Ejemplo n.º 1
def getOS(architecture=False, removeLinux=False):
    os = distro.linux_distribution()[0]
    if removeLinux:
        os = re.sub('linux', '', os, flags=re.IGNORECASE)
    os = os.rstrip()
    if architecture:
        os += ' ' + platform.machine()
    return os
Ejemplo n.º 2
def info(p_json, p_home, p_repo, print_flag=True):
  import os

  p_user = util.get_user()
  p_is_admin = util.is_admin()
  pip_ver = get_pip_ver()

  this_os = ""
  this_uname = str(platform.system())
  host_ip = util.get_host_ip()
  wmic_path = os.getenv("SYSTEMROOT", "") + os.sep + "System32" + os.sep + "wbem" + os.sep + "wmic"
  if this_uname == "Windows":
    import psutil
    host_display = os.getenv('LOGONSERVER','') + '\\' + os.getenv('COMPUTERNAME')
    system_cpu_cores = os.getenv('NUMBER_OF_PROCESSORS','1')
    os_arch = os.getenv('PROCESSOR_ARCHITECTURE', '')
    cpu_model = check_output_wmic([wmic_path, "cpu", "get", "name"])
    ## system_memory_in_gb ######################################
    m = psutil.virtual_memory().total
    mem_bytes = int(m)
    system_memory_in_kbytes = mem_bytes / 1024.0
    system_memory_in_gb = str(mem_bytes / (1024.0**3))
    os_arch = util.getoutput("uname -m")
    host_display = util.get_host_short()

  ## Check the OS & Resources ########################################
  plat = util.get_os()
  os_major_ver = ""
  if this_uname == "Darwin":
    mem_mb = util.get_mem_mb()
    system_memory_in_kbytes = mem_mb * 1024
    system_memory_in_gb = mem_mb / 1024.0
    system_cpu_cores = util.get_cpu_cores()
    cpu_model=util.getoutput("/usr/sbin/sysctl -n machdep.cpu.brand_string")
    prod_name = util.getoutput("sw_vers -productName")
    prod_version = util.getoutput("sw_vers -productVersion")
    this_os = prod_name + " " + prod_version
  elif this_uname == "Linux":
    mem_mb = util.get_mem_mb()
    system_memory_in_kbytes = mem_mb * 1024
    system_memory_in_gb = mem_mb / 1024.0
    system_cpu_cores = util.get_cpu_cores()
    cpu_model=util.getoutput("grep 'model name' /proc/cpuinfo | head -1 | cut -d':' -f2")
    os_major_ver = util.getoutput("cat /etc/os-release | grep VERSION_ID | cut -d= -f2 | tr -d '\"'")
    if cpu_model == "":
    if os.path.exists("/etc/redhat-release"):
      this_os = util.getoutput("cat /etc/redhat-release")
    elif os.path.exists("/etc/system-release"):
      this_os = util.getoutput("cat /etc/system-release")
    elif os.path.exists("/etc/lsb-release"):
      this_os = util.getoutput("cat /etc/lsb-release | grep DISTRIB_DESCRIPTION | cut -d= -f2 | tr -d '\"'")
    elif os.path.exists("/etc/os-release"):
      this_os = util.getoutput("cat /etc/os-release | grep PRETTY_NAME | cut -d= -f2 | tr -d '\"'")
  elif this_uname == "Windows":
    caption = check_output_wmic([wmic_path, "os", "get", "caption"])
    svcpack = check_output_wmic([wmic_path, "os", "get", "servicepackmajorversion"])
    if svcpack == "0":
      this_os = caption
      this_os = caption + ", SP " + svcpack

  round_mem = util.pretty_rounder(float(system_memory_in_gb), 1)
  mem = str(round_mem) + " GB"

  cores = str(system_cpu_cores)

  cpu = cpu_model.strip()
  cpu = cpu.replace("(R)", "")
  cpu = cpu.replace("(TM)", "")
  cpu = cpu.replace(" CPU ", " ")

  os = this_os.replace(" release ", " ")
  os = os.replace(" (Final)", "")

