remove

Author: phrocker

.env

@@ -1,4 +1,4 @@
-SENTRIUS_VERSION=1.0.4
+SENTRIUS_VERSION=1.0.5
 SENTRIUS_SSH_VERSION=1.0.1
 SENTRIUS_KEYCLOAK_VERSION=1.0.1
-SENTRIUS_AGENT_VERSION=1.0.8
+SENTRIUS_AGENT_VERSION=1.0.9

.gitignore

@@ -33,7 +33,9 @@ replay_pid*
 target/*
 api/target/**
 core/target/**
+analyagents/target/**
 core/target/
+analyagents/target/
 node/*
 node_modules/*
 api/node_modules/*
@@ -47,3 +49,4 @@ api/node_modules/*
 # Eclipse Project Setting #
 
 .settings/*
+.env.bak

analyagents/src/main/java/io/sentrius/agent/analysis/agents/sessions/SessionAnalyticsAgent.java

@@ -1,5 +1,7 @@
 package io.sentrius.agent.analysis.agents.sessions;
 
+import java.sql.Timestamp;
+import java.util.Arrays;
 import java.util.List;
 import java.util.Set;
 import java.util.stream.Collectors;
@@ -9,7 +11,9 @@
 import io.sentrius.sso.core.model.metadata.TerminalRiskIndicator;
 import io.sentrius.sso.core.model.metadata.TerminalSessionMetadata;
 import io.sentrius.sso.core.model.metadata.UserExperienceMetrics;
+import io.sentrius.sso.core.model.sessions.TerminalLogs;
 import io.sentrius.sso.core.repository.AnalyticsTrackingRepository;
+import io.sentrius.sso.core.services.SessionService;
 import io.sentrius.sso.core.services.metadata.TerminalBehaviorMetricsService;
 import io.sentrius.sso.core.services.metadata.TerminalCommandService;
 import io.sentrius.sso.core.services.metadata.TerminalRiskIndicatorService;
@@ -28,12 +32,13 @@
 @ConditionalOnProperty(name = "agents.session-analytics.enabled", havingValue = "true", matchIfMissing = false)
 public class SessionAnalyticsAgent {
 
-    private final TerminalSessionMetadataService sessionService;
+    private final TerminalSessionMetadataService sessionMetadataService;
     private final TerminalCommandService commandService;
     private final TerminalBehaviorMetricsService behaviorMetricsService;
     private final TerminalRiskIndicatorService riskIndicatorService;
     private final UserExperienceMetricsService experienceMetricsService;
     private final AnalyticsTrackingRepository trackingRepository;
+    private final SessionService sessionService;
 
     @Scheduled(fixedDelay = 60000) // Waits 60 seconds after the previous run completes
     @Transactional
@@ -42,23 +47,37 @@ public void processSessions() {
 
         // Fetch already processed session IDs in bulk
         Set<Long> processedSessionIds = trackingRepository.findAllSessionIds();
-        List<TerminalSessionMetadata> unprocessedSessions = sessionService.getAllSessions().stream()
+        List<TerminalSessionMetadata> unprocessedSessions = sessionMetadataService.getSessionsByState("CLOSED").stream()
             .filter(session -> !processedSessionIds.contains(session.getId()))
             .collect(Collectors.toList());
 
         for (TerminalSessionMetadata session : unprocessedSessions) {
             try {
                 processSession(session);
+                // ACTIVE -> INACTIVE -> CLOSED -> PROCESSED
                 saveToTracking(session.getId(), "PROCESSED");
             } catch (Exception e) {
                 log.error("Error processing session {}: {}", session.getId(), e.getMessage(), e);
                 saveToTracking(session.getId(), "ERROR");
             }
+            session.setSessionStatus("PROCESSED");
+            sessionMetadataService.saveSession(session);
         }
     }
 
