Lightweight client

[c-goosen]

Is it possible to write a more lightweight client that implements a tripwire type detection. Im thinking in terms of a periodic scan of the file system, comparing hashes and then passing suspect files via the network to a laikaboss host. webscan.py still requires a lot of libraries to be installed.

[marnao]

Yes! It's an undocumented feature and admittedly has not been thoroughly tested, but we provide a cross platform interface that uses JSON for serialization rather than python's pickle. We are also planning to add more interface types in the future that are even more lightweight (JSON is pretty heavy for serialization).

Here is an example python client the uses JSON for serialization. You could easily extend this example to work on other platforms/languages. The only hard requirement is ZeroMQ for message transport.

#!/usr/bin/python

import zmq
import base64
import json
import sys

REQ_TYPE_PICKLE = '1'
REQ_TYPE_PICKLE_ZLIB = '2'
REQ_TYPE_JSON = '3'
REQ_TYPE_JSON_ZLIB = '4'

fn = sys.argv[1]
uniqID = sys.argv[2]

request = { 'source' : 'python-json-client',
             'buffer' : base64.b64encode(open(fn).read()),
             'filename' : fn,
             'uniqID' : uniqID,
             'extMetaData' : { 'testing' : uniqID }
           }

jRequest = json.dumps(request)


ctx = zmq.Context()

client = ctx.socket(zmq.REQ)
poll = zmq.Poller()
poll.register(client, zmq.POLLIN)

client.connect('tcp://localhost:5558')

# The first field tells the server to expect json. If you had a 1 in here it would expect a python pickled object
# The second field is a blank delimter field, required by zmq
# You could compress the JSON with zlib if you choose-- just choose REQ_TYPE_JSON_ZLIB instead
client.send_multipart([REQ_TYPE_JSON, '', jRequest])

socks = dict(poll.poll(None))

if socks.get(client) == zmq.POLLIN:
    # Recieve reply
    reply = client.recv()

result = json.loads(reply)

print json.dumps(result, indent=4, separators=(',', ': '), ensure_ascii=False)

Does this help?