security/maltrail: new plugin

security/maltrail/Makefile

@@ -0,0 +1,8 @@
+PLUGIN_NAME=		maltrail
+PLUGIN_VERSION=		0.1
+PLUGIN_COMMENT=		Malicious traffic detection system
+PLUGIN_DEPENDS=		maltrail
+PLUGIN_MAINTAINER=	[email protected]
+PLUGIN_DEVEL=         yes
+
+.include "../../Mk/plugins.mk"

security/maltrail/pkg-descr

@@ -0,0 +1,8 @@
+Maltrail is a malicious traffic detection system, utilizing publicly
+available (black)lists containing malicious and/or generally suspicious
+trails, along with static trails compiled from various AV reports and
+custom user defined lists, where trail can be anything from domain name,
+URL, IP address or HTTP User-Agent header value. Also, it uses advanced
+heuristic mechanisms that can help in discovery of unknown threats.
+
+WWW: https://github.com/stamparm/maltrail

security/maltrail/src/etc/inc/plugins.inc.d/maltrail.inc

@@ -0,0 +1,64 @@
+<?php
+
+/**
+ *    Copyright (C) 2019 Michael Muenz <[email protected]>
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+function maltrail_services()
+{
+    global $config;
+
+    $services = array();
+
+    if (isset($config['OPNsense']['maltrail']['general']['enabled']) && $config['OPNsense']['maltrail']['general']['enabled'] == 1) {
+        $services[] = array(
+            'description' => gettext('maltrail sensor'),
+            'configd' => array(
+                'restart' => array('maltrailsensor restart'),
+                'start' => array('maltrailsensor start'),
+                'stop' => array('maltrailsensor stop'),
+            ),
+            'name' => 'maltrailsensor',
+            'pidfile' => '/var/run/maltrailsensor.pid'
+        );
+    }
+
+    if (isset($config['OPNsense']['maltrail']['server']['enabled']) && $config['OPNsense']['maltrail']['server']['enabled'] == 1) {
+        $services[] = array(
+            'description' => gettext('maltrail server'),
+            'configd' => array(
+                'restart' => array('maltrailserver restart'),
+                'start' => array('maltrailserver start'),
+                'stop' => array('maltrailserver stop'),
+            ),
+            'name' => 'maltrailserver',
+            'pidfile' => '/var/run/maltrailserver.pid'
+        );
+    }
+
+    return $services;
+}

security/maltrail/src/etc/rc.d/opnsense-maltrailsensor

@@ -0,0 +1,23 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: opnsense-maltrailsensor
+# REQUIRE: SERVERS
+# KEYWORD: shutdown
+#
+
+. /etc/rc.subr
+
+name=maltrailsensor
+
+rcvar=maltrailsensor_enable
+pidfile=/var/run/${name}.pid
+command=/usr/sbin/daemon
+command_args="-f -P /var/run/maltrailsensor.pid python2.7 /usr/local/share/maltrail/sensor.py"
+
+load_rc_config opnsense-maltrailsensor
+
+: ${maltrailsensor_enable="NO"}
+
+run_rc_command $1

security/maltrail/src/etc/rc.d/opnsense-maltrailserver

@@ -0,0 +1,52 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: opnsense-maltrailserver
+# REQUIRE: SERVERS
+# KEYWORD: shutdown
+#
+
+. /etc/rc.subr
+
+name=maltrailserver
+
+stop_cmd=maltrailserver_stop
+start_cmd=maltrailserver_start
+status_cmd=maltrailserver_status
+rcvar=maltrailserver_enable
+pidfile=/var/run/${name}.pid
+command=/usr/sbin/daemon
+command_args="-f -P /var/run/maltrailserver.pid python2.7 /usr/local/share/maltrail/server.py"
+
+load_rc_config opnsense-maltrailserver
+
+: ${maltrailserver_enable ="NO"}
+
+maltrailserver_status()
+{
+         if [ -n "$rc_pid" ]; then
+             echo "${name} is running as pid $rc_pid."
+             return 0
+         else
+             echo "${name} is not running."
+         fi
+}
+
+maltrailserver_stop()
+{
+        if [ -n "$rc_pid" ]; then
+            echo "stopping maltrail server"
+            kill ${rc_pid}
+        else
+            echo "${name} is not running."
+        fi
+}
+
+maltrailserver_start()
+{
+        echo "starting maltrail server"
+        ${command} ${command_args}
+}
+
+run_rc_command $1

security/maltrail/src/opnsense/mvc/app/controllers/OPNsense/Maltrail/Api/GeneralController.php