  arch = os_arch.replace("x86_64", "AMD")
  arch = arch.replace("AMD64", "AMD")

  ver = util.get_version()
  [last_update_utc, last_update_local, unique_id] = util.read_hosts('localhost')
  if last_update_local:
    last_upd_dt = datetime.strptime(last_update_local, "%Y-%m-%d %H:%M:%S")
    time_diff = int(util.timedelta_total_seconds(datetime.now() - last_upd_dt))
    last_update_readable = util.get_readable_time_diff(str(time_diff), precision=2)

  versions_sql = util.get_versions_sql()
  perl_ver = util.get_perl_ver()
  [java_major_ver, java_ver] = util.get_java_ver()

  os_pkg_mgr = util.get_pkg_mgr()
  jvm_location = util.get_jvm_location()

  if p_json:
    infoJsonArray = []
    infoJson = {}
    infoJson['version'] = ver
    infoJson['home'] = p_home
    infoJson['user'] = p_user
    infoJson['host'] = host_display
    infoJson['host_short'] = util.get_host_short()
    infoJson['host_long'] = util.get_host()
    infoJson['host_ip'] = util.get_host_ip()
    infoJson['os'] = unicode(str(os),sys.getdefaultencoding(),errors='ignore').strip()
    infoJson['os_pkg_mgr'] = os_pkg_mgr
    infoJson['os_major_ver'] = os_major_ver
    infoJson['platform'] = unicode(str(plat),sys.getdefaultencoding(),errors='ignore').strip()
    infoJson['arch'] = arch
    infoJson['mem'] = round_mem
    infoJson['cores'] = system_cpu_cores
    infoJson['cpu'] = cpu
    infoJson['last_update_utc'] = last_update_utc
    if last_update_local:
      infoJson['last_update_readable'] = last_update_readable
    infoJson['unique_id'] = unique_id
    infoJson['repo'] = p_repo
    infoJson['versions_sql'] = versions_sql
    infoJson['system_memory_in_kb'] = system_memory_in_kbytes
    infoJson['python_ver'] = python_ver
    infoJson['python_exe'] = python_exe
    if pip_ver != 'None':
      infoJson['pip_ver'] = pip_ver
    infoJson['perl_ver'] = perl_ver
    infoJson['java_ver'] = java_ver
    infoJson['java_major_ver'] = java_major_ver
    infoJson['jvm_location'] = jvm_location
    if print_flag:
      return infoJson

  if p_is_admin:
    admin_display = " (Admin)"
    admin_display = ""

  langs = "Python v" + python_ver
  if perl_ver > "":
    langs = langs + " | Perl v" + perl_ver
  if java_ver > "":
    langs = langs + " | Java v" + java_ver


  print(style_start + ("#" * 70) + style_end)
  print(style_start + "#                IO: " + style_end + "v" + ver + "  " + p_home)
  print(style_start + "#       User & Host: " + style_end + p_user + admin_display + "  " + host_display)
  print(style_start + "#  Operating System: " + style_end + os.rstrip() + " - " + str(plat))
  print(style_start + "#           Machine: " + style_end + mem + ", " + cores + " vCPU, " + cpu)
  print(style_start + "# Programming Langs: " + style_end + langs)

  default_repo = "https://openrds-download.s3.amazonaws.com/REPO"
  if p_repo != default_repo:
    print(style_start + "#          Repo URL: " + style_end + p_repo)

  if versions_sql == "versions.sql":
    print(style_start + "#      Versions SQL: " + style_end + versions_sql)

  if not last_update_local:

  print(style_start + "#       Last Update: " + style_end + str(last_update_local))
  print(style_start + ("#" * 70) + style_end)
Ejemplo n.º 3
def info(p_json, p_home, p_repo, print_flag=True):
    import os

    p_user = util.get_user()
    p_is_admin = util.is_admin()

