Commit 6c1f2fc
Changed files (4)
app
views
agents
files
workers
lib
tasks
app/views/agents/files/show.json.jbuilder
@@ -1,3 +1,6 @@
if @file
json.extract! @file, :fingerprint, :state
+else
+ json.fingerprint params[:fingerprint]
+ json.state "unknown"
end
app/workers/cloud_queries.rb
@@ -8,12 +8,6 @@ class CloudQueries
logger.info "Query for: #{json.inspect}"
attributes = JSON.parse(json)
- publish(JSON.generate({
- agent_id: attributes["agent_id"],
- name: "File #{attributes["name"]}",
- data: attributes["data"]
- }), to_queue: "worker.events")
-
fingerprint = attributes["fingerprint"]
disposition = Disposition.find_by(fingerprint: fingerprint)
lib/tasks/agent.rake
@@ -1,8 +1,15 @@
namespace :agent do
+ require 'fake_agent'
+
desc "watch all files"
task watch: :environment do
- require 'fake_agent'
agent = FakeAgent.new(Agent.first.id, 'http://localhost:3000')
- agent.run(Dir.pwd)
+ agent.watch(Dir.pwd)
+ end
+
+ desc "scan directory"
+ task scan: :environment do
+ agent = FakeAgent.new(Agent.first.id, 'http://localhost:3000')
+ agent.scan(Dir.pwd)
end
end
lib/fake_agent.rb
@@ -6,7 +6,7 @@ class FakeAgent
@endpoint = endpoint
end
- def run(directory)
+ def watch(directory)
listener = Listen.to(directory, debug: true) do |modified, added, removed|
publish_event(:modified, modified)
publish_event(:added, added)
@@ -17,6 +17,22 @@ class FakeAgent
sleep
end
+ def scan(directory)
+ Dir["**/**/*"].each do |file|
+ next unless File.file?(file)
+ url = "#{endpoint}/agents/#{id}/files/#{fingerprint_for(file)}"
+ response = Typhoeus.get(url)
+ body = JSON.parse(response.body)
+ puts body.inspect
+ case body["state"]
+ when "malicious"
+ publish_event(:quarantined, [file])
+ when "unknown"
+ puts "file is unknown"
+ end
+ end
+ end
+
private
def publish_event(event, files)