def testAFF4CreateAndSet(self): """How long does it take to create and set properties.""" client_info = rdf_client.ClientInformation(client_name="GRR", client_description="Description") def CreateAFF4Object(): """Blind write a VFSGRRClient with 1000 client info attributes.""" fd = aff4.FACTORY.Create("C.1234567812345678", aff4_grr.VFSGRRClient, token=self.token) fd.Set(fd.Schema.HOSTNAME("Foobar")) for _ in range(1000): fd.AddAttribute(fd.Schema.CLIENT_INFO, client_info) fd.Close() # Time creation into an empty data store. self.TimeIt(CreateAFF4Object, pre=data_store.DB.Clear) # Now we want to measure the time to read one of these object. data_store.DB.Clear() CreateAFF4Object() def ReadAFF4Object(): fd = aff4.FACTORY.Open("C.1234567812345678", token=self.token, ignore_cache=True, age=aff4.ALL_TIMES) self.assertEqual(fd.Get(fd.Schema.HOSTNAME), "Foobar") self.TimeIt(ReadAFF4Object, name="Read attribute from AFF4Object") def ReadVersionedAFF4Attribute(): fd = aff4.FACTORY.Open("C.1234567812345678", token=self.token, ignore_cache=True, age=aff4.ALL_TIMES) for x in fd.GetValuesForAttribute(fd.Schema.CLIENT_INFO): self.assertEqual(x.client_name, "GRR") self.TimeIt(ReadVersionedAFF4Attribute, name="Read heavily versioned Attributes") def ReadSomeVersionedAFF4Attribute(): fd = aff4.FACTORY.Open("C.1234567812345678", token=self.token, ignore_cache=True, age=aff4.ALL_TIMES) # Only read the top 5 attributes. for i, x in enumerate(fd.GetValuesForAttribute(fd.Schema.CLIENT_INFO)): self.assertEqual(x.client_name, "GRR") if i > 50: break self.TimeIt(ReadSomeVersionedAFF4Attribute, name="Read few versioned Attributes") # Using Get() on a multi versioned object should only parse one value. def ReadAVersionedAFF4Attribute(): fd = aff4.FACTORY.Open("C.1234567812345678", token=self.token, ignore_cache=True, age=aff4.ALL_TIMES) x = fd.Get(fd.Schema.CLIENT_INFO) self.assertEqual(x.client_name, "GRR") self.TimeIt(ReadAVersionedAFF4Attribute, name="Read one versioned Attributes")
class SchemaCls(standard.VFSDirectory.SchemaCls): """The schema for the client.""" client_index = rdfvalue.RDFURN("aff4:/index/client") CERT = aff4.Attribute("metadata:cert", rdf_crypto.RDFX509Cert, "The PEM encoded cert of the client.") FILESYSTEM = aff4.Attribute("aff4:filesystem", rdf_client.Filesystems, "Filesystems on the client.") CLIENT_INFO = aff4.Attribute( "metadata:ClientInfo", rdf_client.ClientInformation, "GRR client information", "GRR client", default=rdf_client.ClientInformation()) LAST_BOOT_TIME = aff4.Attribute( "metadata:LastBootTime", rdfvalue.RDFDatetime, "When the machine was last booted", "BootTime") FIRST_SEEN = aff4.Attribute("metadata:FirstSeen", rdfvalue.RDFDatetime, "First time the client registered with us", "FirstSeen") # Information about the host. HOSTNAME = aff4.Attribute( "metadata:hostname", rdfvalue.RDFString, "Hostname of the host.", "Host", index=client_index) FQDN = aff4.Attribute( "metadata:fqdn", rdfvalue.RDFString, "Fully qualified hostname of the host.", "FQDN", index=client_index) SYSTEM = aff4.Attribute("metadata:system", rdfvalue.RDFString, "Operating System class.", "System") UNAME = aff4.Attribute("metadata:uname", rdfvalue.RDFString, "Uname string.", "Uname") OS_RELEASE = aff4.Attribute("metadata:os_release", rdfvalue.RDFString, "OS Major release number.", "Release") OS_VERSION = aff4.Attribute("metadata:os_version", rdf_client.VersionString, "OS Version