adjusted some supporting documentation around DB usage

adjusted build file to work with db libs adjusted version to 3.0
honeynet · Oct 24, 2009 · 1736ddc · 1736ddc
1 parent b82e914
commit 1736ddc
Show file tree

Hide file tree

Showing 6 changed files with 272 additions and 23 deletions.
diff --git a/capture-server/Readme.txt b/capture-server/Readme.txt
@@ -10,19 +10,16 @@ Capture is written and distributed under the GNU General Public License.
 * VMWare Server 1.0.6 with VMware VIX (do not download VIX separately) (available at http://www.vmware.com/download/server/) 
 * Microsoft Windows XP, Microsoft Windows Vista or Linux (other OS might also be capable of running the server, but are not supported)
 * For database options: 
-  - Database server: MySQL server 5.1 or PostgreSQL server 8.3
-  - Libraries: 
-    + Mysql connector 5.1 or PostgreSQL connector 8.3
-    + Jakarta commons DBCP 1.2.2
-    + Apache Commons Pools 1.4
-    These libraries should be coppied to <Java folder>/jre/lib/ext
+  - Database server: No database (text files, MySQL server 5.1, or PostgreSQL server 8.3
+
 1.1 Installing the VMware VIX
 -----------------------------
 1. Install VMware server.
 
 2. Capture Server Installation
 ------------------------------
 Unpack the capture-server zip file.
+If capture should use a mysql or postgres database, setup an empty database capturehpc and run sql file capture_mysql.sql or capture_postgresql.sql to create tables and initial content. Please check that you can access the database and that tables exist.
 
 3. Capture Server Configuration
 -------------------------------
@@ -43,6 +40,7 @@ Configuring the server component requires editing the config.xml file that was d
 	- Firefox (applies divide-and-conquer algorithm): full support; however, firefox needs to be configured to open a blank page and not restore from previous sessions. In addition, because firefox does not have a callback that notifies the server when a page has successfully been retrieved, the client-default-visit-time needs to be increased to accommodate loading X firefox instances and retrieving the web pages. Some testing might be required to determine the appropriate value.
 	- Other: only group sizes of 1 are supported at this point
 * Add the local exclusion lists that would be pushed to the clients if that option is enabled 
+* Optionally add a mysql or postgres database configuration section. Specify database type, database server, database name, user name and password.
 * Add vmware servers
 	Specify the ip address, port, username, and password of the vmware server that hosts capture clients.
 * For each vmware server, add virtual machines that run a Capture Client.
@@ -100,12 +98,6 @@ Example: java -Djava.net.preferIPv4Stack=true -jar CaptureServer.jar -s <IP list
 One can specify a specific client application to have Capture client to visit a server with (The default is set via the client-default global property in the config.xml. By default it is set to Internet Explorer Bulk). This occurs by appending a client identifier separated by two colons after the URI. Also one can overwrite the default visitation time, for example, http://www.google.com::firefox::45. The client identifier needs to be specified in the applications.conf on the client side and point to the executable of the client application. When group size is configured to be larger than 1, it is not recommended to overwrite the visitiation time and client. (see the Capture Client readme.txt for more information)
 
 DATABASE OPTION (Make sure you have installed MySQL server or PostgreSQL server if you want to use database functionalities)
- - Create database for capture-hpc: There are four scripts (in utilities folder) to create or remove database. You can change some configuration such as database name, username, password in these script before using them.
-  + create_mysql_database.sh: create database in MySQL server for capture-hpc. 
-  + remove_mysql_database.sh: remove database in MySQL server.
-  + create_postgresql_database.sh: create database in PosgreSQL server for capture-hpc. 
-  + remove_postgresql_database.sh: remove database in PostgreSQL server.
-
  - Operation options:
   + Without input-url file, Capture will get all urls from database (url table) for inspecting.
    java -Djava.net.preferIPv4Stack=true -jar CaptureServer.jar -s <IP listening address>:<IP listening port>

