public void ExecuteWindows() { foreach (IFirewallRule rule in FirewallManager.Instance.Rules.ToArray()) { try { var obj = new FirewallObject() { Action = rule.Action, ApplicationName = rule.ApplicationName, Direction = rule.Direction, FriendlyName = rule.FriendlyName, IsEnable = rule.IsEnable, LocalPortType = rule.LocalPortType, Name = rule.Name, Profiles = rule.Profiles, Protocol = rule.Protocol.ProtocolNumber.ToString(CultureInfo.InvariantCulture), Scope = rule.Scope, ServiceName = rule.ServiceName }; obj.LocalAddresses.AddRange(rule.LocalAddresses.ToList().ConvertAll(address => address.ToString())); obj.LocalPorts.AddRange(rule.LocalPorts.ToList().ConvertAll(port => port.ToString(CultureInfo.InvariantCulture))); obj.RemoteAddresses.AddRange(rule.RemoteAddresses.ToList().ConvertAll(address => address.ToString())); obj.RemotePorts.AddRange(rule.RemotePorts.ToList().ConvertAll(port => port.ToString(CultureInfo.InvariantCulture))); DatabaseManager.Write(obj, RunId); } catch (Exception e) { Log.Debug(e, "Exception hit while processing Firewall rules"); Dictionary <string, string> ExceptionEvent = new Dictionary <string, string>(); ExceptionEvent.Add("Exception Type", e.GetType().ToString()); AsaTelemetry.TrackEvent("WindowsFirewallObjectCreationException", ExceptionEvent); } } }
/// <summary> /// Uses a library to access the Windows Firewall. /// </summary> public void ExecuteWindows() { foreach (IFirewallRule rule in FirewallManager.Instance.Rules.ToArray()) { var obj = new FirewallObject() { Action = rule.Action, ApplicationName = rule.ApplicationName, Direction = rule.Direction, FriendlyName = rule.FriendlyName, IsEnable = rule.IsEnable, LocalAddresses = rule.LocalAddresses.ToList().ConvertAll(address => address.ToString()), LocalPorts = rule.LocalPorts.ToList().ConvertAll(port => port.ToString()), LocalPortType = rule.LocalPortType, Name = rule.Name, Profiles = rule.Profiles, Protocol = rule.Protocol.ProtocolNumber.ToString(), RemoteAddresses = rule.RemoteAddresses.ToList().ConvertAll(address => address.ToString()), RemotePorts = rule.RemotePorts.ToList().ConvertAll(port => port.ToString()), Scope = rule.Scope, ServiceName = rule.ServiceName }; DatabaseManager.Write(obj, runId); } }
/// <summary> /// Uses a library to access the Windows Firewall. /// </summary> public void ExecuteWindows() { foreach (IFirewallRule rule in FirewallManager.Instance.Rules.ToArray()) { try { var obj = new FirewallObject() { Action = rule.Action, ApplicationName = rule.ApplicationName, Direction = rule.Direction, FriendlyName = rule.FriendlyName, IsEnable = rule.IsEnable, LocalPortType = rule.LocalPortType, Name = rule.Name, Profiles = rule.Profiles, Protocol = rule.Protocol.ProtocolNumber.ToString(CultureInfo.InvariantCulture), Scope = rule.Scope, ServiceName = rule.ServiceName }; obj.LocalAddresses.AddRange(rule.LocalAddresses.ToList().ConvertAll(address => address.ToString())); obj.LocalPorts.AddRange(rule.LocalPorts.ToList().ConvertAll(port => port.ToString(CultureInfo.InvariantCulture))); obj.RemoteAddresses.AddRange(rule.RemoteAddresses.ToList().ConvertAll(address => address.ToString())); obj.RemotePorts.AddRange(rule.RemotePorts.ToList().ConvertAll(port => port.ToString(CultureInfo.InvariantCulture))); DatabaseManager.Write(obj, RunId); } catch (Exception e) { Log.Debug(e, rule.FriendlyName); } } }
