Python HardwareInfo Examples, grr_response_core.lib.rdfvalues.client.HardwareInfo Python Examples

Example #1

0

Show file

  def SetupTestClientObject(self,
                            client_nr,
                            add_cert=True,
                            arch="x86_64",
                            install_time=None,
                            last_boot_time=None,
                            fqdn=None,
                            kernel="4.0.0",
                            memory_size=None,
                            os_version="buster/sid",
                            ping=None,
                            system="Linux",
                            labels=None):
    """Prepares a test client object."""
    client_id = "C.1%015x" % client_nr

    client = rdf_objects.ClientSnapshot(client_id=client_id)
    client.startup_info.client_info = self._TestClientInfo()
    if last_boot_time is not None:
      client.startup_info.boot_time = last_boot_time

    client.knowledge_base.fqdn = fqdn or "Host-%x.example.com" % client_nr
    client.knowledge_base.os = system
    client.knowledge_base.users = [
        rdf_client.User(username=u"user1"),
        rdf_client.User(username=u"user2"),
    ]
    client.os_version = os_version
    client.arch = arch
    client.kernel = kernel

    client.interfaces = self._TestInterfaces(client_nr)
    client.install_time = install_time

    client.hardware_info = rdf_client.HardwareInfo(
        system_manufacturer="System-Manufacturer-%x" % client_nr,
        bios_version="Bios-Version-%x" % client_nr)

    if memory_size is not None:
      client.memory_size = memory_size

    ping = ping or rdfvalue.RDFDatetime.Now()
    if add_cert:
      cert = self.ClientCertFromPrivateKey(config.CONFIG["Client.private_key"])
    else:
      cert = None

    data_store.REL_DB.WriteClientMetadata(
        client_id, last_ping=ping, certificate=cert, fleetspeak_enabled=False)
    data_store.REL_DB.WriteClientSnapshot(client)

    client_index.ClientIndex().AddClient(client)

    if labels:
      data_store.REL_DB.AddClientLabels(client_id, u"GRR", labels)
      client_index.ClientIndex().AddClientLabels(
          client_id, data_store.REL_DB.ReadClientLabels(client_id))

    return client

Example #2

0

Show file

  def Parse(self, result):
    """Parse the WMI output to get Identifying Number."""
    # Currently we are only grabbing the Identifying Number
    # as the serial number (catches the unique number for VMs).
    # This could be changed to include more information from
    # Win32_ComputerSystemProduct.

    yield rdf_client.HardwareInfo(
        serial_number=result["IdentifyingNumber"],
        system_manufacturer=result["Vendor"])

Example #3

0

Show file

File: linux_cmd_parser.py Project: esmat777/grr

  def Parse(self, cmd, args, stdout, stderr, return_val, time_taken,
            knowledge_base):
    """Parse the dmidecode output. All data is parsed into a dictionary."""
    _ = stderr, time_taken, args, knowledge_base  # Unused.
    self.CheckReturn(cmd, return_val)
    output = iter(stdout.decode("utf-8").splitlines())

    # Compile all regexes in advance.
    sys_info_re = re.compile(r"\s*System Information")
    sys_regexes = {
        "system_manufacturer": self._re_compile("Manufacturer"),
        "serial_number": self._re_compile("Serial Number"),
        "system_product_name": self._re_compile("Product Name"),
        "system_uuid": self._re_compile("UUID"),
        "system_sku_number": self._re_compile("SKU Number"),
        "system_family": self._re_compile("Family"),
        "system_assettag": self._re_compile("Asset Tag")
    }

    bios_info_re = re.compile(r"\s*BIOS Information")
    bios_regexes = {
        "bios_vendor": self._re_compile("Vendor"),
        "bios_version": self._re_compile("Version"),
        "bios_release_date": self._re_compile("Release Date"),
        "bios_rom_size": self._re_compile("ROM Size"),
        "bios_revision": self._re_compile("BIOS Revision")
    }

