Bash script for inserting data into database

Code D.11: Bash script for inserting data to DB

1 # !/ bin / bash

2 # Takes input from a FIFO list and executes the retrieved statement in the 3 # database . This then runs the decided procedure that inserts the data

into the 4 # databse .

5 # This is retrieved from a tutorial online at ;

6 # http :// chaos . untouchable . net / index . php / HOWTO_setup_syslog -ng_to_log_to_mysql

7 if [ -e / tmp / mysql . syslog - ng . pipe ]; then 8 while [ -e / tmp / mysql . syslog - ng . pipe ]; do

9 mysql syslog_indexed u syslog password =0 x80sWaT < / tmp / mysql . syslog -ng . pipe

10 done

11 else

12 mkfifo / tmp / mysql . syslog - ng . pipe 13 fi

Robin Stenvi, Magnus Øverbø and Lasse T. Johansen

Generated with Doxygen 1.8.3

May 15, 2013

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)

1 Module Documentation 1

2.35 sysResources Struct Reference. . . 192 2.36 sendData::Thread Struct Reference . . . 192 2.37 UIAutomation Class Reference . . . 193

Index 195

1 Module Documentation

1.1 List of all classes

All classes.

Classes

• classAboutDialog

Sets the text and gets the version number from the registry.

• classCbelt_mainApp

Class that defines the application starting point, does not show a UI.

• classCbelt_mainDlg

Main dialog window that is displayed to the user.

• classcheckUpdate

Class that checks if a new update is available.

• classEvents

Retrieves UI properties that we send to the server.

• classeventHandler

Responsible for registering for events and receiving these events.

• classfilterSettings

Handles all the user settings for filtering data to screen.

• classfocusEventHandler Handles focus change events.

• classformatData

Retrieves the real time that an event happened at and gives it as a readable string.

• classhandleData

In charge of writing all the data to the server, also does some filtering.

• classKeylogger

Collect and organizes keyboard events before they are written to disk.

• classHWMonitor

Class for monitoring Hardware usage.

• classMouse

Collect and organizes mouse events before they are written to disk.

• classpropertyEventHandler

Class that deals with all Property change events.

• classsendData

Dialog that handles everything when user wants to send local file to server.

• classSettingDialog

A class for setting certain config settings of BeLT.

• classSyslog1

Handles all the connection to the server.

• classCTrayNot

A class for creating/maintaining the system tray icon.

• classUIAutomation

Handles the creation and destruction of all the UI Automation elements.

• classmyWinEvent

Implements MSAA functionality.

1.1.1 Detailed Description

1.2 Global variables

All the global variables used throughout the program.

Variables

• sendData⇤senddata

Dialog to send previously stored file to server.

• SettingDialog⇤settingDlg

creates the setting dialog object to be interacted with

• Keylogger⇤keylogger

Responsible for dealing with all keybaord input.

• Mouse⇤mouselogger

Responsible for dealing with all the mouse events.

• handleData⇤Handledata

Is the place where all events are sent, does some filtering and send it to the server.

• UIAutomation⇤MyUiautomation Handles all Software events.

• Events⇤Gevents

Common functions for software events.

• myWinEvent⇤winevents Handles MSAA events.

• HWMonitor⇤HW

Handles average system usage (CPU and memory)

• HHOOKkeyhook

Handle to our keyboard hook.

• HHOOKmousehook Handle to our mouse hook.

• Screen screens[MAX_SCREENS]

All the screens we have seen.

• intnumScreens= 0

How many screens we have seen so far.

• const intMAX_SCREENS= 20 Max number of screens we can hold.

1.2.1 Detailed Description

All the global variables used throughout the program.

1.3 Misc Global Functions

Function for listening for keyboard events.

Functions

• __declspec(dllexport) LRESULT CALLBACK keyEvent(int code Callback function that is called anytime a key event occur.

• BOOL CALLBACK MyInfoEnumProc (HMONITOR hMonitor, HDC hdcMonitor, LPRECT lprc-Monitor, LPARAM dwData)

Callback function to enumerate all available monitors.

1.3.1 Detailed Description

Function for listening for keyboard events.

1. Author Robin Stenvi Function for listening for

mouse events Robin Stenvi

Miscellaneous global functions

1.3.2 Function Documentation 1.3.2.1 declspec ( dllexport )

Callback function that is called anytime a key event occur.

Callback function that is called anytime a mouse event occur.