internal void ExecuteWindows(CancellationToken cancellationToken) { try { foreach (IFirewallRule rule in FirewallManager.Instance.Rules) { if (cancellationToken.IsCancellationRequested) { return; } try { var obj = new FirewallObject(rule.Name) { Action = rule.Action, ApplicationName = rule.ApplicationName, Direction = rule.Direction, FriendlyName = rule.FriendlyName, IsEnable = rule.IsEnable, LocalPortType = rule.LocalPortType, Profiles = rule.Profiles, Protocol = rule.Protocol.ProtocolNumber.ToString(CultureInfo.InvariantCulture), Scope = rule.Scope, ServiceName = rule.ServiceName }; obj.LocalAddresses = rule.LocalAddresses.ToList().ConvertAll(address => address.ToString()); obj.LocalPorts = rule.LocalPorts.ToList().ConvertAll(port => port.ToString(CultureInfo.InvariantCulture)); obj.RemoteAddresses = rule.RemoteAddresses.ToList().ConvertAll(address => address.ToString()); obj.RemotePorts = rule.RemotePorts.ToList().ConvertAll(port => port.ToString(CultureInfo.InvariantCulture)); HandleChange(obj); } catch (Exception e) { Log.Debug(e, "Exception hit while processing Firewall rules"); Dictionary <string, string> ExceptionEvent = new Dictionary <string, string>(); ExceptionEvent.Add("Exception Type", e.GetType().ToString()); AsaTelemetry.TrackEvent("WindowsFirewallObjectCreationException", ExceptionEvent); } } } catch (Exception e) when( e is COMException || e is NotSupportedException) { Log.Warning(Strings.Get("CollectorNotSupportedOnPlatform"), GetType().ToString()); } }
/// <summary> /// Dumps from iptables. /// </summary> internal void ExecuteLinux(CancellationToken cancellationToken) { if (ExternalCommandRunner.RunExternalCommand("iptables", "-S", out string result, out string _) == 0) { var lines = new List <string>(result.Split('\n')); Dictionary <string, FirewallAction> defaultPolicies = new Dictionary <string, FirewallAction>(); foreach (var line in lines) { if (cancellationToken.IsCancellationRequested) { return; } if (line.StartsWith("-P")) { var chainName = line.Split(' ')[1]; defaultPolicies.Add(chainName, line.Contains("ACCEPT") ? FirewallAction.Allow : FirewallAction.Block); var obj = new FirewallObject($"Default {chainName} policy") { Action = defaultPolicies[chainName], FriendlyName = $"Default {chainName} policy", Scope = FirewallScope.All }; if (!chainName.Equals("FORWARD")) { obj.Direction = chainName.Equals("INPUT") ? FirewallDirection.Inbound : FirewallDirection.Outbound; } HandleChange(obj); } else if (line.StartsWith("-A")) { var splits = line.Split(' '); var chainName = splits[1]; var obj = new FirewallObject(line) { Action = (splits[Array.IndexOf(splits, "-j") + 1] == "ACCEPT") ? FirewallAction.Allow : FirewallAction.Block, FriendlyName = line, Scope = FirewallScope.All, Protocol = splits[Array.IndexOf(splits, "-p") + 1] }; if (Array.IndexOf(splits, "--dport") > 0) { obj.RemotePorts = splits[Array.IndexOf(splits, "--dport") + 1].OfType <string>().ToList(); } if (Array.IndexOf(splits, "-d") > 0) { obj.RemoteAddresses = splits[Array.IndexOf(splits, "-d") + 1].OfType <string>().ToList(); } if (Array.IndexOf(splits, "-s") > 0) { obj.LocalAddresses = splits[Array.IndexOf(splits, "-s") + 1].OfType <string>().ToList(); } if (Array.IndexOf(splits, "--sport") > 0) { obj.LocalPorts = splits[Array.IndexOf(splits, "--sport") + 1].OfType <string>().ToList(); } if (!chainName.Equals("FORWARD")) { obj.Direction = chainName.Equals("INPUT") ? FirewallDirection.Inbound : FirewallDirection.Outbound; } HandleChange(obj); } } } }
