From 6c7216edb6b5cf09d5865fc93c182cf30bb8d1d5 Mon Sep 17 00:00:00 2001 From: gx1 <18548727+giper45@users.noreply.github.com> Date: Wed, 12 Oct 2022 15:42:11 +0200 Subject: [PATCH 1/2] Fix readme and compilation errors, added .keep files to avoid build errors, improved the documentation --- .gitignore | 81 +++++++++++++++++++++++++++++++ README.md | 57 ++++++++++++++++++---- bin/adapter/.keep | 0 bin/metrics/.keep | 0 src/attack_graph/Makefile | 4 +- src/attack_graph/attack_graph.cpp | 42 ++++++++-------- src/attack_graph/graphit.l | 5 +- src/attack_graph/graphit.y | 18 +++---- 8 files changed, 163 insertions(+), 44 deletions(-) create mode 100644 .gitignore create mode 100644 bin/adapter/.keep create mode 100644 bin/metrics/.keep diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..60772be --- /dev/null +++ b/.gitignore @@ -0,0 +1,81 @@ +# Prerequisites +*.d + +# Object files +*.o +*.ko +*.obj +*.elf + +# Linker output +*.ilk +*.map +*.exp + +# Precompiled Headers +*.gch +*.pch + +# Libraries +*.lib +*.a +*.la +*.lo + +# Shared objects (inc. Windows DLLs) +*.dll +*.so +*.so.* +*.dylib + +# Executables +*.exe +*.out +*.app +*.i*86 +*.x86_64 +*.hex + +# Debug files +*.dSYM/ +*.su +*.idb +*.pdb + +# Kernel Module Compile Results +*.mod* +*.cmd +.tmp_versions/ +modules.order +Module.symvers +Mkfile.old +dkms.conf + +*.class +*.xwam +*.output +graphit.tab.c +graphit.tab.h +lex.yy.c +ARCS.CSV +VERTICES.CSV + +src/attack_graph/attack_graph +bin/attack_graph +testcases/**/*.dot +testcases/**/*.eps +testcases/**/*.xml +testcases/**/*.pdf +testcases/**/*.txt +testcases/**/xsb_log.txt +testcases/**/run.P +testcases/**/dynamic_decl.gen +testcases/**/environment.P +testcases/**/metric.P +testcases/**/running_rules.P +testcases/**/trace_output.P +testcases/**/translated_rules.P + + +!bin/adapter/.keep +!bin/metrics/.keep \ No newline at end of file diff --git a/README.md b/README.md index 7ef5539..bd3dd1b 100644 --- a/README.md +++ b/README.md @@ -1,20 +1,54 @@ # MulVAL -###Multi host, multi stage Vulnerability Analysis tool +### Multi host, multi stage Vulnerability Analysis tool To run MulVAL, you need to install the XSB logic engine from http://xsb.sourceforge.net/ You will also need to check whether GraphViz is already installed on your system by typing "dot". If GraphViz is not installed, you need to install it at http://www.graphviz.org/ Make sure both the program "xsb" and "dot" reside in your PATH. +### Prequirements +- xsb +- java +- make and compiler (gcc, g++, etc.) +- bison and lex +- graphviz +- epstopdf: +XSB Can be installed by using the following steps: +``` +wget "https://nav.dl.sourceforge.net/project/xsb/xsb/5.0%20%28Green%20Tea%29/XSB-5.0.tar.gz" -O /usr/local/bin/XSB-5.0.tar.gz +cd /usr/local/bin/ +tar -zxvf XSB-5.0.tar.gz +cd XSB-5.0/build +./configure +./makexsb +``` -####Setup -The environmental variable MULVALROOT should point to this package's root folder. Include $MULVALROOT/bin and $MULVALROOT/utils in PATH. Type "make" to compile everything +The other dependencies can be installed by using distro package management systems. For example, in Ubuntu: +``` +apt install -y build-essential default-jdk flex bison graphvix texlive-font-utils + +``` + + +#### Setup +The environmental variable MULVALROOT should point to this package's root folder. + +1. Put the environment variable in the current shell or in the .bashrc +``` +export MULVALROOT= +export PATH=$PATH:"$MULVALROOT/bin":"$MULVALROOT/utils": +source ~/.bashrc +``` + +2. Type `make` to compile everything + +3. Include $MULVALROOT/bin and $MULVALROOT/utils in PATH. You can either run the MulVAL attack-graph generator directly, if you already have an input file; or you can run the appropriate adapters to create the input files and then run the attack-graph generator. -####Running MulVAL