public async Task <SecurityAgent> CreateAsync(SecurityAgent securityAgent)
{
await this.context.securityAgents.AddAsync(securityAgent);
await SaveAllAsync(securityAgent);
return(securityAgent);
}
public async Task <SecurityAgent> UpdateAsync(SecurityAgent securityAgent)
{
this.context.securityAgents.Update(securityAgent);
await SaveAllAsync(securityAgent);
return(securityAgent);
}
public async Task <IActionResult> PutSecurityAgent(int id, SecurityAgent securityAgent)
{
if (id != securityAgent.SecurityAgentId)
{
return(StatusCode(StatusCodes.Status500InternalServerError, new Response {
Status = "Error", Message = "El ID no pertenece al registro que intenta actualizar"
}));
}
try
{
await _securityAgentDAO.UpdateAsync(securityAgent);
return(Ok(new Response {
Status = "OK", Message = "Se ha actualizado correctamente"
}));
}
catch (DbUpdateConcurrencyException)
{
if (!await _securityAgentDAO.ExistAsync(id))
{
return(StatusCode(StatusCodes.Status500InternalServerError, new Response {
Status = "Error", Message = "El ID no pertenece aNingun ciudadano registrado"
}));
}
else
{
return(StatusCode(StatusCodes.Status500InternalServerError, new Response {
Status = "Error", Message = "Verifique que los datos sean correctos"
}));
}
}
}
public void RemoveAgent(SecurityAgent agent)
{
try {
comboBoxAgentSelection.Items.Remove(agent);
} catch {
// not found
}
}
public void AddAgent(SecurityAgent agent)
{
PluginItem agentX = new PluginItem();
agentX.SecurityAgent = agent;
flowLayoutPanelPlugins.Controls.Add(agentX);
agentX.SecurityAgentConfigurationRequest += new EventHandler(agentX_SecurityAgentConfigurationRequest);
}
void LockDownIp(Lock lockItem, LockType lockType, SecurityAgent reportingAgent)
{
int locksForToday = Locks.Today();
LimitMailSent = false;
try
{
// TO DO: Hard Lock overrides Soft Lock!
if (FirewallPolicyManager.Instance.IsLocked(lockItem.IpAddress))
{
WindowsLogManager.Instance.WriteEntry("Received another request to lock IP address " + lockItem.IpAddress +
". This IP address is already locked.", EventLogEntryType.Information, Globals.CYBERARMS_EVENT_ID_INFORMATION,
Globals.CYBERARMS_LOG_CATEGORY_RUNTIME);
return;
}
}
catch (Exception ex)
{
WindowsLogManager.Instance.WriteEntry("Intrusion Detection Service had an error:" + ex.Message, EventLogEntryType.Error,
Globals.CYBERARMS_EVENT_ID_CONFIGURATION_ERROR, Globals.CYBERARMS_LOG_CATEGORY_RUNTIME);
}
WindowsLogManager.Instance.WriteEntry(String.Format("{0} lock: Unsuccessful login attempts from ip address {1} exceeded threshold. Firewall rule is being created to block the address specified.",
lockType == LockType.HardLock ? "Hard" : "Soft", lockItem.IpAddress), EventLogEntryType.FailureAudit, Globals.CYBERARMS_EVENT_ID_FIREWALL_RULE_CREATED,
Globals.CYBERARMS_LOG_CATEGORY_SECURITY);
// lockItem.Id = Locks.CreateLock(lockItem);
try
{
FirewallPolicyManager.Instance.Block(lockItem.IpAddress);
switch (lockType)
{
case LockType.SoftLock:
lockItem.Status = Lock.LOCK_STATUS_SOFTLOCK;
Statistics.Instance.IncreaseSoftLockStatistics(reportingAgent);
break;
case LockType.HardLock:
lockItem.Status = Lock.LOCK_STATUS_HARDLOCK;
Statistics.Instance.IncreaseHardLockStatistics(reportingAgent);
break;
}
}
catch
{
lockItem.Status = Lock.LOCK_STATUS_LOCK_ERROR;
}
switch (lockType)
{
case LockType.SoftLock:
OnClientIpAddressSoftLocked(lockItem, null, reportingAgent.Id);
break;
case LockType.HardLock:
OnClientIpAddressHardLocked(lockItem, null, reportingAgent.Id);
break;
}
lockItem.Save();
}
public void UpdateValues(SecurityAgent agent)
{
if (agent != null)
{
UpdateValues(agent.DisplayName, agent.FailedLogins, agent.HardLocks, agent.SoftLocks, agent.Icon);
}
else
{
UpdateValues("", 0, 0, 0, null);
}
}
public void ShowAgentConfig(SecurityAgent agent)
{
if (agent != null)
{
if (!agent.CheckConfigVersionById())
{
agent.CheckConfigVersionByName();
}
cyberarmsSettingsNavigation.SetSelectedItem(agent.DisplayName);
}
PluginConfigPanel.Agent = agent;
}
/// <summary>
/// Creates the category.
