├── Compiled └── cyberarms.intrusiondetection.setup.x64_2.2.0.zip ├── Cyberarms.Agents.Bind9 ├── Bind9DDoSConfig.cs ├── Bind9DDoSKiller.cs ├── Cyberarms.Agents.Bind9.csproj ├── Cyberarms.Agents.Bind9.csproj.vspscc └── Properties │ └── AssemblyInfo.cs ├── Cyberarms.Agents.FileMaker ├── Cyberarms.Agents.FileMaker.csproj ├── Cyberarms.Agents.FileMaker.csproj.vspscc ├── FileMakerResource.Designer.cs ├── FileMakerResource.resx ├── FileMakerSecurityAgent.cs ├── Properties │ └── AssemblyInfo.cs └── res │ ├── FileMakerPro.png │ ├── agent15px-filemaker-dark.png │ └── agent15px-filemaker-white.png ├── Cyberarms.Agents.FtpServer ├── AppLayerFtp.cs ├── Cyberarms.Agents.FtpServer.csproj ├── Cyberarms.Agents.FtpServer.csproj.vspscc ├── FtpAgent.cs ├── FtpConfig.cs ├── IPHeader.cs ├── Properties │ └── AssemblyInfo.cs ├── Resource.Designer.cs ├── Resource.resx ├── Resources │ ├── agent15px-ftp-dark.png │ └── agent15px-ftp-white.png ├── Sniffer.cs └── TcpHeader.cs ├── Cyberarms.Agents.MailServer.Test ├── Cyberarms.Agents.MailServer.Test.csproj ├── Cyberarms.Agents.MailServer.Test.csproj.vspscc ├── Pop3Test.cs └── Properties │ └── AssemblyInfo.cs ├── Cyberarms.Agents.MailServer ├── AppLayerPop3.cs ├── AppLayerSmtp.cs ├── Cyberarms.Agents.MailServer.csproj ├── Cyberarms.Agents.MailServer.csproj.vspscc ├── IPHeader.cs ├── Pop3Agent.cs ├── Pop3Client.cs ├── Pop3Config.cs ├── Properties │ └── AssemblyInfo.cs ├── SmtpAgent.cs ├── SmtpConfig.cs ├── Sniffer.cs └── TcpHeader.cs ├── Cyberarms.Agents.MySql ├── Cyberarms.Agents.MySql.csproj ├── Cyberarms.Agents.MySql.csproj.vspscc ├── MySqlFailedLoginWatcher.cs ├── Properties │ └── AssemblyInfo.cs ├── Resource.Designer.cs ├── Resource.resx └── Resources │ ├── agent15px-sql-dark.png │ └── agent15px-sql-white.png ├── Cyberarms.Agents.Smtp ├── AppLayerSmtp.cs ├── Cyberarms.Agents.Smtp.csproj ├── Cyberarms.Agents.Smtp.csproj.vspscc ├── IPHeader.cs ├── Properties │ └── AssemblyInfo.cs ├── Resource.Designer.cs ├── Resource.resx ├── Resources │ ├── agent15px-mail-dark.png │ └── agent15px-mail-white.png ├── SmtpAgent.cs ├── SmtpConfig.cs ├── Sniffer.cs └── TcpHeader.cs ├── Cyberarms.Agents.SqlServer ├── Cyberarms.Agents.SqlServer.csproj ├── Cyberarms.Agents.SqlServer.csproj.vspscc ├── Properties │ └── AssemblyInfo.cs ├── Resource.Designer.cs ├── Resource.resx ├── Resources │ ├── agent15px-sql-dark.png │ └── agent15px-sql-white.png └── SqlFailedLoginWatcher.cs ├── Cyberarms.Agents.TerminalServer ├── AppLayerTlsSsl.cs ├── Cyberarms.Agents.TerminalServer.csproj ├── Cyberarms.Agents.TerminalServer.csproj.vspscc ├── IPHeader.cs ├── Properties │ └── AssemblyInfo.cs ├── Resource.Designer.cs ├── Resource.resx ├── Resources │ ├── agent15px-rdp-dark.png │ └── agent15px-rdp-white.png ├── Sniffer.cs ├── TcpHeader.cs ├── TlsSslAgent.cs └── TslSslConfig.cs ├── Cyberarms.Agents.WebSecurity ├── Cyberarms.Agents.WebSecurity.csproj ├── Cyberarms.Agents.WebSecurity.csproj.vspscc ├── Properties │ └── AssemblyInfo.cs ├── Resource.Designer.cs ├── Resource.resx ├── Resources │ ├── agent15px-sharePoint-dark.png │ └── agent15px-sharePoint-white.png └── SecurityMonitor.cs ├── Cyberarms.IDDS.Management ├── Cyberarms.IDDS.Management.csproj ├── Cyberarms.IDDS.Management.csproj.vspscc ├── Get_ActivationStatus.cs ├── Program.cs └── Properties │ └── AssemblyInfo.cs ├── Cyberarms.IntrusionDetection.Admin ├── Cyberarms.IntrusionDetection.Admin.csproj ├── Cyberarms.IntrusionDetection.Admin.csproj.vspscc ├── CyberarmsAgentConfiguration.Designer.cs ├── CyberarmsAgentConfiguration.cs ├── CyberarmsAgentConfiguration.resx ├── CyberarmsApplicationSettings.Designer.cs ├── CyberarmsApplicationSettings.cs ├── CyberarmsApplicationSettings.resx ├── CyberarmsCurrentLocks.Designer.cs ├── CyberarmsCurrentLocks.cs ├── CyberarmsCurrentLocks.resx ├── CyberarmsDashboard.Designer.cs ├── CyberarmsDashboard.cs ├── CyberarmsDashboard.resx ├── CyberarmsSecurityLog.Designer.cs ├── CyberarmsSecurityLog.cs ├── CyberarmsSecurityLog.resx ├── CyberarmsSettingsNavigation.Designer.cs ├── CyberarmsSettingsNavigation.cs ├── CyberarmsSettingsNavigation.resx ├── CyberarmsSettingsNavigationItem.Designer.cs ├── CyberarmsSettingsNavigationItem.cs ├── CyberarmsSettingsNavigationItem.resx ├── GenericErrorDialog.Designer.cs ├── GenericErrorDialog.cs ├── GenericErrorDialog.resx ├── IddsAdmin.Designer.cs ├── IddsAdmin.cs ├── IddsAdmin.resx ├── Paladin48.ico ├── PaladinCommandline.ico ├── PaladinConfig.exe.manifest ├── PanelLockoutConfiguration.Designer.cs ├── PanelLockoutConfiguration.cs ├── PanelLockoutConfiguration.resx ├── PanelNotificationSettings.Designer.cs ├── PanelNotificationSettings.cs ├── PanelNotificationSettings.resx ├── PanelPluginConfiguration.Designer.cs ├── PanelPluginConfiguration.cs ├── PanelPluginConfiguration.resx ├── PanelSafeNetworks.Designer.cs ├── PanelSafeNetworks.cs ├── PanelSafeNetworks.resx ├── PanelSmtpSettings.Designer.cs ├── PanelSmtpSettings.cs ├── PanelSmtpSettings.resx ├── PluginItem.Designer.cs ├── PluginItem.cs ├── PluginItem.resx ├── Program.cs ├── Properties │ ├── AssemblyInfo.cs │ ├── Resources.Designer.cs │ ├── Resources.resx │ ├── Settings.Designer.cs │ └── Settings.settings ├── RemoveLockForm.Designer.cs ├── RemoveLockForm.cs ├── RemoveLockForm.resx ├── Resources │ ├── Cyberarms-Logo-small.jpg │ ├── Cyberarms-Logo.jpg │ ├── Paladin Logo.png │ ├── Paladin-Icon_128.jpg │ ├── Paladin-Icon_16.jpg │ ├── Paladin-Icon_32.jpg │ ├── Paladin-Icon_64.jpg │ ├── Paladin-Icon_groß.png │ ├── Paladin-Logo_128.png │ ├── Paladin-Logo_256.png │ ├── agent15px-default-dark.png │ ├── agent15px-default-white.png │ ├── border-bottom.png │ ├── border-left.png │ ├── border-right.png │ ├── border-top.png │ ├── button-add.png │ ├── button-filter.png │ ├── button-hardlock.png │ ├── button-unlock.png │ ├── button25px-add.png │ ├── button25px-delete.png │ ├── button25px-edit.png │ ├── button25px-save.png │ ├── button30px-disable.png │ ├── button30px-disable1.png │ ├── button30px-download.png │ ├── button30px-download1.png │ ├── button30px-enable.png │ ├── button30px-enable1.png │ ├── button30px-new.png │ ├── button30px-new1.png │ ├── button30px-save.png │ ├── button30px-save1.png │ ├── buttonicon-activate.png │ ├── corner-bottom-left.png │ ├── corner-bottom-right.png │ ├── corner-top-left.png │ ├── corner-top-right.png │ ├── cyberarms-idds-klein.png │ ├── delete.png │ ├── icon-close.png │ ├── icon-grip.png │ ├── icon-help.png │ ├── icon-maximize.png │ ├── icon-minimize.png │ ├── icon-refresh.png │ ├── icon-refresh1.png │ ├── icon-scale.png │ ├── icon-search.png │ ├── loading2.gif │ ├── logIcon-hardLock.png │ ├── logIcon-hardLock1.png │ ├── logIcon-loginAttempt.png │ ├── logIcon-loginAttempt1.png │ ├── logIcon-softLock.png │ ├── logIcon-softLock1.png │ ├── logIcon-systemMessage.png │ ├── logIcon-systemMessage1.png │ ├── logIcon-unlock.png │ ├── logIcon-unlock1.png │ ├── logIcon-warning.png │ ├── logIcon-warning1.png │ ├── realvista_3dgraphics_gear_16.png │ ├── realvista_3dgraphics_pivot_point_16.png │ ├── realvista_general_close_48.png │ ├── realvista_general_info_16.png │ ├── realvista_general_lock_16.png │ ├── realvista_general_play_16.png │ ├── realvista_general_reload_16.png │ ├── realvista_general_stop_16.png │ ├── realvista_general_unlock_32.png │ ├── realvista_general_unlock_48.png │ ├── realvista_networking_lobby_16.png │ ├── realvista_networking_lobby_24.png │ ├── realvista_networking_security_16.png │ ├── realvista_networking_vpn_128.png │ ├── realvista_networking_vpn_256.png │ ├── realvista_networking_vpn_48.png │ ├── realvista_webdesign_3d_design_16.png │ ├── service-controller-start-deactivated.png │ ├── service-controller-start.png │ ├── service-controller-stop-deactivated.png │ ├── service-controller-stop.png │ ├── status-agent-disabled-dark.png │ └── status-agent-enabled-dark.png ├── SearchBox.cs ├── SmartForm.Designer.cs ├── SmartForm.cs ├── SmartForm.resx ├── SmartLabel.Designer.cs ├── SmartLabel.cs ├── SmartLabel.resx ├── SmartLabelTextbox.Designer.cs ├── SmartLabelTextbox.cs ├── SmartLabelTextbox.resx ├── SmartPanel.cs ├── SplashScreen.Designer.cs ├── SplashScreen.cs ├── SplashScreen.resx └── app.config ├── Cyberarms.IntrusionDetection.Api ├── Cyberarms.IntrusionDetection.Api.csproj ├── Cyberarms.IntrusionDetection.Api.csproj.vspscc ├── Plugin │ ├── AgentConfigurationBase.cs │ ├── AgentPlugin.cs │ ├── IAgentConfiguration.cs │ ├── IAgentPlugin.cs │ ├── IExtendedInformation.cs │ ├── INetworkListener.cs │ ├── INotificationEventArgs.cs │ ├── INotificationListener.cs │ ├── Names.cs │ ├── NotificationEventArgs.cs │ ├── PluginAttribute.cs │ ├── PluginConfiguration.cs │ └── PluginTypes.cs └── Properties │ └── AssemblyInfo.cs ├── Cyberarms.IntrusionDetection.Base ├── AdCredentialValidationSecurityAgent.cs ├── Cyberarms.IntrusionDetection.Base.Plugins.csproj ├── Cyberarms.IntrusionDetection.Base.Plugins.csproj.vspscc ├── KerberosSecurityAgent.cs ├── Properties │ └── AssemblyInfo.cs ├── Resources.Designer.cs ├── Resources.resx ├── Resources │ ├── agent15px-rdp-dark.png │ ├── agent15px-rdp-white.png │ ├── agent15px-sharePoint-dark.png │ └── agent15px-sharePoint-white.png ├── RrasSecurityAgent.cs └── WindowsSecurityBase.cs ├── Cyberarms.IntrusionDetection.Cmd.Test ├── AgentTests.cs ├── CyberarmsIntrusionDetection.Cmd.Test.csproj ├── CyberarmsIntrusionDetection.Cmd.Test.csproj.vspscc └── Properties │ └── AssemblyInfo.cs ├── Cyberarms.IntrusionDetection.Cmd ├── Agent.cs ├── Agents.cs ├── Cyberarms.IntrusionDetection.Cmd.csproj ├── Cyberarms.IntrusionDetection.Cmd.csproj.vspscc ├── Paladin48.ico ├── PaladinCommandline.ico ├── Program.cs ├── Properties │ ├── AssemblyInfo.cs │ ├── Settings.Designer.cs │ └── Settings.settings └── app.config ├── Cyberarms.IntrusionDetection.Service.Test ├── ApiTest.cs ├── CryptoLib.cs ├── Cyberarms.IntrusionDetection.Service.Test.csproj ├── Cyberarms.IntrusionDetection.Service.Test.csproj.vspscc ├── EventLogTest.cs ├── LockTest.cs ├── Properties │ └── AssemblyInfo.cs ├── UnitTest1.cs └── WindowsLogManager.cs ├── Cyberarms.IntrusionDetection.Service ├── ClientOperationInformation.cs ├── CryptoLib.cs ├── Cyberarms.IntrusionDetection.Service.csproj ├── Cyberarms.IntrusionDetection.Service.csproj.vspscc ├── FirewallManager.cs ├── FirewallPolicyManager.cs ├── NetworkMonitor.cs ├── Paladin16.ico ├── Paladin24.ico ├── Paladin32.ico ├── Paladin48.ico ├── PaladinService.Designer.cs ├── PaladinService.cs ├── PaladinService.resx ├── Program.cs ├── ProjectInstaller.Designer.cs ├── ProjectInstaller.cs ├── ProjectInstaller.resx ├── Properties │ └── AssemblyInfo.cs ├── Sniffer.cs ├── WindowsLogManager.cs └── app.config ├── Cyberarms.IntrusionDetection.Setup.x64 ├── Cyberarms.IntrusionDetection.Setup.x64.vdproj └── Cyberarms.IntrusionDetection.Setup.x64.vdproj.vspscc ├── Cyberarms.IntrusionDetection.Setup.x86 ├── Cyberarms.IntrusionDetection.Setup.x86.vdproj └── Cyberarms.IntrusionDetection.Setup.x86.vdproj.vspscc ├── Cyberarms.IntrusionDetection.Shared.Test ├── Cyberarms.IntrusionDetection.Shared.Test.csproj ├── Cyberarms.IntrusionDetection.Shared.Test.csproj.vspscc ├── DatabaseUpgradeTest.cs ├── IddsConfigTest.cs ├── IntrusionLogTest.cs ├── LoadAgentsTest.cs ├── LocksTest.cs ├── Properties │ └── AssemblyInfo.cs └── ReportTest.cs ├── Cyberarms.IntrusionDetection.Shared ├── AgentConfigurations.cs ├── AgentFilter.cs ├── AgentLoaderProxy.cs ├── AgentPerformanceRecord.cs ├── AgentProxy.cs ├── CryptoHelper.cs ├── Cyberarms.IntrusionDetection.Shared.csproj ├── Cyberarms.IntrusionDetection.Shared.csproj.vspscc ├── Database.cs ├── Db │ ├── DbUpgradeScript.cs │ ├── DbUpgrader.cs │ ├── DbValueConverter.cs │ └── Version_2_1.cs ├── Globals.cs ├── IAgentFilter.cs ├── IPHeader.cs ├── IddsConfig.cs ├── InstallationHelper.Designer.cs ├── InstallationHelper.cs ├── IntrusionLog.cs ├── Lock.cs ├── LockStatus.cs ├── LockType.cs ├── Locks.cs ├── NotificationSettings.cs ├── PluginExceptionArguments.cs ├── Properties │ └── AssemblyInfo.cs ├── ReportGenerator.cs ├── ReportScheduler.cs ├── Resources.Designer.cs ├── Resources.resx ├── Resources │ ├── EventsPerAgent.txt │ ├── HardLocksByIp.txt │ ├── IntrusionAttemptsByIp.txt │ ├── ReportTemplate.txt │ ├── SoftLocksByIp.txt │ ├── agent15px-custom-dark.png │ ├── agent15px-custom-white.png │ ├── agent15px-default-dark.png │ ├── agent15px-default-white.png │ ├── logIcon-hardLock.png │ ├── logIcon-loginAttempt.png │ ├── logIcon-softLock.png │ ├── logIcon-systemMessage.png │ ├── logIcon-unlock.png │ └── logIcon-warning.png ├── SecurityAgent.cs ├── SecurityAgents.cs ├── Statistics.cs ├── TcpHeader.cs └── VolumeLicenseManager.cs ├── Cyberarms.WebSecurity ├── Cyberarms.WebSecurity.csproj ├── Cyberarms.WebSecurity.csproj.vspscc ├── Properties │ └── AssemblyInfo.cs └── SecurityMonitor.cs ├── Cyberarms.sln ├── Cyberarms.vssscc ├── DemoAgent ├── BadAgent.cs ├── DemoAgent.cs ├── DemoAgent.csproj ├── DemoAgent.csproj.vspscc ├── DemoConfiguration.cs └── Properties │ └── AssemblyInfo.cs ├── Dependencies └── SQLite │ ├── sqlite-netFx40-binary-Win32-2010-1.0.84.0 │ ├── SQLite.Interop.dll │ └── System.Data.SQLite.dll │ └── sqlite-netFx40-binary-x64-2010-1.0.84.0 │ ├── SQLite.Interop.dll │ └── System.Data.SQLite.dll ├── EventLogCleaner ├── EventLogCleaner.csproj ├── EventLogCleaner.csproj.vspscc ├── Program.cs └── Properties │ └── AssemblyInfo.cs ├── IdsServiceForWindows.vsmdi ├── LICENSE ├── Local.testsettings ├── MailServerTest ├── MailServerTest.csproj ├── MailServerTest.csproj.vspscc ├── Program.cs └── Properties │ └── AssemblyInfo.cs ├── Media ├── CYBERARMS EULA.rtf └── setup_banner.jpg ├── README.md ├── SqlServerAgentTest ├── Program.cs ├── Properties │ └── AssemblyInfo.cs ├── SqlServerAgentTest.csproj └── SqlServerAgentTest.csproj.vspscc ├── TlsSslTest ├── Program.cs ├── Properties │ └── AssemblyInfo.cs ├── TlsSslTest.csproj └── TlsSslTest.csproj.vspscc └── TraceAndTestImpact.testsettings /Compiled/cyberarms.intrusiondetection.setup.x64_2.2.0.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Compiled/cyberarms.intrusiondetection.setup.x64_2.2.0.zip -------------------------------------------------------------------------------- /Cyberarms.Agents.Bind9/Bind9DDoSConfig.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using Cyberarms.IntrusionDetection.Api.Plugin; 6 | 7 | namespace Cyberarms.Agents.Bind9 { 8 | public class Bind9DDoSConfig : AgentConfigurationBase { 9 | [System.ComponentModel.DefaultValue(false)] 10 | public bool RestartBindOnBlock { get; set; } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /Cyberarms.Agents.Bind9/Cyberarms.Agents.Bind9.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.Agents.Bind9/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("Cyberarms.Agents.Bind9")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("Cyberarms.Agents.Bind9")] 13 | [assembly: AssemblyCopyright("Copyright © 2012-2016")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("bb4660bc-afa1-479b-b6dc-3c95a7d00bd1")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("2.2.0")] 36 | [assembly: AssemblyFileVersion("2.2.0")] 37 | -------------------------------------------------------------------------------- /Cyberarms.Agents.FileMaker/Cyberarms.Agents.FileMaker.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.Agents.FileMaker/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("FileMaker security agent for IDDS")] 9 | [assembly: AssemblyDescription("This security agent protects FileMaker databases from brute force attacks")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("Cyberarms Limited")] 12 | [assembly: AssemblyProduct("Cyberarms FileMaker Security Agent")] 13 | [assembly: AssemblyCopyright("Copyright © Cyberarms 2013-2016")] 14 | [assembly: AssemblyTrademark("Cyberarms Intrusion Detection Security Agent")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("1eb92f4d-8e7f-418f-89a5-7484216b2a82")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("2.2.0")] 36 | [assembly: AssemblyFileVersion("2.2.0")] 37 | -------------------------------------------------------------------------------- /Cyberarms.Agents.FileMaker/res/FileMakerPro.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.Agents.FileMaker/res/FileMakerPro.png -------------------------------------------------------------------------------- /Cyberarms.Agents.FileMaker/res/agent15px-filemaker-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.Agents.FileMaker/res/agent15px-filemaker-dark.png -------------------------------------------------------------------------------- /Cyberarms.Agents.FileMaker/res/agent15px-filemaker-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.Agents.FileMaker/res/agent15px-filemaker-white.png -------------------------------------------------------------------------------- /Cyberarms.Agents.FtpServer/AppLayerFtp.