Merge branch 'main' into 'master'

# Conflicts:
#   README.md

README.md

@@ -72,7 +72,6 @@ Instructions are defined in Ansible's playbooks used to prepare all instructions
 
 ## Integration
 
-
 - [ ] Number of sniffers by super-sniffer (5)
 - [x] Integrate Sniffers / Manager PC
 - [x] Integrate code sources from [1], [5]

ansible/tasks/README.md

+# **Sniffers' configuration**
+
+Ansible[^1] involves a common set of concepts and tools for system automation. An inventory to define the hosts and groups of hosts participants that will be operated by the playbooks. Once the inventory has been defined, a set of playbooks have been programmed to perform tasks on the sniffers. The execution of the playbooks depends on the modules available in the Ansible platform. Finally, the system global interpreter is based on Python. 
+
+[^1]: https://www.ansible.com/
+
+The proposed topology is shown in Figure 1. One goal of using Ansible-based automation is to configure all sniffers simultaneously to guarantee that all nodes receive the same configuration, in addition to facilitating the manipulation of each device to be configured.
+
+<center>
+<figure>
+  <img src="https://gitlab.inria.fr/fmorlano/mitik_management/-/raw/main/Figures/mitik_topology.png" width="70%" height="70%" alt="mitik_topology"/>
+  <figcaption>Figure 1. Topology of Mitik project.</figcaption>
+</figure>
+</center>
+
+The sniffers' deployment require two roles to be developed. The first environment has been created to perform the installation and configuration tasks required on the hardware and the O.S.; the second environment executes the tasks necessary to start the sniffer according to the required parameters, in addition to synchronizing the data with the sniffer manager (Mitik laptop) and the Mitik server. Figure 3 shows the scenario to be automated by the Ansible management tool.
+
+<center>
+<figure>
+  <img src="https://gitlab.inria.fr/fmorlano/mitik_management/-/raw/main/Figures/ansible_implementation.png" width="70%" height="70%" alt="ansible_implementation"/>
+  <figcaption>Figure 3. Automating super-sniffers deployment.</figcaption>
+</figure>
+</center>
+
+## **Role 1. Hardware and software requirements**
+
+A modified version of Raspian has been provided by [1], as part of the experiments evaluating the performance of low-level libraries to capture network traffic in the sniffer. However, it is necessary to carry out additional configurations in the sniffer to add new functionalities on it.
+
+## **Sniffer manager**
+
+A sniffer manager is defined in a Mitik laptop (Macbook Pro). All the instructions executed in the sniffers are defined in the sniffer manager. To establish communication with the sniffers, an inventory with specific parameters is defined.Each sniffer is assigned a static IP. Besides that, sniffers are organized in groups (super-sniffers). _inventory_ shows the definition for each sniffer. Four groups (super-sniffers) are defined (ss1 to ss4), and each one contains five sniffers (sniffer#-ss#). 
+
+In addition to the inventory, the sniffer manager sends all the instructions and configurations contained in the playbooks to be executed in each sniffer. 
+
+### **Authentication**
+
+SSH key-based is used as authentication method between the sniffer manager and the sniffers. It is indispensable for the secure exchange information and data between the entities (sniffer manager and sniffers), besides of the execution of specific functions that requires SSH authentication. To enable the SSH Key-based authentication setup between the sniffer manager and the sniffers, _playbook_SSH_Keygen_ generates the public key of each sniffer, and also copy their SSH public keys to the sniffer manager.