1. Author Robin Stenvi

Parameters

in code Hook code (Supplied by Windows)

in wParam Metadata about the event (Supplied by Windows) in lParam KBDLLHOOKSTRUCT⇤(Supplied by Windows)

Remarks

This should really be in a separate DLL, but we don’t have to, so we don’t do it. If you need a high level hook, you have to have it in a separate DLL.

1. Author Robin Stenvi

Parameters

in code Hook code (Supplied by Windows)

in wParam Metadata about the event (Supplied by Windows) in lParam MSLLHOOKSTRUCT⇤(Supplied by Windows) Remarks

This should really be in a separate DLL, but we don’t have to, so we don’t do it. If you need a high

1.3.2.2 BOOL CALLBACK MyInfoEnumProc ( HMONITORhMonitor, HDChdcMonitor, LPRECTlprcMonitor, LPARAMdwData )

Callback function to enumerate all available monitors.

If we find a new monitor we will add it to the list. This function can be called at any time. If we see a monitor we have stored before, we will ignore it.

1. Author Robin Stenvi

Parameters

in hMonitor Physical display monitor in hdcMonitor Device context for monitor in lprcMonitor Rectangle for the monitor in dwData Unused application-defined data

Returns

Returns FALSE if we don’t have space for more screens, otherwise it returns TRUE.

Here is the call graph for this function:

MyInfoEnumProc handleData::writeScreenTo Server

1.4 All enumerations

All enumerations, both globally defined and private.

Enumerations

• enumLevel

Describes the level of the syslog message.

• enumFacility

Describes the facility level of the syslog message.

• enumERRORS

Enum to describe if something went wrong when trying to update.

• enumunionType

Enum to see wchich union is used in eventInfoUnion.

1.4.1 Detailed Description

All enumerations, both globally defined and private.

1.4.2 Enumeration Type Documentation 1.4.2.1 enumLevel

Describes the level of the syslog message.

Can be used to set a priority level, we set all messages to be information 1.4.2.2 enumFacility

Describes the facility level of the syslog message.

Can be used to increase priority level, we set all messages to be Local0 1.4.2.3 enumERRORS

Enum to describe if something went wrong when trying to update.

The calling function should use this to indicate what went wrong and maybe take action, some will indicate server error while other indicate that the user aborted, while other again might indicate that something is wrong in the code.

1.5 Default Error Strings

Some standards for error messages that are sent as messages.

Macros

• #defineErrorTime(std::string)"1970-01-01T00:00:00.0000Z"

Timestamp that can be used in a syslog message.

• #defineErrorClock(std::string)"00:00:00"

Just the time without the date, not valid in syslog message.

• #defineErrorDate(std::string)"1970-01-01 00:00:00"

Date and time used as filename.

• #defineErrorSD(std::string)""

Structured data can be empty, server will still print an error message in their file.

• #defineErrorCsv(std::string)"error\n"

Defines the entire CSV line, only contains one element, but is valid CSV.

• #defineErrorCsvRectangle(std::string)"-1,-1,-1,-1"

Used as empty rectangle, or error when creating the string, used in CSV files.

• #defineErrorFormatRectangle(std::string)"bottY=\"-1\" topY=\"-1\" leftX=\"-1\" rightX=\"-1\""

Empty Rectangle or error when creating rectangle, used in syslog string.

• #defineErrorServer(std::string)"<134>1 1970-01-01T00:00:00.0000Z error error error 0_0\n"

Entire syslog message, in a valid format.

• #defineErrorMouseSent(std::string)"Unknown mouse event"

Error message for descriptive mouse sentence to the user.

• #defineErrorKeySent(std::string)"Unknown key event"

Error message for descriptive key event sentence to the user.

• #definereplaceInvalid’X’

What we replace invalid characters with, in the Syslog protocol.

• #defineUnknownElem"|unknown|"

Whenever we fail to retreive information about a software element.

• #defineTooLongElem(std::string)"|Too long|"

Whenever the text in an element is longer than some value.

• #defineEmptyElem(std::string)"|empty|"

If the text we are trying to retrieve is empty.

1.5.1 Detailed Description

Some standards for error messages that are sent as messages. These messages should be safe to send in a syslog message or printed in a CSV file.

1.6 Current server status at the client

This defines the current status, regarding the connection with the server.

Macros

• #defineSERVER_STOPPED0

Server does NOT have an active connection with the server.

• #defineSERVER_PAUSED1

Connection with server is paused, underlying connection is there.

• #defineSERVER_RUNNING2

We have an active connection with the server.