/// <summary> /// Talks to socketfilterfw /// </summary> internal void ExecuteMacOs(CancellationToken cancellationToken) { // Example output: "Firewall is enabled. (State = 1)" var result = ExternalCommandRunner.RunExternalCommand("/usr/libexec/ApplicationFirewall/socketfilterfw", "--getglobalstate"); var enabled = result.Contains("1"); var obj = new FirewallObject("Firewall Enabled") { Action = FirewallAction.Block, Direction = FirewallDirection.Inbound, IsEnable = enabled, FriendlyName = "Firewall Enabled", Scope = FirewallScope.All }; HandleChange(obj); // Example output: "Stealth mode disabled" result = ExternalCommandRunner.RunExternalCommand("/usr/libexec/ApplicationFirewall/socketfilterfw", "--getglobalstate"); obj = new FirewallObject("Stealth Mode") { Action = FirewallAction.Block, Direction = FirewallDirection.Inbound, IsEnable = result.Contains("enabled"), FriendlyName = "Stealth Mode", Scope = FirewallScope.All }; HandleChange(obj); /* Example Output: * Automatically allow signed built-in software ENABLED * Automatically allow downloaded signed software ENABLED */ result = ExternalCommandRunner.RunExternalCommand("/usr/libexec/ApplicationFirewall/socketfilterfw", "--getallowsigned"); obj = new FirewallObject("Allow signed built-in software") { Action = FirewallAction.Allow, Direction = FirewallDirection.Inbound, IsEnable = result.Split('\n')[0].Contains("ENABLED"), FriendlyName = "Allow signed built-in software", Scope = FirewallScope.All }; HandleChange(obj); obj = new FirewallObject("Allow downloaded signed software") { Action = FirewallAction.Allow, Direction = FirewallDirection.Inbound, IsEnable = result.Split('\n')[1].Contains("ENABLED"), FriendlyName = "Allow downloaded signed software", Scope = FirewallScope.All }; HandleChange(obj); /* Example Output: * ALF: total number of apps = 2 * * 1 : /Applications/AppName.app * ( Allow incoming connections ) * * 2 : /Applications/AppName2.app * ( Block incoming connections ) */ result = ExternalCommandRunner.RunExternalCommand("/usr/libexec/ApplicationFirewall/socketfilterfw", "--listapps"); string appName = ""; Regex startsWithNumber = new Regex("^[1-9]"); var lines = new List <string>(result.Split('\n')); if (lines.Any()) { lines = lines.Skip(2).ToList(); foreach (var line in lines) { if (cancellationToken.IsCancellationRequested) { return; } if (startsWithNumber.IsMatch(line)) { appName = line.Substring(line.IndexOf('/')); } else if (line.Contains("incoming connections")) { obj = new FirewallObject(appName) { Action = (line.Contains("Allow")) ? FirewallAction.Allow : FirewallAction.Block, Direction = FirewallDirection.Inbound, FriendlyName = appName, Scope = FirewallScope.All }; HandleChange(obj); } } } }
public void TestSerializeAndDeserializeFirewallObject() { var fwo = new FirewallObject("Test"); Assert.IsTrue(fwo.RowKey.Equals(JsonUtils.Hydrate(JsonUtils.Dehydrate(fwo), RESULT_TYPE.FIREWALL)?.RowKey)); }
/// <summary> /// Dumps from iptables. /// </summary> public void ExecuteLinux() { var result = ExternalCommandRunner.RunExternalCommand("iptables", "-S"); var lines = new List <string>(result.Split('\n')); Dictionary <string, FirewallAction> defaultPolicies = new Dictionary <string, FirewallAction>(); foreach (var line in lines) { if (line.StartsWith("-P")) { var chainName = line.Split(' ')[1]; defaultPolicies.Add(chainName, line.Contains("ACCEPT") ? FirewallAction.Allow : FirewallAction.Block); var obj = new FirewallObject() { Action = defaultPolicies[chainName], FriendlyName = $"Default {chainName} policy", Name = $"Default {chainName} policy", Scope = FirewallScope.All }; if (!chainName.Equals("FORWARD")) { obj.Direction = chainName.Equals("INPUT") ? FirewallDirection.Inbound : FirewallDirection.Outbound; } DatabaseManager.Write(obj, RunId); } else if (line.StartsWith("-A")) { var splits = line.Split(' '); var chainName = splits[1]; var obj = new FirewallObject() { Action = (splits[Array.IndexOf(splits, "-j") + 1] == "ACCEPT") ? FirewallAction.Allow : FirewallAction.Block, FriendlyName = line, Name = line, Scope = FirewallScope.All, Protocol = splits[Array.IndexOf(splits, "-p") + 1] }; if (Array.IndexOf(splits, "--dport") > 0) { obj.RemotePorts.Add(splits[Array.IndexOf(splits, "--dport") + 1]); } if (Array.IndexOf(splits, "-d") > 0) { obj.RemoteAddresses.Add(splits[Array.IndexOf(splits, "-d") + 1]); } if (Array.IndexOf(splits, "-s") > 0) { obj.LocalAddresses.Add(splits[Array.IndexOf(splits, "-s") + 1]); } if (Array.IndexOf(splits, "--sport") > 0) { obj.LocalPorts.Add(splits[Array.IndexOf(splits, "--sport") + 1]); } if (!chainName.Equals("FORWARD")) { obj.Direction = chainName.Equals("INPUT") ? FirewallDirection.Inbound : FirewallDirection.Outbound; } DatabaseManager.Write(obj, RunId); } } }
public override void Execute() { if (!CanRunOnPlatform()) { return; } Start(); _ = DatabaseManager.Transaction; if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { foreach (IFirewallRule rule in FirewallManager.Instance.Rules.ToArray()) { var obj = new FirewallObject() { Action = rule.Action, ApplicationName = rule.ApplicationName, Direction = rule.Direction, FriendlyName = rule.FriendlyName, IsEnable = rule.IsEnable, LocalAddresses = rule.LocalAddresses.ToList().ConvertAll(address => address.ToString()), LocalPorts = rule.LocalPorts.ToList().ConvertAll(port => port.ToString()), LocalPortType = rule.LocalPortType, Name = rule.Name, Profiles = rule.Profiles, Protocol = rule.Protocol.ProtocolNumber.ToString(), RemoteAddresses = rule.RemoteAddresses.ToList().ConvertAll(address => address.ToString()), RemotePorts = rule.RemotePorts.ToList().ConvertAll(port => port.ToString()), Scope = rule.Scope, ServiceName = rule.ServiceName }; DatabaseManager.Write(obj, runId); } } else if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX)) { // Example output: "Firewall is enabled. (State = 1)" var result = ExternalCommandRunner.RunExternalCommand("/usr/libexec/ApplicationFirewall/socketfilterfw", "--getglobalstate"); var enabled = result.Contains("1"); var obj = new FirewallObject() { Action = FirewallAction.Block, Direction = FirewallDirection.Inbound, IsEnable = enabled, FriendlyName = "Firewall Enabled", Name = "Firewall Enabled", Scope = FirewallScope.All }; DatabaseManager.Write(obj, runId); // Example output: "Stealth mode disabled" result = ExternalCommandRunner.RunExternalCommand("/usr/libexec/ApplicationFirewall/socketfilterfw", "--getglobalstate"); obj = new FirewallObject() { Action = FirewallAction.Block, Direction = FirewallDirection.Inbound, IsEnable = result.Contains("enabled"), FriendlyName = "Stealth Mode", Name = "Stealth Mode", Scope = FirewallScope.All }; DatabaseManager.Write(obj, runId); /* Example Output: * Automatically allow signed built-in software ENABLED * Automatically allow downloaded signed software ENABLED */ result = ExternalCommandRunner.RunExternalCommand("/usr/libexec/ApplicationFirewall/socketfilterfw", "--getallowsigned"); obj = new FirewallObject() { Action = FirewallAction.Allow, Direction = FirewallDirection.Inbound, IsEnable = result.Split('\n')[0].Contains("ENABLED"), FriendlyName = "Allow signed built-in