    this_os = ""
    this_uname = str(platform.system())
    host_ip = util.get_host_ip()
    wmic_path = os.getenv(
        "") + os.sep + "System32" + os.sep + "wbem" + os.sep + "wmic"
    if this_uname == "Windows":
        import psutil
        host_display = os.getenv('LOGONSERVER',
                                 '') + '\\' + os.getenv('COMPUTERNAME')
        system_cpu_cores = os.getenv('NUMBER_OF_PROCESSORS', '1')
        os_arch = os.getenv('PROCESSOR_ARCHITECTURE', '')
        cpu_model = subprocess.check_output([wmic_path, "cpu", "get",
        ## system_memory_in_gb ######################################
        m = psutil.virtual_memory().total
        mem_bytes = int(m)
        system_memory_in_kbytes = mem_bytes / 1024.0
        system_memory_in_gb = mem_bytes / (1024.0**3)
        os_arch = util.getoutput("uname -m")
        HOST = util.get_host_short()
        host_display = "{0} {1}".format(HOST, host_ip)

    ## Check the OS & Resources ########################################
    plat = util.get_os()
    if this_uname == "Darwin":
        system_memory_in_bytes = int(
            util.getoutput("/usr/sbin/sysctl hw.memsize | awk '{print $2}'"))
        system_memory_in_kbytes = system_memory_in_bytes / 1024
        system_memory_in_gb = system_memory_in_bytes / 1024 / 1024 / 1024
        system_cpu_cores = int(
                "/usr/sbin/sysctl hw.physicalcpu | awk '{print $2}'"))
        cpu_model = util.getoutput(
            "/usr/sbin/sysctl -n machdep.cpu.brand_string")
        prod_name = util.getoutput("sw_vers -productName")
        prod_version = util.getoutput("sw_vers -productVersion")
        this_os = prod_name + " " + prod_version
    elif this_uname == "Linux":
        system_memory_in_kbytes = int(
            util.getoutput("cat /proc/meminfo | awk '/MemTotal/ {print $2}'"))
        system_memory_in_gb = system_memory_in_kbytes / 1024.0 / 1024.0
        system_cpu_cores = int(
                "egrep -c 'processor([[:space:]]+):.*' /proc/cpuinfo"))
        cpu_model = util.getoutput(
            "grep 'model name' /proc/cpuinfo | head -1 | cut -d':' -f2")
        if os.path.exists("/etc/redhat-release"):
            this_os = util.getoutput("cat /etc/redhat-release")
        elif os.path.exists("/etc/system-release"):
            this_os = util.getoutput("cat /etc/system-release")
        elif os.path.exists("/etc/lsb-release"):
            this_os = util.getoutput(
                "cat /etc/lsb-release | grep DISTRIB_DESCRIPTION | cut -d= -f2 | tr -d '\"'"
    elif this_uname == "Windows":
        caption_result = subprocess.check_output(
            [wmic_path, "os", "get", "caption"])
            caption = str(caption_result).strip().split("\n")[1]
        except UnicodeDecodeError as e:
            caption = unicode(caption_result,
        svcpack_result = subprocess.check_output(
            [wmic_path, "os", "get", "servicepackmajorversion"])
            svcpack = str(svcpack_result).strip().split("\n")[1]
        except UnicodeDecodeError as e:
            svcpack = unicode(svcpack_result,
        if svcpack == "0":
            this_os = caption
            this_os = caption + ", SP " + svcpack

    round_mem = util.pretty_rounder(system_memory_in_gb, 1)
    mem = str(round_mem) + " GB"

    cores = str(system_cpu_cores) + " x"

    cpu = cpu_model.strip()
    cpu = cpu.replace("(R)", "")
    cpu = cpu.replace("(TM)", "")
    cpu = cpu.replace(" CPU ", " ")

    os = this_os.replace(" release ", " ")
    os = os.replace(" (Final)", "")

    arch = os_arch.replace("x86_64", "x64")
    arch = arch.replace("AMD64", "x64")

    ver = util.get_pgc_version()
        interval, last_update_utc, next_update_utc, last_update_local,
        next_update_local, unique_id
    ] = util.read_hosts('localhost')
    if last_update_local:
        last_upd_dt = datetime.strptime(last_update_local, "%Y-%m-%d %H:%M:%S")
        time_diff = int(
            util.timedelta_total_seconds(datetime.now() - last_upd_dt))
        last_update_readable = util.get_readable_time_diff(str(time_diff),