    # Initialize RDF.
    dmi_info = rdf_client.HardwareInfo()

    for line in output:
      if sys_info_re.match(line):
        # Collect all System Information until we hit a blank line.
        while line:
          for attr, regex in iteritems(sys_regexes):
            match = regex.match(line)
            if match:
              setattr(dmi_info, attr, match.group(1).strip())
              break
          line = next(output)

      elif bios_info_re.match(line):
        # Collect all BIOS Information until we hit a blank line.
        while line:
          for attr, regex in iteritems(bios_regexes):
            match = regex.match(line)
            if match:
              setattr(dmi_info, attr, match.group(1).strip())
              break
          line = next(output)

    yield dmi_info

Example #4

0

Show file

    def Parse(self, cmd, args, stdout, stderr, return_val, time_taken,
              knowledge_base):
        """Parse the system profiler output. We get it in the form of a plist."""
        _ = stderr, time_taken, args, knowledge_base  # Unused
        self.CheckReturn(cmd, return_val)

        plist = binplist.readPlist(io.BytesIO(stdout))

        if len(plist) > 1:
            raise parser.ParseError(
                "SPHardwareDataType plist has too many items.")

        hardware_list = plist[0]["_items"][0]
        serial_number = getattr(hardware_list, "serial_number", None)
        system_product_name = getattr(hardware_list, "machine_model", None)
        bios_version = getattr(hardware_list, "boot_rom_version", None)

        yield rdf_client.HardwareInfo(serial_number=serial_number,
                                      bios_version=bios_version,
                                      system_product_name=system_product_name)

Example #5

0

Show file

File: osx_file_parser.py Project: suraj-testing2/Plants_Book

  def Parse(self, cmd, args, stdout, stderr, return_val, knowledge_base):
    """Parse the system profiler output. We get it in the form of a plist."""
    _ = stderr, args, knowledge_base  # Unused
    self.CheckReturn(cmd, return_val)

    try:
      plist = biplist.readPlist(io.BytesIO(stdout))
    except biplist.InvalidPlistException as error:
      raise parsers.ParseError("Failed to parse a plist file", cause=error)

    if len(plist) > 1:
      raise parsers.ParseError("SPHardwareDataType plist has too many items.")

    hardware_list = plist[0]["_items"][0]
    serial_number = hardware_list.get("serial_number", None)
    system_product_name = hardware_list.get("machine_model", None)
    bios_version = hardware_list.get("boot_rom_version", None)

    yield rdf_client.HardwareInfo(
        serial_number=serial_number,
        bios_version=bios_version,
        system_product_name=system_product_name)

Example #6

0

Show file

    def testGetClientSummary(self):
        hostname = "test"
        system = "Linux"
        os_release = "12.02"
        kernel = "3.15-rc2"
        fqdn = "test.test.com"
        arch = "amd64"
        install_time = rdfvalue.RDFDatetime.Now()
        user = "******"
        userobj = rdf_client.User(username=user)
        interface = rdf_client.Interface(ifname="eth0")
        google_cloud_instance = rdf_cloud.GoogleCloudInstance(
            instance_id="1771384456894610289",
            zone="projects/123456789733/zones/us-central1-a",
            project_id="myproject",
            unique_id="us-central1-a/myproject/1771384456894610289")
        cloud_instance = rdf_cloud.CloudInstance(cloud_type="GOOGLE",
                                                 google=google_cloud_instance)

        serial_number = "DSD33679FZ"
        system_manufacturer = "Foobar Inc."
        system_uuid = "C31292AD-6Z4F-55D8-28AC-EC1100E42222"
        hwinfo = rdf_client.HardwareInfo(
            serial_number=serial_number,
            system_manufacturer=system_manufacturer,
            system_uuid=system_uuid)

        timestamp = 1
        with utils.Stubber(time, "time", lambda: timestamp):
            with aff4.FACTORY.Create("C.0000000000000000",
                                     aff4_grr.VFSGRRClient,
                                     mode="rw",
                                     token=self.token) as fd:
                kb = rdf_client.KnowledgeBase()
                kb.users.Append(userobj)
                empty_summary = fd.GetSummary()
                self.assertEqual(empty_summary.client_id, "C.0000000000000000")
                self.assertFalse(empty_summary.system_info.version)
                self.assertEqual(empty_summary.timestamp.AsSecondsSinceEpoch(),
                                 1)

