Beispiel #1
0
    class SchemaCls(aff4.AFF4Object.SchemaCls):
        """Schema for GRRUser."""
        PENDING_NOTIFICATIONS = aff4.Attribute(
            "aff4:notification/pending",
            rdf_flows.NotificationList,
            "The notifications pending for the user.",
            default=rdf_flows.NotificationList(),
            versioned=False)

        SHOWN_NOTIFICATIONS = aff4.Attribute(
            "aff4:notifications/shown",
            rdf_flows.NotificationList,
            "Notifications already shown to the user.",
            default=rdf_flows.NotificationList(),
            versioned=False)

        SHOWN_GLOBAL_NOTIFICATIONS = aff4.Attribute(
            "aff4:global_notification/timestamp_list",
            GlobalNotificationSet,
            "Global notifications shown to this user.",
            default=GlobalNotificationSet(),
            versioned=False)

        GUI_SETTINGS = aff4.Attribute("aff4:gui/settings",
                                      GUISettings,
                                      "GUI Settings",
                                      default=GUISettings())

        PASSWORD = aff4.Attribute("aff4:user/password", CryptedPassword,
                                  "Encrypted Password for the user")
Beispiel #2
0
  class SchemaCls(VFSFile.SchemaCls):
    """The schema for Blob Images."""
    HASHES = aff4.Attribute("aff4:hashes", standard.HashList,
                            "List of hashes of each chunk in this file.")

    FINALIZED = aff4.Attribute(
        "aff4:finalized", rdfvalue.RDFBool,
        "Once a blobimage is finalized, further writes"
        " will raise exceptions.")
Beispiel #3
0
    class SchemaCls(aff4.AFF4Volume.SchemaCls):
        """Attributes specific to VFSDirectory."""
        STAT = aff4.Attribute("aff4:stat", rdf_client_fs.StatEntry,
                              "A StatEntry describing this file.", "stat")

        PATHSPEC = aff4.Attribute(
            "aff4:pathspec", rdf_paths.PathSpec,
            "The pathspec used to retrieve this object from the client.",
            "pathspec")
Beispiel #4
0
    class SchemaCls(Approval.SchemaCls):
        """The Schema for the ClientAccessApproval class."""

        LIFETIME = aff4.Attribute(
            "aff4:approval/lifetime",
            rdfvalue.RDFInteger,
            "The number of seconds an approval is valid for.",
            default=0)
        BREAK_GLASS = aff4.Attribute(
            "aff4:approval/breakglass", rdfvalue.RDFDatetime,
            "The date when this break glass approval will expire.")
Beispiel #5
0
  class SchemaCls(aff4.AFF4Image.SchemaCls):
    """The schema for AFF4 files in the GRR VFS."""

    STAT = standard.VFSDirectory.SchemaCls.STAT

    CONTENT_LOCK = aff4.Attribute(
        "aff4:content_lock", rdfvalue.RDFURN,
        "This lock contains a URN pointing to the flow that is currently "
        "updating this flow.")

    PATHSPEC = aff4.Attribute(
        "aff4:pathspec", rdf_paths.PathSpec,
        "The pathspec used to retrieve this object from the client.")
Beispiel #6
0
  class SchemaCls(aff4.AFF4Object.SchemaCls):
    """SchemaCls."""
    FILESTORE_FILETYPES = aff4.Attribute(
        "aff4:stats/filestore/filetypes", rdf_stats.Graph,
        "Number of files in the filestore by type")

    FILESTORE_FILETYPES_SIZE = aff4.Attribute(
        "aff4:stats/filestore/filetypes_size", rdf_stats.GraphFloat,
        "Total filesize in GB of files in the filestore by type")

    FILESTORE_FILESIZE_HISTOGRAM = aff4.Attribute(
        "aff4:stats/filestore/filesize", rdf_stats.Graph,
        "Filesize histogram of files in the filestore")
Beispiel #7
0
 class SchemaCls(standard.VFSDirectory.SchemaCls):
   STATS = aff4.Attribute(
       "aff4:stats",
       rdf_client_stats.ClientStats,
       "Client Stats.",
       "Client stats",
       creates_new_object_version=False)
Beispiel #8
0
    class SchemaCls(aff4.AFF4ImageBase.SchemaCls):
        """The schema class for AFF4SparseImage."""