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Net; 4 | using System.Text; 5 | using System.IO; 6 | 7 | namespace Cyberarms.Agents.FtpServer { 8 | public class AppLayerFtp { 9 | 10 | public const string FTP_REPLY_CODE_LOGIN_DENIED = "530"; 11 | 12 | public string FtpReplyCode { get; set; } 13 | 14 | public AppLayerFtp(byte[] byBuffer, int nReceived) { 15 | try { 16 | //Create MemoryStream out of the received bytes 17 | MemoryStream memoryStream = new MemoryStream(byBuffer, 0, nReceived); 18 | //Next we create a BinaryReader out of the MemoryStream 19 | BinaryReader binaryReader = new BinaryReader(memoryStream); 20 | char[] replyCodeChars = binaryReader.ReadChars(3); 21 | StringBuilder replyCode = new StringBuilder(); 22 | 23 | if (replyCodeChars.Length == 3) { 24 | for(int i=0;i<3;i++) replyCode.Append(replyCodeChars[i]); 25 | } 26 | FtpReplyCode = replyCode.ToString(); 27 | 28 | } catch(Exception ex) { 29 | Console.WriteLine(ex.Message); 30 | throw ex; 31 | } 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /Cyberarms.Agents.FtpServer/Cyberarms.Agents.FtpServer.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.Agents.FtpServer/FtpConfig.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using Cyberarms.IntrusionDetection.Api.Plugin; 6 | 7 | namespace Cyberarms.Agents.FtpServer { 8 | public class FtpConfig : PluginConfiguration { 9 | private int _ftpPort = 0; 10 | [System.ComponentModel.DefaultValue((int)21)] 11 | public int FtpPort { 12 | get { 13 | return _ftpPort == 0 ? 21 : _ftpPort; 14 | } 15 | set { 16 | _ftpPort = value == 0 ? 21 : value; 17 | } 18 | } 19 | 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /Cyberarms.Agents.FtpServer/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("Cyberarms.Agents.FtpServer")] 9 | [assembly: AssemblyDescription("FTP brute force attack detection")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("Cyberarms.Agents.FtpServer")] 13 | [assembly: AssemblyCopyright("Copyright © Cyberarms Limited 2012-2016")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("b60eb2e3-cbad-4e4b-9eaf-8b179ddd4e26")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("2.2.0")] 36 | [assembly: AssemblyFileVersion("2.2.0")] 37 | -------------------------------------------------------------------------------- /Cyberarms.Agents.FtpServer/Resources/agent15px-ftp-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.Agents.FtpServer/Resources/agent15px-ftp-dark.png -------------------------------------------------------------------------------- /Cyberarms.Agents.FtpServer/Resources/agent15px-ftp-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.Agents.FtpServer/Resources/agent15px-ftp-white.png -------------------------------------------------------------------------------- /Cyberarms.Agents.MailServer.Test/Cyberarms.Agents.MailServer.Test.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.Agents.MailServer.Test/Pop3Test.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Text; 3 | using System.Collections.Generic; 4 | using System.Linq; 5 | using Microsoft.VisualStudio.TestTools.UnitTesting; 6 | 7 | namespace Cyberarms.Agents.MailServer.Test { 8 | [TestClass] 9 | public class Pop3Test { 10 | [TestMethod] 11 | public void TestPop3Parser() { 12 | byte[] testDataPass = new byte[] { 0x45, 0x00, 0x00, 0x3B, 0x23, 0x44, 0x40, 0x00, 0x7A, 0x06, 0x5A, 0xF6, 0x57, 0x98, 0x4A, 0x1E, 0x51, 0xA9, 0x8F, 0x23, 0xC8, 0xDC, 0x00, 0x6E, 0x91, 0x49, 0x3A, 0x6C, 0x8C, 0x47, 0xB3, 0xFB, 0x50, 0x18, 0x01, 0x04, 0x42, 0xD8, 0x00, 0x00, 0x50, 0x41, 0x53, 0x53, 0x20, 0x69, 0x73, 0x69, 0x43, 0x6F, 0x72, 0x65, 0x41, 0x64, 0x6D, 0x69, 0x6E, 0x0D, 0x0A }; 13 | Pop3Agent agent = new Pop3Agent(); 14 | agent.TestReceive(testDataPass); 15 | foreach (int key in agent.CurrentClients.Keys) { 16 | Assert.AreEqual(Pop3Message.PASS, agent.CurrentClients[key].LastMessage); 17 | } 18 | } 19 | 20 | [TestMethod] 21 | public void TestPop3ErrMsg() { 22 | byte[] testErrMsg = new byte[] { 0x45, 0x00, 0x00, 0x3F, 0x62, 0xDC, 0x40, 0x00, 0x80, 0x06, 0x15, 0x5A, 0x51, 0xA9, 0x8F, 0x23, 0x57, 0x98, 0x4A, 0x1E, 0x00, 0x6E, 0xC8, 0xDC, 0x8C, 0x47, 0xB3, 0xFB, 0x91, 0x49, 0x3A, 0x7F, 0x50, 0x18, 0x01, 0x04, 0xE4, 0x3D, 0x00, 0x00, 0x2D, 0x45, 0x52, 0x52, 0x20, 0x55, 0x6E, 0x61, 0x62, 0x6C, 0x65, 0x20, 0x74, 0x6F, 0x20, 0x6C, 0x6F, 0x67, 0x20, 0x6F, 0x6E, 0x0D, 0x0A }; 23 | byte[] testDataPass = new byte[] { 0x45, 0x00, 0x00, 0x3B, 0x23, 0x44, 0x40, 0x00, 0x7A, 0x06, 0x5A, 0xF6, 0x57, 0x98, 0x4A, 0x1E, 0x51, 0xA9, 0x8F, 0x23, 0xC8, 0xDC, 0x00, 0x6E, 0x91, 0x49, 0x3A, 0x6C, 0x8C, 0x47, 0xB3, 0xFB, 0x50, 0x18, 0x01, 0x04, 0x42, 0xD8, 0x00, 0x00, 0x50, 0x41, 0x53, 0x53, 0x20, 0x69, 0x73, 0x69, 0x43, 0x6F, 0x72, 0x65, 0x41, 0x64, 0x6D, 0x69, 0x6E, 0x0D, 0x0A }; 24 | 25 | Pop3Agent agent = new Pop3Agent(); 26 | agent.TestReceive(testDataPass); 27 | attackDetected = false; 28 | agent.AttackDetected += new IntrusionDetection.Api.Plugin.AttackDetectedHandler(agent_AttackDetected); 29 | agent.TestSend(testErrMsg); 30 | System.Threading.Thread.Sleep(100); 31 | Assert.IsTrue(attackDetected); 32 | } 33 | 34 | bool attackDetected = false; 35 | 36 | void agent_AttackDetected(object sender, IntrusionDetection.Api.Plugin.INotificationEventArgs data) { 37 | attackDetected = true; 38 | System.Diagnostics.Debug.Print(data.EventMessage); 39 | } 40 | 41 | [TestMethod] 42 | public void TestPop3Watcher() { 43 | Pop3Agent agent = new Pop3Agent(); 44 | agent.AttackDetected+=new IntrusionDetection.Api.Plugin.AttackDetectedHandler(agent_AttackDetected); 45 | agent.Start(); 46 | System.Threading.Thread.Sleep(600000); 47 | Assert.Fail("This test is long running, and takes manual steps"); 48 | } 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /Cyberarms.Agents.MailServer.Test/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("Cyberarms.Agents.MailServer.Test")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("Cyberarms.Agents.MailServer.Test")] 13 | [assembly: AssemblyCopyright("Copyright © 2012-2016")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("a122cfbf-1c68-406b-b299-302f0b2981c4")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | [assembly: AssemblyVersion("1.0.0.0")] 35 | [assembly: AssemblyFileVersion("1.0.0.0")] 36 | -------------------------------------------------------------------------------- /Cyberarms.Agents.MailServer/AppLayerPop3.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Net; 4 | using System.Text; 5 | using System.IO; 6 | 7 | namespace Cyberarms.Agents.MailServer { 8 | public class AppLayerPop3 { 9 | public const string POP3_REPLY_CODE_ERROR = "-ERR"; 10 | 11 | public const string POP3_INTERACTION_CODE_APOP = "APOP"; 12 | public const string POP3_INTERACTION_CODE_DELE = "DELE"; 13 | public const string POP3_INTERACTION_CODE_LIST = "LIST"; 14 | public const string POP3_INTERACTION_CODE_NOOP = "NOOP"; 15 | public const string POP3_INTERACTION_CODE_PASS = "PASS"; 16 | public const string POP3_INTERACTION_CODE_QUIT = "QUIT"; 17 | public const string POP3_INTERACTION_CODE_RETR = "RETR"; 18 | public const string POP3_INTERACTION_CODE_RSET = "RSET"; 19 | public const string POP3_INTERACTION_CODE_STAT = "STAT"; 20 | public const string POP3_INTERACTION_CODE_TOP = "TOP "; 21 | public const string POP3_INTERACTION_CODE_UIDL = "UIDL"; 22 | public const string POP3_INTERACTION_CODE_USER = "USER"; 23 | 24 | 25 | public string Pop3Code { get; set; } 26 | 27 | public AppLayerPop3(byte[] byBuffer, int nReceived) { 28 | try { 29 | if (nReceived > 3) { 30 | //Create MemoryStream out of the received bytes 31 | MemoryStream memoryStream = new MemoryStream(byBuffer, 0, nReceived); 32 | //Next we create a BinaryReader out of the MemoryStream 33 | BinaryReader binaryReader = new BinaryReader(memoryStream); 34 | char[] replyCodeChars = binaryReader.ReadChars(4); 35 | StringBuilder replyCode = new StringBuilder(); 36 | 37 | if (replyCodeChars.Length == 4) { 38 | for (int i = 0; i < 4; i++) replyCode.Append(replyCodeChars[i]); 39 | } 40 | Pop3Code = replyCode.ToString().ToUpper(); 41 | } 42 | } catch(Exception ex) { 43 | Console.WriteLine(ex.Message); 44 | throw ex; 45 | } 46 | } 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /Cyberarms.Agents.MailServer/AppLayerSmtp.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Net; 4 | using System.Text; 5 | using System.IO; 6 | 7 | namespace Cyberarms.Agents.MailServer { 8 | public class AppLayerSmtp { 9 | 10 | public const string SMTP_REPLY_CODE_LOGIN_DENIED = "504"; 11 | 12 | public string SmtpReplyCode { get; set; } 13 | 14 | public AppLayerSmtp(byte[] byBuffer, int nReceived) { 15 | try { 16 | //Create MemoryStream out of the received bytes 17 | MemoryStream memoryStream = new MemoryStream(byBuffer, 0, nReceived); 18 | //Next we create a BinaryReader out of the MemoryStream 19 | BinaryReader binaryReader = new BinaryReader(memoryStream); 20 | char[] replyCodeChars = binaryReader.ReadChars(3); 21 | StringBuilder replyCode = new StringBuilder(); 22 | 23 | if (replyCodeChars.Length == 3) { 24 | for(int i=0;i<3;i++) replyCode.Append(replyCodeChars[i]); 25 | } 26 | SmtpReplyCode = replyCode.ToString(); 27 | 28 | } catch(Exception ex) { 29 | Console.WriteLine(ex.Message); 30 | throw ex; 31 | } 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /Cyberarms.Agents.MailServer/Cyberarms.Agents.MailServer.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.Agents.MailServer/Pop3Client.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace Cyberarms.Agents.MailServer { 7 | 8 | public enum Pop3Message { 9 | None, 10 | APOP, 11 | DELE, 12 | LIST, 13 | NOOP, 14 | PASS, 15 | QUIT, 16 | RETR, 17 | RSET, 18 | STAT, 19 | TOP, 20 | UIDL, 21 | USER 22 | } 23 | 24 | public class Pop3Client { 25 | public Pop3Message LastMessage { get; set; } 26 | public DateTime LastInteraction { get; set; } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /Cyberarms.Agents.MailServer/Pop3Config.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using Cyberarms.IntrusionDetection.Api.Plugin; 6 | 7 | namespace Cyberarms.Agents.MailServer { 8 | public class Pop3Config : PluginConfiguration { 9 | 10 | private int _pop3Port = 0; 11 | [System.ComponentModel.DefaultValue((int)110)] 12 | public int Pop3Port { 13 | get { 14 | return _pop3Port == 0 ? 110 : _pop3Port; 15 | } 16 | set { 17 | _pop3Port = value == 0 ? 110 : value; 18 | } 19 | } 20 | 21 | 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /Cyberarms.Agents.MailServer/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("Cyberarms.Agents.MailServer")] 9 | [assembly: AssemblyDescription("Cyberarms Agent for SMTP and POP3")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("Cyberarms Limited")] 12 | [assembly: AssemblyProduct("Cyberarms.Agents.MailServer")] 13 | [assembly: AssemblyCopyright("Copyright © Cyberarms Limited 2012-2016")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("18b34faa-9246-4af2-bac0-5b6251bb89a0")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("2.2.0")] 36 | [assembly: AssemblyFileVersion("2.2.0")] 37 | -------------------------------------------------------------------------------- /Cyberarms.Agents.MailServer/SmtpConfig.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using Cyberarms.IntrusionDetection.Api.Plugin; 6 | 7 | namespace Cyberarms.Agents.MailServer { 8 | public class SmtpConfig : PluginConfiguration { 9 | private int _smtpPort = 0; 10 | [System.ComponentModel.DefaultValue((int)25)] 11 | public int SmtpPort { 12 | get { 13 | return _smtpPort == 0 ? 25 : _smtpPort; 14 | } 15 | set { 16 | _smtpPort = value == 0 ? 25 : value; 17 | } 18 | } 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /Cyberarms.Agents.MySql/Cyberarms.Agents.MySql.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.Agents.MySql/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("Cyberarms.Agents.MySql")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("Cyberarms.Agents.MySql")] 13 | [assembly: AssemblyCopyright("Copyright © Cyberarms 2016")] 14 | [assembly: AssemblyTrademark("Cyberarms Limited")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("dc5e4697-aedb-4aa7-9a53-494baae59495")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("2.2.0")] 36 | [assembly: AssemblyFileVersion("2.2.0")] 37 | -------------------------------------------------------------------------------- /Cyberarms.Agents.MySql/Resources/agent15px-sql-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.Agents.MySql/Resources/agent15px-sql-dark.png -------------------------------------------------------------------------------- /Cyberarms.Agents.MySql/Resources/agent15px-sql-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.Agents.MySql/Resources/agent15px-sql-white.png -------------------------------------------------------------------------------- /Cyberarms.Agents.Smtp/AppLayerSmtp.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Net; 4 | using System.Text; 5 | using System.IO; 6 | 7 | namespace Cyberarms.Agents.MailServer { 8 | public class AppLayerSmtp { 9 | 10 | public const string SMTP_REPLY_CODE_NEED_TO_AUTHENTICATE = "504"; 11 | public const string SMTP_REPLY_CODE_LOGIN_DENIED = "535"; 12 | 13 | public string SmtpReplyCode { get; set; } 14 | 15 | public AppLayerSmtp(byte[] byBuffer, int nReceived) { 16 | try { 17 | //Create MemoryStream out of the received bytes 18 | MemoryStream memoryStream = new MemoryStream(byBuffer, 0, nReceived); 19 | //Next we create a BinaryReader out of the MemoryStream 20 | BinaryReader binaryReader = new BinaryReader(memoryStream); 21 | char[] replyCodeChars = binaryReader.ReadChars(3); 22 | StringBuilder replyCode = new StringBuilder(); 23 | 24 | if (replyCodeChars.Length == 3) { 25 | for(int i=0;i<3;i++) replyCode.Append(replyCodeChars[i]); 26 | } 27 | SmtpReplyCode = replyCode.ToString(); 28 | 29 | } catch(Exception ex) { 30 | Console.WriteLine(ex.Message); 31 | throw ex; 32 | } 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /Cyberarms.Agents.Smtp/Cyberarms.Agents.Smtp.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.Agents.Smtp/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("Cyberarms.Agents.MailServer")] 9 | [assembly: AssemblyDescription("Cyberarms Agent for SMTP")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("Cyberarms Limited")] 12 | [assembly: AssemblyProduct("Cyberarms.Agents.Smtp")] 13 | [assembly: AssemblyCopyright("Copyright © Cyberarms Limited 2013-2016")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("EF470FC1-A261-4F4D-A496-B9DF8B1E58E3")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("2.2.0")] 36 | [assembly: AssemblyFileVersion("2.2.0")] 37 | -------------------------------------------------------------------------------- /Cyberarms.Agents.Smtp/Resources/agent15px-mail-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.Agents.Smtp/Resources/agent15px-mail-dark.png -------------------------------------------------------------------------------- /Cyberarms.Agents.Smtp/Resources/agent15px-mail-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.Agents.Smtp/Resources/agent15px-mail-white.png -------------------------------------------------------------------------------- /Cyberarms.Agents.Smtp/SmtpConfig.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using Cyberarms.IntrusionDetection.Api.Plugin; 6 | 7 | namespace Cyberarms.Agents.MailServer { 8 | public class SmtpConfig : PluginConfiguration { 9 | private int _smtpPort = 0; 10 | [System.ComponentModel.DefaultValue((int)25)] 11 | public int SmtpPort { 12 | get { 13 | return _smtpPort == 0 ? 25 : _smtpPort; 14 | } 15 | set { 16 | _smtpPort = value == 0 ? 25 : value; 17 | } 18 | } 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /Cyberarms.Agents.SqlServer/Cyberarms.Agents.SqlServer.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.Agents.SqlServer/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("Cyberarms.Agents.SqlServer")] 9 | [assembly: AssemblyDescription("Agent for Sql Server Logins")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("Cyberarms Limited")] 12 | [assembly: AssemblyProduct("Cyberarms.Agents.SqlServer")] 13 | [assembly: AssemblyCopyright("Copyright © Cyberarms Limited 2012-2016")] 14 | [assembly: AssemblyTrademark("Cyberarms Intrusion Detection and Defense System")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("19bd2f6f-9869-4d7e-9928-49258462a936")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("2.2.0")] 36 | [assembly: AssemblyFileVersion("2.2.0")] 37 | -------------------------------------------------------------------------------- /Cyberarms.Agents.SqlServer/Resources/agent15px-sql-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.Agents.SqlServer/Resources/agent15px-sql-dark.png -------------------------------------------------------------------------------- /Cyberarms.Agents.SqlServer/Resources/agent15px-sql-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.Agents.SqlServer/Resources/agent15px-sql-white.png -------------------------------------------------------------------------------- /Cyberarms.Agents.TerminalServer/AppLayerTlsSsl.