@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * Copyright (C) 2019 Michael Muenz <[email protected]>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+namespace OPNsense\Maltrail\Api;
+
+use OPNsense\Base\ApiMutableModelControllerBase;
+
+class GeneralController extends ApiMutableModelControllerBase
+{
+    protected static $internalModelClass = '\OPNsense\Maltrail\General';
+    protected static $internalModelName = 'general';
+}

security/maltrail/src/opnsense/mvc/app/controllers/OPNsense/Maltrail/Api/SensorController.php

@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * Copyright (C) 2019 Michael Muenz <[email protected]>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+namespace OPNsense\Maltrail\Api;
+
+use OPNsense\Base\ApiMutableModelControllerBase;
+
+class SensorController extends ApiMutableModelControllerBase
+{
+    protected static $internalModelClass = '\OPNsense\Maltrail\Sensor';
+    protected static $internalModelName = 'sensor';
+}

security/maltrail/src/opnsense/mvc/app/controllers/OPNsense/Maltrail/Api/ServerController.php

@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * Copyright (C) 2019 Michael Muenz <[email protected]>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+namespace OPNsense\Maltrail\Api;
+
+use OPNsense\Base\ApiMutableModelControllerBase;
+
+class ServerController extends ApiMutableModelControllerBase
+{
+    protected static $internalModelClass = '\OPNsense\Maltrail\Server';
+    protected static $internalModelName = 'server';
+}

security/maltrail/src/opnsense/mvc/app/controllers/OPNsense/Maltrail/Api/ServerserviceController.php

@@ -0,0 +1,39 @@
+<?php
+
+/*
+ * Copyright (C) 2019 Michael Muenz <[email protected]>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+namespace OPNsense\Maltrail\Api;
+
+use OPNsense\Base\ApiMutableServiceControllerBase;
+
+class ServerserviceController extends ApiMutableServiceControllerBase
+{
+    protected static $internalServiceClass = '\OPNsense\Maltrail\Server';
+    protected static $internalServiceTemplate = 'OPNsense/Maltrail';
+    protected static $internalServiceEnabled = 'enabled';
+    protected static $internalServiceName = 'maltrailserver';
+}

security/maltrail/src/opnsense/mvc/app/controllers/OPNsense/Maltrail/Api/ServiceController.php

@@ -0,0 +1,39 @@
+<?php
+
+/*
+ * Copyright (C) 2019 Michael Muenz <[email protected]>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+namespace OPNsense\Maltrail\Api;
+
+use OPNsense\Base\ApiMutableServiceControllerBase;
+
+class ServiceController extends ApiMutableServiceControllerBase
+{
+    protected static $internalServiceClass = '\OPNsense\Maltrail\Sensor';
+    protected static $internalServiceTemplate = 'OPNsense/Maltrail';
+    protected static $internalServiceEnabled = 'enabled';
+    protected static $internalServiceName = 'maltrailsensor';
+}

security/maltrail/src/opnsense/mvc/app/controllers/OPNsense/Maltrail/GeneralController.php

@@ -0,0 +1,40 @@
+<?php
+
+/**
+ *    Copyright (C) 2019 Michael Muenz <[email protected]>
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\Maltrail;
+
+class GeneralController extends \OPNsense\Base\IndexController
+{
+    public function indexAction()
+    {
+        $this->view->generalForm = $this->getForm("general");
+        $this->view->pick('OPNsense/Maltrail/general');
+    }
+}