number.", "Version") # ARCH values come from platform.uname machine value, e.g. x86_64, AMD64. ARCH = aff4.Attribute("metadata:architecture", rdfvalue.RDFString, "Architecture.", "Architecture") INSTALL_DATE = aff4.Attribute("metadata:install_date", rdfvalue.RDFDatetime, "Install Date.", "Install") # The knowledge base is used for storing data about the host and users. # This is currently a slightly odd object as we only use some of the fields. # The proto itself is used in Artifact handling outside of GRR (e.g. Plaso). # Over time we will migrate fields into this proto, but for now it is a mix. KNOWLEDGE_BASE = aff4.Attribute("metadata:knowledge_base", rdf_client.KnowledgeBase, "Artifact Knowledge Base", "KnowledgeBase") GRR_CONFIGURATION = aff4.Attribute( "aff4:client_configuration", rdf_protodict.Dict, "Running configuration for the GRR client.", "Config") LIBRARY_VERSIONS = aff4.Attribute( "aff4:library_versions", rdf_protodict.Dict, "Running library versions for the client.", "Libraries") USERNAMES = aff4.Attribute( "aff4:user_names", SpaceSeparatedStringArray, "A space separated list of system users.", "Usernames", index=client_index) # This information is duplicated from the INTERFACES attribute but is done # to allow for fast searching by mac address. MAC_ADDRESS = aff4.Attribute( "aff4:mac_addresses", rdfvalue.RDFString, "A hex encoded MAC address.", "MAC", index=client_index) KERNEL = aff4.Attribute("aff4:kernel_version", rdfvalue.RDFString, "Kernel version string.", "KernelVersion") # Same for IP addresses. HOST_IPS = aff4.Attribute( "aff4:host_ips", rdfvalue.RDFString, "An IP address.", "Host_ip", index=client_index) PING = aff4.Attribute( "metadata:ping", rdfvalue.RDFDatetime, "The last time the server heard from this client.", "LastCheckin", versioned=False, default=0) CLOCK = aff4.Attribute( "metadata:clock", rdfvalue.RDFDatetime, "The last clock read on the client " "(Can be used to estimate client clock skew).", "Clock", versioned=False) CLIENT_IP = aff4.Attribute( "metadata:client_ip", rdfvalue.RDFString, "The ip address this client connected from.", "Client_ip", versioned=False) # This is the last foreman rule that applied to us LAST_FOREMAN_TIME = aff4.Attribute( "aff4:last_foreman_time", rdfvalue.RDFDatetime, "The last time the foreman checked us.", versioned=False) LAST_CRASH = aff4.Attribute( "aff4:last_crash", rdf_client.ClientCrash, "Last client crash.", creates_new_object_version=False, versioned=False) VOLUMES = aff4.Attribute("aff4:volumes", rdf_client.Volumes, "Client disk volumes.") INTERFACES = aff4.Attribute("aff4:interfaces", rdf_client.Interfaces, "Network interfaces.", "Interfaces") HARDWARE_INFO = aff4.Attribute( "aff4:hardware_info", rdf_client.HardwareInfo, "Various hardware information.", default=rdf_client.HardwareInfo()) MEMORY_SIZE = aff4.Attribute("aff4:memory_size", rdfvalue.ByteSize, "Amount of memory this client's machine has.") # Cloud VM information. CLOUD_INSTANCE = aff4.Attribute("metadata:cloud_instance", cloud.CloudInstance, "Information about cloud machines.")
def _TestClientInfo(self): return rdf_client.ClientInformation( client_name="GRR Monitor", client_version=config.CONFIG["Source.version_numeric"], build_time="1980-01-01", labels=["label1", "label2"])
def _TestClientInfo(self): return rdf_client.ClientInformation(client_name="GRR Monitor", client_version="123", build_time="1980-01-01", labels=["label1", "label2"])