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Net; 4 | using System.Text; 5 | using System.IO; 6 | 7 | namespace Cyberarms.Agents.TerminalServer { 8 | public class AppLayerTlsSsl { 9 | 10 | public const byte CONTENT_TYPE_SSL_APPLICATION_DATA = 0x17; 11 | public const byte CONTENT_TYPE_ENCRYPTED_ALERT = 0x15; 12 | public const byte CONTENT_TYPE_HANDSHAKE = 0x16; 13 | 14 | public struct TlsProtocolHeader { 15 | public byte ContentType; 16 | public byte MajorVersion; 17 | public byte MinorVersion; 18 | public UInt16 Length; 19 | } 20 | 21 | public TlsProtocolHeader TlsHeader = new TlsProtocolHeader(); 22 | 23 | public AppLayerTlsSsl(byte[] byBuffer, int nReceived) { 24 | try { 25 | //Create MemoryStream out of the received bytes 26 | MemoryStream memoryStream = new MemoryStream(byBuffer, 0, nReceived); 27 | //Next we create a BinaryReader out of the MemoryStream 28 | BinaryReader binaryReader = new BinaryReader(memoryStream); 29 | TlsHeader.ContentType = binaryReader.ReadByte(); 30 | TlsHeader.MajorVersion = binaryReader.ReadByte(); 31 | TlsHeader.MinorVersion = binaryReader.ReadByte(); 32 | TlsHeader.Length = binaryReader.ReadUInt16(); 33 | 34 | } catch(Exception ex) { 35 | Console.WriteLine(ex.Message); 36 | throw ex; 37 | } 38 | } 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /Cyberarms.Agents.TerminalServer/Cyberarms.Agents.TerminalServer.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.Agents.TerminalServer/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("Cyberarms TerminalServer security agent")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("Cyberarms Limited")] 12 | [assembly: AssemblyProduct("Cyberarms.Agents.TerminalServer")] 13 | [assembly: AssemblyCopyright("Copyright © Cyberarms Limited 2013-2016")] 14 | [assembly: AssemblyTrademark("Cyberarms Intrusion Detection Agent")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("3a822e8b-fede-4a8f-9883-c1854a66d983")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("2.2.0")] 36 | [assembly: AssemblyFileVersion("2.2.0")] 37 | -------------------------------------------------------------------------------- /Cyberarms.Agents.TerminalServer/Resources/agent15px-rdp-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.Agents.TerminalServer/Resources/agent15px-rdp-dark.png -------------------------------------------------------------------------------- /Cyberarms.Agents.TerminalServer/Resources/agent15px-rdp-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.Agents.TerminalServer/Resources/agent15px-rdp-white.png -------------------------------------------------------------------------------- /Cyberarms.Agents.TerminalServer/TslSslConfig.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using Cyberarms.IntrusionDetection.Api.Plugin; 6 | 7 | namespace Cyberarms.Agents.TerminalServer { 8 | public class TslSslConfig : PluginConfiguration { 9 | private int _rdpPort = 0; 10 | [System.ComponentModel.DefaultValue((int)3389)] 11 | public int RdpPort { 12 | get { 13 | return _rdpPort == 0 ? 3389 : _rdpPort; 14 | } 15 | set { 16 | _rdpPort = value == 0 ? 3389 : value; 17 | } 18 | } 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /Cyberarms.Agents.WebSecurity/Cyberarms.Agents.WebSecurity.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.Agents.WebSecurity/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("Cyberarms.Agents.WebSecurity")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("Cyberarms")] 12 | [assembly: AssemblyProduct("Cyberarms Intrusion Detection")] 13 | [assembly: AssemblyCopyright("Copyright © Cyberarms 2014-2016")] 14 | [assembly: AssemblyTrademark("Cyberarms IDDS")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("947a0950-fb94-4f9c-8a33-f04d99b7f874")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("2.2.0")] 36 | [assembly: AssemblyFileVersion("2.2.0")] 37 | -------------------------------------------------------------------------------- /Cyberarms.Agents.WebSecurity/Resources/agent15px-sharePoint-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.Agents.WebSecurity/Resources/agent15px-sharePoint-dark.png -------------------------------------------------------------------------------- /Cyberarms.Agents.WebSecurity/Resources/agent15px-sharePoint-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.Agents.WebSecurity/Resources/agent15px-sharePoint-white.png -------------------------------------------------------------------------------- /Cyberarms.IDDS.Management/Cyberarms.IDDS.Management.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.IDDS.Management/Get_ActivationStatus.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using Cyberarms.IntrusionDetection.Shared; 6 | 7 | namespace Cyberarms.IDDS.Management { 8 | [System.Management.Automation.Cmdlet(System.Management.Automation.VerbsCommon.Get, "ActivationStatus")] 9 | public class Get_ActivationStatus : System.Management.Automation.PSCmdlet { 10 | [System.Management.Automation.Parameter(Position = 0, Mandatory = false)] 11 | public string Options; 12 | 13 | protected override void ProcessRecord() { 14 | if (String.IsNullOrEmpty(Options)) { 15 | this.WriteObject(System.Reflection.Assembly.GetExecutingAssembly().Location); 16 | 17 | } else { 18 | switch (Options) { 19 | case "-v": 20 | break; 21 | } 22 | } 23 | } 24 | 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /Cyberarms.IDDS.Management/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("Cyberarms.IDDS.Management")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("Cyberarms Ltd")] 12 | [assembly: AssemblyProduct("Cyberarms Intrusion Detection Management")] 13 | [assembly: AssemblyCopyright("Copyright © Cyberarms Ltd 2013-2016")] 14 | [assembly: AssemblyTrademark("Cyberarms IDDS")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("2344f331-3921-4fe0-a9de-e93f72598632")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("2.2.0")] 36 | [assembly: AssemblyFileVersion("2.2.0")] 37 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Cyberarms.IntrusionDetection.Admin.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/CyberarmsDashboard.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.ComponentModel; 4 | using System.Drawing; 5 | using System.Data; 6 | using System.Linq; 7 | using System.Text; 8 | using System.Windows.Forms; 9 | using Cyberarms.IntrusionDetection.Shared; 10 | 11 | namespace Cyberarms.IntrusionDetection.Admin { 12 | public partial class CyberarmsDashboard : UserControl { 13 | public event EventHandler SecurityAgentConfigurationRequest; 14 | 15 | public CyberarmsDashboard() { 16 | InitializeComponent(); 17 | } 18 | 19 | public void SetSoftLocks(int locks) { 20 | labelSoftLocks.Text = locks.ToString(); 21 | } 22 | 23 | public void SetHardLocks(int locks) { 24 | labelHardLocks.Text = locks.ToString(); 25 | } 26 | 27 | public void SetUnsuccessfulLogins(int logins) { 28 | labelUnsuccessfulLogins.Text = logins.ToString(); 29 | } 30 | 31 | 32 | public void AddAgent(SecurityAgent agent) { 33 | PluginItem agentX = new PluginItem(); 34 | agentX.SecurityAgent = agent; 35 | flowLayoutPanelPlugins.Controls.Add(agentX); 36 | agentX.SecurityAgentConfigurationRequest += new EventHandler(agentX_SecurityAgentConfigurationRequest); 37 | } 38 | 39 | void agentX_SecurityAgentConfigurationRequest(object sender, EventArgs e) { 40 | if (SecurityAgentConfigurationRequest != null) SecurityAgentConfigurationRequest(sender, e); 41 | } 42 | 43 | public void ClearAgents() { 44 | flowLayoutPanelPlugins.Controls.Clear(); 45 | } 46 | 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/CyberarmsSettingsNavigationItem.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.ComponentModel; 4 | using System.Drawing; 5 | using System.Data; 6 | using System.Linq; 7 | using System.Text; 8 | using System.Windows.Forms; 9 | 10 | namespace Cyberarms.IntrusionDetection.Admin { 11 | public partial class CyberarmsSettingsNavigationItem : UserControl { 12 | 13 | public event EventHandler NavigationClicked; 14 | 15 | public CyberarmsSettingsNavigationItem() { 16 | InitializeComponent(); 17 | } 18 | 19 | public bool IsSelected { get; set; } 20 | 21 | public Image SelectedIcon { get; set; } 22 | 23 | public Image UnselectedIcon { get; set; } 24 | 25 | public string DisplayName { 26 | get { 27 | return smartLabelAgentName.Text; 28 | } 29 | set { 30 | smartLabelAgentName.Text = value; 31 | } 32 | } 33 | 34 | protected override void OnPaint(PaintEventArgs e) { 35 | if (IsSelected) { 36 | this.BackColor = Color.FromArgb(4, 46, 100); 37 | smartLabelAgentName.ForeColor = Color.White; 38 | pictureBoxNavigationIcon.Image = SelectedIcon; 39 | } else { 40 | this.BackColor = Color.White; 41 | smartLabelAgentName.ForeColor = Color.FromArgb(0x666666); 42 | pictureBoxNavigationIcon.Image = UnselectedIcon; 43 | } 44 | base.OnPaint(e); 45 | } 46 | 47 | 48 | 49 | private void CyberarmsSettingsNavigationItem_MouseDown(object sender, MouseEventArgs e) { 50 | pictureBoxNavigationIcon.Location = new Point(pictureBoxNavigationIcon.Location.X + 1, pictureBoxNavigationIcon.Location.Y + 1); 51 | smartLabelAgentName.Location = new Point(smartLabelAgentName.Location.X + 1, smartLabelAgentName.Location.Y + 1); 52 | } 53 | 54 | private void CyberarmsSettingsNavigationItem_MouseUp(object sender, MouseEventArgs e) { 55 | pictureBoxNavigationIcon.Location = new Point(pictureBoxNavigationIcon.Location.X - 1, pictureBoxNavigationIcon.Location.Y - 1); 56 | smartLabelAgentName.Location = new Point(smartLabelAgentName.Location.X - 1, smartLabelAgentName.Location.Y - 1); 57 | } 58 | 59 | 60 | 61 | private void CyberarmsSettingsNavigationItem_Click(object sender, EventArgs e) { 62 | OnNavigationClicked(); 63 | 64 | } 65 | 66 | private void OnNavigationClicked() { 67 | if (NavigationClicked != null) NavigationClicked(this, EventArgs.Empty); 68 | } 69 | 70 | 71 | 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/GenericErrorDialog.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.ComponentModel; 4 | using System.Data; 5 | using System.Drawing; 6 | using System.Linq; 7 | using System.Text; 8 | using System.Windows.Forms; 9 | 10 | namespace Cyberarms.IntrusionDetection.Admin { 11 | public partial class GenericErrorDialog : Form { 12 | public GenericErrorDialog(string caption, string text, bool cancelButton) { 13 | InitializeComponent(); 14 | this.Text = caption; 15 | label1.Text = text; 16 | 17 | if (!cancelButton) { 18 | buttonCancel.Enabled = false; 19 | } 20 | } 21 | 22 | 23 | private void buttonOK_Click(object sender, EventArgs e) { 24 | this.DialogResult = System.Windows.Forms.DialogResult.OK; 25 | } 26 | 27 | private void buttonCancel_Click(object sender, EventArgs e) { 28 | this.DialogResult = System.Windows.Forms.DialogResult.Cancel; 29 | } 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Paladin48.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Paladin48.ico -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/PaladinCommandline.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/PaladinCommandline.ico -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/PaladinConfig.exe.manifest: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Windows.Forms; 5 | 6 | namespace Cyberarms.IntrusionDetection.Admin { 7 | static class Program { 8 | /// 9 | /// The main entry point for the application. 10 | /// 11 | [STAThread] 12 | static void Main() { 13 | Application.EnableVisualStyles(); 14 | Application.SetCompatibleTextRenderingDefault(false); 15 | //Application.Run(new Form1()); 16 | Application.Run(new SplashScreen()); 17 | IddsAdmin.Instance.Visible = true; 18 | Application.Run(IddsAdmin.Instance); 19 | } 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("IntrusionDetectionConfig")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("Cyberarms Limited")] 12 | [assembly: AssemblyProduct("IntrusionDetectionConfig")] 13 | [assembly: AssemblyCopyright("Copyright © Cyberarms 2012-2016")] 14 | [assembly: AssemblyTrademark("Cyberarms Intrusion Detection")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("c724e6ec-9f41-4af0-9605-bd6069af6a0d")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("2.2.0")] 36 | [assembly: AssemblyFileVersion("2.2.0")] 37 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Properties/Settings.Designer.cs: -------------------------------------------------------------------------------- 1 | //------------------------------------------------------------------------------ 2 | // 3 | // This code was generated by a tool. 4 | // Runtime Version:4.0.30319.269 5 | // 6 | // Changes to this file may cause incorrect behavior and will be lost if 7 | // the code is regenerated. 8 | // 9 | //------------------------------------------------------------------------------ 10 | 11 | namespace Cyberarms.IntrusionDetection.Admin.Properties { 12 | 13 | 14 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] 15 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "10.0.0.0")] 16 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase { 17 | 18 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings()))); 19 | 20 | public static Settings Default { 21 | get { 22 | return defaultInstance; 23 | } 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Properties/Settings.settings: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/RemoveLockForm.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.ComponentModel; 4 | using System.Data; 5 | using System.Drawing; 6 | using System.Linq; 7 | using System.Text; 8 | using System.Windows.Forms; 9 | 10 | namespace Cyberarms.IntrusionDetection.Admin { 11 | public partial class RemoveLockForm : Form { 12 | public RemoveLockForm() { 13 | InitializeComponent(); 14 | } 15 | 16 | private void RemoveLockForm_Load(object sender, EventArgs e) { 17 | 18 | } 19 | 20 | private void buttonOK_Click(object sender, EventArgs e) { 21 | this.DialogResult = System.Windows.Forms.DialogResult.OK; 22 | } 23 | 24 | private void buttonCancel_Click(object sender, EventArgs e) { 25 | this.DialogResult = System.Windows.Forms.DialogResult.Cancel; 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/Cyberarms-Logo-small.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/Cyberarms-Logo-small.jpg -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/Cyberarms-Logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/Cyberarms-Logo.jpg -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/Paladin Logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/Paladin Logo.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/Paladin-Icon_128.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/Paladin-Icon_128.jpg -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/Paladin-Icon_16.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/Paladin-Icon_16.jpg -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/Paladin-Icon_32.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/Paladin-Icon_32.jpg -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/Paladin-Icon_64.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/Paladin-Icon_64.jpg -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/Paladin-Icon_groß.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/Paladin-Icon_groß.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/Paladin-Logo_128.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/Paladin-Logo_128.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/Paladin-Logo_256.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/Paladin-Logo_256.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/agent15px-default-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/agent15px-default-dark.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/agent15px-default-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/agent15px-default-white.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/border-bottom.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/border-bottom.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/border-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/border-left.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/border-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/border-right.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/border-top.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/border-top.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/button-add.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/button-add.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/button-filter.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/button-filter.