     private void processSession(TerminalSessionMetadata session) {
+
+        var terminalLogs = sessionService.getTerminalsBySessionId(session.getSessionLog().getId());
+        if (terminalLogs == null) {
+            terminalLogs = List.of(); // Ensure it's not null
+        }
+
+        for (TerminalLogs terminalLog : terminalLogs) {
+            parseAndSaveCommands(terminalLog, session);
+        }
+
         List<TerminalCommand> commands = commandService.getCommandsBySessionId(session.getId());
+
         if (commands == null) {
             commands = List.of(); // Ensure it's not null
         }
@@ -79,4 +98,44 @@ private void saveToTracking(Long sessionId, String status) {
         tracking.setStatus(status);
         trackingRepository.save(tracking);
     }
+
+    public List<TerminalCommand> parseAndSaveCommands(
+        TerminalLogs terminalLog,
+        TerminalSessionMetadata sessionMetadata) {
+        // Split output into individual commands (Assume each command ends with a newline or specific delimiter)
+        String[] commands = terminalLog.getOutput().split("\n");
+
+        // Parse each command
+        List<TerminalCommand> terminalCommands = Arrays.stream(commands)
+            .filter(command -> !command.trim().isEmpty()) // Skip empty lines
+            .map(command -> createTerminalCommand(command, terminalLog, sessionMetadata))
+            .collect(Collectors.toList());
+
+        // Save commands to the database
+        return commandService.saveAll(terminalCommands);
+    }
+
+    private TerminalCommand createTerminalCommand(String command, TerminalLogs terminalLog, TerminalSessionMetadata sessionMetadata) {
+        TerminalCommand terminalCommand = new TerminalCommand();
+        terminalCommand.setCommand(command.trim());
+        terminalCommand.setSession(sessionMetadata);
+        terminalCommand.setExecutionTime(new Timestamp(System.currentTimeMillis()));
+        terminalCommand.setExecutionStatus("SUCCESS");
+        terminalCommand.setOutput(""); // Assume no output initially
+        terminalCommand.setCommandCategory(categorizeCommand(command));
+
+        return terminalCommand;
+    }
+
+    private String categorizeCommand(String command) {
+        // probably need to define externally
+        if (command.startsWith("sudo")) {
+            return "PRIVILEGED";
+        } else if (command.contains("rm")) {
+            return "DESTRUCTIVE";
+        } else if (command.contains("ls") || command.contains("cat")) {
+            return "INFORMATIONAL";
+        }
+        return "GENERAL";
+    }
 }

analyagents/src/main/resources/application.properties

@@ -57,4 +57,4 @@ spring.security.oauth2.client.registration.keycloak.redirect-uri=http://192.168.
 spring.security.oauth2.client.registration.keycloak.scope=openid,profile,email
 
 spring.security.oauth2.resourceserver.jwt.issuer-uri=http://192.168.1.162:8180/realms/sentrius
-spring.security.oauth2.client.provider.keycloak.issuer-uri=http://192.168.1.162:8180/realms/sentrius
+spring.security.oauth2.client.provider.keycloak.issuer-uri=http://192.168.1.162:8180/realms/sentrius

api/src/main/java/io/sentrius/sso/controllers/api/HostApiController.java

@@ -228,7 +228,7 @@ public ResponseEntity<ObjectNode> connectSSHServer(HttpServletRequest request, H
             hostSystem.get(),
             sessionRules);
 
-        /*
+
         TerminalSessionMetadata sessionMetadata = TerminalSessionMetadata.builder().sessionStatus("ACTIVE")
             .hostSystem(hostSystem.get())
             .user(user)
@@ -237,7 +237,7 @@ public ResponseEntity<ObjectNode> connectSSHServer(HttpServletRequest request, H
             .build();
 
         sessionMetadata = terminalSessionMetadataService.createSession(sessionMetadata);
-*/
+
         var encryptedSessionId = cryptoService.encrypt(connectedSystem.getSession().getId().toString());
 
         log.info("returning " + encryptedSessionId);

api/src/main/java/io/sentrius/sso/controllers/view/HostController.java

@@ -1,6 +1,7 @@
 package io.sentrius.sso.controllers.view;
 
 import java.security.GeneralSecurityException;
+import java.sql.Timestamp;
 import java.util.ArrayList;
 import java.util.List;
 import io.sentrius.sso.core.annotations.LimitAccess;
@@ -17,6 +18,7 @@
 import io.sentrius.sso.core.services.UserService;
 import io.sentrius.sso.core.config.SystemOptions;
 import io.sentrius.sso.core.services.UserCustomizationService;
+import io.sentrius.sso.core.services.metadata.TerminalSessionMetadataService;
 import io.sentrius.sso.core.services.terminal.SessionTrackingService;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -38,6 +40,7 @@ public class HostController extends BaseController {
     final SessionTrackingService sessionTrackingService;
     final CryptoService cryptoService;
     final UserCustomizationService userThemeService;
+    final TerminalSessionMetadataService terminalSessionMetadataService;
     private ConnectedSystem connectedSystem;
 
 
@@ -47,12 +50,14 @@ protected HostController(UserService userService,
                              HostGroupService hostGroupService,
                              SessionTrackingService sessionTrackingService,
                              CryptoService cryptoService,
-                             UserCustomizationService userThemeService) {
+                             UserCustomizationService userThemeService,
+                             TerminalSessionMetadataService terminalSessionMetadataService) {
         super(userService, systemOptions, errorOutputService);
         this.hostGroupService = hostGroupService;
         this.sessionTrackingService = sessionTrackingService;
         this.cryptoService = cryptoService;
         this.userThemeService = userThemeService;
+        this.terminalSessionMetadataService = terminalSessionMetadataService;
     }
 
 
@@ -222,6 +227,14 @@ public String attachSession(
 
         this.connectedSystem = myConnectedSystem;
 