        PATHSPEC = VFSDirectory.SchemaCls.PATHSPEC

        STAT = VFSDirectory.SchemaCls.STAT

        _CHUNKSIZE = aff4.Attribute("aff4:chunksize",
                                    rdfvalue.RDFInteger,
                                    "Total size of each chunk.",
                                    default=512 * 1024)

        LAST_CHUNK = aff4.Attribute(
            "aff4:lastchunk",
            rdfvalue.RDFInteger,
            "The highest numbered chunk in this object.",
            default=-1)
Beispiel #9
0
    class SchemaCls(aff4.AFF4Object.SchemaCls):
        """Schema for StatsStoreProcessData."""

        METRICS_METADATA = aff4.Attribute(
            "aff4:stats_store_process_data/metrics_metadata",
            stats_values.StatsStoreMetricsMetadata,
            creates_new_object_version=False,
            versioned=False)
Beispiel #10
0
    class SchemaCls(aff4.AFF4Object.SchemaCls):
        """Schema for GlobalNotificationsManager."""

        NOTIFICATIONS = aff4.Attribute(
            "aff4:global_notification_storage/notifications",
            GlobalNotificationSet,
            "List of currently active notifications",
            versioned=False)
Beispiel #11
0
 class SchemaCls(aff4.AFF4Object.SchemaCls):
     """Attributes specific to VFSDirectory."""
     RULES = aff4.Attribute("aff4:rules",
                            foreman_rules.ForemanRules,
                            "The rules the foreman uses.",
                            versioned=False,
                            creates_new_object_version=False,
                            default=foreman_rules.ForemanRules())
Beispiel #12
0
    class SchemaCls(aff4.AFF4Object.SchemaCls):
        """The Schema for the Approval class."""
        REQUESTOR = aff4.Attribute("aff4:approval/requestor",
                                   rdfvalue.RDFString,
                                   "Requestor of the approval.")

        APPROVER = aff4.Attribute("aff4:approval/approver", rdfvalue.RDFString,
                                  "An approver for the request.", "approver")

        SUBJECT = aff4.Attribute(
            "aff4:approval/subject", rdfvalue.RDFURN,
            "Subject of the approval. I.e. the resource that "
            "requires approved access.")

        REASON = aff4.Attribute(
            "aff4:approval/reason", rdfvalue.RDFString,
            "The reason for requesting access to this client.")

        EMAIL_MSG_ID = aff4.Attribute(
            "aff4:approval/email_msg_id", rdfvalue.RDFString,
            "The email thread message ID for this"
            "approval. Storing this allows for "
            "conversation threading.")

        EMAIL_CC = aff4.Attribute(
            "aff4:approval/email_cc", rdfvalue.RDFString,
            "Comma separated list of email addresses to "
            "CC on approval emails.")

        NOTIFIED_USERS = aff4.Attribute(
            "aff4:approval/notified_users", rdfvalue.RDFString,
            "Comma-separated list of GRR users "
            "notified about this approval.")
Beispiel #13
0
  class SchemaCls(aff4.AFF4Object.SchemaCls):
    """Schema for ClientFleetStats object."""

    GRRVERSION_HISTOGRAM = aff4.Attribute(
        "aff4:stats/grrversion", rdf_stats.GraphSeries,
        "GRR version statistics for active "
        "clients.")

    OS_HISTOGRAM = aff4.Attribute(
        "aff4:stats/os_type", rdf_stats.GraphSeries,
        "Operating System statistics for active clients.")

    RELEASE_HISTOGRAM = aff4.Attribute(
        "aff4:stats/release", rdf_stats.GraphSeries,
        "Release statistics for active clients.")

    LAST_CONTACTED_HISTOGRAM = aff4.Attribute(
        "aff4:stats/last_contacted", rdf_stats.Graph, "Last contacted time")
Beispiel #14
0
    class SchemaCls(aff4.AFF4Stream.SchemaCls):
        FILE_ID = aff4.Attribute(
            "aff4:file_id", rdfvalue.RDFString,
            "This string uniquely identifies a "
            "file stored in the file store. Passing "
            "this id to the file store grants read "
            "access to the corresponding data.")

        STAT = standard.VFSDirectory.SchemaCls.STAT
Beispiel #15
0
    class SchemaCls(FileStoreImage.SchemaCls):
        """Schema class for NSRLFile."""