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/button-hardlock.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/button-hardlock.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/button-unlock.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/button-unlock.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/button25px-add.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/button25px-add.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/button25px-delete.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/button25px-delete.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/button25px-edit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/button25px-edit.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/button25px-save.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/button25px-save.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/button30px-disable.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/button30px-disable.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/button30px-disable1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/button30px-disable1.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/button30px-download.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/button30px-download.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/button30px-download1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/button30px-download1.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/button30px-enable.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/button30px-enable.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/button30px-enable1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/button30px-enable1.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/button30px-new.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/button30px-new.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/button30px-new1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/button30px-new1.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/button30px-save.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/button30px-save.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/button30px-save1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/button30px-save1.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/buttonicon-activate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/buttonicon-activate.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/corner-bottom-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/corner-bottom-left.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/corner-bottom-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/corner-bottom-right.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/corner-top-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/corner-top-left.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/corner-top-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/corner-top-right.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/cyberarms-idds-klein.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/cyberarms-idds-klein.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/delete.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/delete.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/icon-close.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/icon-close.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/icon-grip.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/icon-grip.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/icon-help.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/icon-help.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/icon-maximize.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/icon-maximize.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/icon-minimize.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/icon-minimize.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/icon-refresh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/icon-refresh.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/icon-refresh1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/icon-refresh1.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/icon-scale.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/icon-scale.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/icon-search.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/icon-search.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/loading2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/loading2.gif -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/logIcon-hardLock.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/logIcon-hardLock.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/logIcon-hardLock1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/logIcon-hardLock1.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/logIcon-loginAttempt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/logIcon-loginAttempt.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/logIcon-loginAttempt1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/logIcon-loginAttempt1.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/logIcon-softLock.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/logIcon-softLock.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/logIcon-softLock1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/logIcon-softLock1.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/logIcon-systemMessage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/logIcon-systemMessage.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/logIcon-systemMessage1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/logIcon-systemMessage1.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/logIcon-unlock.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/logIcon-unlock.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/logIcon-unlock1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/logIcon-unlock1.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/logIcon-warning.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/logIcon-warning.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/logIcon-warning1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/logIcon-warning1.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/realvista_3dgraphics_gear_16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/realvista_3dgraphics_gear_16.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/realvista_3dgraphics_pivot_point_16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/realvista_3dgraphics_pivot_point_16.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/realvista_general_close_48.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/realvista_general_close_48.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/realvista_general_info_16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/realvista_general_info_16.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/realvista_general_lock_16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/realvista_general_lock_16.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/realvista_general_play_16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/realvista_general_play_16.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/realvista_general_reload_16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/realvista_general_reload_16.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/realvista_general_stop_16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/realvista_general_stop_16.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/realvista_general_unlock_32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/realvista_general_unlock_32.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/realvista_general_unlock_48.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/realvista_general_unlock_48.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/realvista_networking_lobby_16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/realvista_networking_lobby_16.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/realvista_networking_lobby_24.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/realvista_networking_lobby_24.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/realvista_networking_security_16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/realvista_networking_security_16.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/realvista_networking_vpn_128.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/realvista_networking_vpn_128.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/realvista_networking_vpn_256.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/realvista_networking_vpn_256.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/realvista_networking_vpn_48.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/realvista_networking_vpn_48.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/realvista_webdesign_3d_design_16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/realvista_webdesign_3d_design_16.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/service-controller-start-deactivated.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/service-controller-start-deactivated.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/service-controller-start.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/service-controller-start.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/service-controller-stop-deactivated.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/service-controller-stop-deactivated.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/service-controller-stop.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/service-controller-stop.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/status-agent-disabled-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/status-agent-disabled-dark.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/Resources/status-agent-enabled-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Admin/Resources/status-agent-enabled-dark.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/SmartLabel.Designer.cs: -------------------------------------------------------------------------------- 1 | namespace Cyberarms.IntrusionDetection.Admin { 2 | partial class SmartLabel { 3 | /// 4 | /// Required designer variable. 5 | /// 6 | private System.ComponentModel.IContainer components = null; 7 | 8 | /// 9 | /// Clean up any resources being used. 10 | /// 11 | /// true if managed resources should be disposed; otherwise, false. 12 | protected override void Dispose(bool disposing) { 13 | if (disposing && (components != null)) { 14 | components.Dispose(); 15 | } 16 | base.Dispose(disposing); 17 | } 18 | 19 | #region Component Designer generated code 20 | 21 | /// 22 | /// Required method for Designer support - do not modify 23 | /// the contents of this method with the code editor. 24 | /// 25 | private void InitializeComponent() { 26 | this.SuspendLayout(); 27 | // 28 | // SmartLabel 29 | // 30 | this.Name = "SmartLabel"; 31 | this.Size = new System.Drawing.Size(141, 35); 32 | this.ResumeLayout(false); 33 | 34 | } 35 | 36 | #endregion 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/SmartLabel.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.ComponentModel; 4 | using System.Drawing; 5 | using System.Data; 6 | using System.Linq; 7 | using System.Text; 8 | using System.Windows.Forms; 9 | 10 | namespace Cyberarms.IntrusionDetection.Admin { 11 | public partial class SmartLabel : Label { 12 | public SmartLabel() { 13 | InitializeComponent(); 14 | } 15 | 16 | protected override void OnPaint(PaintEventArgs e) { 17 | e.Graphics.TextRenderingHint = System.Drawing.Text.TextRenderingHint.ClearTypeGridFit; 18 | e.Graphics.SmoothingMode = System.Drawing.Drawing2D.SmoothingMode.AntiAlias; 19 | Pen pen = new Pen(Selected ? SelectedColor : BackColor); 20 | e.Graphics.DrawLines(pen, new Point[] { new Point(0, Height), 21 | new Point(0, 0), 22 | new Point(Width-1, 0), 23 | new Point(Width-1, Height) }); 24 | base.OnPaint(e); 25 | 26 | } 27 | 28 | bool _selected; 29 | public bool Selected { 30 | get { 31 | return _selected; 32 | } 33 | set { 34 | if (_selected != value) { 35 | _selected = value; 36 | Invalidate(); 37 | } 38 | } 39 | } 40 | public Color SelectedColor { get; set; } 41 | 42 | 43 | 44 | 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/SmartLabelTextbox.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.ComponentModel; 4 | using System.Drawing; 5 | using System.Data; 6 | using System.Linq; 7 | using System.Text; 8 | using System.Windows.Forms; 9 | 10 | namespace Cyberarms.IntrusionDetection.Admin { 11 | public partial class SmartLabelTextbox : UserControl { 12 | 13 | public event KeyPressEventHandler TextBoxKeyPress; 14 | 15 | public SmartLabelTextbox() { 16 | InitializeComponent(); 17 | textBox1.KeyPress += new KeyPressEventHandler(textBox1_KeyPress); 18 | } 19 | 20 | void textBox1_KeyPress(object sender, KeyPressEventArgs e) { 21 | if (TextBoxKeyPress != null) TextBoxKeyPress(sender, e); 22 | } 23 | 24 | public string LabelText { 25 | get { 26 | return smartLabel1.Text; 27 | } 28 | set { 29 | smartLabel1.Text = value; 30 | } 31 | } 32 | 33 | public string TextBoxText { 34 | get { 35 | return textBox1.Text; 36 | } 37 | set { 38 | textBox1.Text = value; 39 | } 40 | } 41 | 42 | 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/SmartPanel.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Drawing; 6 | using System.Windows.Forms; 7 | 8 | namespace Cyberarms.IntrusionDetection.Admin { 9 | public class SmartPanel : Panel { 10 | 11 | public SmartPanel() { 12 | BorderColor = ForeColor; 13 | } 14 | 15 | public Color BorderColor { get; set; } 16 | public bool PaintBorder { get; set; } 17 | 18 | protected override void OnPaint(PaintEventArgs e) { 19 | base.OnPaint(e); 20 | if (PaintBorder) { 21 | e.Graphics.DrawRectangle(new Pen(BorderColor), new Rectangle(0,0,Width-1,Height-1)); 22 | } 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/SplashScreen.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.ComponentModel; 4 | using System.Data; 5 | using System.Drawing; 6 | using System.Text; 7 | using System.Windows.Forms; 8 | using Cyberarms.IntrusionDetection.Shared; 9 | 10 | namespace Cyberarms.IntrusionDetection.Admin { 11 | public partial class SplashScreen : Form { 12 | 13 | Timer t = new Timer(); 14 | 15 | public SplashScreen() { 16 | InitializeComponent(); 17 | smartLabelVersion.Text = "Version " + Application.ProductVersion; 18 | smartLabelStatus.Text = "Loading components..."; 19 | BackColor = Color.White; 20 | this.Load += new EventHandler(SplashScreen_Load); 21 | } 22 | 23 | void SplashScreen_Load(object sender, EventArgs e) { 24 | t.Interval = 100; 25 | t.Start(); 26 | t.Tick += new EventHandler(t_Tick); 27 | 28 | } 29 | 30 | public void StartupComponents() { 31 | smartLabelEdition.Text = "Unlimited edition"; 32 | 33 | smartLabelStatus.Text = "Configuring database..."; 34 | Database.Instance.Configure(Application.StartupPath); 35 | smartLabelStatus.Text = "Checking database..."; 36 | 37 | smartLabelStatus.Text = "Setting environment variables..."; 38 | IddsConfig.Instance.ApplicationPath = Application.StartupPath; 39 | IddsConfig.Instance.PluginsDirectory = System.Windows.Forms.Application.StartupPath + "\\Plugins\\"; 40 | smartLabelStatus.Text = "Loading configuration data..."; 41 | IddsConfig.Instance.Load(); 42 | smartLabelStatus.Text = "Loading agents..."; 43 | SecurityAgents.Instance.RegisterSecurityAgents(); 44 | 45 | smartLabelStatus.Text = "Loading application..."; 46 | 47 | IddsAdmin.Instance.PanelSecurityLog.Visible = true; // used to preload element 48 | IddsAdmin.Instance.InitAdmin(); 49 | IddsAdmin.Instance.Visible = false; 50 | } 51 | 52 | public bool IsUpdating { get; set; } 53 | 54 | 55 | void t_Tick(object sender, EventArgs e) { 56 | if (!IsUpdating) { 57 | IsUpdating = true; 58 | StartupComponents(); 59 | } 60 | if(IddsAdmin.Instance.IsInitialized) Close(); 61 | } 62 | 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Admin/app.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Api/Cyberarms.IntrusionDetection.Api.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Api/Plugin/IAgentConfiguration.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Xml.Serialization; 6 | 7 | namespace Cyberarms.IntrusionDetection.Api.Plugin { 8 | /// 9 | /// This interface provídes any property needed forIntrusion Detectionto load and save configuration values for your agent plugin. 