+
+### **Sniffer Identification**
+
+Since each sniffer uses the O.S. from [1], _playbook_hostname_ and _playbook_hosts_ to redefine the hostname and local DNS of each sniffer based on the _inventory_ file and the static IP defined there.
+
+### **GPS Synchronization**
+
+Each step described in [README](https://gitlab.inria.fr/fmorlano/mitik_management/-/blob/main/docs/Installation%20manual.md) is executed in _playboork_GPS_sync_. 
+
+### **Wireless Interfaces**
+
+To avoid randomness in the network interface names, the **Predictable network interface names** is disabled, and new udev rules are defined for assigning static interface names for each USB port. 
+```
+#
+# +---------------+
+# | wlan1 | wlan3 |
+# +-------+-------+
+# | wlan2 | wlan4 |
+# +---------------+ (RPI USB ports distribution)
+#
+# | wlan0 | (onboard wifi)
+#
+ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="sdio", ATTR{address}=="<MAC address onboard antenna>", KERNELS=="brcmfmac", NAME="wlan0"
+ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb",  KERNELS=="1-1.3",       NAME="wlan1"
+ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb",  KERNELS=="1-1.4",       NAME="wlan2"
+ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb",  KERNELS=="1-1.1",       NAME="wlan3"
+ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb",  KERNELS=="1-1.2",       NAME="wlan4"
+```
+
+It is also defined a wireless network to connect each sniffer to the remote server through wlan0. These parameters are defined in _playbook_NIC_config_. It is worth noting that all wireless interfaces used to sniff must be connected in the same USB port for all sniffers.
+
+## **Role 2. Sniffer parameters**
+
+Unlike the single execution tasks of role 1, the tasks of role 2 can be executed multiple times, as long as they correspond to execution variables of the sniffer script. It is necessary to enter the online parameters to run the sniffer described in [1]. Host variables are defined in _playbook_scapy-sniffer_. Also, a timeout to stop sniffer execution has been added. By last, a job scheduling utility has been added to ensure that network time protocol set by Chrony is up to date for all sniffers. 
+
+To start the sniffers, following parameters must be defined:
+
+- Hour to start the experiment,
+- Minutes to start the experiment,
+- Runtime duration in seconds,
+- Wireless interface (by default, wlan1),
+- Packet capture filter (by default, probe-req, probe-resp, beacon),
+- Channel (by default, system),
+- Hash funtion (by default, MD5),
+- Hash pattern (by default, 15),
+- Folder destination.
+
+The capture filename structure produced by sniffers will have the next format: packet_capture_{sniffer_i-super-sniffer_id}-ts-{timestamp}-ch{channel}-gps{lat/lon}.pcap
+
+On the other hand, each single capture file from the sniffers is sent via SSH connection to the Mitik laptop or Mitik server to be analyzed in the **Trace handling engine** and the **Trace production engine**. The _playbook_data_transfer_ contains the instructions to send the data to the Mitik laptop or Mitik server. 
+
+# ------------------ **TODO** --------------------
+
+Tasks:
+
+- [x] UPLOAD FUNCTIONAL PLAYBOOKS OF THE FIRST TESTBED
+- [x] SPECIFY FEATURES OF EACH PLAYBOOK
+- [x] ORGANIZE FEATURES IN PLAYBOOKS BY TASK TYPE
+- [ ] CREATE MAIN.YML TO EXECUTE ALL THE PLAYBOOKS
+
+## **References**
+
+[1] Fernando Dias de Mello Silva, Abhishek Kumar Mishra, Aline Carneiro Viana, Nadjib Achir, Anne Fladenmuller, and Lu ́ıs Henrique M. K. Costa. Performance analysis of a privacy-preserving frame sniffer on a raspberry pi. In 6th Cyber Security in Networking Conference (CSNet), pages 1–7, October 2022.