diff --git a/capture-server/build.xml b/capture-server/build.xml
@@ -15,8 +15,8 @@
      <property name="build" value="build"/>
 	 <property name="lib" value="lib"/>
      <property name="release" value="release"/>
-	 <property name="classpath.build" value="./lib/junit-4.4.jar:./lib/FFDetect.jar:./lib/jpcap.jar:./lib/DNSMapper.jar:./lib/HTTPExtractor.jar:./lib/mysql-connector-java-5.1.7-bin.jar:./lib/postgresql-8.3-604.jdbc4.jar:./lib/commons-pool-1.4.jar:./lib/commons-dbcp-1.2.2.jar"/>
-	 <property name="classpath.run" value="./lib/junit-4.4.jar:./lib/FFDetect.jar:./lib/jpcap.jar:./lib/DNSMapper.jar:./lib/HTTPExtractor.jar:./lib/mysql-connector-java-5.1.7-bin.jar:./lib/postgresql-8.3-604.jdbc4.jar:./lib/commons-pool-1.4.jar:./lib/commons-dbcp-1.2.2.jar"/>
+	 <property name="classpath.build" value="./lib/junit-4.4.jar:./lib/commons-dbcp-1.2.2.jar:./lib/FFDetect.jar:./lib/jpcap.jar:./lib/DNSMapper.jar:./lib/HTTPExtractor.jar:./lib/mysql-connector-java-5.1.7-bin.jar:./lib/postgresql-8.3-604.jdbc4.jar:./lib/commons-pool-1.4.jar:./lib/commons-dbcp-1.2.2.jar"/>
+	 <property name="classpath.run" value="./lib/junit-4.4.jar ./lib/commons-dbcp-1.2.2.jar ./lib/FFDetect.jar ./lib/jpcap.jar ./lib/DNSMapper.jar ./lib/HTTPExtractor.jar ./lib/mysql-connector-java-5.1.7-bin.jar ./lib/postgresql-8.3-604.jdbc4.jar ./lib/commons-pool-1.4.jar"/>
 
 
 	 <path id="classpath">
@@ -65,6 +65,11 @@
 		<copy file="./input_urls_example.txt" todir="${release}"/>
 		<copy file="./config.xsd" todir="${release}"/>
 		<copy file="./config.xml" todir="${release}"/>
+		<copy todir="${release}">
+			<fileset dir="utilities">
+				<include name="*.sql"/>
+			</fileset>
+		</copy>
 		<copy todir="${release}/${lib}">
 			<fileset dir="lib"/>
 		</copy>

diff --git a/capture-server/capture/Server.java b/capture-server/capture/Server.java
@@ -5,12 +5,16 @@ public class Server
 	public Server(String[] args)
 	{
         System.out.println("PROJECT: Capture-HPC\n" +
-                "VERSION: 2.5\n" +
-                "DATE: Apr 25, 2008\n" +
+                "VERSION: 3.0\n" +
+                "DATE: Oct 24, 2009\n" +
                 "COPYRIGHT HOLDER: Victoria University of Wellington, NZ\n" +
                 "AUTHORS:\n" +
                 "\tChristian Seifert ([email protected])\n" +
                 "\tRamon Steenson([email protected])\n" +
+                "\tVan Lam Le ([email protected])\n" +
+				"\n" +
+				"For help, please refer to Capture-HPC mailing list at:\n" +
+				"\thttps://public.honeynet.org/mailman/listinfo/capture-hpc" +
                 "\n" +
                 "Capture-HPC is free software; you can redistribute it and/or modify\n" +
                 "it under the terms of the GNU General Public License, V2 as published by\n" +

diff --git a/capture-server/compile_README.txt b/capture-server/compile_README.txt
@@ -1,4 +1,4 @@
-1. Capture Client Compilation Instructions
+1. Capture Server Compilation Instructions
 ------------------------------------------
 For convenient compilation, we provide an Ant script for easy compilation of the Capture Server.
 
@@ -16,15 +16,13 @@ Ensure that the following environment variables are set:
 Ensure that the following directories are in the PATH:
 	JAVA_HOME/bin
 	ANT_HOME/bin
+	MYSQL/bin
 	VCINSTALLDIR/bin for Windows
 	path to gcc for Linux
+
 For database options:
-  - Database server: MySQL server 5.1 or PostgreSQL server 8.3
-  - Libraries:
-    + Mysql connector 5.1 or PostgreSQL connector 8.3
-    + Jakarta commons DBCP 1.2.2
-    + Apache Commons Pools 1.4
-    These libraries should be coppied to <Java folder>/jre/lib/ext
+  - Database server: No database (text file based), MySQL server 5.1, or PostgreSQL server 8.3
+
 