1.6.1 Detailed Description

This defines the current status, regarding the connection with the server. These are all the possible states and it can only be one of them.

1.7 Current mode of storage

This defines the current status, regarding how logs are stored, only one of the modes is possible.

Macros

• #defineSTORAGE_SERVER1

We are sending concurrently to the server.

• #defineSTORAGE_LOCAL2

We store in local raw files before sending to the server.

• #defineSTORAGE_CSV3 We only store CSV files.

1.7.1 Detailed Description

This defines the current status, regarding how logs are stored, only one of the modes is possible.

1.8 Constants for success or failure messages

Constants to define messages of success or fail, so the GUI know what has happened.

Macros

• #defineSSLFAIL1

We have failed to initialize SSL/TLS.

• #defineSSLSUCCESS2

We have succeeded to initialize SSL/TLS.

• #defineSSLSUCCESSPAUSE3 We have successfully paused SSL/TLS.

1.8.1 Detailed Description

Constants to define messages of success or fail, so the GUI know what has happened.

1.9 Which log event occurred

Defines to define what type of event has happened, each uses one bit, because they are power of two.

Macros

• #defineUIEVENT1 Software event.

• #defineKEYEVENT2 All key events.

• #defineMOUSEEVENT4 All mouse events.

• #defineKEYUP8 Only key released.

• #defineKEYDOWN16 Only key pressed.

• #defineMOUSEMOVE32 All mouse movements.

• #defineMOUSEPRESS64 All mouse up and down buttons.

• #defineMOUSEWHEEL128 Any mouse wheel action.

• #defineMOUSEUP256 All mouse buttons released.

• #defineMOUSEDOWN512 All mouse buttons pressed.

• #defineMOUSELEFT1024

Pressed and released for left mouse button.

• #defineMOUSERIGHT2048

Pressed and released for right mouse button.

• #defineMOUSEMIDDLE4096

Pressed and released for middle mouse button.

• #defineMOUSEWHEEL28192 Mouse wheel button.

• #defineMOUSEMAX8192

Defines the max bit for mouse events.

1.9.1 Detailed Description

Defines to define what type of event has happened, each uses one bit, because they are power of two.

1.10 Events from user

Used to determine the event that happened in handleData.

Macros

• #defineLISTENER_START1 Start new session.

• #defineLISTENER_STOP2 Stop current session.

• #defineLISTENER_PAUSE3 Pause connection.

• #defineLISTENER_RESUME4 Resume from paused state.

1.10.1 Detailed Description

Used to determine the event that happened in handleData.

1.11 Messages used throughout the application

Our own defined message variables.

Macros

• #defineWM_PRINTEVENT(WM_USER + 850) Event that should be printed to screen.

• #defineWM_NOTIFY_PAUSE(WM_USER + 900) The user has pressed shortcut for pause.

• #defineWM_NOTIFY_FAIL(WM_USER + 950) Something has failed.

• #defineWM_NOTIFY_SUCCESS(WM_USER + 951) Something has succeeded.

• #defineWM_KEYSTROKE_MESSAGE(WM_USER + 970) Not used.

• #defineWM_KEYSTROKE_SHUTDOWN_MESSAGE(WM_USER + 971) Not used.

• #defineWM_MOUSE_MESSAGE(WM_USER + 972) Not used.

• #defineWM_MOUSE_SHUTDOWN_MESSAGE(WM_USER + 973) Not used.

1.11.1 Detailed Description

Our own defined message variables.

1.12 Different colors used.

Different colors used throughout the program.

Macros

• #defineCOLOR_BLACKRGB(0,0,0)

Used to print information messages, like start/stop.

• #defineCOLOR_GREENRGB(0,255,0) Used to print success messages.

• #defineCOLOR_DGREENRGB(0,128,0) Keyboard messages.

• #defineCOLOR_BLUERGB(0,0,255) Used to print mouse messages.

• #defineCOLOR_REDRGB(255,0,0) Used to print failed messages.

1.12.1 Detailed Description

Different colors used throughout the program.

1.13 Bif flags for active system keys

Bit-flags to determine function keys on the keyboard, gives context to key pressed.

Macros

• #defineMYALT_PRESSED1 Left or right alt key.

• #defineMYCTRL_PRESSED2 Left or right ctrl.

• #defineMYSHIFT_PRESSED4 Left or right shift.

• #defineMYWINDOWS_PRESSED8 Left or right Windows key.

• #defineCAPS_LOCK_ACTIVE16

Caps lock is active, not necessarily pressed.

