def send_ping(dev=False):
can_read_cert()
ping = mtls_request('get', 'ping', dev=dev, requester_name="Ping", log_on_ok=True)
if ping is None or not ping.ok:
logger.error('Ping failed.')
return
connections, ports = security_helper.netstat_scan()
payload = {
'device_operating_system_version': platform.release(),
'fqdn': socket.getfqdn(),
'ipv4_address': get_primary_ip(),
'uptime': get_uptime(),
'agent_version': str(__version__),
'confinement': CONFINEMENT.name,
'installation': detect_installation().name
}
# Things we can't do within a Snap or Docker
if CONFINEMENT not in (Confinement.SNAP, Confinement.DOCKER, Confinement.BALENA):
payload.update({
'processes': security_helper.process_scan(),
'logins': journal_helper.logins_last_hour(),
'default_password': security_helper.check_for_default_passwords(CONFIG_PATH)
})
# Things we cannot do in Docker
if CONFINEMENT not in (Confinement.DOCKER, Confinement.BALENA):
blocklist = ping.json()
iptables_helper.block(blocklist)
payload.update({
'selinux_status': security_helper.selinux_status(),
'app_armor_enabled': security_helper.is_app_armor_enabled(),
'firewall_rules': iptables_helper.dump(),
'scan_info': ports,
'netstat': connections
})
rpi_metadata = rpi_helper.detect_raspberry_pi()
if rpi_metadata['is_raspberry_pi']:
payload.update({
'device_manufacturer': 'Raspberry Pi',
'device_model': rpi_metadata['hardware_model'],
})
logger.debug("[GATHER] POST Ping: {}".format(payload))
ping = mtls_request('post', 'ping', json=payload, dev=dev, requester_name="Ping", log_on_ok=True)
if ping is None or not ping.ok:
logger.error('Ping failed.')
return
def send_ping(debug=False, dev=False):
can_read_cert()
payload = {
'device_operating_system_version': platform.release(),
'fqdn': socket.getfqdn(),
'ipv4_address': get_primary_ip(),
'uptime': get_uptime(),
'scan_info': get_open_ports(),
'netstat': security_helper.netstat_scan(),
'processes': security_helper.process_scan(),
'firewall_enabled': security_helper.is_firewall_enabled(),
'firewall_rules': security_helper.get_firewall_rules(),
'app_armor_enabled': security_helper.is_app_armor_enabled()
}
rpi_metadata = rpi_helper.detect_raspberry_pi()
if rpi_metadata['is_raspberry_pi']:
payload['device_manufacturer'] = 'Raspberry Pi'
payload['device_model'] = rpi_metadata['hardware_model']
if debug:
print("[GATHER] Ping: {}".format(payload))
ping = requests.post('{}/v0.2/ping'.format(MTLS_ENDPOINT),
cert=(CLIENT_CERT_PATH, CLIENT_KEY_PATH),
json=payload,
headers={
'SSL-CLIENT-SUBJECT-DN': 'CN=' + get_device_id(),
'SSL-CLIENT-VERIFY': 'SUCCESS'
} if dev else {})
if debug:
print("[RECEIVED] Ping: {}".format(ping.status_code))
print("[RECEIVED] Ping: {}".format(ping.content))
if not ping.ok:
print('Ping failed.')
return
pong = ping.json()
security_helper.block_ports(pong.get('block_ports', []))
security_helper.block_networks(pong.get('block_networks', []))
def send_ping(dev=False):
can_read_cert()
ping = mtls_request('get',
'ping',
dev=dev,
requester_name="Ping",
log_on_ok=True)
if ping is None or not ping.ok:
logger.error('Ping failed.')
return
ping = ping.json()
payload = {
'device_operating_system_version': platform.release(),
'fqdn': socket.getfqdn(),
'ipv4_address': get_primary_ip(),
'uptime': get_uptime(),
'agent_version': str(__version__),
'confinement': CONFINEMENT.name,
'cloud': detect_cloud().name,
'installation': detect_installation().name,
'os_release': get_os_release()
}
if CONFINEMENT != Confinement.SNAP:
packages = get_packages()
if ping.get('deb_packages_hash') != packages['hash']:
payload['deb_packages'] = packages
if CONFINEMENT in (Confinement.NONE, Confinement.SNAP):
connections, ports = security_helper.netstat_scan()
blocklist = ping
iptables_helper.block(blocklist)
payload.update({
'processes':
security_helper.process_scan(),
'logins':
journal_helper.logins_last_hour(),
'firewall_rules':
iptables_helper.dump(),
'scan_info':
ports,
'netstat':
connections,
'selinux_status':
security_helper.selinux_status(),
'app_armor_enabled':
security_helper.is_app_armor_enabled()
})
if CONFINEMENT == Confinement.NONE:
payload.update({
'default_password_users':
security_helper.check_for_default_passwords(CONFIG_PATH),
'audit_files':
security_helper.audit_config_files(),
'auto_upgrades':
auto_upgrades_enabled(),
'mysql_root_access':
security_helper.mysql_root_access(),
'kernel_package':
kernel_package_info(),
'reboot_required':
reboot_required(),
'cpu':
security_helper.cpu_vulnerabilities()
})
rpi_metadata = detect_raspberry_pi()
if rpi_metadata['is_raspberry_pi']:
payload.update({
'device_manufacturer': 'Raspberry Pi',
'device_model': rpi_metadata['hardware_model'],
})
logger.debug("[GATHER] POST Ping: {}".format(payload))
ping = mtls_request('post',
'ping',
json=payload,
dev=dev,
requester_name="Ping",
log_on_ok=True)
if ping is None or not ping.ok:
logger.error('Ping failed.')
return
def get_open_ports(dev=False):
return security_helper.netstat_scan()[1]
def get_open_ports():
connections, ports = security_helper.netstat_scan()
return ports