 3. Compilation
 --------------

diff --git a/capture-server/utilities/capture_mysql.sql b/capture-server/utilities/capture_mysql.sql
@@ -0,0 +1,125 @@
+create table clientprogram (
+	clientprogram_id  serial,
+	name varchar(100), 
+	PRIMARY KEY(clientprogram_id)
+);
+
+create table os (
+	os_id  serial,
+	name varchar(100), 
+	PRIMARY KEY(os_id)
+);
+
+create table browser (
+	browser_id  serial,
+	name varchar(100), 
+	PRIMARY KEY(browser_id)
+);
+
+create table status (
+	status_id  char(1),
+	name varchar(100), 
+	PRIMARY KEY(status_id)
+);
+
+create table honeypot (
+	honeypot_id  serial,
+	ipaddress char(15),
+	port  	integer,
+    status  char(1),
+  	Description  varchar(500),
+	PRIMARY KEY(honeypot_id)
+);
+
+create table vmserver (
+	vmserver_id  serial,
+	ipaddress char(15),
+	port  	integer,
+    username  varchar(50),
+    password  varchar(50),
+    honeypot_id  integer references honeypot(honeypot_id),
+	PRIMARY KEY(vmserver_id)
+);
+
+create table vmachine (
+	vmachine_id  serial,
+	path varchar(500),
+    username  varchar(50),
+    password  varchar(50),
+    vmserver_id integer references vmserver(vmserver_id),
+    os_id  integer references os(os_id),
+    browser_id integer references browser(browser_id),
+	PRIMARY KEY(vmachine_id)
+);
+
+create table operation (
+	operation_id serial,
+	description varchar(500), 
+	visitstarttime  char(23), 
+	visitfinishtime char(23), 
+	honeypot_id  integer references honeypot(honeypot_id), 
+	PRIMARY KEY(operation_id)
+);
+
+
+create table url (url_id serial,
+   	url varchar(500) not null, 
+   	currentstatus char(1) references status(status_id), 
+        lastvisittime char(23), 
+        operation_id integer references operation(operation_id), 
+        PRIMARY KEY(url_id)
+);
+
+create table url_operation (
+	url_id  	integer references url(url_id),
+  	operation_id  	integer references operation(operation_id),
+  	clientprogram_id  integer references clientprogram(clientprogram_id),
+	visitstarttime  char(23),
+  	visitfinishtime char(23),
+  	status_id  	char(1) references status(status_id),
+  	webserverip  	char(15),
+	PRIMARY KEY(url_id, operation_id)
+);
+
+create table file (
+	url_id  	integer references url(url_id),
+  	operation_id  	integer references operation(operation_id),
+	filename  	varchar(500), 
+  	content     mediumblob,
+	PRIMARY KEY(url_id, operation_id, filename)
+);
+
+create table event (
+	event_id    serial, 
+	url_id  	integer references url(url_id),
+  	operation_id  	integer references operation(operation_id),
+	type            varchar(50),
+        time  	        varchar(23),
+  	process         varchar(500),
+   	action    	varchar(50),
+        object1  	varchar(500),
+   	object2   	varchar(500), 
+	PRIMARY KEY(event_id) 
+);
+
+
+create table error ( 
+       url_id        integer references url(url_id), 
+       operation_id   integer references operation(operation_id), 
+       majorerror  varchar(50),
+       minorerror  varchar(50), 
+       PRIMARY KEY(url_id, operation_id) 
+ );
+
+insert into status(status_id,name) values('B', 'benign'); 
+insert into status(status_id, name) values('M', 'malicious'); 
+insert into status(status_id, name) values('E', 'error'); 
+insert into clientprogram(name) values('iexplorebulk');
+insert into clientprogram(name) values('iexplore');
+insert into clientprogram(name) values('safari');
+insert into clientprogram(name) values('firefox');
+insert into clientprogram(name) values('opera');
+insert into clientprogram(name) values('oowriter');
+insert into clientprogram(name) values('acrobatreader');
+insert into clientprogram(name) values('word');
+
diff --git a/capture-server/utilities/capture_postgresql.sql b/capture-server/utilities/capture_postgresql.sql