        # We do not need child indexes since the NSRL database is quite big.
        ADD_CHILD_INDEX = False

        # Make the default SIZE argument as unversioned.
        SIZE = aff4.Attribute(
            "aff4:size",
            rdfvalue.RDFInteger,
            "The total size of available data for this stream.",
            "size",
            default=0,
            versioned=False)
        TYPE = aff4.Attribute("aff4:type",
                              rdfvalue.RDFString,
                              "The name of the AFF4Object derived class.",
                              "type",
                              versioned=False)
        NSRL = aff4.Attribute("aff4:nsrl",
                              rdf_nsrl.NSRLInformation,
                              versioned=False)
Beispiel #16
0
  class SchemaCls(aff4.AFF4Volume.SchemaCls):
    """Attributes specific to GRRFlow."""

    FLOW_STATE_DICT = aff4.Attribute(
        "aff4:flow_state_dict",
        rdf_protodict.AttributedDict,
        "The current state of this flow.",
        "FlowStateDict",
        versioned=False,
        creates_new_object_version=False)

    FLOW_ARGS = aff4.Attribute(
        "aff4:flow_args",
        rdf_protodict.EmbeddedRDFValue,
        "The arguments for this flow.",
        "FlowArgs",
        versioned=False,
        creates_new_object_version=False)

    FLOW_CONTEXT = aff4.Attribute(
        "aff4:flow_context",
        rdf_flow_runner.FlowContext,
        "The metadata for this flow.",
        "FlowContext",
        versioned=False,
        creates_new_object_version=False)

    FLOW_RUNNER_ARGS = aff4.Attribute(
        "aff4:flow_runner_args",
        rdf_flow_runner.FlowRunnerArgs,
        "The runner arguments used for this flow.",
        "FlowRunnerArgs",
        versioned=False,
        creates_new_object_version=False)

    CLIENT_CRASH = aff4.Attribute(
        "aff4:client_crash",
        rdf_client.ClientCrash,
        "Client crash details in case of a crash.",
        default=None,
        creates_new_object_version=False)

    PENDING_TERMINATION = aff4.Attribute(
        "aff4:pending_termination",
        PendingFlowTermination,
        "If true, this flow will be "
        "terminated as soon as any of its "
        "states are called.",
        creates_new_object_version=False)
Beispiel #17
0
  class SchemaCls(aff4.AFF4Volume.SchemaCls):
    """Schema for CronJob AFF4 object."""
    CRON_ARGS = aff4.Attribute("aff4:cron/args",
                               rdf_cronjobs.CreateCronJobFlowArgs,
                               "This cron jobs' arguments.")

    DISABLED = aff4.Attribute(
        "aff4:cron/disabled",
        rdfvalue.RDFBool,
        "If True, don't run this job.",
        versioned=False)

    CURRENT_FLOW_URN = aff4.Attribute(
        "aff4:cron/current_flow_urn",
        rdfvalue.RDFURN,
        "URN of the currently running flow corresponding to this cron job.",
        versioned=False,
        lock_protected=True)

    LAST_RUN_TIME = aff4.Attribute(
        "aff4:cron/last_run",
        rdfvalue.RDFDatetime,
        "The last time this cron job ran.",
        "last_run",
        versioned=False,
        lock_protected=True)

    LAST_RUN_STATUS = aff4.Attribute(
        "aff4:cron/last_run_status",
        rdf_cronjobs.CronJobRunStatus,
        "Result of the last flow",
        lock_protected=True,
        creates_new_object_version=False)

    STATE_DICT = aff4.Attribute(
        "aff4:cron/state_dict",
        rdf_protodict.AttributedDict,
        "Cron flow state that is kept between iterations",
        lock_protected=True,
        versioned=False)
Beispiel #18
0
    def CreateClientObject(self, vfs_fixture):
        """Make a new client object."""