• #defineNUM_LOCK_ACTIVE32

Num lock is active, not necessarily pressed.

• #defineSCROLL_LOCK_ACTIVE64 Scroll lock is active, not necessarily pressed.

1.13.1 Detailed Description

Bit-flags to determine function keys on the keyboard, gives context to key pressed. Several can be set

1.14 Each field in the update file

Defines the order of the field in the update configuration and the number of min fields.

Macros

• #defineUPDATE_IP0

IP or URL to server for update files.

• #defineUPDATE_PORT1

The port we should use for update (http)

• #defineUPDATE_PORT_TLS2

The port we should use for TLS communication.

• #defineUPDATE_PATH3

The path at the server for update configuration file.

• #defineVERSION_NUM4 Newest version number.

• #definePATCH_LIST_PATH5

Full path at the server to file of patch list.

• #defineLOG_IP6

IP or URL to logging server.

• #defineLOG_PORT7

The port we should send to when logging.

• #defineMIN_UPDATE_CONFIG7

The minimum number of fields we need for this to be a valid config file.

1.14.1 Detailed Description

Defines the order of the field in the update configuration and the number of min fields.

1.15 Each field in the list of patches

Defines the order of the field in the patch list and the number of fields.

Macros

• #defineDEP_VERSION0

Version number needed to use this patch.

• #definePLATFORM_321 Patch for 32-bit architecture.

• #definePLATFORM_642 Patch for 64-bit architecture.

• #defineMIN_PATCH_LIST3

The minimum number of fields we need for this to be a valid config file.

1.15.1 Detailed Description

Defines the order of the field in the patch list and the number of fields.

1.16 Diferent software events

List of flags for UI events we gather, used for faster processing later on when we filter the data.

Macros

• #defineFC1 Focus change.

• #defineOCS2 Object change state.

• #defineVC3 Visual change.

• #defineWO4 Window opened.

• #defineEI5 Element invoked.

• #defineMO6 Menu opened.

• #defineTC7 Text changed.

• #defineMMS8 Menu mode started.

1.16.1 Detailed Description

List of flags for UI events we gather, used for faster processing later on when we filter the data.

1.17 Different colors for icons

All the possible colors for the icon.

Macros

• #defineRED_ICON0

Red icon used, when logging has stopped.

• #defineGREEN_ICON1

Green icon used, when logging has started.

• #defineBLUE_ICON2

Blue icon used, when logging has paused.

• #defineYELLOW_ICON3

Yellow icon used, when we have detected a password field.

1.17.1 Detailed Description

All the possible colors for the icon.

1.18 All the global / private structs

All the global and private structs that are used throughout the program.

Classes

• structsysResources

Contains information about system resources in use by the system, all values should be in percentage.

• structdeviceInfo

Information about a storage device, only a timestamp and a value that says whether it was inserted or removed.

• structHIDDevice

Information about an input device.

• structKeyboardDevice

Contains information about a keyboard device.

• structeventInfoUnion

Contains the information we store about each UI event.

• structprocessList

A list of processes so we can retrieve that information faster.

• structBlacklist

Whenever we see a value we are unable to retrive we can use this to maybe save some time.

• structScreen

Information about a physical screen.

• structKeyInfo

All variable info we need to write about a key event.

• structMouseInfo

All variable info we need to write about a mouse event.

• structhandleData::lastAll

Holds all the previous events, is used to find which events correlate to other events.

• structkeyType

Struct to hold the number of key down we recive for some key.

1.18.1 Detailed Description

All the global and private structs that are used throughout the program.

1.19 All the key possible key variations

These are all the possible key values that can be printed, except for those ASCII values that doesn’t contain whitespace.

Macros

• #defineKEYBOARDBACK"|backspace|"

Backspace.

• #defineKEYBOARDSPACE"|space|"

Spacebar.

• #defineKEYBOARDSPACE"|space|"

Spacebar.

• #defineKEYBOARDTAB"|tab|"

Tab.

• #defineKEYBOARDCLEAR"|clear|"

Clear or form feed.

• #defineKEYBOARDENTER"|enter|"

Enter.

• #defineKEYBOARDSHIFT"|shift|"

Any shift, usually they are left or right.

• #defineKEYBOARDCTRL"|ctrl|"

Any control key, usually they are right or left.

• #defineKEYBOARDALT"|alt|"

Any alt key, usually they are right or left.

• #defineKEYBOARDPAUSE"|pause|"

Pause key.