@@ -0,0 +1,125 @@
+create table clientprogram (
+	clientprogram_id  serial,
+	name varchar(100), 
+	CONSTRAINT clientprogram_pk PRIMARY KEY(clientprogram_id)
+);
+
+create table os (
+	os_id  serial,
+	name varchar(100), 
+	CONSTRAINT os_pk PRIMARY KEY(os_id)
+);
+
+create table browser (
+	browser_id  serial,
+	name varchar(100), 
+	CONSTRAINT browser_pk PRIMARY KEY(browser_id)
+);
+
+create table status (
+	status_id  char(1),
+	name varchar(100), 
+	CONSTRAINT status_pk PRIMARY KEY(status_id)
+);
+
+create table honeypot (
+	honeypot_id  serial,
+	ipaddress inet,
+	port  	integer,
+    status  char(1),
+  	Description  varchar,
+	CONSTRAINT honeypot_pk PRIMARY KEY(honeypot_id)
+);
+
+create table vmserver (
+	vmserver_id  serial,
+	ipaddress inet,
+	port  	integer,
+    username  varchar(50),
+    password  varchar(50),
+    honeypot_id  integer references honeypot(honeypot_id),
+	CONSTRAINT vmserver_pk PRIMARY KEY(vmserver_id)
+);
+
+create table vmachine (
+	vmachine_id  serial,
+	path varchar,
+    username  varchar(50),
+    password  varchar(50),
+    vmserver_id integer references vmserver(vmserver_id),
+    os_id  integer references os(os_id),
+    browser_id integer references browser(browser_id),
+	CONSTRAINT vmachine_pk PRIMARY KEY(vmachine_id)
+);
+
+create table operation (
+	operation_id serial,
+	description varchar, 
+	visitstarttime  timestamp, 
+	visitfinishtime timestamp, 
+	honeypot_id  integer references honeypot(honeypot_id), 
+	CONSTRAINT operation_pk PRIMARY KEY(operation_id)
+);
+
+
+create table url (url_id serial,
+   	url varchar not null, 
+   	currentstatus char(1) references status(status_id), 
+        lastvisittime timestamp, 
+        operation_id integer references operation(operation_id), 
+        CONSTRAINT url_pk PRIMARY KEY(url_id)
+);
+
+create table url_operation (
+	url_id  	integer references url(url_id),
+  	operation_id  	integer references operation(operation_id),
+  	clientprogram_id  integer references clientprogram(clientprogram_id),
+	visitstarttime  timestamp,
+  	visitfinishtime timestamp,
+  	status_id  	char(1) references status(status_id),
+  	webserverip  	inet,
+	CONSTRAINT url_operation_pk PRIMARY KEY(url_id, operation_id)
+);
+
+create table file (
+	url_id  	integer references url(url_id),
+  	operation_id  	integer references operation(operation_id),
+	filename  	varchar, 
+  	content     bytea,
+	CONSTRAINT file_pk PRIMARY KEY(url_id, operation_id, filename)
+);
+
+create table event (
+	event_id    serial, 
+	url_id  	integer references url(url_id),
+  	operation_id  	integer references operation(operation_id),
+	type            varchar(50),
+        time  	        timestamp,
+  	process         varchar,
+   	action    	varchar(50),
+        object1  	varchar,
+   	object2   	varchar, 
+	CONSTRAINT event_pk PRIMARY KEY(event_id) 
+);
+
+create table error ( 
+       url_id        integer references url(url_id), 
+       operation_id   integer references operation(operation_id), 
+       majorerror  varchar(50),
+       minorerror  varchar(50), 
+       CONSTRAINT error_pk PRIMARY KEY(url_id, operation_id) 
+ );
+
+
+
+insert into status(status_id,name) values('B', 'benign'); 
+insert into status(status_id, name) values('M', 'malicious'); 
+insert into status(status_id, name) values('E', 'error'); 
+insert into clientprogram(name) values('iexplorebulk');
+insert into clientprogram(name) values('iexplore');
+insert into clientprogram(name) values('safari');
+insert into clientprogram(name) values('firefox');
+insert into clientprogram(name) values('opera');
+insert into clientprogram(name) values('oowriter');
+insert into clientprogram(name) values('acrobatreader');
+insert into clientprogram(name) values('word');