        # First remove the old fixture just in case its still there.
        aff4.FACTORY.Delete(self.client_id, token=self.token)

        # Create the fixture at a fixed time.
        with test_lib.FakeTime(self.age):
            for path, (aff4_type, attributes) in vfs_fixture:
                path %= self.args

                aff4_object = aff4.FACTORY.Create(self.client_id.Add(path),
                                                  aff4_type,
                                                  mode="rw",
                                                  token=self.token)

                if data_store.RelationalDBWriteEnabled():
                    data_store.REL_DB.WriteClientMetadata(
                        self.client_id.Basename(), fleetspeak_enabled=False)

                    components = [
                        component for component in path.split("/") if component
                    ]
                    if components[0:2] == ["fs", "os"]:
                        path_info = rdf_objects.PathInfo()
                        path_info.path_type = rdf_objects.PathInfo.PathType.OS
                        path_info.components = components[2:]
                        if aff4_type in [
                                aff4_grr.VFSFile, aff4_grr.VFSMemoryFile
                        ]:
                            path_info.directory = False
                        elif aff4_type == aff4_standard.VFSDirectory:
                            path_info.directory = True
                        else:
                            raise ValueError("Incorrect AFF4 type: %s" %
                                             aff4_type)
                        data_store.REL_DB.WritePathInfos(
                            client_id=self.client_id.Basename(),
                            path_infos=[path_info])

                for attribute_name, value in iteritems(attributes):
                    attribute = aff4.Attribute.PREDICATES[attribute_name]
                    if isinstance(value, (str, unicode)):
                        # Interpolate the value
                        value %= self.args

                    # Is this supposed to be an RDFValue array?
                    if aff4.issubclass(attribute.attribute_type,
                                       rdf_protodict.RDFValueArray):
                        rdfvalue_object = attribute()
                        for item in value:
                            new_object = rdfvalue_object.rdf_type.FromTextFormat(
                                utils.SmartStr(item))
                            rdfvalue_object.Append(new_object)

                    # It is a text serialized protobuf.
                    elif aff4.issubclass(attribute.attribute_type,
                                         rdf_structs.RDFProtoStruct):
                        # Use the alternate constructor - we always write protobufs in
                        # textual form:
                        rdfvalue_object = attribute.attribute_type.FromTextFormat(
                            utils.SmartStr(value))

                    elif aff4.issubclass(attribute.attribute_type,
                                         rdfvalue.RDFInteger):
                        rdfvalue_object = attribute(int(value))
                    else:
                        rdfvalue_object = attribute(value)

                    # If we don't already have a pathspec, try and get one from the stat.
                    if aff4_object.Get(aff4_object.Schema.PATHSPEC) is None:
                        # If the attribute was a stat, it has a pathspec nested in it.
                        # We should add that pathspec as an attribute.
                        if attribute.attribute_type == rdf_client_fs.StatEntry:
                            stat_object = attribute.attribute_type.FromTextFormat(
                                utils.SmartStr(value))
                            if stat_object.pathspec:
                                pathspec_attribute = aff4.Attribute(
                                    "aff4:pathspec", rdf_paths.PathSpec,
                                    "The pathspec used to retrieve "
                                    "this object from the client.", "pathspec")
                                aff4_object.AddAttribute(
                                    pathspec_attribute, stat_object.pathspec)

                    if attribute in ["aff4:content", "aff4:content"]:
                        # For AFF4MemoryStreams we need to call Write() instead of
                        # directly setting the contents..
                        aff4_object.Write(rdfvalue_object.AsBytes())
                    else:
                        aff4_object.AddAttribute(attribute, rdfvalue_object)

                    if (isinstance(rdfvalue_object, rdf_client_fs.StatEntry)
                            and rdfvalue_object.pathspec.pathtype != "UNSET"):
                        if data_store.RelationalDBWriteEnabled():
                            client_id = self.client_id.Basename()
                            path_info = rdf_objects.PathInfo.FromStatEntry(
                                rdfvalue_object)
                            data_store.REL_DB.WritePathInfos(
                                client_id, [path_info])

                # Populate the KB from the client attributes.
                if aff4_type == aff4_grr.VFSGRRClient:
                    kb = rdf_client.KnowledgeBase()
                    artifact.SetCoreGRRKnowledgeBaseValues(kb, aff4_object)
                    aff4_object.Set(aff4_object.Schema.KNOWLEDGE_BASE, kb)

                # Make sure we do not actually close the object here - we only want to
                # sync back its attributes, not run any finalization code.
                aff4_object.Flush()
                if aff4_type == aff4_grr.VFSGRRClient:
                    index = client_index.CreateClientIndex(token=self.token)
                    index.AddClient(aff4_object)
Beispiel #19
0
 class SchemaCls(aff4.AFF4Object.SchemaCls):
     PROFILE = aff4.Attribute("aff4:profile",
                              rdf_rekall_types.RekallProfile,
                              "A Rekall profile.")
Beispiel #20
0
    def CreateClientObject(self, vfs_fixture):
        """Make a new client object."""

