SET (TESTS_DIR "/usr/apps/network-manager")
endif (NOT DEFINED TESTS_DIR)
- pkg_check_modules(pkgs REQUIRED iotivity>=1.3.0 boost libcurl dpm dlog)
+ pkg_check_modules(pkgs REQUIRED iotivity>=1.3.0 boost libcurl dpm dlog audit-trail)
FOREACH(flag ${pkgs_CFLAGS})
SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
file(GLOB DPM_SOURCES dpm/*.cpp)
file(GLOB NMDAEMON_SOURCES *.cpp)
+if("${FLAVOR}" STREQUAL "UBUNTU")
+ list(REMOVE_ITEM NMDAEMON_SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/audit_trail_client.cpp)
+endif()
SET (SOURCES
${DPM_SOURCES}
if (NOT "${FLAVOR}" STREQUAL "UBUNTU")
target_link_libraries(${PROJECT_NAME} dlog)
+ target_link_libraries(${PROJECT_NAME} audit-trail)
endif()
install(TARGETS ${PROJECT_NAME} DESTINATION ${TESTS_DIR})
--- /dev/null
+#include <iostream>
+#include <algorithm>
+#include <string>
+#include <sstream>
+#include <stdexcept>
+#include <thread>
+#include <cassert>
+
+#include "iotivity.h"
+#include "report_stub.h"
+
+#include "audit_trail_client.h"
+
+namespace NMD
+{
+
+void threadFunc(AuditTrailClient* client, std::string log)
+{
+ assert(client);
+ client->sendReport(log);
+}
+
+void logCallback(const char* log, void* user_data)
+{
+ assert(log);
+ assert(user_data);
+
+ std::string str{log};
+ str.erase(std::remove(str.begin(), str.end(), '"'), str.end());
+ std::thread thr(threadFunc, reinterpret_cast<AuditTrailClient*>(user_data), str);
+ thr.detach();
+}
+
+AuditTrailClient::AuditTrailClient(const std::string& device_id, std::shared_ptr<ProxyThread> proxy_thread, std::shared_ptr<ReportHandler> report_handler, WorkingMode mode)
+ : m_device_id(device_id), m_proxy_thread(proxy_thread), m_report_handler(report_handler), m_mode(mode),
+ m_audit_trail(nullptr), m_dac_cb_id(-1), m_mac_cb_id(-1), m_syscall_cb_id(-1)
+{
+ assert(m_device_id != "");
+// assert(m_proxy_thread);
+ assert(m_report_handler);
+
+ if(audit_trail_create(&m_audit_trail) != AUDIT_TRAIL_ERROR_NONE)
+ throw std::runtime_error("Failed to create audit-trail handle!");
+}
+
+AuditTrailClient::~AuditTrailClient()
+{
+ audit_trail_destroy(m_audit_trail);
+}
+
+bool AuditTrailClient::start_dac_auditing()
+{
+ return ((audit_trail_enable_dac(m_audit_trail, true) == AUDIT_TRAIL_ERROR_NONE) &&
+ (audit_trail_add_dac_cb(m_audit_trail, logCallback, (void*)this, &m_dac_cb_id) == AUDIT_TRAIL_ERROR_NONE));
+}
+
+void AuditTrailClient::stop_dac_auditing()
+{
+ assert(m_dac_cb_id != -1);
+ audit_trail_remove_dac_cb(m_audit_trail, m_dac_cb_id);
+}
+
+bool AuditTrailClient::start_mac_auditing()
+{
+ return ((audit_trail_enable_mac(m_audit_trail, true) == AUDIT_TRAIL_ERROR_NONE) &&
+ (audit_trail_add_mac_cb(m_audit_trail, logCallback, (void*)this, &m_mac_cb_id) == AUDIT_TRAIL_ERROR_NONE));
+}
+
+void AuditTrailClient::stop_mac_auditing()
+{
+ assert(m_mac_cb_id != -1);
+ audit_trail_remove_mac_cb(m_audit_trail, m_mac_cb_id);
+}
+
+bool AuditTrailClient::start_syscall_auditing()
+{
+ return ((audit_trail_enable_syscall(m_audit_trail, true) == AUDIT_TRAIL_ERROR_NONE) &&
+ (audit_trail_add_syscall_cb(m_audit_trail, logCallback, (void*)this, &m_syscall_cb_id) == AUDIT_TRAIL_ERROR_NONE));
+}
+
+void AuditTrailClient::stop_syscall_auditing()
+{
+ assert(m_syscall_cb_id != -1);
+ audit_trail_remove_syscall_cb(m_audit_trail, m_syscall_cb_id);
+}
+
+bool AuditTrailClient::start_auditing()
+{
+ return (start_dac_auditing() && start_mac_auditing() && start_syscall_auditing());
+}
+
+void AuditTrailClient::stop_auditing()
+{
+ stop_dac_auditing();
+ stop_mac_auditing();