• #defineKEYBOARDCAPSLOCK"|capsLock|"

Caps lock key.

• #defineKEYBOARDESC"|esc|"

Escape.

• #defineKEYBOARDPGUP"|PgUp|"

Page up.

• #defineKEYBOARDPGDOWN"|PgDn|"

Page Down.

• #defineKEYBOARDEND"|end|"

End.

• #defineKEYBOARDHOME"|home|"

Home.

• #defineKEYBOARDLEFT"|left|"

Left arrow.

• #defineKEYBOARDUP"|up|"

Up arrow.

• #defineKEYBOARDRIGHT"|right|"

Right arrow.

• #defineKEYBOARDDOWN"|down|"

Down arrow.

• #defineKEYBOARDSELECT"|select|"

Select key.

• #defineKEYBOARDPRINT"|print|"

• #defineKEYBOARDEXEC"|exec|"

Execute, don’t think they exist today.

• #defineKEYBOARDPRTSC"|PrtSc|"

Print screen.

• #defineKEYBOARDINSERT"|insert|"

Insert key.

• #defineKEYBOARDDEL"|del|"

Delete.

• #defineKEYBOARDHELP"|help|"

Help key.

• #defineKEYBOARDLWINDOWS"|LWindows|"

Left Windows.

• #defineKEYBOARDRWINDOWS"|RWindows|"

Right Windows.

• #defineKEYBOARDAPPKEY"|appKey|"

Application key on some Microsoft keyboard.

• #defineKEYBOARDSLEEP"|sleep|"

Computer sleep key.

• #defineKEYBOARDNX"NX"

Numbers for num-pad, X is a value between 0 and 9, I don’t think we usually recieve these events, they just come in as 0-9.

• #defineKEYBOARDNTIMES"N⇤"

⇤on the num-pad (I think)

Period on the num-pad (I think)

• #defineKEYBOARDNDIVIDE"N/"

/ on the num-pad (I think)

• #defineKEYBOARDFKEY"FX"

All the F keys, X is replaced with a number from 1 to 24.

• #defineKEYBOARDNUMLOCK"|NumLK|"

Num lock.

• #defineKEYBOARDSCROLLOCK"|ScrLK|"

Scroll lock.

• #defineKEYBOARDLSHIFT"|Lshift|"

Left shift.

• #defineKEYBOARDRSHIFT"|Rshift|"

Right shift.

• #defineKEYBOARDLCTRL"|Lctrl|"

Left control.

• #defineKEYBOARDRCTRL"|Rctrl|"

Right control.

• #defineKEYBOARDLALT"|Lalt|"

Left alt.

• #defineKEYBOARDRALT"|Ralt|"

• #defineKEYBOARDBROWSERBACK"|Bback|"

Browser back (special hardware)

• #defineKEYBOARDBROWSERFORWARD"|Bforward|"

Browser forward (special hardware)

• #defineKEYBOARDBROWSERREFRESH"|Brefresh|"

Browser refresh (special hardware)

• #defineKEYBOARDBROWSERSTOP"|Bstop|"

Browser stop (special hardware)

• #defineKEYBOARDBROWSERSEARCH"|Bsearch|"

Browser search (special hardware)

• #defineKEYBOARDBROWSERFAVORITES"|Bfavorites|"

Browser favorites (special hardware)

• #defineKEYBOARDBROWSERHOME"|Bhome|"

Browser home (special hardware)

• #defineKEYBOARDVMUTE"|Vmute|"

Volume mute (special hardware)

• #defineKEYBOARDVDOWN"|Vdown|"

Volume down (special hardware)

• #defineKEYBOARDVUP"|Vup|"

Volume up (special hardware)

• #defineKEYBOARDMNEXT"|Mnext|"

Multimedia next (special hardware)

• #defineKEYBOARDMPREV"|Mprev|"

Multimedia previous (special hardware)

• #defineKEYBOARDMSTOP"|Mstop|"

Multimedia stop (special hardware)

• #defineKEYBOARDMPAUSE"|Mpause|"

Multimedia pause / play (special hardware)

• #defineKEYBOARDLMAIL"|Lmail|"

Launch mail (special hardware)

• #defineKEYBOARDLSELECT"|Lselect|"

Launch media select (special hardware)

• #defineKEYBOARDLAPP1"|Lapp1|"

Launch application 1 (special hardware)

• #defineKEYBOARDLAPP2"|Lapp2|"

Launch application 2 (special hardware)

• #defineKEYBOARDOEM1"|OEM1|"