        # First remove the old fixture just in case its still there.
        aff4.FACTORY.Delete(self.client_id, token=self.token)

        # Create the fixture at a fixed time.
        with test_lib.FakeTime(self.age):

            if data_store.RelationalDBWriteEnabled():
                # Constructing a client snapshot from the aff4 fixture is only possible
                # using aff4. Using a serialized string instead.
                data_store.REL_DB.WriteClientMetadata(self.client_id,
                                                      fleetspeak_enabled=False)

                snapshot = rdf_objects.ClientSnapshot.FromSerializedString(
                    SERIALIZED_CLIENT.decode("hex"))
                snapshot.client_id = self.client_id
                snapshot.knowledge_base.fqdn = "Host%s" % self.client_id

                data_store.REL_DB.WriteClientSnapshot(snapshot)
                client_index.ClientIndex().AddClient(snapshot)

            for path, (aff4_type, attributes) in vfs_fixture:
                path %= self.args

                if data_store.AFF4Enabled():
                    aff4_object = aff4.FACTORY.Create(
                        self.client_urn.Add(path),
                        aff4_type,
                        mode="rw",
                        token=self.token)

                path_info = None

                if data_store.RelationalDBWriteEnabled():
                    components = [
                        component for component in path.split("/") if component
                    ]
                    if (len(components) > 1 and components[0] == "fs"
                            and components[1] in ["os", "tsk"]):
                        path_info = rdf_objects.PathInfo()
                        if components[1] == "os":
                            path_info.path_type = rdf_objects.PathInfo.PathType.OS
                        else:
                            path_info.path_type = rdf_objects.PathInfo.PathType.TSK
                        path_info.components = components[2:]
                        if aff4_type in [
                                aff4_grr.VFSFile, aff4_grr.VFSMemoryFile
                        ]:
                            path_info.directory = False
                        elif aff4_type == aff4_standard.VFSDirectory:
                            path_info.directory = True
                        else:
                            raise ValueError("Incorrect AFF4 type: %s" %
                                             aff4_type)

                for attribute_name, value in iteritems(attributes):
                    attribute = aff4.Attribute.PREDICATES[attribute_name]
                    if isinstance(value, (bytes, Text)):
                        # Interpolate the value
                        value %= self.args

                    # Is this supposed to be an RDFValue array?
                    if issubclass(attribute.attribute_type,
                                  rdf_protodict.RDFValueArray):
                        rdfvalue_object = attribute()
                        for item in value:
                            new_object = rdfvalue_object.rdf_type.FromTextFormat(
                                utils.SmartStr(item))
                            rdfvalue_object.Append(new_object)

                    # It is a text serialized protobuf.
                    elif issubclass(attribute.attribute_type,
                                    rdf_structs.RDFProtoStruct):
                        # Use the alternate constructor - we always write protobufs in
                        # textual form:
                        rdfvalue_object = attribute.attribute_type.FromTextFormat(
                            utils.SmartStr(value))

                    elif issubclass(attribute.attribute_type,
                                    rdfvalue.RDFInteger):
                        rdfvalue_object = attribute(int(value))
                    else:
                        rdfvalue_object = attribute(value)

                    if data_store.AFF4Enabled():
                        # If we don't already have a pathspec, try and get one from the
                        # stat.
                        if aff4_object.Get(
                                aff4_object.Schema.PATHSPEC) is None:
                            # If the attribute was a stat, it has a pathspec nested in it.
                            # We should add that pathspec as an attribute.
                            if attribute.attribute_type == rdf_client_fs.StatEntry:
                                stat_object = attribute.attribute_type.FromTextFormat(
                                    utils.SmartStr(value))
                                if stat_object.pathspec:
                                    pathspec_attribute = aff4.Attribute(
                                        "aff4:pathspec", rdf_paths.PathSpec,
                                        "The pathspec used to retrieve "
                                        "this object from the client.",
                                        "pathspec")
                                    aff4_object.AddAttribute(
                                        pathspec_attribute,
                                        stat_object.pathspec)

                    if attribute in ["aff4:content", "aff4:content"]:
                        content = rdfvalue_object.AsBytes()

                        if data_store.AFF4Enabled():
                            # For AFF4MemoryStreams we need to call Write() instead of
                            # directly setting the contents..
                            aff4_object.Write(content)

