Documentation ¶
Index ¶
- func InitDB(ConnectionString string) (*gorp.DbMap, error)
- func InsertSession(db *gorp.DbMap, browserSession *BrowserSession) error
- func InsertUser(db *gorp.DbMap, user *User) error
- type BrowserSession
- type CatalogFile
- type CertificateTrustList
- type Customer
- type ExecutableFile
- type FileToCounterSignerMap
- type FileToSignerMap
- type FileToSystemMap
- type PasswordReset
- type ProcessEvent
- type Rule
- type RuleSet
- type Signer
- type System
- type SystemSet
- type Task
- type Updates
- type User
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func InsertSession ¶
func InsertSession(db *gorp.DbMap, browserSession *BrowserSession) error
InsertSession adds a broser session to the DB
Types ¶
type BrowserSession ¶
type BrowserSession struct { ID int64 // TODO Need to use random, non-repeating numbers for the ID NonceHash []byte // Random value to avoid session hijacking, since the session ID really should be at least 128-bits UserID int64 // Ties this back to the user that logged in CreationDate int64 // For expiration purposes LastActive int64 // Need to keep track of this so we don't log the user out while they are doing something IP []byte // Keep track of where this was originally logged in from UserAgent []byte // Keep track of what browser was used to login with }
BrowserSession keeps track of browser sessions where a user has logged in TODO ONEDAY I tried researching best practices regarding what to keep in the cookie, and what to store in the DB, and couldn't find anything. So I've taken a best guess here at what to do.
type CatalogFile ¶
type CatalogFile struct { ID int64 // This data comes from the client FilePath string Sha256 []byte Size int FirstSeen int64 // Time first seen anywhere UploadDate int64 // 0 if we don't have a copy // // Data inserted by worker // AnalysisDate int64 // 0 if we haven't analyzed it yet SignerID int64 }
CatalogFile is catalog file that authenticates executables
type CertificateTrustList ¶
type CertificateTrustList struct { CatalogID int64 Hash []byte HashType string // sha1, md5, or sha256 FileID int64 // Will be 0 until a match is found }
CertificateTrustList is a mapping that is extracted from catalog files of SignerID's to hashes. When a PE file or catalog comes around that causes a match, a FileToSignerMap update is made and the FileID here is updated.
type Customer ¶
type Customer struct { ID int64 // Internal ID for the DB UUID []byte // Customer ID the client knows Active bool // In case we want to disable the customer CreationDate int64 }
Customer is a collection of systems. Likely an entire business. When a new customer is creater
type ExecutableFile ¶
type ExecutableFile struct { ID int64 // // This data comes from the client // // File hashes Md5 []byte Sha1 []byte Sha256 []byte CodeSectionSha256 []byte // TODO Size int // Size in bytes IsSigned bool FirstSeen int64 // Time first seen anywhere ExecutionType int // 1 = exe, 2 = dll, 4 = sys UploadDate int64 // 0 if we don't have a copy // // Data inserted by worker // AnalysisDate int64 // 0 if we haven't analyzed it yet // Authenticode hashes AuthenticodeMd5 []byte AuthenticodeSha1 []byte AuthenticodeSha256 []byte // Resource info CompanyName string ProductVersion string ProductName string FileDescription string InternalName string FileVersion string OriginalFilename string Architecture int // TODO 32, 64, or 1 (arm) }
ExecutableFile is an exe that became a process.
type FileToCounterSignerMap ¶
FileToCounterSignerMap I think a file can only be counter-signed once
type FileToSignerMap ¶
FileToSignerMap is for the one to many relationship of files to signers, as a file can be signed multiple times [one file] -> [many signers]
type FileToSystemMap ¶
type FileToSystemMap struct { FileID int64 // TODO Need to set unique on (FileID, SystemID) SystemID int64 FilePath string // TODO MAYBE Normalize and match this up with ProcessEvent // FilePath is the path where it was last seen FirstSeen int64 LastSeen int64 }
FileToSystemMap maps executables to systems so we don't need to search through the ProcessEvent table
type PasswordReset ¶
type PasswordReset struct { ID int64 Nonce []byte // Random value 256-bit value UserID int64 // Ties this back to the user that logged in CreationDate int64 // For expiration purposes Valid bool // Set to zero after first use so this can't be re-used }
PasswordReset Used by password reset emails to re-login a user
type ProcessEvent ¶
type ProcessEvent struct { ID int64 SystemID int64 ExecutableFileID int64 PID int64 PPID int64 FilePath string // TODO MAYBE Normalize into own table CommandLine string // TODO MAYBE Normalize into own table EventTime int64 State int }
ProcessEvent is tied to a system
type Rule ¶
type Rule struct { ID int64 Description string AttributeType string AttributeValue string AllowDeny bool // Allow = true, Deny = false NextRule int64 PreviousRule int64 }
Rule is member of the RuleSet
type Signer ¶
type Signer struct { ID int64 Version int Subject string SubjectShortName string SerialNumber []byte DigestAlgorithm string DigestEncryptionAlgorithm string DigestEncryptionAlgorithmKeySize int IssuerID int64 // Parent in trust chain }
Signer is used to sign an ExecutableFile
type System ¶
type System struct { ID int64 SystemSetID int64 SystemUUID []byte // ID given to the agent AgentVersion string Comment string // User defined name OSHumanName string OSVersion string // Can't call this Version or things break Manufacturer string Model string MachineGUID string // From HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGUID Arch string MachineName string FirstSeen int64 LastSeen int64 }
System is a computer with SREPP installed on it
type SystemSet ¶
type SystemSet struct { ID int64 CustomerID int64 Name string RuleSetID int64 Mode int // 0 = Monitor, 1 = Enforce rules // One day other modes such as enforce but allow via prompt SystemSetID int64 // Allows recursion CreationDate int64 }
SystemSet is a collection of Systems, and a SystemSet may itself belong to another SystemSet
type Task ¶
type Task struct { ID int64 SystemID int64 CreationDate int64 DeployedToAgentDate int64 Command string }
Task records commands for an agent
type User ¶
type User struct { ID int64 CustomerID int64 FirstName string LastName string Email string // Used for both login and contacting PasswordHash []byte // PasswordHash (bcrypt hash, so it includes a salt) Verified bool // True when the user has verified their email Active bool // In case we want to disable the user MustSetPassword bool // True when the user needs to set their password (from password resets) LastPasswordResetEmailDate int64 // Last time we sent them a password reset email, so we don't flood them CreationDate int64 LastLogin int64 }
User of the webapp
Example: insert into users (customerid, firstname, lastname, email, passwordhash, verified, active, mustsetpassword, creationdate, lastlogin) values (1, 'scott', 'piper', 'scott@summitroute.com', '\x24326124313024355566457671715563332f79436653447a32646a434f477278434b466c5861536f476b4f4e465a353141774c55376342345a777a2e', TRUE, TRUE, FALSE, 1414698750, 0);
Password is "abc"
func GetUserByEmail ¶
GetUserByEmail looks up the user in the database by their email
func (*User) HashPassword ¶
HashPassword generates a bcrypt hash (includes salt) of the password