ansible/tasks/playbook_GPS_sync.yml

+- hosts: sniffers
+  user: gta
+  become: yes
+  become_user: root
+  tasks:
+
+   - name: Timezone config
+     command: sudo timedatectl set-timezone Europe/Paris
+
+   - name: Raspi-config serial_hw
+     command: sudo raspi-config nonint do_serial 2
+
+   - name: gpsd installation       
+     command: sudo apt install gpsd -y
+
+   - name: gpsd-clients installation
+     command: sudo apt install gpsd-clients -y
+
+   - name: pps-tools installation
+     command: sudo apt install pps-tools -y
+
+   - name: systemctl enable gpsd
+     command: sudo systemctl enable gpsd.socket
+
+   - name: Copy a new config gpsd device functionality
+     blockinfile: |
+      dest=/boot/config.txt
+      content="dtoverlay=pps-gpio,gpiopin=18
+       enable_uart=1
+       init_uart_baud=9600"
+
+   - name: Copy a new pps GPIO device in modules
+     blockinfile: |
+      dest=/etc/modules
+      content="pps-gpio"
+
+   - name: gpsd port pointer
+     command: sudo gpsd /dev/ttyS0 -F /var/run/gpsd.sock
+     
+   - name: Copy a new config gpsd device functionality
+     copy:
+      src: /etc/default/gpsd 
+      dest: /etc/default/gpsd
+
+   - name: Reconfigure gpsd
+     command: sudo dpkg-reconfigure gpsd
+
+   - name: Remove IPv6 bind
+     copy:
+      src: /home/pi/ansible/gpsd.socket
+      dest: /lib/systemd/system/gpsd.socket
+
+   - name: ntp uninstall
+     command: sudo apt remove ntp -y
+
+   - name: chrony installation
+     command: sudo apt install chrony -y
+
+   - name: chrony config file GPS time synchronization
+     copy:
+      src: /etc/chrony/chrony.conf
+      dest: /etc/chrony/chrony.conf
+
+   - name: systemctl enable chrony
+     command: sudo systemctl restart chrony

ansible/tasks/playbook_NIC_config.yml

+- hosts: sniffers
+  user: gta
+  become: yes
+  become_user: root
+  tasks:
+
+   - name: Switch off predictable mechanism stuff
+     command: ls -nfs /dev/null /etc/systemd/network/99-default.link
+
+   - name: Copy new rules to identify interfaces based on USB positions
+     copy:
+      src: /etc/udev/rules.d/72-wlan-geo-dependent.rules
+      dest: /etc/udev/rules.d/72-wlan-geo-dependent.rules

ansible/tasks/playbook_SSH_keygen.yml

+- name: Exchange Keys between servers
+  hosts: sniffers
+  tasks:
+    - name: SSH KeyGen command
+      tags: run
+      shell: > 
+        ssh-keygen -q -b 2048 -t rsa -N "" -C "creating SSH" -f ~/.ssh/id_rsa
+        creates="~/.ssh/id_rsa"
+
+    - name: Fetch the keyfile from the node to master
+      tags: run
+      fetch: 
+        src: "~/.ssh/id_rsa.pub"
+        dest: "buffer/{{ansible_hostname}}-id_rsa.pub"
+        flat: yes
+
+    - name: Copy the key add to authorized_keys using Ansible module
+      tags: runcd
+      authorized_key:
+        user: gta
+        state: present
+        key: "{{ lookup('file','buffer/{{item}}-id_rsa.pub')}}"
+      when: "item != ansible_hostname"
+      with_items: 
+        - "{{ groups['sniffers'] }}"

ansible/tasks/playbook_data_transfer

+- hosts: sniffers
+  user: gta
+  #become: yes
+  #become_user: root
+
+  vars:
+    src_file: "/home/gta/sniffers/scapy-sniffer/capture-*.pcap"
+    dest_file: "/Users/fmolano/ansible/files/"
+    cap_file: capture-* 
+
+  tasks:
+
+    - name: find files to copy
+      find: 
+        paths: "/home/gta/sniffers/scapy-sniffer/"
+        recurse: no 
+        patterns: "*.pcap"
+      register: files_to_copy
+
+    - name: Copy files
+      fetch: 
+        src: "{{ item.path }}"
+        dest: /Users/fmolano/ansible/files/{{ ansible_hostname }}_{{ ansible_date_time.date }}/
+        flat: yes
+      with_items: "{{ files_to_copy.files }}"
\ No newline at end of file

ansible/tasks/playbook_hostname.yml

+- hosts: all
+  tasks:
+   - name: set system hostname
+     command: sudo hostnamectl set-hostname {{ inventory_hostname }}