                        if path_info is not None:
                            blob_id = rdf_objects.BlobID.FromBlobData(content)
                            data_store.BLOBS.WriteBlobs({blob_id: content})
                            blob_ref = rdf_objects.BlobReference(
                                offset=0, size=len(content), blob_id=blob_id)
                            hash_id = file_store.AddFileWithUnknownHash(
                                db.ClientPath.FromPathInfo(
                                    self.client_id, path_info), [blob_ref])
                            path_info.hash_entry.num_bytes = len(content)
                            path_info.hash_entry.sha256 = hash_id.AsBytes()
                    elif data_store.AFF4Enabled():
                        aff4_object.AddAttribute(attribute, rdfvalue_object)

                    if (isinstance(rdfvalue_object, rdf_client_fs.StatEntry)
                            and rdfvalue_object.pathspec.pathtype != "UNSET"):
                        if data_store.RelationalDBWriteEnabled():
                            path_info = rdf_objects.PathInfo.FromStatEntry(
                                rdfvalue_object)
                            data_store.REL_DB.WritePathInfos(
                                self.client_id, [path_info])

                # Populate the KB from the client attributes.
                if aff4_type == aff4_grr.VFSGRRClient:
                    if data_store.AFF4Enabled():
                        kb = rdf_client.KnowledgeBase()
                        artifact.SetCoreGRRKnowledgeBaseValues(kb, aff4_object)
                        aff4_object.Set(aff4_object.Schema.KNOWLEDGE_BASE, kb)

                        aff4_object.Flush()

                        index = client_index.CreateClientIndex(
                            token=self.token)
                        index.AddClient(aff4_object)

                if path_info is not None:
                    data_store.REL_DB.WritePathInfos(client_id=self.client_id,
                                                     path_infos=[path_info])

                if data_store.AFF4Enabled():
                    aff4_object.Flush()
Beispiel #21
0
  class SchemaCls(standard.VFSDirectory.SchemaCls):
    """The schema for the client."""
    client_index = rdfvalue.RDFURN("aff4:/index/client")

    FLEETSPEAK_ENABLED = aff4.Attribute(
        "metadata:IsFleetspeak", rdfvalue.RDFBool,
        "Whether this client uses Fleetspeak for comms.")

    CERT = aff4.Attribute("metadata:cert", rdf_crypto.RDFX509Cert,
                          "The PEM encoded cert of the client.")

    FILESYSTEM = aff4.Attribute("aff4:filesystem", rdf_client_fs.Filesystems,
                                "Filesystems on the client.")

    CLIENT_INFO = aff4.Attribute(
        "metadata:ClientInfo",
        rdf_client.ClientInformation,
        "GRR client information",
        "GRR client",
        default=rdf_client.ClientInformation())

    LAST_BOOT_TIME = aff4.Attribute("metadata:LastBootTime",
                                    rdfvalue.RDFDatetime,
                                    "When the machine was last booted",
                                    "BootTime")

    FIRST_SEEN = aff4.Attribute("metadata:FirstSeen", rdfvalue.RDFDatetime,
                                "First time the client registered with us",
                                "FirstSeen")

    # Information about the host.
    HOSTNAME = aff4.Attribute(
        "metadata:hostname",
        rdfvalue.RDFString,
        "Hostname of the host.",
        "Host",
        index=client_index)
    FQDN = aff4.Attribute(
        "metadata:fqdn",
        rdfvalue.RDFString,
        "Fully qualified hostname of the host.",
        "FQDN",
        index=client_index)

    SYSTEM = aff4.Attribute("metadata:system", rdfvalue.RDFString,
                            "Operating System class.", "System")
    UNAME = aff4.Attribute("metadata:uname", rdfvalue.RDFString,
                           "Uname string.", "Uname")
    OS_RELEASE = aff4.Attribute("metadata:os_release", rdfvalue.RDFString,
                                "OS Major release number.", "Release")
    OS_VERSION = aff4.Attribute("metadata:os_version", rdf_client.VersionString,
                                "OS Version number.", "Version")

    # ARCH values come from platform.uname machine value, e.g. x86_64, AMD64.
    ARCH = aff4.Attribute("metadata:architecture", rdfvalue.RDFString,
                          "Architecture.", "Architecture")
    INSTALL_DATE = aff4.Attribute("metadata:install_date", rdfvalue.RDFDatetime,
                                  "Install Date.", "Install")

