def insert_service(service, relation_properties, host_node, external_check):
service_name = service.get('name', 'unknown')
service_node_handle = nlu.get_unique_node_handle(service_name, 'Host Service', 'Logical')
service_node = service_node_handle.get_node()
helpers.update_noclook_auto_manage(service_node)
result = host_node.get_host_service(service_node.handle_id, **relation_properties)
if not result.get('Depends_on'):
result = host_node.set_host_service(service_node.handle_id, **relation_properties)
relationship_id = result.get('Depends_on')[0].get('relationship_id')
relationship = nlu.get_relationship_model(relationship_id)
created = result.get('Depends_on')[0].get('created')
# Set or update relationship properties
relation_properties.update(service)
if external_check:
relation_properties.update({
'public': True,
'noclook_last_external_check': datetime.now().isoformat()
})
user = nlu.get_user()
if created:
activitylog.create_relationship(user, relationship)
#TODO: log creation
if host_node.data.get('services_locked', False):
#TODO: log warning with new port found
relation_properties['rouge_port'] = True
else:
#TODO: log found service
None
helpers.update_noclook_auto_manage(relationship)
#TODO: is properties_keys needed?
helpers.dict_update_relationship(user, relationship.id, relation_properties)
def insert_external_bgp_peering(peering, peering_group):
"""
Creates/updates the relationship and nodes needed to express the external peerings.
"""
user = utils.get_user()
# Get or create the peering partner, unique per AS
peer_node = get_peering_partner(peering)
if peer_node is None:
# We are done. This is a broken peering.
return
# Get all relationships with this ip address, should never be more than one
remote_address = peering.get('remote_address', None).lower()
if remote_address:
# DEBUG
try:
result = peer_node.get_peering_group(peering_group.handle_id,
remote_address)
except AttributeError:
print(peer_node)
sys.exit(1)
if not result.get('Uses'):
result = peer_node.set_peering_group(peering_group.handle_id,
remote_address)
relationship_id = result.get('Uses')[0]['relationship_id']
relationship = nc.get_relationship_model(nc.graphdb.manager,
relationship_id)
helpers.set_noclook_auto_manage(relationship, True)
if result.get('Uses')[0].get('created', False):
activitylog.create_relationship(user, relationship)
# Match the remote address against a local network
dependency_node, local_address = match_remote_ip_address(
ipaddress.ip_address(remote_address))
if dependency_node and local_address:
result = peering_group.get_group_dependency(
dependency_node.handle_id, local_address)
if not result.get('Depends_on'):
result = peering_group.set_group_dependency(
dependency_node.handle_id, local_address)
relationship_id = result.get('Depends_on')[0]['relationship_id']
relationship = nc.get_relationship_model(nc.graphdb.manager,
relationship_id)
helpers.set_noclook_auto_manage(relationship, True)
if result.get('Depends_on')[0].get('created', False):
activitylog.create_relationship(user, relationship)
logger.info(
'Peering Partner {name} done.'.format(name=peer_node.data['name']))
def insert_services(service_dict, host_node, external_check=False):
"""
Takes a dictionary of services and a node id for a host. Gets or creates a
service and makes a Depends_on relationship between the service and host.
Example service_dict:
{"127.0.0.1": {
"tcp": {
"80": {
"conf": "10",
"extrainfo": "",
"name": "http",
"product": "VMware ESXi Server httpd",
"reason": "syn-ack",
"state": "open",
"version": ""
},
"8443": {
"conf": "10",
"extrainfo": "",
"name": "ssl",
"product": "TLS",
"reason": "syn-ack",
"state": "open",
"version": "1.0"
}
}
}
"""
user = nt.get_user()
node_type = "Host Service"
meta_type = 'Logical'
services_locked = host_node.data.get('services_locked', False)
# Expected service data from nmap
property_keys = [
'ip_address', 'protocol', 'port', 'conf', 'extrainfo', 'name',
'product', 'reason', 'state', 'version'
]
if external_check:
property_keys.extend(['public', 'noclook_last_external_check'])
external_dict = {
'public': True,
'noclook_last_external_check': datetime.now().isoformat()
}
set_not_public(host_node)
for address in service_dict.keys():
for protocol in service_dict[address].keys():
for port in service_dict[address][protocol].keys():
service = service_dict[address][protocol][port]
if service['state'] != 'closed':
service_name = service['name']
if not service_name: # Blank
service_name = 'unknown'
service_node_handle = nt.get_unique_node_handle(
service_name, node_type, meta_type)
service_node = service_node_handle.get_node()
helpers.update_noclook_auto_manage(service_node)
relationship_properties = {
'ip_address': address,
'protocol': protocol,
'port': port
}
result = host_node.get_host_service(
service_node.handle_id, **relationship_properties)
if not result.get('Depends_on'):
result = host_node.set_host_service(
service_node.handle_id, **relationship_properties)
relationship_id = result.get('Depends_on')[0].get(
'relationship_id')
relationship = nc.get_relationship_model(
nc.graphdb.manager, relationship_id)
created = result.get('Depends_on')[0].get('created')
# Set or update relationship properties
relationship_properties.update(service)
if external_check:
relationship_properties.update(external_dict)
if created:
activitylog.create_relationship(user, relationship)
if services_locked:
logger.warn(
'New open port found for host {name}.'.format(
name=host_node.data['name']))
property_keys.append('rogue_port')
relationship_properties['rogue_port'] = True
logger.info(
'Host Service {host_service_name} using port {port}/{protocol} created.'
.format(
host_service_name=service_node.data['name'],
port=relationship.data['port'],
protocol=relationship.data['protocol']))
if not created:
logger.info(
'Host Service {host_service_name} using port {port}/{protocol} found.'
.format(
host_service_name=service_node.data['name'],
port=relationship.data['port'],
protocol=relationship.data['protocol']))
helpers.update_noclook_auto_manage(relationship)
helpers.dict_update_relationship(user, relationship.id,
relationship_properties,
property_keys)
logger.info(
'{name} {ip_address} {port}/{protocol} processed...'.
format(name=host_node.data['name'],
ip_address=address,
protocol=protocol,
port=port))