directly +#### Running MulVAL directly `graph_gen.sh INPUT_FILE [OPTIONS] ` @@ -31,7 +65,7 @@ When the appropriate options are specified (see below), MulVAL also outputs the MulVAL will also output a number of other temporary files in the folder where the program is run. So it is a good idea to run it in a separate folder to avoid cluttering. -####OPTIONS +#### OPTIONS - Graph generation options: @@ -71,7 +105,7 @@ different rendering options. Simply issue the `render.sh` command in the same di -####Preparing MulVAL input file using adapters +#### Preparing MulVAL input file using adapters This package contains a number of adapter programs to aid in creating MulVAL input files from an enterprise network. A number of steps need to be taken as outlined below. @@ -79,9 +113,12 @@ from an enterprise network. A number of steps need to be taken as outlined below 1. Set up an empty MySQL database for storing NVD data, and put the database connection information into config.txt in a directory where you want to run the MulVAL adapters. Example config.txt: +``` jdbc:mysql://www.abc.edu:3306/nvd user_name -password +password +``` + Then you can populate the NVD database by typing "nvd_sync.sh". This needs to be done as often as desired to keep the local MySQL database in sync with NVD. @@ -107,7 +144,7 @@ input file. All the translated input files will then need to be combined into a Once the input file is created, please refer to the instruction in section I to generate attack graph. -####Advanced Usage +#### Advanced Usage 1. Creating customized rule set. @@ -133,7 +170,8 @@ network. To run the metric program, type in the following command where the atta option to generate attack graph. Please use summ_oval.P (generated by oval_translate.sh) or summ_nessus.P (generated by nessus_translate.sh) as the INPUT. Use OPTIONS to pass any additional options to the MulVAL attack-graph generator (graph_gen.sh) -####REFERENCES: +#### REFERENCES: +``` [1] Xinming Ou, Wayne F. Boyer, and Miles A.McQueen. A scalable approach to attack graph generation. In 13th ACM Conference on Computer and Communications Security (CCS), 2006. [2] Xinming Ou, Sudhakar Govindavajhala, and Andrew W. Appel. MulVAL: A logic-based network security analyzer. In 14th USENIX Security Symposium, 2005. @@ -145,3 +183,4 @@ options to the MulVAL attack-graph generator (graph_gen.sh) on Data and Applications Security (DBSEC’08), 2008. +``` \ No newline at end of file diff --git a/bin/adapter/.keep b/bin/adapter/.keep new file mode 100644 index 0000000..e69de29 diff --git a/bin/metrics/.keep b/bin/metrics/.keep new file mode 100644 index 0000000..e69de29 diff --git a/src/attack_graph/Makefile b/src/attack_graph/Makefile index 2fed0b1..a8bfcd1 100755 --- a/src/attack_graph/Makefile +++ b/src/attack_graph/Makefile @@ -1,7 +1,7 @@ default: install attack_graph: attack_graph.cpp attack_graph.h Queue.h lex.yy.o y.tab.cpp - g++ -g -DLINUX -Wno-deprecated lex.yy.o y.tab.cpp attack_graph.cpp -o attack_graph + g++ -g -DLINUX -Wno-deprecated lex.yy.o graphit.tab.c attack_graph.cpp -o attack_graph lex.yy.c: graphit.l lex -olex.yy.c graphit.l @@ -11,8 +11,6 @@ lex.yy.o: lex.yy.c y.tab.cpp.h y.tab.cpp y.tab.cpp.h: graphit.y attack_graph.h bison -dv graphit.y - mv graphit.tab.c y.tab.cpp - mv graphit.tab.h y.tab.cpp.h install: attack_graph cp attack_graph ../../bin/ diff --git a/src/attack_graph/attack_graph.cpp b/src/attack_graph/attack_graph.cpp index e97f572..74edcbb 100755 --- a/src/attack_graph/attack_graph.cpp +++ b/src/attack_graph/attack_graph.cpp @@ -94,7 +94,7 @@ metric_map mp[] = { int size_mp = 10; -graph_data data(mp, size_mp); +graph_data gdata(mp, size_mp); // initialize static members //Fact *graph_data::goal =0; @@ -176,7 +176,7 @@ TraceStep::TraceStep(int r, char *m, Fact *f, Conjunct *c) { metric = atof(m); } else{ - metric = data.metrics[m]; + metric = gdata.metrics[m]; } fact = f; @@ -781,7 +781,7 @@ void RenderRule( renderMode mode, int indent, int rulenum ) switch (mode) { case TEXT: cout << indentation << "RULE " << rulenum << " : " - << data.ruleList.rules[rulenum] << endl; + << gdata.ruleList.rules[rulenum] << endl; break; case HTML: @@ -799,7 +799,7 @@ void RenderRule( renderMode mode, int indent, int rulenum, int nodeNum ) switch (mode) { case TEXT: cout << indentation << "(" << nodeNum << ") " << "RULE " << rulenum << " : " - << data.ruleList.rules[rulenum] << endl; + << gdata.ruleList.rules[rulenum] << endl; break; case HTML: @@ -843,7 +843,7 @@ bool OrNode::Render2(arcLabelMode mode) bool AndNode::Render2(arcLabelMode mode) { ostringstream temp; - temp << "RULE " << rulenum << " (" << data.ruleList.rules[rulenum] << ")"; + temp << "RULE " << rulenum << " (" << gdata.ruleList.rules[rulenum] << ")"; outputVertex(temp.str(), metric); for(Arc *arc=outGoing.gethead(); arc != NULL; arc=outGoing.getnext()) { if (arc->getDst()->Render2(mode)) @@ -1131,7 +1131,7 @@ int main(int argc, char *argv[] ) //dump_tables(); // - if (data.goals.size() == 0){ + if (gdata.goals.size() == 0){ cerr << "No attack paths found.\n"; return 1; } @@ -1165,7 +1165,7 @@ int build_graph(void) // loop through all the unique trace steps traceStepMap::iterator i,j; traceStepMap *Map; - Map = &data.all_trace_steps.traceSteps; + Map = &gdata.all_trace_steps.traceSteps; for( i=Map->begin(); i != Map->end(); ) { string ts_key = i->first; @@ -1182,27 +1182,27 @@ int build_graph(void) Map->erase( j ); string fact_key = f->key; - OrNode *orNode = data.all_or_nodes.addOrNode(fact_key, f); + OrNode *orNode = gdata.all_or_nodes.addOrNode(fact_key, f); AndNode *andNode = new AndNode(num, metric); if( andNode == NULL || orNode == NULL) { cerr << "Failed to create new node\n"; return -1; } - data.all_and_nodes.nodeList.add( *andNode ); + gdata.all_and_nodes.nodeList.add( *andNode ); graph_data::nodeCount++; andNode->nodeNum = graph_data::nodeCount; andNode->parentNodeNum = orNode->nodeNum; orNode->outGoing.add(*(new Arc(orNode, andNode))); - for( Fact *fa= c->factList.gethead(); fa >0; fa = c->factList.getnext()) { + for( Fact *fa= c->factList.gethead(); fa >(Fact *)0; fa = c->factList.getnext()) { fact_key = fa->key; Node *newNode; Type factType = fa->predicate->type; if( factType == primitive) { - newNode = data.all_leaf_nodes.addLeafNode(fact_key, fa); + newNode = gdata.all_leaf_nodes.addLeafNode(fact_key, fa); } else if( factType == derived) { - newNode = data.all_or_nodes.addOrNode(fact_key, fa); + newNode = gdata.all_or_nodes.addOrNode(fact_key, fa); } if (factType == primitive || factType == derived){ andNode->outGoing.add(*(new Arc(andNode, newNode))); @@ -1214,11 +1214,11 @@ int build_graph(void) //Populating the head nodes NodeMap::iterator k; - for (k = data.goals.begin(); k != data.goals.end(); k++) { + for (k = gdata.goals.begin(); k != gdata.goals.end(); k++) { string fact_key = k->first; - Node *headNode = data.all_or_nodes.nodes[fact_key]; + Node *headNode = gdata.all_or_nodes.nodes[fact_key]; if (headNode != NULL){ - data.goals[fact_key] = headNode; + gdata.goals[fact_key] = headNode; } else{ cerr << "Warning: attack goal "<second; if (headNode != NULL){ headNode->allSimplePaths(); } } - for (k = data.goals.begin(); k != data.goals.end(); k++) { + for (k = gdata.goals.begin(); k != gdata.goals.end(); k++) { Node *headNode = k->second; if (headNode != NULL){ headNode->pruneUselessEdges(); @@ -1255,7 +1255,7 @@ int build_graph(void) currentCounter++; currentNodeNum=1; currentArcNum = 1; - for (k = data.goals.begin(); k != data.goals.end(); k++) { + for (k = gdata.goals.begin(); k != gdata.goals.end(); k++) { Node *headNode = k->second; if (headNode != NULL){ headNode->dfs(reAssignNodeNum); @@ -1265,7 +1265,7 @@ int build_graph(void) //Assign metrics for AssetRank if (useMetrics){ cerr << "Computing metrics..." << endl; - for (k = data.goals.begin(); k != data.goals.end(); k++) { + for (k = gdata.goals.begin(); k != gdata.goals.end(); k++) { Node *headNode = k->second; if (headNode != NULL){ headNode->bestMetric(); @@ -1279,7 +1279,7 @@ int build_graph(void) int build_visual(bool arc_and_node) { NodeMap::iterator k; - for (k = data.goals.begin(); k != data.goals.end(); k++) { + for (k = gdata.goals.begin(); k != gdata.goals.end(); k++) { string fact_key = k->first; Node *headNode = k->second; if (headNode != NULL){ @@ -1303,7 +1303,7 @@ int build_cnf() NodeMap::iterator k; Node *headNode; - for (k = data.goals.begin(); k != data.goals.end(); k++) { + for (k = gdata.goals.begin(); k != gdata.goals.end(); k++) { headNode = k->second; if(headNode != NULL) { headNode->TransformToCNF(0); diff --git a/src/attack_graph/graphit.l b/src/attack_graph/graphit.l index 6077cf6..5ddbd99 100644 --- a/src/attack_graph/graphit.l +++ b/src/attack_graph/graphit.l @@ -1,8 +1,9 @@ %{ #include -#include "y.tab.cpp.h" +//#include "y.tab.cpp.h" +#include "graphit.tab.h" #define YYSTYPE char * -YYSTYPE* mylval; +extern YYSTYPE* mylval; FILE **my_ptr = &yyin; %} diff --git a/src/attack_graph/graphit.y b/src/attack_graph/graphit.y index f2c2f16..1d8c71a 100755 --- a/src/attack_graph/graphit.y +++ b/src/attack_graph/graphit.y @@ -21,7 +21,7 @@ } } - extern graph_data data; + extern graph_data gdata; #define MAXLEN 1000 #define CVSSAC_PREFIX "cvss_ac_" @@ -76,18 +76,18 @@ blank_line: END_LINE predicate_type: PRIMITIVE '(' ATOM ',' ATOM ')' '.' END_LINE { - data.all_predicates.add_predicate( $3, atoi($5), + gdata.all_predicates.add_predicate( $3, atoi($5), primitive); } | DERIVED '(' ATOM ',' ATOM ')' '.' END_LINE { - data.all_predicates.add_predicate( $3, atoi($5), + gdata.all_predicates.add_predicate( $3, atoi($5), derived); } | META '(' ATOM ',' ATOM ')' '.' END_LINE { - data.all_predicates.add_predicate( $3, atoi($5), + gdata.all_predicates.add_predicate( $3, atoi($5), meta); } @@ -125,11 +125,11 @@ trace_step: #endif // save unique trace step - data.all_trace_steps.add_step( trace_step_key, + gdata.all_trace_steps.add_step( trace_step_key, rulenum, metric_str, fact1, factQ); // save unique rule - data.ruleList.add_rule(rulenum, desc_str); + gdata.ruleList.add_rule(rulenum, desc_str); #ifdef DEBUG printf("possible_duplicate_trace_step(because(%s)).\n\n", @@ -202,7 +202,7 @@ attack_fact: #ifdef DEBUG printf("attack(%s).\n\n",fact1_str); #endif - data.goals[fact1_str] = NULL; + gdata.goals[fact1_str] = NULL; fact1_str[0] = 0; lastFact=0; fact1=0; @@ -308,11 +308,11 @@ fact: ATOM '(' arglist ')' // get the pointer to correct predicate Predicate *p = - data.all_predicates.add_predicate( $1, arg_count, undef); + gdata.all_predicates.add_predicate( $1, arg_count, undef); // add this fact to the fact list, unless // it is already in the list. - lastFact=data.all_facts.add_fact( fact_ptr,p, arglist_p); + lastFact=gdata.all_facts.add_fact( fact_ptr,p, arglist_p); if( first_fact) fact1 = lastFact; // empty the list for building next fact string From 035198d2829371ea1d454f9eadeb7ec92f12ddc5 Mon Sep 17 00:00:00 2001 From: gx1 <18548727+giper45@users.noreply.github.com> Date: Sat, 28 Jan 2023 18:45:46 +0100 Subject: [PATCH 2/2] fix: readme graphviz --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bd3dd1b..f375242 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ cd XSB-5.0/build The other dependencies can be installed by using distro package management systems. For example, in Ubuntu: ``` -apt install -y build-essential default-jdk flex bison graphvix texlive-font-utils +apt install -y build-essential default-jdk flex bison graphviz texlive-font-utils ```