    versions_sql = util.get_versions_sql()

    if p_json:
        infoJsonArray = []
        infoJson = {}
        infoJson['version'] = ver
        infoJson['home'] = p_home
        infoJson['user'] = p_user
        infoJson['host'] = host_display
        infoJson['host_short'] = util.get_host_short()
        infoJson['host_long'] = util.get_host()
        infoJson['host_ip'] = util.get_host_ip()
        infoJson['os'] = unicode(str(os),
        infoJson['platform'] = unicode(str(plat),
        infoJson['arch'] = arch
        infoJson['mem'] = round_mem
        infoJson['cores'] = system_cpu_cores
        infoJson['cpu'] = cpu
        infoJson['interval'] = interval
        infoJson['last_update_utc'] = last_update_utc
        if last_update_local:
            infoJson['last_update_readable'] = last_update_readable
        infoJson['next_update_utc'] = next_update_utc
        infoJson['unique_id'] = unique_id
        infoJson['repo'] = p_repo
        infoJson['versions_sql'] = versions_sql
        infoJson['system_memory_in_kb'] = system_memory_in_kbytes
        infoJson['python_ver'] = python_ver
        infoJson['python_exe'] = python_exe
        if pip_ver != 'None':
            infoJson['pip_ver'] = pip_ver
        if print_flag:
            print(json.dumps(infoJsonArray, sort_keys=True, indent=2))
            return infoJson

    if p_is_admin:
        admin_display = " (Admin)"
        admin_display = ""

    print(style_start + ("#" * 70) + style_end)
    print(style_start + "#             PGC: " + style_end + "v" + ver + "  " +
    print(style_start + "#     User & Host: " + style_end + p_user +
          admin_display + "  " + host_display)
    print(style_start + "#        Platform: " + style_end + plat + " | " +
    if pip_ver != "None":
        print(style_start + "#          Python: " + style_end + "pip v" +  pip_ver + \
                                              " | v" + python_ver + " | " + python_exe)
        print(style_start + "#          Python: " + style_end + "v" +
              python_ver + " | " + python_exe)
    print(style_start + "#        Hardware: " + style_end + mem + ", " +
          cores + " " + cpu)

    default_repo = "https://s3.amazonaws.com/pgcentral"
    if p_repo != default_repo:
        print(style_start + "#        Repo URL: " + style_end + p_repo)

    if versions_sql == "versions.sql":
        print(style_start + "#    Versions SQL: " + style_end + versions_sql)
    if not last_update_local:
        last_update_local = "None"
    print(style_start + "#     Last Update: " + style_end +
    if interval:
        print(style_start + "# Update Interval: " + style_end + str(interval))
        print(style_start + "# Next Update : " + style_end +
    print(style_start + ("#" * 70) + style_end)
Ejemplo n.º 4
def passerViz(line):
        print "---"    
        version = "?"
        os = "?"
        #print "Entered passerViz() : " + line
        line = line.rstrip("\n")
        fields = line.split(",")
        print fields
        ip   = fields[1]
        port = fields[2]
        info = fields[4]

