Merge branch 'dev' into feature/2041_2042-Add-NTP-Services

2023-12-04 11:23:35 +00:00
parent 40d596c373 2203877302
commit 39694fcec2
101 changed files with 3803 additions and 1047 deletions
--- a/docs/source/simulation_components/system/data_manipulation_bot.rst
+++ b/docs/source/simulation_components/system/data_manipulation_bot.rst
@@ -16,43 +16,125 @@ The bot is intended to simulate a malicious actor carrying out attacks like:
 - Dropping tables
 - Deleting records
 - Modifying data
-On a database server by abusing an application's trusted database connectivity.
+on a database server by abusing an application's trusted database connectivity.
+
+The bot performs attacks in the following stages to simulate the real pattern of an attack:
+
+- Logon - *The bot gains credentials and accesses the node.*
+- Port Scan - *The bot finds accessible database servers on the network.*
+- Attacking - *The bot delivers the payload to the discovered database servers.*
+
+Each of these stages has a random, configurable probability of succeeding (by default 10%). The bot can also be configured to repeat the attack once complete.

 Usage
 -----

 - Create an instance and call ``configure`` to set:
-  - Target database server IP
-  - Database password (if needed)
-  - SQL statement payload
+    - Target database server IP
+    - Database password (if needed)
+    - SQL statement payload
+    - Probabilities for succeeding each of the above attack stages
 - Call ``run`` to connect and execute the statement.

 The bot handles connecting, executing the statement, and disconnecting.

+In a simulation, the bot can be controlled by using ``DataManipulationAgent`` which calls ``run`` on the bot at configured timesteps.
+
 Example
 -------

 .. code-block:: python

    client_1 = Computer(
-        hostname="client_1", ip_address="192.168.10.21", subnet_mask="255.255.255.0", default_gateway="192.168.10.1"
+        hostname="client_1",
+        ip_address="192.168.10.21",
+        subnet_mask="255.255.255.0",
+        default_gateway="192.168.10.1"
+        operating_state=NodeOperatingState.ON # initialise the computer in an ON state
    )
-    client_1.power_on()
    network.connect(endpoint_b=client_1.ethernet_port[1], endpoint_a=switch_2.switch_ports[1])
    client_1.software_manager.install(DataManipulationBot)
-    data_manipulation_bot: DataManipulationBot = client_1.software_manager.software["DataManipulationBot"]
+    data_manipulation_bot: DataManipulationBot = client_1.software_manager.software.get("DataManipulationBot")
    data_manipulation_bot.configure(server_ip_address=IPv4Address("192.168.1.14"), payload="DELETE")
    data_manipulation_bot.run()

 This would connect to the database service at 192.168.1.14, authenticate, and execute the SQL statement to drop the 'users' table.

+Example with ``DataManipulationAgent``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+If not using the data manipulation bot manually, it needs to be used with a data manipulation agent. Below is an example section of configuration file for setting up a simulation with data manipulation bot and agent.
+
+.. code-block:: yaml
+
+    game_config:
+      # ...
+      agents:
+        - ref: data_manipulation_red_bot
+          team: RED
+          type: RedDatabaseCorruptingAgent
+
+          observation_space:
+            type: UC2RedObservation
+            options:
+              nodes:
+                - node_ref: client_1
+                  observations:
+                  - logon_status
+                  - operating_status
+                  applications:
+                  - application_ref: data_manipulation_bot
+                    observations:
+                      operating_status
+                      health_status
+                  folders: {}
+
+          action_space:
+            action_list:
+              - type: DONOTHING
+              - type: NODE_APPLICATION_EXECUTE
+            options:
+              nodes:
+              - node_ref: client_1
+                applications:
+                  - application_ref: data_manipulation_bot
+              max_folders_per_node: 1
+              max_files_per_folder: 1
+              max_services_per_node: 1
+
+          reward_function:
+            reward_components:
+              - type: DUMMY
+
+          agent_settings:
+            start_settings:
+              start_step: 25
+              frequency: 20
+              variance: 5
+    # ...
+
+    simulation:
+      network:
+        nodes:
+        - ref: client_1
+          type: computer
+          # ... additional configuration here
+          applications:
+          - ref: data_manipulation_bot
+            type: DataManipulationBot
+            options:
+              port_scan_p_of_success: 0.1
+              data_manipulation_p_of_success: 0.1
+              payload: "DELETE"
+              server_ip: 192.168.1.14
+
 Implementation
 --------------

 The bot extends ``DatabaseClient`` and leverages its connectivity.