                # This will cause TYPE to be written with current time = 101 when the
                # object is closed
                timestamp += 100
                fd.Set(fd.Schema.HOSTNAME(hostname))
                fd.Set(fd.Schema.SYSTEM(system))
                fd.Set(fd.Schema.OS_RELEASE(os_release))
                fd.Set(fd.Schema.KERNEL(kernel))
                fd.Set(fd.Schema.FQDN(fqdn))
                fd.Set(fd.Schema.ARCH(arch))
                fd.Set(fd.Schema.INSTALL_DATE(install_time))
                fd.Set(fd.Schema.KNOWLEDGE_BASE(kb))
                fd.Set(fd.Schema.USERNAMES([user]))
                fd.Set(fd.Schema.HARDWARE_INFO(hwinfo))
                fd.Set(fd.Schema.INTERFACES([interface]))
                fd.Set(fd.Schema.CLOUD_INSTANCE(cloud_instance))

            with aff4.FACTORY.Open("C.0000000000000000",
                                   aff4_grr.VFSGRRClient,
                                   mode="rw",
                                   token=self.token) as fd:
                summary = fd.GetSummary()
                self.assertEqual(summary.system_info.system, system)
                self.assertEqual(summary.system_info.release, os_release)
                self.assertEqual(summary.system_info.kernel, kernel)
                self.assertEqual(summary.system_info.fqdn, fqdn)
                self.assertEqual(summary.system_info.machine, arch)
                self.assertEqual(summary.system_info.install_date,
                                 install_time)
                self.assertItemsEqual(summary.users, [userobj])
                self.assertItemsEqual(summary.interfaces, [interface])
                self.assertFalse(summary.client_info)

                self.assertEqual(summary.timestamp.AsSecondsSinceEpoch(), 101)
                self.assertEqual(summary.cloud_type, "GOOGLE")
                self.assertEqual(
                    summary.cloud_instance_id,
                    "us-central1-a/myproject/1771384456894610289")

                self.assertEqual(summary.serial_number, serial_number)
                self.assertEqual(summary.system_manufacturer,
                                 system_manufacturer)
                self.assertEqual(summary.system_uuid, system_uuid)

Example #7

0

Show file

  class SchemaCls(standard.VFSDirectory.SchemaCls):
    """The schema for the client."""
    client_index = rdfvalue.RDFURN("aff4:/index/client")

    FLEETSPEAK_ENABLED = aff4.Attribute(
        "metadata:IsFleetspeak", rdfvalue.RDFBool,
        "Whether this client uses Fleetspeak for comms.")

    CERT = aff4.Attribute("metadata:cert", rdf_crypto.RDFX509Cert,
                          "The PEM encoded cert of the client.")

    FILESYSTEM = aff4.Attribute("aff4:filesystem", rdf_client_fs.Filesystems,
                                "Filesystems on the client.")

    CLIENT_INFO = aff4.Attribute(
        "metadata:ClientInfo",
        rdf_client.ClientInformation,
        "GRR client information",
        "GRR client",
        default=rdf_client.ClientInformation())

    LAST_BOOT_TIME = aff4.Attribute("metadata:LastBootTime",
                                    rdfvalue.RDFDatetime,
                                    "When the machine was last booted",
                                    "BootTime")

    FIRST_SEEN = aff4.Attribute("metadata:FirstSeen", rdfvalue.RDFDatetime,
                                "First time the client registered with us",
                                "FirstSeen")

    # Information about the host.
    HOSTNAME = aff4.Attribute(
        "metadata:hostname",
        rdfvalue.RDFString,
        "Hostname of the host.",
        "Host",
        index=client_index)
    FQDN = aff4.Attribute(
        "metadata:fqdn",
        rdfvalue.RDFString,
        "Fully qualified hostname of the host.",
        "FQDN",
        index=client_index)

    SYSTEM = aff4.Attribute("metadata:system", rdfvalue.RDFString,
                            "Operating System class.", "System")
    UNAME = aff4.Attribute("metadata:uname", rdfvalue.RDFString,
                           "Uname string.", "Uname")
    OS_RELEASE = aff4.Attribute("metadata:os_release", rdfvalue.RDFString,
                                "OS Major release number.", "Release")
    OS_VERSION = aff4.Attribute("metadata:os_version", rdf_client.VersionString,
                                "OS Version number.", "Version")