/// </summary>
/// <param name="parentCategoryId">The parent category id.</param>
public static void CreateCategory(int parentCategoryId)
{
if (!SecurityAgent.HasAdminRights(parentCategoryId))
{
return;
}
var win = new EditCategoryWindow {
Owner = Application.Current.MainWindow
};
win.listCategories.Value = parentCategoryId;
win.Show();
}
private void cyberarmsSettingsNavigation_NavigationChanged(object sender, EventArgs e)
{
if (cyberarmsSettingsNavigation.SelectedItem != null && !String.IsNullOrEmpty(cyberarmsSettingsNavigation.SelectedItem.DisplayName))
{
SecurityAgent agent = SecurityAgents.Instance.FindByDisplayName(cyberarmsSettingsNavigation.SelectedItem.DisplayName);
if (agent != null)
{
if (!agent.CheckConfigVersionById())
{
agent.CheckConfigVersionByName();
}
}
PluginConfigPanel.Agent = agent;
}
}
public async Task <ActionResult <SecurityAgent> > PostSecurityAgent(SecurityAgent securityAgent)
{
if (ModelState.IsValid)
{
await _securityAgentDAO.CreateAsync(securityAgent);
return(Ok(new Response {
Status = "OK", Message = "Se ha registrado correctamente"
}));
}
else
{
return(StatusCode(StatusCodes.Status500InternalServerError, new Response {
Status = "Error", Message = "Favor de Verificar que los campos sean correctos"
}));
}
}
public async Task <bool> SaveAllAsync(SecurityAgent securityAgent)
{
try
{
return(await this.context.SaveChangesAsync() > 0);
}
catch (Exception ex)
{
SystemLog systemLog = new SystemLog();
systemLog.Description = ex.ToMessageAndCompleteStacktrace();
systemLog.DateLog = DateTime.UtcNow.ToLocalTime();
systemLog.Controller = GetType().Name;
systemLog.Action = UtilitiesAIO.GetCallerMemberName();
systemLog.Parameter = JsonConvert.SerializeObject(securityAgent);
_customSystemLog.AddLog(systemLog);
return(false);
}
}
/// <summary>
/// Edits the category.
/// </summary>
/// <param name="id">The id.</param>
public static void EditCategory(int id)
{
if (!SecurityAgent.HasAdminRights(id))
{
return;
}
var entity = AppCore.Workspace.Categories.GetById(id);
if (entity == null)
{
return;
}
var win = new EditCategoryWindow {
Owner = Application.Current.MainWindow
};
win.ShowCategory(entity);
win.ShowDialog();
}
public void LoadSecurityAgent(SecurityAgent agent)
{
cyberarmsSettingsNavigation.AddNavigationItem(agent.DisplayName, agent.SelectedIcon, agent.UnselectedIcon);
}
public void AddAgent(SecurityAgent agent)
{
comboBoxAgentSelection.Items.Add(agent);
}
void Service_AttackDetected(object sender, INotificationEventArgs notificationEventArgs)
{
try
{
if (notificationEventArgs == null)
{
if (IddsConfig.Instance.IsDebug)
{
// the following error should just be thrown when running in debug mode.