10 | /// It is used byIntrusion Detectioninternally, as agent developer, you don't have to care about this interface 11 | /// 12 | public interface IAgentConfiguration { 13 | /// 14 | /// The name of your assembly, this property is used byIntrusion Detectionand is set automatically when adding your plugin toIntrusion Detectionplugins 15 | /// 16 | string AssemblyName { get; set; } 17 | /// 18 | /// The name of your agent, used by Intrusion Detection 19 | /// 20 | string AgentName { get; set; } 21 | /// 22 | /// Is used to check if the agent should be loaded by IntrusionDetection. This value is set by theIntrusion Detectionadministration software 23 | /// 24 | bool Enabled { get; set; } 25 | /// 26 | /// Agent settings containing your custom settings 27 | /// 28 | PluginConfiguration AgentSettings { get; set; } 29 | /// 30 | /// String value of your custom configuration settings type. 31 | /// 32 | string ConfigurationSettingsTypeName { get; set; } 33 | /// 34 | /// Returns the configuration type 35 | /// 36 | /// 37 | Type GetConfigurationType(); 38 | /// 39 | /// Override value for soft lock attempts 40 | /// 41 | int SoftLockAttempts { get; set; } 42 | /// 43 | /// Override of hard lock attempts 44 | /// 45 | int HardLockAttempts { get; set; } 46 | /// 47 | /// Override of soft lock duration 48 | /// 49 | int SoftLockDurationMins { get; set; } 50 | /// 51 | /// Override of hard lock duration 52 | /// 53 | int HardLockDurationHrs { get; set; } 54 | /// 55 | /// Override of hard lock setting to never unlock an attacker's IP address 56 | /// 57 | bool NeverUnlock { get; set; } 58 | /// 59 | /// ConfigureIntrusion Detectionto use custom settings for this agent 60 | /// 61 | bool OverwriteConfiguration { get; set; } 62 | /// 63 | /// Used to clone objects 64 | /// 65 | /// 66 | void CloneFrom(IAgentConfiguration source); 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Api/Plugin/IAgentPlugin.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace Cyberarms.IntrusionDetection.Api.Plugin { 7 | /// 8 | /// Event handler for sending intrusion attempts to theIntrusion DetectionService 9 | /// 10 | /// The agent itself 11 | /// Intrusion notification details 12 | public delegate void AttackDetectedHandler(object sender, INotificationEventArgs data); 13 | /// 14 | /// Interface for agents, must be implemented to create aIntrusion Detectionagent 15 | /// 16 | public interface IAgentPlugin { 17 | /// 18 | /// The AttackDetected Event, using AttackDetectedHandler 19 | /// 20 | /// 21 | event AttackDetectedHandler AttackDetected; 22 | /// 23 | /// Agent start command, is called when the service starts 24 | /// 25 | void Start(); 26 | /// 27 | /// Agent stop command, is called when the service stops 28 | /// 29 | void Stop(); 30 | /// 31 | /// Agent pause command, is called when the service is paused 32 | /// 33 | void Pause(); 34 | /// 35 | /// Agent continue command to resume from pause 36 | /// 37 | void Continue(); 38 | /// 39 | /// Returns if the agent supports pause 40 | /// 41 | /// 42 | bool CanPause(); 43 | /// 44 | /// Returns if the agent can be continued at this time 45 | /// 46 | /// 47 | bool CanContinue(); 48 | /// 49 | /// Returns if the agent is in paused state 50 | /// 51 | bool IsPaused { get; set; } 52 | /// 53 | /// Returns if the agent is in the running state 54 | /// 55 | bool IsRunning { get; } 56 | /// 57 | /// Agent configuration, usually AgentConfigurationBase, which can be used by the administration program by default without any alteration 58 | /// 59 | IAgentConfiguration Configuration { get; set; } 60 | } 61 | } 62 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Api/Plugin/IExtendedInformation.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Drawing; 6 | 7 | namespace Cyberarms.IntrusionDetection.Api.Plugin { 8 | public interface IExtendedInformation { 9 | string DisplayName { get; set; } 10 | Image Icon { get; set; } 11 | Image SelectedIcon { get; set; } 12 | Image UnselectedIcon { get; set; } 13 | Guid Id { get; } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Api/Plugin/INetworkListener.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace Cyberarms.IntrusionDetection.Api.Plugin { 7 | public interface INetworkListener { 8 | long TotalPackets { get; set; } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Api/Plugin/INotificationEventArgs.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace Cyberarms.IntrusionDetection.Api.Plugin { 7 | /// 8 | /// Notification arguments containing attacker information 9 | /// 10 | public interface INotificationEventArgs { 11 | /// 12 | /// IP address of the attacker. This can be in TCP/IP version 4 (123.123.123.123 format, dotted notation) or TCP/IP version 6 (abab:abab::1234:abcd format, 128 bits) 13 | /// 14 | string IpAddress { get; set; } 15 | /// 16 | /// Notification date 17 | /// 18 | DateTime CreateDate { get; set; } 19 | /// 20 | /// Event id, for internal purposes. You can include an own Id of forward a log event id 21 | /// 22 | int EventId { get; set; } 23 | /// 24 | /// Optionally include a message to an event listener. 25 | /// 26 | string EventMessage { get; set; } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Api/Plugin/INotificationListener.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace Cyberarms.IntrusionDetection.Api.Plugin { 7 | /// 8 | /// NotificationReceiver 9 | /// 10 | public interface INotificationListener { 11 | /// 12 | ///Intrusion Detectioncalls the NotificationReceiver to forward notification event data 13 | /// 14 | /// 15 | void NotificationReceiver(INotificationEventArgs args); 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Api/Plugin/Names.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace Cyberarms.IntrusionDetection.Api.Plugin { 7 | /// 8 | /// Internal class needed for naming 9 | /// 10 | public class Names { 11 | /// 12 | /// Returns display names 13 | /// 14 | public static readonly string[] pluginTypeNames = new string[2] { "Agent", "NotificationListener" }; 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Api/Plugin/NotificationEventArgs.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace Cyberarms.IntrusionDetection.Api.Plugin { 7 | /// 8 | /// Base class for notification arguments containing attacker information 9 | /// 10 | public class NotificationEventArgs : INotificationEventArgs { 11 | 12 | /// 13 | /// IP address of the attacker. This can be in TCP/IP version 4 (123.123.123.123 format, dotted notation) or TCP/IP version 6 (abab:abab::1234:abcd format, 128 bits) 14 | /// 15 | public string IpAddress { get; set; } 16 | /// 17 | /// Notification date 18 | /// 19 | public DateTime CreateDate { get; set; } 20 | /// 21 | /// Event id, for internal purposes. You can include an own Id of forward a log event id 22 | /// 23 | public int EventId { get; set; } 24 | /// 25 | /// Optionally include a message to an event listener. 26 | /// 27 | public string EventMessage { get; set; } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Api/Plugin/PluginAttribute.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace Cyberarms.IntrusionDetection.Api.Plugin { 7 | /// 8 | /// Custom attribute for plugins to specify displayname and description. 9 | /// TheIntrusion Detectionadministration software displays the values defined as class attribute 10 | /// 11 | public class PluginAttribute : Attribute { 12 | /// 13 | /// This attribute is displayed in theIntrusion Detectionadministration software 14 | /// 15 | /// Name to display in the administration software 16 | /// Short description of the agent 17 | /// Version number of the agent 18 | public PluginAttribute(string displayName, string description, string version) 19 | : this(displayName, description) { 20 | this.Version = version; 21 | } 22 | 23 | /// 24 | /// This attribute is displayed in theIntrusion Detectionadministration software 25 | /// 26 | /// Name to display in the administration software 27 | /// Short description of the agent 28 | public PluginAttribute(string displayName, string description) 29 | : this(displayName) { 30 | this.Description = description; 31 | } 32 | /// 33 | /// This attribute is displayed in theIntrusion Detectionadministration software 34 | /// 35 | /// Name to display in the administration software 36 | public PluginAttribute(string displayName) { 37 | this.DisplayName = displayName; 38 | } 39 | /// 40 | /// Display name of your agent 41 | /// 42 | public string DisplayName { get; set; } 43 | /// 44 | /// Add a short description about what your agent does 45 | /// 46 | public string Description { get; set; } 47 | /// 48 | /// Version number of your agent 49 | /// 50 | public string Version { get; set; } 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Api/Plugin/PluginConfiguration.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Xml.Serialization; 6 | using System.Reflection; 7 | 8 | namespace Cyberarms.IntrusionDetection.Api.Plugin { 9 | /// 10 | /// Base class for plugin configuration settings 11 | /// 12 | public class PluginConfiguration { 13 | /// 14 | /// Clone from another PluginConfiguration of the same type 15 | /// 16 | /// 17 | public void CloneFrom(PluginConfiguration source) { 18 | foreach (PropertyInfo pi in this.GetType().GetProperties()) { 19 | if (pi.CanWrite) { 20 | pi.SetValue(this, pi.GetValue(source, null), null); 21 | } 22 | } 23 | } 24 | 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Api/Plugin/PluginTypes.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace Cyberarms.IntrusionDetection.Api.Plugin { 7 | 8 | /// 9 | /// Plugin types 10 | /// 11 | public enum PluginTypes { 12 | /// 13 | /// Type is agent 14 | /// 15 | Agent = 0, 16 | /// 17 | /// Type is Listener 18 | /// 19 | NotificationListener = 1 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Api/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("Cyberarms.IntrusionDetection.Api")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("Cyberarms Limited")] 12 | [assembly: AssemblyProduct("Cyberarms.IntrusionDetection.Api")] 13 | [assembly: AssemblyCopyright("Copyright © Cyberarms Limited 2012-2016")] 14 | [assembly: AssemblyTrademark("Cyberarms Intrusion Detection")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("234d7fd8-d754-4a7f-ad05-11f7826d4db1")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("2.2.0")] 36 | [assembly: AssemblyFileVersion("2.2.0")] 37 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Base/Cyberarms.IntrusionDetection.Base.Plugins.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Base/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("Cyberarms.IntrusionDetection.Base")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("Cyberarms Limited")] 12 | [assembly: AssemblyProduct("Cyberarms.IntrusionDetection.Base")] 13 | [assembly: AssemblyCopyright("Copyright © Cyberarms Limited 2012-2016")] 14 | [assembly: AssemblyTrademark("Cyberarms Intrusion Detection")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("d328b108-55c3-44f5-9d01-2e26d269036d")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("2.2.0")] 36 | [assembly: AssemblyFileVersion("2.2.0")] 37 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Base/Resources/agent15px-rdp-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Base/Resources/agent15px-rdp-dark.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Base/Resources/agent15px-rdp-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Base/Resources/agent15px-rdp-white.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Base/Resources/agent15px-sharePoint-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Base/Resources/agent15px-sharePoint-dark.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Base/Resources/agent15px-sharePoint-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Base/Resources/agent15px-sharePoint-white.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Cmd.Test/AgentTests.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using Microsoft.VisualStudio.TestTools.UnitTesting; 6 | using System.Net; 7 | 8 | namespace CyberarmsPaladinCmd.Test { 9 | [TestClass] 10 | public class AgentTests { 11 | [TestMethod] 12 | public void TestResolveIP() { 13 | string[] result = ResolveIp("isicos01"); 14 | Assert.AreEqual(1, result.Length); 15 | Assert.AreEqual("192.168.1.102", result[0]); 16 | } 17 | 18 | 19 | private string[] ResolveIp(string hostname) { 20 | List result = new List(); 21 | IPAddress[] addr = System.Net.Dns.GetHostAddresses(hostname); 22 | foreach (IPAddress ip in addr) { 23 | if (ip.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork || ip.AddressFamily == System.Net.Sockets.AddressFamily.InterNetworkV6) { 24 | result.Add(ip.ToString()); 25 | } 26 | } 27 | return result.ToArray(); 28 | } 29 | 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Cmd.Test/CyberarmsIntrusionDetection.Cmd.Test.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Cmd.Test/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("CyberarmsIntrusionDetectionCmd.Test")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("CyberarmsIntrusionDetectionCmd.Test")] 13 | [assembly: AssemblyCopyright("Copyright © 2012")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("321b75f9-7cdc-4a8d-aa20-22aa481fdaae")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | [assembly: AssemblyVersion("1.0.0.0")] 35 | [assembly: AssemblyFileVersion("1.0.0.0")] 36 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Cmd/Agent.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using Cyberarms.IntrusionDetection.Api; 6 | using Cyberarms.IntrusionDetection.Api.Plugin; 7 | 8 | namespace Cyberarms.IntrusionDetection { 9 | internal class Agent { 10 | internal string AssemblyName { get; set; } 11 | internal bool Running { get; set; } 12 | internal Exception LastException { get; set; } 13 | internal IAgentPlugin Assembly { get; set; } 14 | internal string Name { get; set; } 15 | 16 | internal Agent(string assemblyName) { 17 | try { 18 | this.AssemblyName = assemblyName; 19 | } catch (Exception ex) { 20 | this.LastException = ex; 21 | } 22 | } 23 | 24 | internal Agent() { 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Cmd/Agents.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Reflection; 6 | using Cyberarms.IntrusionDetection.Api.Plugin; 7 | 8 | namespace Cyberarms.IntrusionDetection { 9 | internal class Agents : List { 10 | internal void Load(string assemblyName) { 11 | Type pInterfaceType = typeof(IAgentPlugin); 12 | Assembly assembly; 13 | try { 14 | assembly = Assembly.LoadFile(assemblyName); 15 | foreach (Type type in assembly.GetTypes()) { 16 | if (type.IsPublic) // Just the public ones 17 | { 18 | if (!type.IsAbstract) { // ignore abstract classes 19 | Type typeInterface = type.GetInterface(pInterfaceType.ToString(), false); 20 | 21 | //Make sure the interface we want to use actually exists 22 | if (typeInterface != null) { 23 | try { 24 | IAgentPlugin objectInstance = (IAgentPlugin)Activator.CreateInstance(type); 25 | if (objectInstance != null) { 26 | Agent orange = new Agent(assembly.FullName); 27 | orange.Assembly = objectInstance; 28 | orange.Name = type.Name; 29 | this.Add(orange); 30 | } 31 | } catch (Exception exception) { 32 | System.Diagnostics.Debug.WriteLine(exception); 33 | throw exception; 34 | } 35 | } 36 | 37 | typeInterface = null; 38 | } 39 | } 40 | } 41 | } catch (Exception ex) { 42 | throw ex; 43 | } 44 | assembly = null; 45 | } 46 | 47 | internal void LoadAll(string configFilename) { 48 | } 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Cmd/Cyberarms.IntrusionDetection.Cmd.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Cmd/Paladin48.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Cmd/Paladin48.ico -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Cmd/PaladinCommandline.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Cmd/PaladinCommandline.ico -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Cmd/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("CyberarmsIntrusionDetectionCmd")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("Cyberarms Limited")] 12 | [assembly: AssemblyProduct("CyberarmsIntrusionDetectionCmd")] 13 | [assembly: AssemblyCopyright("Copyright © Cyberarms Limited 2012-2016")] 14 | [assembly: AssemblyTrademark("Cyberarms Intrusion Detection")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("bbfe5221-2a93-4728-9ffa-a333daaf63da")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("2.2.0")] 36 | [assembly: AssemblyFileVersion("2.2.0")] 37 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Cmd/Properties/Settings.Designer.cs: -------------------------------------------------------------------------------- 1 | //------------------------------------------------------------------------------ 2 | // 3 | // This code was generated by a tool. 4 | // Runtime Version:4.0.30319.269 5 | // 6 | // Changes to this file may cause incorrect behavior and will be lost if 7 | // the code is regenerated. 