software", Name = "Allow signed built-in software", Scope = FirewallScope.All }; DatabaseManager.Write(obj, runId); obj = new FirewallObject() { Action = FirewallAction.Allow, Direction = FirewallDirection.Inbound, IsEnable = result.Split('\n')[1].Contains("ENABLED"), FriendlyName = "Allow downloaded signed software", Name = "Allow downloaded signed software", Scope = FirewallScope.All }; DatabaseManager.Write(obj, runId); /* Example Output: * ALF: total number of apps = 2 * * 1 : /Applications/AppName.app * ( Allow incoming connections ) * * 2 : /Applications/AppName2.app * ( Block incoming connections ) */ result = ExternalCommandRunner.RunExternalCommand("/usr/libexec/ApplicationFirewall/socketfilterfw", "--listapps"); string appName = ""; Regex startsWithNumber = new Regex("^[1-9]"); var lines = new List <string>(result.Split('\n')); if (lines.Count() > 0) { lines = lines.Skip(2).ToList(); foreach (var line in lines) { if (startsWithNumber.IsMatch(line)) { appName = line.Substring(line.IndexOf('/')); } else if (line.Contains("incoming connections")) { obj = new FirewallObject() { Action = (line.Contains("Allow"))?FirewallAction.Allow:FirewallAction.Block, Direction = FirewallDirection.Inbound, FriendlyName = appName, Name = appName, Scope = FirewallScope.All }; DatabaseManager.Write(obj, runId); } } } } else if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) { var result = ExternalCommandRunner.RunExternalCommand("iptables", "-S"); var lines = new List <string>(result.Split('\n')); Dictionary <string, FirewallAction> defaultPolicies = new Dictionary <string, FirewallAction>(); foreach (var line in lines) { if (line.StartsWith("-P")) { var chainName = line.Split(' ')[1]; defaultPolicies.Add(chainName, line.Contains("ACCEPT") ? FirewallAction.Allow : FirewallAction.Block); var obj = new FirewallObject() { Action = defaultPolicies[chainName], FriendlyName = string.Format("Default {0} policy", chainName), Name = string.Format("Default {0} policy", chainName), Scope = FirewallScope.All }; if (!chainName.Equals("FORWARD")) { obj.Direction = chainName.Equals("INPUT") ? FirewallDirection.Inbound : FirewallDirection.Outbound; } DatabaseManager.Write(obj, runId); } else if (line.StartsWith("-A")) { var splits = line.Split(' '); var chainName = splits[1]; var obj = new FirewallObject() { Action = (splits[Array.IndexOf(splits, "-j") + 1] == "ACCEPT") ? FirewallAction.Allow : FirewallAction.Block, FriendlyName = line, Name = line, Scope = FirewallScope.All, Protocol = splits[Array.IndexOf(splits, "-p") + 1] }; if (Array.IndexOf(splits, "--dport") > 0) { obj.RemotePorts = new List <string>() { splits[Array.IndexOf(splits, "--dport") + 1] }; } if (Array.IndexOf(splits, "-d") > 0) { obj.RemoteAddresses = new List <string>() { splits[Array.IndexOf(splits, "-d") + 1] }; } if (Array.IndexOf(splits, "-s") > 0) { obj.LocalAddresses = new List <string>() { splits[Array.IndexOf(splits, "-s") + 1] }; } if (Array.IndexOf(splits, "--sport") > 0) { obj.LocalPorts = new List <string>() { splits[Array.IndexOf(splits, "--sport") + 1] }; } if (!chainName.Equals("FORWARD")) { obj.Direction = chainName.Equals("INPUT") ? FirewallDirection.Inbound : FirewallDirection.Outbound; } DatabaseManager.Write(obj, runId); } } } DatabaseManager.Commit(); Stop(); }
public ICommand <ApiResponseWithMessage> CreateSet(FirewallObject firewallObject) => new Command <ApiResponseWithMessage>( apiUriFactory.Create(), apiPostKeyValuePairFactory.CreateSet(firewallObject));