    # ARCH values come from platform.uname machine value, e.g. x86_64, AMD64.
    ARCH = aff4.Attribute("metadata:architecture", rdfvalue.RDFString,
                          "Architecture.", "Architecture")
    INSTALL_DATE = aff4.Attribute("metadata:install_date", rdfvalue.RDFDatetime,
                                  "Install Date.", "Install")

    # The knowledge base is used for storing data about the host and users.
    # This is currently a slightly odd object as we only use some of the fields.
    # The proto itself is used in Artifact handling outside of GRR (e.g. Plaso).
    # Over time we will migrate fields into this proto, but for now it is a mix.
    KNOWLEDGE_BASE = aff4.Attribute("metadata:knowledge_base",
                                    rdf_client.KnowledgeBase,
                                    "Artifact Knowledge Base", "KnowledgeBase")

    GRR_CONFIGURATION = aff4.Attribute(
        "aff4:client_configuration", rdf_protodict.Dict,
        "Running configuration for the GRR client.", "Config")

    LIBRARY_VERSIONS = aff4.Attribute(
        "aff4:library_versions", rdf_protodict.Dict,
        "Running library versions for the client.", "Libraries")

    USERNAMES = aff4.Attribute(
        "aff4:user_names",
        SpaceSeparatedStringArray,
        "A space separated list of system users.",
        "Usernames",
        index=client_index)

    # This information is duplicated from the INTERFACES attribute but is done
    # to allow for fast searching by mac address.
    MAC_ADDRESS = aff4.Attribute(
        "aff4:mac_addresses",
        rdfvalue.RDFString,
        "A hex encoded MAC address.",
        "MAC",
        index=client_index)

    KERNEL = aff4.Attribute("aff4:kernel_version", rdfvalue.RDFString,
                            "Kernel version string.", "KernelVersion")

    # Same for IP addresses.
    HOST_IPS = aff4.Attribute(
        "aff4:host_ips",
        rdfvalue.RDFString,
        "An IP address.",
        "Host_ip",
        index=client_index)

    PING = aff4.Attribute(
        "metadata:ping",
        rdfvalue.RDFDatetime,
        "The last time the server heard from this client.",
        "LastCheckin",
        versioned=False,
        default=0)

    CLOCK = aff4.Attribute(
        "metadata:clock",
        rdfvalue.RDFDatetime, "The last clock read on the client "
        "(Can be used to estimate client clock skew).",
        "Clock",
        versioned=False)

    CLIENT_IP = aff4.Attribute(
        "metadata:client_ip",
        rdfvalue.RDFString,
        "The ip address this client connected from.",
        "Client_ip",
        versioned=False)

    # This is the last foreman rule that applied to us
    LAST_FOREMAN_TIME = aff4.Attribute(
        "aff4:last_foreman_time",
        rdfvalue.RDFDatetime,
        "The last time the foreman checked us.",
        versioned=False)

    LAST_CRASH = aff4.Attribute(
        "aff4:last_crash",
        rdf_client.ClientCrash,
        "Last client crash.",
        creates_new_object_version=False,
        versioned=False)

    VOLUMES = aff4.Attribute("aff4:volumes", rdf_client_fs.Volumes,
                             "Client disk volumes.")

    INTERFACES = aff4.Attribute("aff4:interfaces",
                                rdf_client_network.Interfaces,
                                "Network interfaces.", "Interfaces")

    HARDWARE_INFO = aff4.Attribute(
        "aff4:hardware_info",
        rdf_client.HardwareInfo,
        "Various hardware information.",
        default=rdf_client.HardwareInfo())

    MEMORY_SIZE = aff4.Attribute("aff4:memory_size", rdfvalue.ByteSize,
                                 "Amount of memory this client's machine has.")

    # Cloud VM information.
    CLOUD_INSTANCE = aff4.Attribute("metadata:cloud_instance",
                                    rdf_cloud.CloudInstance,
                                    "Information about cloud machines.")