+        if (null != connectedSystem){
+            terminalSessionMetadataService.getSessionBySessionLog(connectedSystem.getSession()).ifPresent(sessionMetadata -> {
+                sessionMetadata.setEndTime(new Timestamp(System.currentTimeMillis()));
+                sessionMetadata.setSessionStatus("ACTIVE");
+                terminalSessionMetadataService.saveSession(sessionMetadata);
+            });
+        }
+
         sessionTrackingService.flushSessionOutput(myConnectedSystem);
 
         sessionTrackingService.refreshSession(myConnectedSystem);

api/src/main/java/io/sentrius/sso/websocket/TerminalWSHandler.java

@@ -3,6 +3,8 @@
 
 import io.sentrius.sso.automation.auditing.Trigger;
 import io.sentrius.sso.automation.auditing.TriggerAction;
+import io.sentrius.sso.core.model.metadata.TerminalSessionMetadata;
+import io.sentrius.sso.core.services.metadata.TerminalSessionMetadataService;
 import io.sentrius.sso.protobuf.Session;
 import io.sentrius.sso.core.security.service.CryptoService;
 import io.sentrius.sso.core.services.terminal.SessionTrackingService;
@@ -15,6 +17,7 @@
 
 import java.io.IOException;
 import java.security.GeneralSecurityException;
+import java.sql.Timestamp;
 import java.util.Base64;
 import java.util.concurrent.ConcurrentHashMap;
 
@@ -32,6 +35,7 @@ public class TerminalWSHandler extends TextWebSocketHandler {
     final SessionTrackingService sessionTrackingService;
     final SshListenerService sshListenerService;
     final CryptoService cryptoService;
+    final TerminalSessionMetadataService terminalSessionMetadataService;
 
 
     // Store active sessions, using session ID or a custom identifier
@@ -143,9 +147,21 @@ public void afterConnectionClosed(WebSocketSession session, org.springframework.
 
             if (sessionId != null) {
                 // Remove the session when connection is closed
+                var lookupId = sessionId + "==";
+                var sys = sessionTrackingService.getEncryptedConnectedSession(lookupId);
+                if (null != sys){
+                    log.info("**** Closing session for {}", sys.getSession());
+                    terminalSessionMetadataService.getSessionBySessionLog(sys.getSession()).ifPresent(sessionMetadata -> {
+                        sessionMetadata.setEndTime(new Timestamp(System.currentTimeMillis()));
+                        sessionMetadata.setSessionStatus("CLOSED");
+                        terminalSessionMetadataService.saveSession(sessionMetadata);
+                    });
+                }
+
                 sessions.remove(sessionId);
                 sshListenerService.removeSession(sessionId);
-                log.trace("Connection closed, session ID: " + sessionId);
+
+                log.info("Connection closed, session ID: " + sessionId);
             }
         }
     }

core/src/main/java/io/sentrius/sso/core/model/metadata/TerminalCommand.java

@@ -13,9 +13,11 @@
 import jakarta.persistence.ManyToOne;
 import jakarta.persistence.Table;
 import lombok.Getter;
+import lombok.Setter;
 
 @Entity
 @Getter
+@Setter
 @Table(name = "terminal_commands")
 public class TerminalCommand {
     @Id

core/src/main/java/io/sentrius/sso/core/model/metadata/TerminalSessionMetadata.java

@@ -52,10 +52,12 @@ public class TerminalSessionMetadata {
     @Column(name = "ip_address", length = 45)
     private String ipAddress;
 
+    // ACTIVE -> (INACTIVE) -> (ACTIVE) -> CLOSED -> PROCESSED
     @Column(name = "session_status", nullable = false)
     private String sessionStatus = "ACTIVE";
 
     @Column(name = "is_suspicious", nullable = false)
+    @Builder.Default
     private Boolean isSuspicious = false;
 
     // Getters and Setters

core/src/main/java/io/sentrius/sso/core/repository/TerminalSessionMetadataRepository.java

@@ -1,8 +1,19 @@
 package io.sentrius.sso.core.repository;
 
+import java.util.List;
+import java.util.Optional;
 import io.sentrius.sso.core.model.metadata.TerminalSessionMetadata;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
 import org.springframework.stereotype.Repository;
 
 @Repository
-public interface TerminalSessionMetadataRepository extends JpaRepository<TerminalSessionMetadata, Long> {}
+public interface TerminalSessionMetadataRepository extends JpaRepository<TerminalSessionMetadata, Long> {
+
+    @Query("SELECT t FROM TerminalSessionMetadata t WHERE t.sessionLog.id = :sessionLogId")
+    Optional<TerminalSessionMetadata> findMetadataBySessionLogId(@Param("sessionLogId") Long sessionLogId);
+
+
+    List<TerminalSessionMetadata> findSessionsBySessionStatus(String state);
+}