8 | // 9 | //------------------------------------------------------------------------------ 10 | 11 | namespace Cyberarms.IntrusionDetection.Cmd.Properties { 12 | 13 | 14 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] 15 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "10.0.0.0")] 16 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase { 17 | 18 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings()))); 19 | 20 | public static Settings Default { 21 | get { 22 | return defaultInstance; 23 | } 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Cmd/Properties/Settings.settings: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Cmd/app.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Service.Test/ApiTest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Text; 3 | using System.Collections.Generic; 4 | using System.Linq; 5 | using Microsoft.VisualStudio.TestTools.UnitTesting; 6 | using Cyberarms.IntrusionDetection.Api.Plugin; 7 | using System.Xml.Serialization; 8 | 9 | namespace IdsServiceForWindowsTest { 10 | /// 11 | /// Summary description for ApiTest 12 | /// 13 | [TestClass] 14 | public class ApiTest { 15 | public ApiTest() { 16 | // 17 | // TODO: Add constructor logic here 18 | // 19 | } 20 | 21 | private TestContext testContextInstance; 22 | 23 | /// 24 | ///Gets or sets the test context which provides 25 | ///information about and functionality for the current test run. 26 | /// 27 | public TestContext TestContext { 28 | get { 29 | return testContextInstance; 30 | } 31 | set { 32 | testContextInstance = value; 33 | } 34 | } 35 | 36 | #region Additional test attributes 37 | // 38 | // You can use the following additional attributes as you write your tests: 39 | // 40 | // Use ClassInitialize to run code before running the first test in the class 41 | // [ClassInitialize()] 42 | // public static void MyClassInitialize(TestContext testContext) { } 43 | // 44 | // Use ClassCleanup to run code after all tests in a class have run 45 | // [ClassCleanup()] 46 | // public static void MyClassCleanup() { } 47 | // 48 | // Use TestInitialize to run code before running each test 49 | // [TestInitialize()] 50 | // public void MyTestInitialize() { } 51 | // 52 | // Use TestCleanup to run code after each test has run 53 | // [TestCleanup()] 54 | // public void MyTestCleanup() { } 55 | // 56 | #endregion 57 | 58 | [TestMethod] 59 | public void TestSerialization() { 60 | TestPluginConfig config = new TestPluginConfig(); 61 | config.Prop1 = "Test1"; 62 | config.Prop2 = "Test2"; 63 | XmlSerializer xs = new XmlSerializer(typeof(TestPluginConfig)); 64 | System.IO.StreamWriter sw = new System.IO.StreamWriter("c:\\temp\\pluginsettings.xml"); 65 | xs.Serialize(sw, config); 66 | sw.Close(); 67 | } 68 | 69 | 70 | } 71 | 72 | 73 | public class TestPluginConfig : PluginConfiguration { 74 | public string Prop1 { get; set; } 75 | public string Prop2 { get; set; } 76 | } 77 | } 78 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Service.Test/Cyberarms.IntrusionDetection.Service.Test.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Service.Test/EventLogTest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Text; 3 | using System.Collections.Generic; 4 | using System.Linq; 5 | using Microsoft.VisualStudio.TestTools.UnitTesting; 6 | using System.Diagnostics; 7 | using Cyberarms.IntrusionDetection; 8 | using Cyberarms.IntrusionDetection.Shared; 9 | 10 | namespace IdsServiceForWindowsTest { 11 | [TestClass] 12 | public class EventLogTest { 13 | [TestMethod] 14 | public void TestCreateWhenSourceExists() { 15 | WindowsLogManager.Instance.WriteEntry("Test Message", EventLogEntryType.Information, 0, 0); 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Service.Test/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("IdsServiceForWindowsTest")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("IdsServiceForWindowsTest")] 13 | [assembly: AssemblyCopyright("Copyright © Cyberarms Limited 2012-2016")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("8f014e26-16fa-4ce9-9346-ce959ebb29c8")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | [assembly: AssemblyVersion("2.2.0")] 35 | [assembly: AssemblyFileVersion("2.2.0")] 36 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Service.Test/UnitTest1.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Text; 3 | using System.Collections.Generic; 4 | using System.Linq; 5 | using Microsoft.VisualStudio.TestTools.UnitTesting; 6 | using System.Diagnostics.Eventing.Reader; 7 | namespace IdsServiceForWindowsTest { 8 | [TestClass] 9 | public class UnitTest1 { 10 | [TestMethod] 11 | public void TestEventLogReader() { 12 | string eventLogQuery = @" 13 | 14 | 18 | 19 | 20 | "; 21 | 22 | 23 | EventLogQuery query = new EventLogQuery("Security", PathType.LogName, 24 | String.Format(eventLogQuery)); 25 | EventLogReader rdr = new EventLogReader(query); 26 | 27 | EventRecord eventRecord = rdr.ReadEvent(); 28 | if (eventRecord != null) { 29 | foreach (string s in eventRecord.KeywordsDisplayNames) { 30 | System.Diagnostics.Debug.Print(s); 31 | 32 | } 33 | } 34 | 35 | string[] xPathProperties = new string[1] { @"Event/EventData/Data[@Name=""IpAddress""]" }; 36 | 37 | EventLogPropertySelector props = new EventLogPropertySelector(xPathProperties); 38 | System.Diagnostics.Debug.Print(((EventLogRecord)eventRecord).GetPropertyValues(props)[0].ToString()); 39 | 40 | System.Diagnostics.Debug.Print(eventRecord.Properties[0].Value.ToString()); 41 | } 42 | 43 | 44 | 45 | [TestMethod] 46 | public void WriteEventLogTest() { 47 | 48 | Cyberarms.IntrusionDetection.WindowsLogManager.Instance.WriteEntry("Test from unit test", System.Diagnostics.EventLogEntryType.Information, 1, 1); 49 | } 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Service.Test/WindowsLogManager.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Diagnostics.Eventing.Reader; 6 | using System.Diagnostics; 7 | using Cyberarms.IntrusionDetection.Api.Plugin; 8 | using Cyberarms.IntrusionDetection.Shared; 9 | 10 | namespace Cyberarms.IntrusionDetection { 11 | internal class WindowsLogManager { 12 | private DateTime lastSearchDate; 13 | 14 | // public override event AttackDetectedHandler AttackDetected; 15 | 16 | private EventLog eventLogCyberarms; 17 | 18 | 19 | private static WindowsLogManager _instance; 20 | internal static WindowsLogManager Instance { 21 | get { 22 | if (_instance == null) { 23 | _instance = new WindowsLogManager(); 24 | _instance.lastSearchDate = DateTime.Now; 25 | } 26 | return _instance; 27 | } 28 | } 29 | 30 | 31 | internal void WriteEntry(string text, EventLogEntryType type, int eventId, short category) { 32 | // Delete old log 33 | //try { 34 | // EventLog.DeleteEventSource(Globals.CYBERARMS_WINDOWS_EVENT_SOURCE); 35 | // EventLog.Delete(Globals.CYBERARMS_WINDOWS_EVENT_LOG_NAME); 36 | //} catch { } 37 | if (eventLogCyberarms == null) { 38 | //if (!EventLog.Exists(Globals.CYBERARMS_WINDOWS_EVENT_LOG_NAME) || !EventLog.SourceExists(Globals.CYBERARMS_WINDOWS_EVENT_SOURCE)) { 39 | // // did somebody delete the eventlog with event viewer? 40 | // if (!EventLog.Exists(Globals.CYBERARMS_WINDOWS_EVENT_LOG_NAME) && EventLog.SourceExists(Globals.CYBERARMS_WINDOWS_EVENT_SOURCE)) { 41 | // // delete the source first 42 | // EventLog.DeleteEventSource(Globals.CYBERARMS_WINDOWS_EVENT_SOURCE); 43 | // } 44 | // EventLog.CreateEventSource(Globals.CYBERARMS_WINDOWS_EVENT_SOURCE, Globals.CYBERARMS_WINDOWS_EVENT_LOG_NAME); 45 | // System.Diagnostics.EventLogInstaller installer = new EventLogInstaller(); 46 | 47 | //} 48 | eventLogCyberarms = new EventLog(Globals.CYBERARMS_WINDOWS_EVENT_LOG_NAME); 49 | } 50 | eventLogCyberarms.Source = Globals.CYBERARMS_WINDOWS_EVENT_SOURCE; 51 | eventLogCyberarms.Log = Globals.CYBERARMS_WINDOWS_EVENT_LOG_NAME; 52 | 53 | EventLog.WriteEntry(Globals.CYBERARMS_WINDOWS_EVENT_SOURCE, text, type, eventId, category); 54 | eventLogCyberarms.WriteEntry(text, type, eventId, category); 55 | } 56 | 57 | 58 | 59 | 60 | /// 61 | /// Keep it private to avoid multiple instances 62 | /// 63 | private WindowsLogManager() { 64 | 65 | } 66 | 67 | 68 | 69 | } 70 | } 71 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Service/ClientOperationInformation.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace Cyberarms.IntrusionDetection { 7 | internal class ClientOperationInformation { 8 | internal string IpAddress { get; set; } 9 | internal Exception Exception { get; set; } 10 | internal string Message { get; set; } 11 | internal bool HasError { get; set; } 12 | internal Guid AgentId { get; set; } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Service/Cyberarms.IntrusionDetection.Service.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Service/Paladin16.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Service/Paladin16.ico -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Service/Paladin24.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Service/Paladin24.ico -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Service/Paladin32.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Service/Paladin32.ico -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Service/Paladin48.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Service/Paladin48.ico -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Service/PaladinService.Designer.cs: -------------------------------------------------------------------------------- 1 | namespace Cyberarms.IntrusionDetection { 2 | partial class Service { 3 | /// 4 | /// Required designer variable. 5 | /// 6 | private System.ComponentModel.IContainer components = null; 7 | 8 | /// 9 | /// Clean up any resources being used. 10 | /// 11 | /// true if managed resources should be disposed; otherwise, false. 12 | protected override void Dispose(bool disposing) { 13 | if (disposing && (components != null)) { 14 | components.Dispose(); 15 | } 16 | base.Dispose(disposing); 17 | } 18 | 19 | #region Component Designer generated code 20 | 21 | /// 22 | /// Required method for Designer support - do not modify 23 | /// the contents of this method with the code editor. 24 | /// 25 | private void InitializeComponent() { 26 | this.intrusionDetectionServiceController = new System.ServiceProcess.ServiceController(); 27 | // 28 | // _intrusionDetectionController 29 | // 30 | this.intrusionDetectionServiceController.ServiceName = "CyberarmsIntrusionDetection"; 31 | // 32 | // Service 33 | // 34 | this.ServiceName = "CyberarmsIds"; 35 | 36 | } 37 | 38 | #endregion 39 | 40 | private System.ServiceProcess.ServiceController intrusionDetectionServiceController; 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Service/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.ServiceProcess; 5 | using System.Text; 6 | 7 | namespace Cyberarms.IntrusionDetection { 8 | static class Program { 9 | /// 10 | /// The main entry point for the application. 11 | /// 12 | static void Main(string[] args) { 13 | ServiceBase[] ServicesToRun; 14 | ServicesToRun = new ServiceBase[] 15 | { 16 | new Service() 17 | }; 18 | System.Windows.Forms.Application.ThreadException += new System.Threading.ThreadExceptionEventHandler(Application_ThreadException); 19 | try { 20 | ServiceBase.Run(ServicesToRun); 21 | } catch (Exception ex) { 22 | System.Diagnostics.EventLog.WriteEntry("Cyberarms Intrusion Detection Service", ex.Message); 23 | } 24 | } 25 | 26 | static void Application_ThreadException(object sender, System.Threading.ThreadExceptionEventArgs e) { 27 | System.Diagnostics.EventLog.WriteEntry("Cyberarms Intrusion Detection Service Base", e.Exception.Message, System.Diagnostics.EventLogEntryType.Error); 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Service/ProjectInstaller.Designer.cs: -------------------------------------------------------------------------------- 1 | namespace Cyberarms.IntrusionDetection { 2 | partial class ProjectInstaller { 3 | /// 4 | /// Required designer variable. 5 | /// 6 | private System.ComponentModel.IContainer components = null; 7 | 8 | /// 9 | /// Clean up any resources being used. 10 | /// 11 | /// true if managed resources should be disposed; otherwise, false. 12 | protected override void Dispose(bool disposing) { 13 | if (disposing && (components != null)) { 14 | components.Dispose(); 15 | } 16 | base.Dispose(disposing); 17 | } 18 | 19 | #region Component Designer generated code 20 | 21 | /// 22 | /// Required method for Designer support - do not modify 23 | /// the contents of this method with the code editor. 24 | /// 25 | private void InitializeComponent() { 26 | this.intrusionDetectionServiceProcessInstaller = new System.ServiceProcess.ServiceProcessInstaller(); 27 | this.intrusionDetectionServiceInstaller = new System.ServiceProcess.ServiceInstaller(); 28 | // 29 | // intrusionDetectionServiceProcessInstaller 30 | // 31 | this.intrusionDetectionServiceProcessInstaller.Account = System.ServiceProcess.ServiceAccount.LocalSystem; 32 | this.intrusionDetectionServiceProcessInstaller.Password = null; 33 | this.intrusionDetectionServiceProcessInstaller.Username = null; 34 | this.intrusionDetectionServiceProcessInstaller.AfterInstall += new System.Configuration.Install.InstallEventHandler(this.intrusionDetectionServiceProcessInstaller_AfterInstall); 35 | // 36 | // intrusionDetectionServiceInstaller 37 | // 38 | this.intrusionDetectionServiceInstaller.Description = "Intrusion Detection and Defense System for Windows Servers."; 39 | this.intrusionDetectionServiceInstaller.DisplayName = "Cyberarms Intrusion Detection Service"; 40 | this.intrusionDetectionServiceInstaller.ServiceName = "Cyberarms Intrusion Detection"; 41 | this.intrusionDetectionServiceInstaller.ServicesDependedOn = new string[] { 42 | "RpcSs"}; 43 | this.intrusionDetectionServiceInstaller.StartType = System.ServiceProcess.ServiceStartMode.Automatic; 44 | this.intrusionDetectionServiceInstaller.AfterInstall += new System.Configuration.Install.InstallEventHandler(this.intrusionDetectionServiceInstaller_AfterInstall); 45 | // 46 | // ProjectInstaller 47 | // 48 | this.Installers.AddRange(new System.Configuration.Install.Installer[] { 49 | this.intrusionDetectionServiceProcessInstaller, 50 | this.intrusionDetectionServiceInstaller}); 51 | 52 | } 53 | 54 | #endregion 55 | 56 | private System.ServiceProcess.ServiceProcessInstaller intrusionDetectionServiceProcessInstaller; 57 | private System.ServiceProcess.ServiceInstaller intrusionDetectionServiceInstaller; 58 | } 59 | } -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Service/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("Cyberarms Intrusion Detection")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("Cyberarms Limited")] 12 | [assembly: AssemblyProduct("Cyberarms Intrusion Detection")] 13 | [assembly: AssemblyCopyright("Copyright © Cyberarms 2012-2016")] 14 | [assembly: AssemblyTrademark("Cyberarms Intrusion Detection")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("43fdb6db-4c96-4f1f-904c-49cf0cb6b8de")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("2.2.0")] 36 | [assembly: AssemblyFileVersion("2.2.0")] 37 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Service/WindowsLogManager.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Diagnostics.Eventing.Reader; 6 | using System.Diagnostics; 7 | using Cyberarms.IntrusionDetection.Api.Plugin; 8 | using Cyberarms.IntrusionDetection.Shared; 9 | 10 | namespace Cyberarms.IntrusionDetection { 11 | internal class WindowsLogManager { 12 | private DateTime lastSearchDate; 13 | 14 | // public override event AttackDetectedHandler AttackDetected; 15 | 16 | private EventLog eventLogCyberarms = null; 17 | 18 | 19 | private static WindowsLogManager _instance; 20 | internal static WindowsLogManager Instance { 21 | get { 22 | if (_instance == null) { 23 | _instance = new WindowsLogManager(); 24 | _instance.lastSearchDate = DateTime.Now; 25 | } 26 | return _instance; 27 | } 28 | } 29 | 30 | 31 | internal void WriteEntry(string text, EventLogEntryType type, int eventId, short category) { 32 | if (eventLogCyberarms == null) { 33 | //if (!EventLog.Exists(Globals.CYBERARMS_WINDOWS_EVENT_LOG_NAME) || !EventLog.SourceExists(Globals.CYBERARMS_WINDOWS_EVENT_SOURCE)) { 34 | // // did somebody delete the eventlog with event viewer? 35 | // if (!EventLog.Exists(Globals.CYBERARMS_WINDOWS_EVENT_LOG_NAME) && EventLog.SourceExists(Globals.CYBERARMS_WINDOWS_EVENT_SOURCE)) { 36 | // // delete the source first 37 | // EventLog.DeleteEventSource(Globals.CYBERARMS_WINDOWS_EVENT_SOURCE); 38 | // } 39 | // EventLog.CreateEventSource(new EventSourceCreationData(Globals.CYBERARMS_WINDOWS_EVENT_SOURCE, Globals.CYBERARMS_WINDOWS_EVENT_LOG_NAME)); 40 | //} 41 | eventLogCyberarms = new EventLog(Globals.CYBERARMS_WINDOWS_EVENT_LOG_NAME, ".", Globals.CYBERARMS_WINDOWS_EVENT_SOURCE); 42 | } 43 | 44 | eventLogCyberarms.WriteEntry(text, type, eventId, category); 45 | } 46 | 47 | 48 | 49 | /// 50 | /// Keep it private to avoid multiple instances 51 | /// 52 | private WindowsLogManager() { 53 | 54 | } 55 | 56 | 57 | 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Service/app.