Exemplo n.º 1
0
        private void OnConnection(object obj, EventRecordWrittenEventArgs arg)
        {
            if (arg.EventRecord == null)
            {
                return;
            }
            try
            {
                int    processId = MiscFunc.parseInt(arg.EventRecord.Properties[0].Value.ToString());
                string path      = arg.EventRecord.Properties[1].Value.ToString();

                Actions action = Actions.Undefined;
                if (arg.EventRecord.Id == (int)EventIDs.Blocked)
                {
                    action = Actions.Block;
                }
                else if (arg.EventRecord.Id == (int)EventIDs.Allowed)
                {
                    action = Actions.Allow;
                }

                string     direction_str = arg.EventRecord.Properties[2].Value.ToString();
                Directions direction     = Directions.Unknown;
                if (direction_str == "%%14592")
                {
                    direction = Directions.Inbound;
                }
                else if (direction_str == "%%14593")
                {
                    direction = Directions.Outboun;
                }
                string src_ip    = arg.EventRecord.Properties[3].Value.ToString();
                int    src_port  = MiscFunc.parseInt(arg.EventRecord.Properties[4].Value.ToString());
                string dest_ip   = arg.EventRecord.Properties[5].Value.ToString();
                int    dest_port = MiscFunc.parseInt(arg.EventRecord.Properties[6].Value.ToString());
                int    protocol  = MiscFunc.parseInt(arg.EventRecord.Properties[7].Value.ToString());

                ProgramList.ID id = GetIDforEntry(path, processId);
                if (id == null)
                {
                    return;
                }

                Program.LogEntry entry = new Program.LogEntry(id, action, direction, src_ip, src_port, dest_ip, dest_port, protocol, processId, DateTime.Now);

                entry.Profile = GetCurrentProfiles();

                App.engine.LogActivity(entry);
            }
            catch (Exception err)
            {
                AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message);
            }
        }
Exemplo n.º 2
0
        public void NotifyActivity(Guid guid, Program.LogEntry entry, ProgramID progID, List <String> services = null, bool update = false)
        {
            List <byte[]> args = new List <byte[]>();

            args.Add(PutGuid(guid));
            args.Add(PutLogEntry(entry));
            args.Add(PutProgID(progID));
            args.Add(PutStrList(services));
            args.Add(PutBool(update));
            SendPushNotification("ActivityNotification", args);
        }
Exemplo n.º 3
0
 public void NotifyActivity(Guid guid, Program.LogEntry entry, ProgramID progID, List <String> services = null, bool update = false)
 {
     Priv10Engine.FwEventArgs args = new Priv10Engine.FwEventArgs()
     {
         guid     = guid,
         entry    = entry,
         progID   = progID,
         services = services,
         update   = update
     };
     SendPushNotification("ActivityNotification", args);
 }
Exemplo n.º 4
0
        /*public bool ApplyTweak(Tweak tweak)
         * {
         *  return Tweaks.ApplyTweak(tweak);
         * }
         *
         * public bool TestTweak(Tweak tweak)
         * {
         *  return Tweaks.TestTweak(tweak);
         * }
         *
         * public bool UndoTweak(Tweak tweak)
         * {
         *  return Tweaks.UndoTweak(tweak);
         * }*/

        public void LogActivity(Program.LogEntry entry, bool fromLog = false)
        {
            // Threading note: this function is called from other a service thread watching the security log

            mDispatcher.BeginInvoke(new Action(() => {
                // Threading note: here we are in the engine thread

                Program prog = App.engine.programs.GetProgram(entry.mID, true);

                prog.LogActivity(entry, fromLog);

                if (App.host != null && !fromLog) // dont norify activitis form the log
                {
                    App.host.NotifyActivity(prog.guid, entry);
                }
            }));
        }
Exemplo n.º 5
0
        public void LoadLog()
        {
            EventLog eventLog = new EventLog("Security");

            try
            {
                //for (int i = eventLog.Entries.Count-1; i > 0; i--)
                foreach (EventLogEntry logEntry in eventLog.Entries)
                {
                    //EventLogEntry entry = eventLog.Entries[i];
                    if (logEntry.InstanceId != (long)EventIDs.Allowed && logEntry.InstanceId != (long)EventIDs.Blocked)
                    {
                        continue;
                    }
                    string[] ReplacementStrings = logEntry.ReplacementStrings;

                    string     direction_str = ReplacementStrings[2];
                    Directions direction     = Directions.Unknown;
                    if (direction_str == "%%14592")
                    {
                        direction = Directions.Inbound;
                    }
                    else if (direction_str == "%%14593")
                    {
                        direction = Directions.Outboun;
                    }

                    int    processId = MiscFunc.parseInt(ReplacementStrings[0]);
                    string path      = ReplacementStrings[1];

                    ProgramList.ID id = GetIDforEntry(path, processId);
                    if (id == null)
                    {
                        return;
                    }

                    Actions action = Actions.Undefined;
                    if (logEntry.InstanceId == (int)EventIDs.Blocked)
                    {
                        action = Actions.Block;
                    }
                    else if (logEntry.InstanceId == (int)EventIDs.Allowed)
                    {
                        action = Actions.Allow;
                    }

                    string src_ip    = ReplacementStrings[3];
                    int    src_port  = MiscFunc.parseInt(ReplacementStrings[4]);
                    string dest_ip   = ReplacementStrings[5];
                    int    dest_port = MiscFunc.parseInt(ReplacementStrings[6]);
                    int    protocol  = MiscFunc.parseInt(ReplacementStrings[7]);

                    Program.LogEntry entry = new Program.LogEntry(id, action, direction, src_ip, src_port, dest_ip, dest_port, protocol, processId, logEntry.TimeGenerated);

                    App.engine.LogActivity(entry, true);
                }
            }
            catch (Exception err)
            {
                AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message);
            }
            eventLog.Dispose();
        }
Exemplo n.º 6
0
 protected byte[] PutLogEntry(Program.LogEntry entry)
 {
     return(PutXmlObj(entry));
 }