throw new ApplicationException("Operation not supported. EventArgs must be passed as NotificationEventArgs");
}
else
{
// otherwise write to the log file
WindowsLogManager.Instance.WriteEntry("Plugin error: the lock delegate was called, but notificationEventArgs must not be null!",
EventLogEntryType.Error, Globals.CYBERARMS_EVENT_ID_INVALID_FUNCTION_CALL, Globals.CYBERARMS_LOG_CATEGORY_PLUGIN);
return;
}
}
SecurityAgent reportingAgent = SecurityAgents.Instance.FindByName((sender as IAgentPlugin).Configuration.AgentName);
long incidentId;
if (IddsConfig.IsValidIpAddress(notificationEventArgs.IpAddress))
{
Statistics.Instance.IncreaseFailedLoginStatistics(reportingAgent);
System.Net.IPAddress ipAddress;
if (System.Net.IPAddress.TryParse(notificationEventArgs.IpAddress, out ipAddress) && IddsConfig.Instance.IsIpAddressLocal(ipAddress))
{
incidentId = IntrusionLog.AddEntry(notificationEventArgs.CreateDate, reportingAgent.Id, notificationEventArgs.IpAddress,
IntrusionLog.STATUS_INTRUSION_ATTEMPT_FROM_LOCAL, false);
}
else if (IddsConfig.Instance.UseSafeNetworkList && IddsConfig.Instance.IsInSafeNetwork(notificationEventArgs.IpAddress))
{
incidentId = IntrusionLog.AddEntry(notificationEventArgs.CreateDate, reportingAgent.Id, notificationEventArgs.IpAddress,
IntrusionLog.STATUS_INTRUSION_ATTEMPT_FROM_SAFE, false);
}
else
{
incidentId = IntrusionLog.AddEntry(notificationEventArgs.CreateDate, reportingAgent.Id, notificationEventArgs.IpAddress,
IntrusionLog.STATUS_INTRUSION_ATTEMPT, false);
try
{
if (!Locks.LockExists(notificationEventArgs.IpAddress))
{
LockType lockType = reportingAgent.GetCurrentLockType(notificationEventArgs.IpAddress);
switch (lockType)
{
case LockType.SoftLockRequested:
//IntrusionLog.AddEntry(notificationEventArgs.CreateDate, reportingAgent.Id,
// notificationEventArgs.IpAddress, IntrusionLog.STATUS_SOFT_LOCK_REQUESTED, false);
LockDownIp(Locks.CreateLock(DateTime.Now, DateTime.Now.AddMinutes(IddsConfig.Instance.GetSoftLockMinutes(reportingAgent)), incidentId, Lock.LOCK_STATUS_SOFTLOCK, 0, notificationEventArgs.IpAddress), LockType.SoftLock, reportingAgent);
break;
case LockType.SoftLock:
// already locked, ignore
break;
case LockType.HardLockRequested:
//IntrusionLog.AddEntry(notificationEventArgs.CreateDate, reportingAgent.Id,
// notificationEventArgs.IpAddress, IntrusionLog.STATUS_HARD_LOCK_REQUESTED, false);
LockDownIp(Locks.CreateLock(DateTime.Now, DateTime.Now.AddHours(IddsConfig.Instance.GetHardLockHours(reportingAgent)), incidentId, Lock.LOCK_STATUS_HARDLOCK, 0, notificationEventArgs.IpAddress), LockType.HardLock, reportingAgent);
break;
}
}
}
catch (Exception ex)
{
WindowsLogManager.Instance.WriteEntry(String.Format("Unrecoverable error: {0}",
ex.Message), EventLogEntryType.FailureAudit, Globals.CYBERARMS_EVENT_ID_PLUGIN_ERROR,
Globals.CYBERARMS_LOG_CATEGORY_RUNTIME);
// OnClientIpAddressSoftLocked(new Lock( new Client(notificationEventArgs.IpAddress), ex);
}
}
}
else
{
return;
}
}
catch (Exception ex)
{
WindowsLogManager.Instance.WriteEntry(String.Format("AttackDetected delegate invocation of {0} caused a problem. \r\nDetails:\r\n{1}", (sender != null ? sender.GetType().Name : "unknown"), ex.Message),
EventLogEntryType.Error, Globals.CYBERARMS_EVENT_ID_PLUGIN_ERROR, Globals.CYBERARMS_LOG_CATEGORY_PLUGIN);
}
}
public async Task DeleteAsync(SecurityAgent securityAgent)
{
this.context.securityAgents.Remove(securityAgent);
await SaveAllAsync(securityAgent);
}