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Setup.x64/Cyberarms.IntrusionDetection.Setup.x64.vdproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Setup.x86/Cyberarms.IntrusionDetection.Setup.x86.vdproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared.Test/Cyberarms.IntrusionDetection.Shared.Test.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared.Test/DatabaseUpgradeTest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Text; 3 | using System.Collections.Generic; 4 | using System.Linq; 5 | using Microsoft.VisualStudio.TestTools.UnitTesting; 6 | 7 | namespace Cyberarms.IntrusionDetection.Shared.Test { 8 | [TestClass] 9 | public class DatabaseUpgradeTest { 10 | [TestMethod] 11 | public void TestDatabaseCreation() { 12 | Database.Instance.Configure("c:\\temp"); 13 | Assert.AreEqual(1,Database.Instance.DatabaseVersion); 14 | 15 | } 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared.Test/IntrusionLogTest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Text; 3 | using System.Collections.Generic; 4 | using System.Linq; 5 | using Microsoft.VisualStudio.TestTools.UnitTesting; 6 | using Cyberarms.IntrusionDetection.Shared; 7 | using System.Data; 8 | 9 | namespace Cyberarms.IntrusionDetection.Shared.Test { 10 | [TestClass] 11 | public class IntrusionLogTest { 12 | public IntrusionLogTest() { 13 | Database.Instance.Configure(System.Windows.Forms.Application.StartupPath); 14 | } 15 | 16 | [TestMethod] 17 | public void ReadIntervalTest() { 18 | prepareIntrusionLog(); 19 | IDataReader rdr = IntrusionLog.ReadInterval(new TimeSpan(0, 24, 0, 0, 0)); 20 | if (rdr.FieldCount != 6) Assert.Fail("Field count changed!"); 21 | 22 | while (rdr.Read()) { 23 | System.Diagnostics.Debug.Print("Log Id {0} ({1}): {2}", rdr["Id"],rdr["IncidentTime"], rdr["ClientIP"]); 24 | } 25 | 26 | } 27 | 28 | [TestMethod] 29 | public void HasUpdatesTest() { 30 | } 31 | 32 | [TestMethod] 33 | public void ReadDifferentialTest() { 34 | } 35 | 36 | private void prepareIntrusionLog() { 37 | Database.Instance.ExecuteNonQuery(INSERT_COMMAND, DateTime.Now.AddHours(-1), null, "10.10.1.1", 0, false); 38 | Database.Instance.ExecuteNonQuery(INSERT_COMMAND, DateTime.Now.AddHours(-1).AddMinutes(-1), null, "10.10.1.1", 0, false); 39 | Database.Instance.ExecuteNonQuery(INSERT_COMMAND, DateTime.Now.AddHours(-1).AddMinutes(-2), null, "10.10.1.1", 0, false); 40 | Database.Instance.ExecuteNonQuery(INSERT_COMMAND, DateTime.Now.AddHours(-1).AddMinutes(-3), null, "10.10.1.1", 0, false); 41 | Database.Instance.ExecuteNonQuery(INSERT_COMMAND, DateTime.Now.AddHours(-1).AddMinutes(-4), null, "10.10.1.1", 0, false); 42 | 43 | } 44 | 45 | const string INSERT_COMMAND = "insert into IntrusionLog(IncidentTime,AgentId, ClientIP, Action, ActionTriggeredByUser) values(@p0,@p1,@p2,@p3,@p4)"; 46 | 47 | 48 | } 49 | 50 | } 51 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared.Test/LocksTest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Text; 3 | using System.Collections.Generic; 4 | using System.Linq; 5 | using Microsoft.VisualStudio.TestTools.UnitTesting; 6 | using Cyberarms.IntrusionDetection.Shared; 7 | 8 | namespace Cyberarms.IntrusionDetection.Shared.Test { 9 | [TestClass] 10 | public class LocksTest { 11 | 12 | public LocksTest() { 13 | Database.Instance.Configure(System.Windows.Forms.Application.StartupPath); 14 | } 15 | 16 | [TestMethod] 17 | public void CreateLockTest() { 18 | long currentMaxId = GetMaxLocksId(); 19 | Lock l = new Lock(); 20 | l.IpAddress = "10.20.1.1"; 21 | l.LockDate = DateTime.Now; 22 | l.UnlockDate = DateTime.Now.AddDays(1); 23 | l.Port = 0; 24 | l.Status = Lock.LOCK_STATUS_HARDLOCK; 25 | l.NumberOfSoftLocks = 2; 26 | l.TriggerIncident = 100; 27 | l.Id = Locks.CreateLock(l); 28 | Assert.AreEqual(currentMaxId + 1, l.Id); 29 | } 30 | 31 | private long GetMaxLocksId() { 32 | object result = Database.Instance.ExecuteScalar("Select max(LockId) from Locks"); 33 | return Db.DbValueConverter.ToInt64(result); 34 | 35 | } 36 | 37 | [TestMethod] 38 | public void TestLockExists() { 39 | Assert.IsFalse(Locks.LockExists("192.158.178.120")); 40 | } 41 | 42 | [TestMethod] 43 | public void TestLockExists2() { 44 | Assert.IsTrue(Locks.LockExists("10.20.1.1")); 45 | } 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared.Test/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("Cyberarms.IntrusionDetection.Shared.Test")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("Cyberarms.IntrusionDetection.Shared.Test")] 13 | [assembly: AssemblyCopyright("Copyright © 2012-2016")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("3f4cec80-8ead-49ed-ad4f-7bfdb02e8227")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | [assembly: AssemblyVersion("1.0.0.0")] 35 | [assembly: AssemblyFileVersion("1.0.0.0")] 36 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/AgentFilter.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace Cyberarms.IntrusionDetection.Shared { 7 | public class AgentFilter : IAgentFilter { 8 | public AgentFilter() { 9 | } 10 | public AgentFilter(Guid id, string displayName) { 11 | Id = id; 12 | DisplayName = displayName; 13 | } 14 | public Guid Id { get; set; } 15 | public string DisplayName { get; set; } 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/AgentPerformanceRecord.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace Cyberarms.IntrusionDetection.Shared { 7 | public class AgentPerformanceRecord { 8 | public DateTime DateTime { get; set; } 9 | public long MemoryValue { get; set; } 10 | public TimeSpan CpuUsage { get; set; } 11 | public long Packets { get; set; } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Cyberarms.IntrusionDetection.Shared.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Db/DbUpgradeScript.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | 7 | namespace Cyberarms.IntrusionDetection.Shared.Db { 8 | public class DbUpgradeScript { 9 | public virtual int INTERNAL_VERSION { get { return 0; } } 10 | 11 | public virtual void UpgradeDatabase(System.Data.IDbConnection connection) { 12 | 13 | } 14 | 15 | internal void RunCommand(System.Data.IDbConnection connection, string command) { 16 | System.Data.IDbCommand cmd = connection.CreateCommand(); 17 | cmd.CommandText = command; 18 | try { 19 | cmd.ExecuteNonQuery(); 20 | } catch (Exception ex) { 21 | throw ex; 22 | } 23 | 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Db/DbUpgrader.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | 7 | namespace Cyberarms.IntrusionDetection.Shared.Db { 8 | public class DbUpgrader { 9 | 10 | 11 | 12 | public void RunUpgradeScripts(System.Data.IDbConnection connection) { 13 | System.Data.IDbCommand cmd = connection.CreateCommand(); 14 | cmd.Connection = connection; 15 | cmd.CommandText = "SELECT VersionNumber from DbConfig order by VersionNumber desc LIMIT 1"; 16 | int latestVersion = 0; 17 | object result = null; 18 | try { 19 | result = cmd.ExecuteScalar(); 20 | } catch (System.Data.Common.DbException) { 21 | result = null; 22 | latestVersion = 0; 23 | } catch(Exception ex) { 24 | throw (ex); 25 | } 26 | if (result != null && !String.IsNullOrEmpty(result.ToString())) { 27 | if(!int.TryParse(result.ToString(), out latestVersion)) { 28 | latestVersion = 0; 29 | } 30 | } 31 | InitScripts(); 32 | UpgradeAll(connection, latestVersion); 33 | } 34 | 35 | public void UpgradeAll(System.Data.IDbConnection connection, int latestVersionNumber) { 36 | foreach (int key in upgradeScripts.Keys) { 37 | if (key > latestVersionNumber) { 38 | upgradeScripts[key].UpgradeDatabase(connection); 39 | } 40 | } 41 | } 42 | 43 | 44 | SortedList upgradeScripts; 45 | 46 | private void InitScripts() { 47 | upgradeScripts = new SortedList(); 48 | upgradeScripts.Add(1, new Version_2_1()); 49 | } 50 | 51 | public DbUpgrader() { 52 | 53 | } 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Db/DbValueConverter.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace Cyberarms.IntrusionDetection.Shared.Db { 7 | public class DbValueConverter { 8 | public static bool ToBool(object value) { 9 | if (value == DBNull.Value) return false; 10 | bool result; 11 | bool.TryParse(value.ToString(), out result); 12 | return result; 13 | } 14 | 15 | public static string ToString(object value) { 16 | if (value == DBNull.Value) return String.Empty; 17 | return value.ToString(); 18 | } 19 | 20 | public static int ToInt(object value) { 21 | if (value == DBNull.Value) return 0; 22 | int result; 23 | int.TryParse(value.ToString(), out result); 24 | return result; 25 | } 26 | 27 | public static long ToInt64(object value) { 28 | if (value == DBNull.Value) return 0; 29 | long result; 30 | long.TryParse(value.ToString(), out result); 31 | return result; 32 | } 33 | 34 | public static Guid ToGuid(object value) { 35 | string textValue = ToString(value); 36 | Guid result; 37 | if (!Guid.TryParse(textValue, out result)) { 38 | throw new ArgumentException(value + " is not a unique id"); 39 | } 40 | return result; 41 | } 42 | 43 | public static DateTime ToDateTime(object value) { 44 | if(value==DBNull.Value) return DateTime.MinValue; 45 | DateTime result; 46 | if(!DateTime.TryParse(ToString(value), out result)) { 47 | throw new ArgumentException(value + " is not a valid date"); 48 | } 49 | return result; 50 | } 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/IAgentFilter.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace Cyberarms.IntrusionDetection.Shared { 7 | public interface IAgentFilter { 8 | Guid Id { get; set; } 9 | string DisplayName { get; set; } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/InstallationHelper.Designer.cs: -------------------------------------------------------------------------------- 1 | namespace Cyberarms.IntrusionDetection.Shared { 2 | partial class InstallationHelper { 3 | /// 4 | /// Required designer variable. 5 | /// 6 | private System.ComponentModel.IContainer components = null; 7 | 8 | /// 9 | /// Clean up any resources being used. 10 | /// 11 | /// true if managed resources should be disposed; otherwise, false. 12 | protected override void Dispose(bool disposing) { 13 | if (disposing && (components != null)) { 14 | components.Dispose(); 15 | } 16 | base.Dispose(disposing); 17 | } 18 | 19 | #region Component Designer generated code 20 | 21 | /// 22 | /// Required method for Designer support - do not modify 23 | /// the contents of this method with the code editor. 24 | /// 25 | private void InitializeComponent() { 26 | components = new System.ComponentModel.Container(); 27 | } 28 | 29 | #endregion 30 | } 31 | } -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Lock.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace Cyberarms.IntrusionDetection.Shared { 7 | public class Lock { 8 | public const int LOCK_STATUS_NONE = 100; 9 | public const int LOCK_STATUS_SOFTLOCK_REQUESTED = 200; 10 | public const int LOCK_STATUS_SOFTLOCK = 210; 11 | public const int LOCK_STATUS_SOFTLOCK_EXPIRED = 220; 12 | public const int LOCK_STATUS_HARDLOCK_REQUESTED = 300; 13 | public const int LOCK_STATUS_HARDLOCK = 310; 14 | public const int LOCK_STATUS_HARDLOCK_EXPIRED = 320; 15 | public const int LOCK_STATUS_MANUAL = 400; 16 | public const int LOCK_STATUS_ACTIVE = 510; 17 | public const int LOCK_STATUS_UNLOCK_REQUESTED = 500; 18 | public const int LOCK_STATUS_UNLOCKED = 510; 19 | public const int LOCK_STATUS_HISTORY = 800; 20 | public const int LOCK_STATUS_LOCK_ERROR = 900; 21 | public const int LOCK_STATUS_UNLOCK_ERROR = 901; 22 | public const int LOCK_STATUS_LICENSE_REQUIRED = 999; 23 | 24 | 25 | 26 | public long Id { get; set; } 27 | public string IpAddress { get; set; } 28 | public DateTime LockDate { get; set; } 29 | public DateTime UnlockDate { get; set; } 30 | public int Port { get; set; } 31 | public int Status { get; set; } 32 | public int NumberOfSoftLocks { get; set; } 33 | public long TriggerIncident { get; set; } 34 | 35 | public void Save() { 36 | if (Database.Instance.IsConfigured) { 37 | string sqlString = "update Locks set IpAddress=@p0, LockDate=@p1, Port=@p2, Status=@p3, TriggerIncident=@p4, UnlockDate=@p5, LastUpdate=@p6 where LockId=" + this.Id.ToString(); 38 | Database.Instance.ExecuteNonQuery(sqlString, this.IpAddress, this.LockDate, this.Port, this.Status, this.TriggerIncident, this.UnlockDate, DateTime.Now); 39 | } else { 40 | throw new ApplicationException("Database not initialized"); 41 | } 42 | } 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/LockStatus.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | 7 | namespace Cyberarms.IntrusionDetection.Shared { 8 | public enum LockStatus { 9 | None = Lock.LOCK_STATUS_NONE, 10 | SoftLockRequested = Lock.LOCK_STATUS_SOFTLOCK_REQUESTED, 11 | SoftLocked = Lock.LOCK_STATUS_SOFTLOCK, 12 | SoftLockExpired = Lock.LOCK_STATUS_SOFTLOCK_EXPIRED, 13 | HardLockRequested = Lock.LOCK_STATUS_HARDLOCK_REQUESTED, 14 | HardLocked = Lock.LOCK_STATUS_HARDLOCK, 15 | HardLockExpired = Lock.LOCK_STATUS_HARDLOCK_EXPIRED, 16 | Unlocked = Lock.LOCK_STATUS_UNLOCKED, 17 | ManuallyUnlocked = Lock.LOCK_STATUS_MANUAL, 18 | LockError = Lock.LOCK_STATUS_LOCK_ERROR, 19 | UnlockError = Lock.LOCK_STATUS_UNLOCK_ERROR, 20 | LicenseRequired = Lock.LOCK_STATUS_LICENSE_REQUIRED 21 | } 22 | 23 | public class LockStatusAdapter { 24 | private static Dictionary _lockStatusNames; 25 | public static Dictionary LockStatusNames { 26 | get { 27 | if (_lockStatusNames == null) { 28 | _lockStatusNames = new Dictionary(); 29 | _lockStatusNames.Add((int)LockStatus.None, "New"); 30 | _lockStatusNames.Add((int)LockStatus.SoftLockRequested, "Soft lock requested"); 31 | _lockStatusNames.Add((int)LockStatus.SoftLocked, "Soft lock"); 32 | _lockStatusNames.Add((int)LockStatus.SoftLockExpired, "Soft lock expired"); 33 | _lockStatusNames.Add((int)LockStatus.HardLockRequested, "Hard lock requested"); 34 | _lockStatusNames.Add((int)LockStatus.HardLocked, "Hard lock"); 35 | _lockStatusNames.Add((int)LockStatus.HardLockExpired, "Hard lock expired"); 36 | _lockStatusNames.Add((int)LockStatus.Unlocked, "Unlocked"); 37 | _lockStatusNames.Add((int)LockStatus.ManuallyUnlocked, "Manually unlocked"); 38 | _lockStatusNames.Add((int)LockStatus.LockError, "Error adding lock"); 39 | _lockStatusNames.Add((int)LockStatus.UnlockError, "Unlock error"); 40 | _lockStatusNames.Add((int)LockStatus.LicenseRequired, "License limitation"); 41 | } 42 | return _lockStatusNames; 43 | } 44 | } 45 | 46 | public static string GetLockStatusName(int status) { 47 | if(LockStatusNames.ContainsKey(status)) { 48 | return LockStatusNames[status]; 49 | } else { 50 | return String.Format("Status {0} not found in LockStatusNames!", status); 51 | } 52 | } 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/LockType.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using Cyberarms.IntrusionDetection.Shared; 4 | using System.Text; 5 | 6 | namespace Cyberarms.IntrusionDetection { 7 | public enum LockType { 8 | None = Lock.LOCK_STATUS_NONE, 9 | SoftLockRequested = Lock.LOCK_STATUS_SOFTLOCK_REQUESTED, 10 | SoftLock = Lock.LOCK_STATUS_SOFTLOCK, 11 | HardLockRequested = Lock.LOCK_STATUS_HARDLOCK_REQUESTED, 12 | HardLock = Lock.LOCK_STATUS_HARDLOCK 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/PluginExceptionArguments.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace Cyberarms.IntrusionDetection.Shared { 7 | public enum PluginExceptionSource { 8 | Init = 0, 9 | Load = 100, 10 | Configuration = 200, 11 | ServiceAction = 300, 12 | ExecuteAction = 400, 13 | Unload = 500 14 | } 15 | 16 | public class PluginExceptionArguments { 17 | public string AssemblyName { get; set; } 18 | public string ModuleName { get; set; } 19 | public Exception Exception { get; set; } 20 | public PluginExceptionSource Source { get; set; } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("Cyberarms.IntrusionDetection.Shared")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("Cyberarms Limited")] 12 | [assembly: AssemblyProduct("Cyberarms.IntrusionDetection.Shared")] 13 | [assembly: AssemblyCopyright("Copyright © Cyberarms Limited 2012-2016")] 14 | [assembly: AssemblyTrademark("Cyberarms Intrusion Detection")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("7aaca9ae-5d48-48f7-be3f-27974b2e535a")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("2.2.0")] 36 | [assembly: AssemblyFileVersion("2.2.0")] 37 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Resources/EventsPerAgent.txt: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 |