        geoIP = ipintellib.geo_ip(ip)
        cc = geoIP['countryCode']
        print cc
        print "info(raw)   = " + info
        infoRaw = info
        info = info.replace("/",":")
        print "ip     = " + ip
        print "port   = " + port
        info = info.replace("protocol ","protocol_")
        info = info.replace(":::",":")
        info = info.replace(" beta","beta")
        info = info.replace("Microsoft IIS SSL","MS_IIS_SSL")
        info = info.replace("Microsoft IIS","MS_IIS")
        info = info.replace("Microsoft Windows RPC","MS_RPC")
        info = info.replace("Microsoft Windows daytime","MS_TIME")
        info = info.replace("Microsoft SQL Server","MS_SQL")
        info = info.replace("Microsoft Terminal Service","MS_TS")
        info = info.replace("Microsoft DNS","MS_DNS")
        info = info.replace("Microsoft ftpd","MS_FTPD")
        info = info.replace("Apache Jserv","JSERV")
        info = info.replace("Internet Rex","REX")
        info = info.replace("Courier pop3d","COURIER_POP3D")
        info = info.replace("Postfix smtpd","POSTFIX_SMTPD")
        info = info.replace("Linux telnetd","LINUX_TELNETD")
        info = info.replace("Linux SNMP multiplexer","LINUX_SMUX")
        info = info.replace("Cisco SSH","CISCO_SSH")
        info = info.replace("Cisco IOS http","CISCO_HTTPD")
        info = info.replace("Cisco SIP Gateway","CISCO_SIP")
        info = info.replace("Oracle HTTP Server","ORACLE_HTTPD")
        info = info.replace("Oracle XML DB Enterprise","ORACLE_XML_DB")
        info = info.replace("ISC BIND","BIND")
        info = info.replace("SCS sshd","SCS_SSHD")
        info = info.replace("osiris host IDS agent","OSIRIS_AGENT")
        print "info(post)  = " + info
        infofields = info.split(" ")
        print "infofields = " + infofields.__str__()
        for i in infofields :
            #print "i = " + i.__str__()
            if i.find(":p:") >= 0 :
                program = i.rstrip(":")
                program = i.lstrip(":")
                program = program.replace("http:p:","")
                program = program.replace("ssl:p:","")
                program = program.replace("mysql:p:","")
                program = program.replace("msrpc:p:","")
                program = program.replace("http-proxy:p:","")
                program = program.replace("proxy:p:","")
                program = program.replace("openSSH:p:","")
                program = program.replace("imap:p:","")
                program = program.replace("ajp13:p:","JSERV")
                program = program.replace("ms-sql-s:p:","SQL")
                program = program.replace("pop3:p:","POP3")
                program = program.replace("telnet:p:","TELNETD")
                program = program.replace("ident:p:","")
                program = program.replace("smtp:p:","")
                program = program.replace("ftp:p:","")
                program = program.replace("dominoconsole:p:","-")
                #program = program.replace("domain:p:","DNS")
                program = program.replace("microsoft-ds:p:","")
                #program = program.replace("ssh:p:","SSH")
                program = program.replace("nagios-nsca:p:","")                
                print "program found in " + i.__str__() + " is " + program.__str__()
            if i.find("v:") >= 0 :
                version = i.rstrip(":")
                version = version.lstrip(":")
                version = version.replace("v:","")
                print "version  found in " + i.__str__() + " is " + version.__str__()
            if i.find("i:") >= 0 :
                info = i.rstrip(":")
                info = info.lstrip(":")
                info = info.replace("protocol_","")
                print "info     found in " + i.__str__() + " is " + info.__str__()

            if i.find("o:") >= 0 :
                os = i.rstrip(":")
                os = os.lstrip(":")
                os = os.replace("Windows","W")
                os = os.replace("Linux","L")
                os = os.replace("Unix","U")
                os = os.replace("IOS","I")
                os = os.replace("o:","")
                os = os.rstrip("\n")
                print "os       found in " + i.__str__() + " is " + os.__str__()

        now = time.time()
        nowLocal = time.gmtime(now)
        tstamp = time.asctime(nowLocal)

        msg = "passerViz() : ip=" + ip.__str__() + " port=" + port.__str__() + " program=" + program.__str__() + " os=" + os.__str__()
        fp = open("/home/var/secviz/passer.csv","a")
        msg1 = port + "," + program + "," + tstamp + "," + infoRaw
        print msg1
        print >> fp, msg1
        msg2 = program + version + "," + program + "," + tstamp + "," + infoRaw
        print msg2 
        print >> fp, msg2
        msg3 = ip + ":" + cc + ":" + os + "," + program + version + "," + tstamp + "," + infoRaw
        print msg3
        print >> fp, msg3
    except Exception,e:
        msg = "kojoney_passer_parse.py : passerViz() : " + `e` + " line=" + line
        return None