken a best guess here at what to do.
type CatalogFile ¶
type CatalogFile struct {
ID int64
// This data comes from the client
FilePath string
Sha256 []byte
Size int
FirstSeen int64 // Time first seen anywhere
UploadDate int64 // 0 if we don't have a copy
//
// Data inserted by worker
//
AnalysisDate int64 // 0 if we haven't analyzed it yet
SignerID int64
}
CatalogFile is catalog file that authenticates executables
type CertificateTrustList ¶
type CertificateTrustList struct {
CatalogID int64
Hash []byte
HashType string // sha1, md5, or sha256
FileID int64 // Will be 0 until a match is found
}
CertificateTrustList is a mapping that is extracted from catalog files of SignerID's to hashes. When a PE file or catalog comes around that causes a match, a FileToSignerMap update is made and the FileID here is updated.
type Customer ¶
type Customer struct {
ID int64 // Internal ID for the DB
UUID []byte // Customer ID the client knows
Active bool // In case we want to disable the customer
CreationDate int64
}
Customer is a collection of systems. Likely an entire business. When a new customer is creater
type ExecutableFile ¶
type ExecutableFile struct {
ID int64
//
// This data comes from the client
//
// File hashes
Md5 []byte
Sha1 []byte
Sha256 []byte
CodeSectionSha256 []byte // TODO
Size int // Size in bytes
IsSigned bool
FirstSeen int64 // Time first seen anywhere
ExecutionType int // 1 = exe, 2 = dll, 4 = sys
UploadDate int64 // 0 if we don't have a copy
//
// Data inserted by worker
//
AnalysisDate int64 // 0 if we haven't analyzed it yet
// Authenticode hashes
AuthenticodeMd5 []byte
AuthenticodeSha1 []byte
AuthenticodeSha256 []byte
// Resource info
CompanyName string
ProductVersion string
ProductName string
FileDescription string
InternalName string
FileVersion string
OriginalFilename string
Architecture int // TODO 32, 64, or 1 (arm)
}
ExecutableFile is an exe that became a process.
type FileToCounterSignerMap ¶
FileToCounterSignerMap I think a file can only be counter-signed once
type FileToSignerMap ¶
FileToSignerMap is for the one to many relationship of files to signers, as a file can be signed multiple times [one file] -> [many signers]
type FileToSystemMap ¶
type FileToSystemMap struct {
FileID int64 // TODO Need to set unique on (FileID, SystemID)
SystemID int64
FilePath string // TODO MAYBE Normalize and match this up with ProcessEvent
// FilePath is the path where it was last seen
FirstSeen int64
LastSeen int64
}
FileToSystemMap maps executables to systems so we don't need to search through the ProcessEvent table
type PasswordReset ¶
type PasswordReset struct {
ID int64
Nonce []byte // Random value 256-bit value
UserID int64 // Ties this back to the user that logged in
CreationDate int64 // For expiration purposes
Valid bool // Set to zero after first use so this can't be re-used
}
PasswordReset Used by password reset emails to re-login a user
type ProcessEvent ¶
type ProcessEvent struct {
ID int64
SystemID int64
ExecutableFileID int64
PID int64
PPID int64
FilePath string // TODO MAYBE Normalize into own table
CommandLine string // TODO MAYBE Normalize into own table
EventTime int64
State int
}
ProcessEvent is tied to a system
type Rule ¶
type Rule struct {
ID int64
Description string
AttributeType string
AttributeValue string
AllowDeny bool // Allow = true, Deny = false
NextRule int64
PreviousRule int64
}
Rule is member of the RuleSet
type Signer ¶
type Signer struct {
ID int64
Version int
Subject string
SubjectShortName string
SerialNumber []byte
DigestAlgorithm string
DigestEncryptionAlgorithm string
DigestEncryptionAlgorithmKeySize int
IssuerID int64 // Parent in trust chain
}
Signer is used to sign an ExecutableFile
type System ¶
type System struct {
ID int64
SystemSetID int64
SystemUUID []byte // ID given to the agent
AgentVersion string
Comment string // User defined name
OSHumanName string
OSVersion string // Can't call this Version or things break
Manufacturer string
Model string
MachineGUID string // From HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGUID
Arch string
MachineName string
FirstSeen int64
LastSeen int64
}
System is a computer with SREPP installed on it
type SystemSet ¶
type SystemSet struct {
ID int64
CustomerID int64
Name string
RuleSetID int64
Mode int // 0 = Monitor, 1 = Enforce rules
// One day other modes such as enforce but allow via prompt
SystemSetID int64 // Allows recursion
CreationDate int64
}
SystemSet is a collection of Systems, and a SystemSet may itself belong to another SystemSet
type Task ¶
type Task struct {
ID int64
SystemID int64
CreationDate int64
DeployedToAgentDate int64
Command string
}
Task records commands for an agent
type User ¶
type User struct {
ID int64
CustomerID int64
FirstName string
LastName string
Email string // Used for both login and contacting
PasswordHash []byte // PasswordHash (bcrypt hash, so it includes a salt)
Verified bool // True when the user has verified their email
Active bool // In case we want to disable the user
MustSetPassword bool // True when the user needs to set their password (from password resets)
LastPasswordResetEmailDate int64 // Last time we sent them a password reset email, so we don't flood them
CreationDate int64
LastLogin int64
}
User of the webapp
Example: insert into users (customerid, firstname, lastname, email, passwordhash, verified, active, mustsetpassword, creationdate, lastlogin) values (1, 'scott', 'piper', 'scott@summitroute.com', '\x24326124313024355566457671715563332f79436653447a32646a434f477278434b466c5861536f476b4f4e465a353141774c55376342345a777a2e', TRUE, TRUE, FALSE, 1414698750, 0);
Password is "abc"
func GetUserByEmail ¶
GetUserByEmail looks up the user in the database by their email
func (*User) HashPassword ¶
HashPassword generates a bcrypt hash (includes salt) of the password
Source Files