5 | 6 | [%AGENT_NAME%] 7 |

8 | 9 | 10 |

11 | [%INTRUSION_ATTEMPTS%] 12 |

13 | 14 | 15 |

16 | [%SOFT_LOCKS%] 17 |

18 | 19 | 20 |

21 | [%HARD_LOCKS%] 22 |

23 | 24 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Resources/HardLocksByIp.txt: -------------------------------------------------------------------------------- 1 | 2 | 3 |

4 | 5 | [%IP_ADDRESS%] 8 |

9 | 10 | 11 | 12 |

13 | [%HARD_LOCKS%] 16 |

17 | 18 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Resources/IntrusionAttemptsByIp.txt: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 |

5 | 6 | [%IP_ADDRESS%] 7 |

8 | 9 | 10 | 11 |

12 | [%INTRUSION_ATTEMPTS%] 13 |

14 | 15 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Resources/SoftLocksByIp.txt: -------------------------------------------------------------------------------- 1 | 2 | 3 |

4 | 5 | [%IP_ADDRESS%] 8 |

9 | 10 | 11 | 12 |

13 | [%SOFT_LOCKS%] 16 |

17 | 18 | -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Resources/agent15px-custom-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Shared/Resources/agent15px-custom-dark.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Resources/agent15px-custom-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Shared/Resources/agent15px-custom-white.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Resources/agent15px-default-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Shared/Resources/agent15px-default-dark.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Resources/agent15px-default-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Shared/Resources/agent15px-default-white.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Resources/logIcon-hardLock.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Shared/Resources/logIcon-hardLock.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Resources/logIcon-loginAttempt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Shared/Resources/logIcon-loginAttempt.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Resources/logIcon-softLock.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Shared/Resources/logIcon-softLock.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Resources/logIcon-systemMessage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Shared/Resources/logIcon-systemMessage.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Resources/logIcon-unlock.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Shared/Resources/logIcon-unlock.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Resources/logIcon-warning.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Cyberarms.IntrusionDetection.Shared/Resources/logIcon-warning.png -------------------------------------------------------------------------------- /Cyberarms.IntrusionDetection.Shared/Statistics.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | namespace Cyberarms.IntrusionDetection.Shared { 7 | public class Statistics { 8 | 9 | private List agentIds; 10 | 11 | private Statistics() { 12 | agentIds = new List(); 13 | } 14 | 15 | private static Statistics _instance; 16 | public static Statistics Instance { 17 | get { 18 | if (_instance == null) { 19 | _instance = new Statistics(); 20 | } 21 | return _instance; 22 | } 23 | } 24 | 25 | public void IncreaseFailedLoginStatistics(SecurityAgent agent) { 26 | if (!agentIds.Contains(agent.Id)) ConfigureStatistics(agent); 27 | agent.FailedLogins++; 28 | IncreaseStatistics(agent, "FailedLogins"); 29 | } 30 | 31 | public void IncreaseHardLockStatistics(SecurityAgent agent) { 32 | agent.HardLocks++; 33 | IncreaseStatistics(agent, "HardLocks"); 34 | } 35 | 36 | public void ConfigureStatistics(SecurityAgent agent) { 37 | string sqlString = "select count(*) from AgentStatistics where AgentId=@p0"; 38 | object result = Database.Instance.ExecuteScalar(sqlString, agent.Id); 39 | if (Db.DbValueConverter.ToInt(result) < 1) { 40 | sqlString = "insert into AgentStatistics(AgentId, FailedLogins, SoftLocks, HardLocks) values (@p0,0,0,0)"; 41 | Database.Instance.ExecuteNonQuery(sqlString, agent.Id); 42 | } 43 | agentIds.Add(agent.Id); 44 | } 45 | 46 | public void IncreaseSoftLockStatistics(SecurityAgent agent) { 47 | agent.SoftLocks++; 48 | IncreaseStatistics(agent, "SoftLocks"); 49 | } 50 | 51 | public void IncreaseStatistics(SecurityAgent agent, string statisticsColumn) { 52 | try { 53 | string sqlString = String.Format("Update AgentStatistics set {0}={0}+1 where AgentId=@p0", statisticsColumn); 54 | Database.Instance.ExecuteNonQuery(sqlString, agent.Id); 55 | } catch(Exception ex) { 56 | throw ex; 57 | } 58 | } 59 | 60 | } 61 | } 62 | -------------------------------------------------------------------------------- /Cyberarms.WebSecurity/Cyberarms.WebSecurity.csproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | Debug 5 | AnyCPU 6 | 8.0.30703 7 | 2.0 8 | {076A76AA-5A22-4FA9-B676-F95A44BDDEC7} 9 | Library 10 | Properties 11 | Cyberarms.WebSecurity 12 | Cyberarms.WebSecurity 13 | v2.0 14 | 512 15 | SAK 16 | SAK 17 | SAK 18 | SAK 19 | 20 | 21 | 22 | true 23 | full 24 | false 25 | bin\Debug\ 26 | DEBUG;TRACE 27 | prompt 28 | 4 29 | 30 | 31 | pdbonly 32 | true 33 | bin\Release\ 34 | TRACE 35 | prompt 36 | 4 37 | 38 | 39 | false 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 71 | -------------------------------------------------------------------------------- /Cyberarms.WebSecurity/Cyberarms.WebSecurity.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /Cyberarms.WebSecurity/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("Cyberarms.WebSecurity")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("Cyberarms Intrusion Detection")] 13 | [assembly: AssemblyCopyright("Copyright © Cyberarms 2014-2016")] 14 | [assembly: AssemblyTrademark("Cyberarms IDDS")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("54e6e30a-7b87-4064-8d8b-05bba75227e2")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("2.2.0")] 36 | [assembly: AssemblyFileVersion("2.2.0")] 37 | -------------------------------------------------------------------------------- /Cyberarms.WebSecurity/SecurityMonitor.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Text; 4 | using System.Web; 5 | using System.Reflection; 6 | 7 | 8 | 9 | namespace Cyberarms.WebSecurity { 10 | public class SecurityMonitor : IHttpModule { 11 | const string VAR_NAME_FAILED_LOGIN_RDWEB = "bFailedLogon"; 12 | const string VAR_NAME_FAILED_LOGIN_DEFAULT = "bCyberarmsLoginFailed"; 13 | const string EVENT_LOG_MESSAGE = "Cyberarms Web Security Monitor has recognized an unsuccessful login from computer {0} [IP = '{1}'] \nUser agent: {2}\nRequested url: {3}"; 14 | 15 | public void Dispose() { 16 | 17 | } 18 | 19 | 20 | public void Init(HttpApplication context) { 21 | context.PostRequestHandlerExecute += context_PostRequestHandlerExecute; 22 | } 23 | 24 | void context_PostRequestHandlerExecute(object sender, EventArgs e) { 25 | try { 26 | bool bFailedLoginDetected = false; 27 | if (sender != null) { 28 | HttpContext context = ((HttpApplication)sender).Context; 29 | if (context != null) { 30 | IHttpHandler handler = ((HttpApplication)sender).Context.Handler; 31 | foreach (FieldInfo fi in handler.GetType().GetFields()) { 32 | if (fi.Name == VAR_NAME_FAILED_LOGIN_DEFAULT || fi.Name == VAR_NAME_FAILED_LOGIN_RDWEB) { 33 | bool bFailed = false; 34 | if (fi.GetValue(handler) != null && bool.TryParse(fi.GetValue(handler).ToString(), out bFailed)) { 35 | if (bFailed) bFailedLoginDetected = true; 36 | } 37 | } 38 | } 39 | if (bFailedLoginDetected) { 40 | // write login failed to application event log 41 | System.Diagnostics.EventLog.WriteEntry("Application", 42 | String.Format(EVENT_LOG_MESSAGE, context.Request.UserHostName, context.Request.UserHostAddress, context.Request.UserAgent, context.Request.Url), 43 | System.Diagnostics.EventLogEntryType.FailureAudit, 4625); 44 | } 45 | } 46 | } 47 | } catch { 48 | // avoid errors caused by this module 49 | } 50 | } 51 | 52 | 53 | 54 | } 55 | 56 | } 57 | -------------------------------------------------------------------------------- /Cyberarms.vssscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROJECT" 10 | } 11 | -------------------------------------------------------------------------------- /DemoAgent/BadAgent.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using Cyberarms.IntrusionDetection.Api.Plugin; 6 | 7 | namespace DemoAgent { 8 | public class BadAgent : AgentPlugin { 9 | public BadAgent() { 10 | } 11 | 12 | protected override void OnStartAgent() { 13 | base.OnStartAgent(); 14 | while (true) ; 15 | 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /DemoAgent/DemoAgent.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /DemoAgent/DemoConfiguration.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using Cyberarms.IntrusionDetection.Api.Plugin; 3 | 4 | namespace DemoAgent { 5 | /// 6 | /// CustomIntrusion Detectionagent configuration 7 | /// In this simple demonstration, just one property "DirectoryName" is used. 8 | /// You can provide a more complex configuration class, based on your needs 9 | /// 10 | public class DemoConfiguration : PluginConfiguration { 11 | /// 12 | /// The directory which is used by the DemoAgent to watch for changes 13 | /// 14 | public string DirectoryName { get; set; } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /DemoAgent/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("DemoAgent")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("DemoAgent")] 13 | [assembly: AssemblyCopyright("Copyright © 2012")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("0111094e-98ed-45d0-813e-d2c1377215a2")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.0.0.0")] 36 | [assembly: AssemblyFileVersion("1.0.0.0")] 37 | -------------------------------------------------------------------------------- /Dependencies/SQLite/sqlite-netFx40-binary-Win32-2010-1.0.84.0/SQLite.Interop.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Dependencies/SQLite/sqlite-netFx40-binary-Win32-2010-1.0.84.0/SQLite.Interop.dll -------------------------------------------------------------------------------- /Dependencies/SQLite/sqlite-netFx40-binary-Win32-2010-1.0.84.0/System.Data.SQLite.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Dependencies/SQLite/sqlite-netFx40-binary-Win32-2010-1.0.84.0/System.Data.SQLite.dll -------------------------------------------------------------------------------- /Dependencies/SQLite/sqlite-netFx40-binary-x64-2010-1.0.84.0/SQLite.Interop.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Dependencies/SQLite/sqlite-netFx40-binary-x64-2010-1.0.84.0/SQLite.Interop.dll -------------------------------------------------------------------------------- /Dependencies/SQLite/sqlite-netFx40-binary-x64-2010-1.0.84.0/System.Data.SQLite.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Dependencies/SQLite/sqlite-netFx40-binary-x64-2010-1.0.84.0/System.Data.SQLite.dll -------------------------------------------------------------------------------- /EventLogCleaner/EventLogCleaner.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /EventLogCleaner/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Diagnostics; 6 | 7 | namespace EventLogCleaner { 8 | class Program { 9 | static void Main(string[] args) { 10 | Console.WriteLine("This program will remove the Cyberarms EventLog. This can not be undone."); 11 | Console.WriteLine("Are you sure that you want to continue? y/N"); 12 | if (Console.ReadKey().Key == ConsoleKey.Y) { 13 | Console.WriteLine("Are you really sure? (y/N)"); 14 | if (Console.ReadKey().Key == ConsoleKey.Y) { 15 | try { 16 | if (EventLog.Exists("Cyberarms Intrusion Detection")) { 17 | EventLog.DeleteEventSource("Cyberarms Intrusion Detection"); 18 | Console.WriteLine("EventSource 'Cyberarms Intrusion Detection' was deleted"); 19 | } else { 20 | Console.WriteLine("EventSource 'Cyberarms Intrusion Detection' was not found on this computer"); 21 | } 22 | if (EventLog.Exists("Cyberarms")) { 23 | EventLog.Delete("Cyberarms"); 24 | Console.WriteLine("Event Log 'Cyberarms' was deleted. You might have to restart your computer"); 25 | Console.WriteLine(@"and delete the event log file at %systemroot%\system32\winevt\Logs\Cyberarms.evtx"); 26 | } else { 27 | Console.WriteLine("Event Log 'Cyberarms' was not found on this computer."); 28 | } 29 | Console.WriteLine("The command has executed successfully"); 30 | } catch (Exception ex) { 31 | Console.WriteLine("Sorry, we have a problem. Details:\r\n{0}", ex.Message); 32 | } finally { } 33 | return; 34 | } 35 | 36 | 37 | } 38 | Console.WriteLine("Please be sure to use this utility ONLY when advised by Cyberarms support personel."); 39 | } 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /EventLogCleaner/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("EventLogCleaner")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("EventLogCleaner")] 13 | [assembly: AssemblyCopyright("Copyright © 2012-2016")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("8ae5de3a-ff54-46a2-adbe-924e99ede989")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("2.2.0")] 36 | [assembly: AssemblyFileVersion("2.2.0")] 37 | -------------------------------------------------------------------------------- /IdsServiceForWindows.vsmdi: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016 isicore GmbH, www.isicore.de 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 6 | 7 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE 10 | 11 | -------------------------------------------------------------------------------- /Local.testsettings: -------------------------------------------------------------------------------- 1 |  2 | 3 | These are default test settings for a local test run. 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /MailServerTest/MailServerTest.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /MailServerTest/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using Cyberarms.Agents.MailServer; 6 | 7 | namespace MailServerTest { 8 | class Program { 9 | static void Main(string[] args) { 10 | Pop3Agent agent = new Pop3Agent(); 11 | agent.CurrentClients.Add(1, new Pop3Client()); 12 | agent.CurrentClients.Add(2, new Pop3Client()); 13 | agent.CurrentClients.Add(10, new Pop3Client()); 14 | agent.CurrentClients.Add(1000, new Pop3Client()); 15 | for (int i = agent.CurrentClients.Keys.Max(); i > 0; i--) { 16 | if (agent.CurrentClients.ContainsKey(i) && i==10) agent.CurrentClients.Remove(i); 17 | } 18 | Console.WriteLine(agent.CurrentClients.Count); 19 | Console.ReadKey(); 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /MailServerTest/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("MailServerTest")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("MailServerTest")] 13 | [assembly: AssemblyCopyright("Copyright © 2012")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("9527c05b-c7ab-4873-9f4f-d93b48cb8284")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.0.0.0")] 36 | [assembly: AssemblyFileVersion("1.0.0.0")] 37 | -------------------------------------------------------------------------------- /Media/setup_banner.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EFTEC/Cyberarms/85afac744d8a5a8ce2686cacf45218ff5b4b6e94/Media/setup_banner.jpg -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Cyberarms 2 | IDDS is a free and open source intrusion detection and prevention system for Windows Server 2008 R2 and later. 3 | 4 | # Note 5 | 6 | Its a fork of https://idds.codeplex.com/ and since Codeplex is dying then this repository acts as a backup if you want to fork into github. 7 | 8 | It's not supported. I repeat, it is only a backup. :-P 9 | 10 | 11 | ## Project Description 12 | IDDS is a free and open source intrusion detection and prevention system for Windows Server 2008 R2 and later. 13 | 14 | If you want the installer of the program (compiled version), then go here: 15 | 16 | https://github.com/EFTEC/Cyberarms/blob/master/Compiled/cyberarms.intrusiondetection.setup.x64_2.2.0.zip 17 | 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /SqlServerAgentTest/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using Cyberarms.IntrusionDetection.Api.Plugin; 6 | using Cyberarms.Agents.SqlServer; 7 | 8 | namespace SqlServerAgentTest { 9 | class Program { 10 | static void Main(string[] args) { 11 | SqlFailedLoginWatcher watcher = new SqlFailedLoginWatcher(); 12 | watcher.AttackDetected += new AttackDetectedHandler(watcher_AttackDetected); 13 | watcher.Start(); 14 | Console.ReadKey(); 15 | watcher.Stop(); 16 | } 17 | 18 | static void watcher_AttackDetected(object sender, INotificationEventArgs data) { 19 | SqlFailedLoginWatcher watcher = (SqlFailedLoginWatcher)sender; 20 | Console.WriteLine("{0}: {1}", data.EventMessage, data.IpAddress); 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /SqlServerAgentTest/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("SqlServerAgentTest")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("SqlServerAgentTest")] 13 | [assembly: AssemblyCopyright("Copyright © 2012")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("80362e85-997b-47c1-bf12-0b37b7c853d8")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.0.0.0")] 36 | [assembly: AssemblyFileVersion("1.0.0.0")] 37 | -------------------------------------------------------------------------------- /SqlServerAgentTest/SqlServerAgentTest.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /TlsSslTest/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | 6 | using Cyberarms.Agents.TerminalServer; 7 | using Cyberarms.IntrusionDetection.Api.Plugin; 8 | 9 | namespace TlsSslTest { 10 | class Program { 11 | static void Main(string[] args) { 12 | TlsSslAgent agent = new TlsSslAgent(); 13 | agent.Trace += new EventHandler(agent_Trace); 14 | agent.Tracing = false; 15 | agent.AttackDetected += new Cyberarms.IntrusionDetection.Api.Plugin.AttackDetectedHandler(agent_AttackDetected); 16 | ((Cyberarms.Agents.TerminalServer.TslSslConfig)agent.Configuration.AgentSettings).RdpPort = 3389; 17 | agent.Start(); 18 | Console.WriteLine("Press any key to abort..."); 19 | Console.ReadKey(); 20 | } 21 | 22 | static void agent_AttackDetected(object sender, Cyberarms.IntrusionDetection.Api.Plugin.INotificationEventArgs data) { 23 | Console.WriteLine("AttackDetected from " + data.IpAddress); 24 | } 25 | 26 | static void agent_Trace(object sender, EventArgs e) { 27 | IPHeader tls = (IPHeader)sender; 28 | //Console.WriteLine("{0} {1} {2} {3}", tls.TlsHeader.ContentType, tls.TlsHeader.MajorVersion, tls.TlsHeader.MinorVersion, tls.TlsHeader.Length); 29 | for (int i = 0; i < int.Parse(tls.TotalLength);i++ ) { 30 | Console.Write("{0:X}", tls.Data[i]); 31 | } 32 | Console.WriteLine(); 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /TlsSslTest/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("TlsSslTest")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("TlsSslTest")] 13 | [assembly: AssemblyCopyright("Copyright © 2012")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("de6a1b14-8488-470b-a84c-65555e920d95")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.0.0.0")] 36 | [assembly: AssemblyFileVersion("1.0.0.0")] 37 | -------------------------------------------------------------------------------- /TlsSslTest/TlsSslTest.csproj.vspscc: -------------------------------------------------------------------------------- 1 | "" 2 | { 3 | "FILE_VERSION" = "9237" 4 | "ENLISTMENT_CHOICE" = "NEVER" 5 | "PROJECT_FILE_RELATIVE_PATH" = "" 6 | "NUMBER_OF_EXCLUDED_FILES" = "0" 7 | "ORIGINAL_PROJECT_FILE_PATH" = "" 8 | "NUMBER_OF_NESTED_PROJECTS" = "0" 9 | "SOURCE_CONTROL_SETTINGS_PROVIDER" = "PROVIDER" 10 | } 11 | -------------------------------------------------------------------------------- /TraceAndTestImpact.testsettings: -------------------------------------------------------------------------------- 1 |  2 | 3 | These are test settings for Trace and Test Impact. 4 | 5 | 6 | 7 | 8 | 9 | --------------------------------------------------------------------------------