+ stop_syscall_auditing();
+}
+
+void AuditTrailClient::sendReport(const std::string& report)
+{
+ OC::OCRepresentation rpr;
+ rpr.setValue("report", makeReport(m_device_id, "smack", 0, report));
+ rpr.setValue("duid", m_device_id);
+
+ if (m_mode == WorkingMode::Hub)
+ {
+ assert(m_proxy_thread);
+ m_proxy_thread->addAction(std::async(std::launch::deferred, &ReportHandler::pass, m_report_handler, rpr, OC::QueryParamsMap{}));
+ }
+ else
+ {
+ m_report_handler->pass(rpr, OC::QueryParamsMap{});
+ }
+}
+
+} // namespace NMD
--- /dev/null
+#ifndef __AUDIT_TRAIL_CLIENT_H__
+#define __AUDIT_TRAIL_CLIENT_H__
+
+#include <string>
+#include <memory>
+
+#include <audit-trail/dac.h>
+#include <audit-trail/mac.h>
+#include <audit-trail/syscall.h>
+#include <audit-trail/audit-trail.h>
+
+#include "proxythread.h"
+#include "reporthandler.h"
+#include "utils.h"
+
+namespace NMD
+{
+
+/**
+ * @brief The AuditTrailClient class collect logs from system
+ */
+class AuditTrailClient
+{
+ friend void threadFunc(AuditTrailClient* client, std::string log);
+
+ /**
+ * @brief DAC, MAC and system calls log callback
+ * @details Called when a new log occurs
+ * @param[in] log
+ * @param[in] user_data
+ */
+ friend void logCallback(const char* log, void* user_data);
+
+public:
+ /**
+ * @brief CTOR
+ */
+ AuditTrailClient(const std::string& device_id, std::shared_ptr<ProxyThread> proxy_thread, std::shared_ptr<ReportHandler> report_handler, WorkingMode mode);
+
+ /**
+ * @brief DTOR
+ */
+ virtual ~AuditTrailClient();
+
+ /**
+ * @brief Start DAC(Discretionary Access Control) auditing
+ * @details This API can be used to start to collect DAC logs
+ */
+ bool start_dac_auditing();
+
+ /**
+ * @brief Stop DAC(Discretionary Access Control) auditing
+ * @details This API can be used to stop to collect DAC logs
+ */
+ void stop_dac_auditing();
+
+ /**
+ * @brief Start MAC(Mandatory Access Control) auditing
+ * @details This API can be used to start to collect MAC logs
+ */
+ bool start_mac_auditing();
+
+ /**
+ * @brief Stop MAC(Mandatory Access Control) auditing
+ * @details This API can be used to stop to collect MAC logs
+ */
+ void stop_mac_auditing();
+
+ /**
+ * @brief Start system calls auditing
+ * @details This API can be used to start to collect system calls logs
+ */
+ bool start_syscall_auditing();
+
+ /**
+ * @brief Stop system calls auditing
+ * @details This API can be used to stop to collect system calls logs
+ */
+ void stop_syscall_auditing();
+
+ /**
+ * @brief Start DAC, MAC and system calls auditing
+ * @details This API can be used to start to collect logs
+ */
+ bool start_auditing();
+
+ /**
+ * @brief Stop DAC, MAC and system calls auditing
+ * @details This API can be used to stop to collect logs
+ */
+ void stop_auditing();
+
+private:
+ void sendReport(const std::string& report);
+
+ std::string m_device_id;
+ std::shared_ptr<ProxyThread> m_proxy_thread;
+ std::shared_ptr<ReportHandler> m_report_handler;
+ WorkingMode m_mode;
+ audit_trail_h m_audit_trail;
+ int m_dac_cb_id;
+ int m_mac_cb_id;
+ int m_syscall_cb_id;
+};
+
+} // namespace NMD
+
+#endif /* __AUDIT_TRAIL_CLIENT_H__ */
#include "utils.h"
#include "hub_resource.h"
#include "easysetup_server.h"
-#include "reporthandler.h"
+#include "reporthandlerfactory.h"
#include "policyhandlerfactory.h"
#include "hub_report_resource.h"
#include "hub_policy_resource.h"
#include "control_resource.h"
#include "agentpolicyservice.h"
#include "report_stub.h" // TODO: Remove after migration on report service
+#ifndef __BUILD_UBUNTU__