 - Uses the Application base class for lifecycle management.
- Credentials and target IP set via ``configure``.
+- Credentials, target IP and other options set via ``configure``.
 - ``run`` handles connecting, executing statement, and disconnecting.
 - SQL payload executed via ``query`` method.
 - Results in malicious SQL being executed on remote database server.
--- a/docs/source/simulation_components/system/database_client_server.rst
+++ b/docs/source/simulation_components/system/database_client_server.rst
@@ -45,17 +45,14 @@ Key features
 ^^^^^^^^^^^^

 - Connects to the ``DatabaseService`` via the ``SoftwareManager``.
+- Handles connecting and disconnecting.
 - Executes SQL queries and retrieves result sets.
- Handles connecting, querying, and disconnecting.
- Provides a simple ``query`` method for running SQL.
-

 Usage
 ^^^^^

 - Initialise with server IP address and optional password.
 - Connect to the ``DatabaseService`` with ``connect``.
- Execute SQL queries via ``query``.
 - Retrieve results in a dictionary.
 - Disconnect when finished.

@@ -70,6 +67,5 @@ Implementation

 - Leverages ``SoftwareManager`` for sending payloads over the network.
 - Connect and disconnect methods manage sessions.
- Provides easy interface for applications to query database.
 - Payloads serialised as dictionaries for transmission.
 - Extends base Application class.
--- a/docs/source/simulation_components/system/ftp_client_server.rst
+++ b/docs/source/simulation_components/system/ftp_client_server.rst
@@ -77,6 +77,7 @@ Dependencies
    from primaite.simulator.network.hardware.nodes.server import Server
    from primaite.simulator.system.services.ftp.ftp_server import FTPServer
    from primaite.simulator.system.services.ftp.ftp_client import FTPClient
+    from primaite.simulator.network.hardware.node_operating_state import NodeOperatingState

 Example peer to peer network
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -85,10 +86,18 @@ Example peer to peer network

    net = Network()

-    pc1 = Computer(hostname="pc1", ip_address="120.10.10.10", subnet_mask="255.255.255.0")
-    srv = Server(hostname="srv", ip_address="120.10.10.20", subnet_mask="255.255.255.0")
-    pc1.power_on()
-    srv.power_on()
+    pc1 = Computer(
+        hostname="pc1",
+        ip_address="120.10.10.10",
+        subnet_mask="255.255.255.0",
+        operating_state=NodeOperatingState.ON # initialise the computer in an ON state
+    )
+    srv = Server(
+        hostname="srv",
+        ip_address="120.10.10.20",
+        subnet_mask="255.255.255.0",
+        operating_state=NodeOperatingState.ON # initialise the server in an ON state
+    )
    net.connect(pc1.ethernet_port[1], srv.ethernet_port[1])

 Install the FTP Server
--- a/docs/source/simulation_components/system/software.rst
+++ b/docs/source/simulation_components/system/software.rst
@@ -6,14 +6,45 @@
 Software
 ========

+-------------
+Base Software
+-------------
+
+All software which inherits ``IOSoftware`` installed on a node will not work unless the node has been turned on.
+
+See :ref:`Node Start up and Shut down`
+
+.. code-block:: python
+
+    from primaite.simulator.network.hardware.base import Node
+    from primaite.simulator.network.hardware.node_operating_state import NodeOperatingState
+    from primaite.simulator.system.services.service import ServiceOperatingState
+    from primaite.simulator.system.services.web_server.web_server import WebServer
+
+    node = Node(hostname="pc_a", start_up_duration=0, shut_down_duration=0)
+
+    node.power_on()
+    assert node.operating_state is NodeOperatingState.ON
+
+    node.software_manager.install(WebServer)
+
+    web_server: WebServer = node.software_manager.software.get("WebServer")
+    assert web_server.operating_state is ServiceOperatingState.RUNNING # service is immediately ran after install
+
+    node.power_off()
+    assert node.operating_state is NodeOperatingState.OFF
+    assert web_server.operating_state is ServiceOperatingState.STOPPED # service stops when node is powered off
+
+    node.power_on()
+    assert node.operating_state is NodeOperatingState.ON
+    assert web_server.operating_state is ServiceOperatingState.RUNNING # service turned back on when node is powered on


-
-Contents
-########
+Services, Processes and Applications:
+#####################################

 .. toctree::
-   :maxdepth: 8
+   :maxdepth: 2

   database_client_server
   data_manipulation_bot