This repository has been archived by the owner on Oct 29, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
quarantaine.go
125 lines (109 loc) · 3.76 KB
/
quarantaine.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
// Copyright 2017 Fraunhofer Institute for Applied Information Technology FIT
package main
import (
"os/exec"
"syscall"
"io"
"bufio"
"time"
"log"
"os"
)
type Quarantine struct{
agents map[string]AgentCandidate
stop chan bool
dropzone* Dropzone
validatedAgent chan AgentCandidate
}
func newQuarantine() *Quarantine {
quarantine := &Quarantine{
agents : make(map[string]AgentCandidate),
}
quarantine.stop = make (chan bool)
quarantine.validatedAgent = make (chan AgentCandidate)
return quarantine
}
func (q *Quarantine) startQuarantine(){
q.dropzone = newDropzone()
go q.dropzone.startDropzone()
go func() {
log.Println("[Quarantine:startQuarantine] Quarantine started.")
for {
log.Println("[Quarantine:eventloop] waiting for new quarantine candidates...")
agentCandidate:= <-q.dropzone.newAgent
log.Println("[Quarantine:eventloop] agent candidate recieved : ",agentCandidate.scriptFile)
q.agents[agentCandidate.scriptFile] = agentCandidate
log.Println("[Quarantine:eventloop] Number of quarantained agents: ",len(q.agents))
go q.validateAgent(agentCandidate)
}
}()
<-q.stop
log.Println("[Quarantine:startQuarantie] Quarantine stopped.")
}
func (q *Quarantine) stopQuarantine(){
go q.dropzone.stopDropzone()
q.stop<-true
}
func (q *Quarantine) validateAgent(qa AgentCandidate){
script := qa.scriptFile
workingdir,_ := os.Getwd()
workingdir = workingdir+AGENT_DIR+qa.uuid.String()
log.Println("[Quarantine:validateAgent] validating agent: ",workingdir+SCRIPT_DIR+script)
command := []string{"/bin/bash", "-c",workingdir+SCRIPT_DIR+script}
cmd := exec.Command(command[0],command[1:]...)
cmd.SysProcAttr = &syscall.SysProcAttr{}
cmd.SysProcAttr.Setsid = true
serviceOutput, err := cmd.StdoutPipe()
defer serviceOutput.Close()
if err != nil {
return
}
counter := 0
log.Println("[Quarantine:validateAgent] entering output scanning routine...")
go func(out io.ReadCloser) {
log.Println("[Quarantine:validateAgent] executing script : ",workingdir+SCRIPT_DIR+script)
scanner := bufio.NewScanner(out)
for scanner.Scan() {
log.Println("[Quarantine:validateAgent] output from script: ",string(scanner.Bytes()))
counter++
if counter > 1{
log.Println("[Quarantine:validateAgent] script: ",script," validated. Exiting validation loop")
return
}
}
if err = scanner.Err(); err != nil {
log.Println("[Quarantine:validateAgent] error from script: ",err.Error())
}else{
log.Println("[Quarantine:validateAgent] no output from script. ")
}
out.Close()
}(serviceOutput)
// high load leads to missing output from the scripts . sleep introduced as workaround
time.Sleep(time.Millisecond*100)
cmd.Start()
log.Println("[Quarantine:validateAgent] quarantained script executed. Waiting...")
time.Sleep(VALIDATE_TIMER*time.Second)
//log.Println("[Quarantine:validateAgent] Behaviour analysis of the script:")
if counter > 1 {
// inform reciever about a validated agent
log.Println("[Quarantine:validateAgent] counter > 1, agent validated, :", q.agents[script].scriptFile)
// notify agent manager about a validated agent
q.validatedAgent<-qa
}else{
log.Println("[Quarantine:validateAgent] counter != 1, agent in-valid, :", q.agents[script].scriptFile)
if counter == 1{
log.Println("[Quarantine:validateAgent] Found one output line. Possible task type script detected")
}else if counter == 0{
log.Println("[Quarantine:validateAgent] no output from candidate script")
}
}
log.Println("[Quarantine:validateAgent] sending SIGTERM to script: ",script)
group, _:= os.FindProcess(-1 * cmd.Process.Pid)
group.Signal(syscall.SIGTERM)
if cmd.Process == nil {
return
}
log.Println("[Quarantine:validateAgent] sending SIGKILL to script: ",script)
group, _ = os.FindProcess(-1 * cmd.Process.Pid)
group.Signal(syscall.SIGKILL)
}