+#include "audit_trail_client.h"
+#endif
using namespace NetworkManager;
namespace PH = std::placeholders;
std::shared_ptr<HubResource> hub;
std::shared_ptr<ReportResource> report_hub_resorce;
std::shared_ptr<PolicyResource> policy_hub_resource;
+ std::shared_ptr<ReportHandler> report_handler;
std::shared_ptr<PolicyHandler> policy_handler;
ResourceHandles rhandles;
- ReportHandler *report_handler;
write_log( "[MAIN_THREADS] Config : \n\thost[%s] \n\tauth_provider[%s] \n\tauth_code[%s] \n\tuid[%s] \n\taccess_token[%s] \n\tdevice_id[%s]\n",
host.c_str(),
if(with_cloud)
{
- report_handler = new ReportHandlerMQ();
+ report_handler = ReportHandlerFactory::createWithMQ();
policy_handler = PolicyHandlerFactory::createWithMQ();
}
else
{
- report_handler = new ReportHandlerRes(config.ssid);
+ report_handler = ReportHandlerFactory::createWithResource(config.ssid);
policy_handler = PolicyHandlerFactory::createWithResource(config.ssid);
}
AgentPolicyService agent_policy_service(std::bind(&PolicyHandler::enforceCallback, policy_handler.get(), PH::_1, PH::_2));
std::thread rmi_thread(&AgentPolicyService::run, &agent_policy_service);
+#ifndef __BUILD_UBUNTU__
+ AuditTrailClient audit_trail_client(iotivity->getDeviceID(), proxy_thread, report_handler, g_working_mode);
+ audit_trail_client.start_auditing();
+#endif
+
while(m_running)
{
std::this_thread::sleep_for(std::chrono::milliseconds(10000));
{
hub->findDevices();
}
-
- OCRepresentation rpr;
- rpr.setValue("report", getReport(iotivity->getDeviceID()));
- rpr.setValue("duid", iotivity->getDeviceID());
-
- if (g_working_mode == WorkingMode::Hub)
- {
- proxy_thread->addAction(std::async(std::launch::deferred, &ReportHandler::pass, report_handler, rpr, QueryParamsMap{}));
- }
- else
- {
- report_handler->pass(rpr, QueryParamsMap{});
- }
}
+#ifndef __BUILD_UBUNTU__
+ audit_trail_client.stop_auditing();
+#endif
+
if (proxy_thread)
{
proxy_thread->stop();
oss << "\"date\": \"" << current_time << "\",";
oss << "\"name\": \"" << name << "\",";
oss << "\"result\": " << result << ",";
- oss << "\"data\": " << data << "}";
+ oss << "\"data\": {\"log\" = \"" << data << "\"}}";
return oss.str();
}
--- /dev/null
+#include "reporthandler.h"
+#include "reporthandlerfactory.h"
+
+std::shared_ptr<ReportHandler> ReportHandlerFactory::createWithResource(const std::string& sid)
+{
+ return std::make_shared<ReportHandlerRes>(sid);
+}
+
+std::shared_ptr<ReportHandler> ReportHandlerFactory::createWithMQ()
+{
+ return std::make_shared<ReportHandlerMQ>();
+}
--- /dev/null
+#ifndef __REPORT_HANDLER_FACTORY_H__
+#define __REPORT_HANDLER_FACTORY_H__
+
+#include <memory>
+
+#include "reporthandler.h"
+
+class ReportHandlerFactory
+{
+public:
+ /**
+ * @brief createWithResource creates ReportHandler using resource layer for communication
+ * @param sid [in] optional server id (with id used for primitive devices)
+ * @return handler shared pointer
+ */
+ static std::shared_ptr<ReportHandler> createWithResource(const std::string& sid = "");
+
+ /**
+ * @brief createWithMQ creates ReportHandler using Message Queue layer for communication
+ * @return handler shared pointer
+ */
+ static std::shared_ptr<ReportHandler> createWithMQ();
+};
+
+#endif // __REPORT_HANDLER_FACTORY_H__
BuildRequires: pkgconfig(boost)
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(jsoncpp)
+BuildRequires: pkgconfig(audit-trail)
%define _tests_dir /usr/apps/network-manager
%define _manifestdir /usr/share/packages
projects / platform / core / security / suspicious-activity-monitor.git / commitdiff