    # The knowledge base is used for storing data about the host and users.
    # This is currently a slightly odd object as we only use some of the fields.
    # The proto itself is used in Artifact handling outside of GRR (e.g. Plaso).
    # Over time we will migrate fields into this proto, but for now it is a mix.
    KNOWLEDGE_BASE = aff4.Attribute("metadata:knowledge_base",
                                    rdf_client.KnowledgeBase,
                                    "Artifact Knowledge Base", "KnowledgeBase")

    GRR_CONFIGURATION = aff4.Attribute(
        "aff4:client_configuration", rdf_protodict.Dict,
        "Running configuration for the GRR client.", "Config")

    LIBRARY_VERSIONS = aff4.Attribute(
        "aff4:library_versions", rdf_protodict.Dict,
        "Running library versions for the client.", "Libraries")

    USERNAMES = aff4.Attribute(
        "aff4:user_names",
        SpaceSeparatedStringArray,
        "A space separated list of system users.",
        "Usernames",
        index=client_index)

    # This information is duplicated from the INTERFACES attribute but is done
    # to allow for fast searching by mac address.
    MAC_ADDRESS = aff4.Attribute(
        "aff4:mac_addresses",
        rdfvalue.RDFString,
        "A hex encoded MAC address.",
        "MAC",
        index=client_index)

    KERNEL = aff4.Attribute("aff4:kernel_version", rdfvalue.RDFString,
                            "Kernel version string.", "KernelVersion")

    # Same for IP addresses.
    HOST_IPS = aff4.Attribute(
        "aff4:host_ips",
        rdfvalue.RDFString,
        "An IP address.",
        "Host_ip",
        index=client_index)

    PING = aff4.Attribute(
        "metadata:ping",
        rdfvalue.RDFDatetime,
        "The last time the server heard from this client.",
        "LastCheckin",
        versioned=False,
        default=0)

    CLOCK = aff4.Attribute(
        "metadata:clock",
        rdfvalue.RDFDatetime, "The last clock read on the client "
        "(Can be used to estimate client clock skew).",
        "Clock",
        versioned=False)

    CLIENT_IP = aff4.Attribute(
        "metadata:client_ip",
        rdfvalue.RDFString,
        "The ip address this client connected from.",
        "Client_ip",
        versioned=False)

    # This is the last foreman rule that applied to us
    LAST_FOREMAN_TIME = aff4.Attribute(
        "aff4:last_foreman_time",
        rdfvalue.RDFDatetime,
        "The last time the foreman checked us.",
        versioned=False)

    LAST_CRASH = aff4.Attribute(
        "aff4:last_crash",
        rdf_client.ClientCrash,
        "Last client crash.",
        creates_new_object_version=False,
        versioned=False)

    VOLUMES = aff4.Attribute("aff4:volumes", rdf_client_fs.Volumes,
                             "Client disk volumes.")

    INTERFACES = aff4.Attribute("aff4:interfaces",
                                rdf_client_network.Interfaces,
                                "Network interfaces.", "Interfaces")

    HARDWARE_INFO = aff4.Attribute(
        "aff4:hardware_info",
        rdf_client.HardwareInfo,
        "Various hardware information.",
        default=rdf_client.HardwareInfo())

    MEMORY_SIZE = aff4.Attribute("aff4:memory_size", rdfvalue.ByteSize,
                                 "Amount of memory this client's machine has.")

    # Cloud VM information.
    CLOUD_INSTANCE = aff4.Attribute("metadata:cloud_instance",
                                    rdf_cloud.CloudInstance,
                                    "Information about cloud machines.")
Beispiel #22
0
 class SchemaCls(VFSFile.SchemaCls):
   DELEGATE = aff4.Attribute("aff4:delegate", rdfvalue.RDFURN,
                             "The URN of the delegate of this object.")
Beispiel #23
0
 class SchemaCls(aff4.AFF4Volume.SchemaCls):
     ACTIVE = aff4.Attribute("aff4:filestore_active",
                             rdfvalue.RDFBool,
                             "If true this filestore is active.",
                             default=True)
Beispiel #24
0
 class SchemaCls(standard.VFSDirectory.SchemaCls):
   KNOWLEDGE_BASE = aff4.Attribute("metadata:temp_knowledge_base",
                                   rdf_client.KnowledgeBase,
                                   "Artifact Knowledge Base", "KnowledgeBase")