Exemple #1
0
def send_ping(dev=False):
    can_read_cert()

    ping = mtls_request('get', 'ping', dev=dev, requester_name="Ping", log_on_ok=True)

    if ping is None or not ping.ok:
        logger.error('Ping failed.')
        return

    connections, ports = security_helper.netstat_scan()
    payload = {
        'device_operating_system_version': platform.release(),
        'fqdn': socket.getfqdn(),
        'ipv4_address': get_primary_ip(),
        'uptime': get_uptime(),
        'agent_version': str(__version__),
        'confinement': CONFINEMENT.name,
        'installation': detect_installation().name
    }

    # Things we can't do within a Snap or Docker
    if CONFINEMENT not in (Confinement.SNAP, Confinement.DOCKER, Confinement.BALENA):
        payload.update({
            'processes': security_helper.process_scan(),
            'logins': journal_helper.logins_last_hour(),
            'default_password': security_helper.check_for_default_passwords(CONFIG_PATH)
        })

    # Things we cannot do in Docker
    if CONFINEMENT not in (Confinement.DOCKER, Confinement.BALENA):
        blocklist = ping.json()
        iptables_helper.block(blocklist)

        payload.update({
            'selinux_status': security_helper.selinux_status(),
            'app_armor_enabled': security_helper.is_app_armor_enabled(),
            'firewall_rules': iptables_helper.dump(),
            'scan_info': ports,
            'netstat': connections
        })

    rpi_metadata = rpi_helper.detect_raspberry_pi()
    if rpi_metadata['is_raspberry_pi']:
        payload.update({
            'device_manufacturer': 'Raspberry Pi',
            'device_model': rpi_metadata['hardware_model'],
        })

    logger.debug("[GATHER] POST Ping: {}".format(payload))

    ping = mtls_request('post', 'ping', json=payload, dev=dev, requester_name="Ping", log_on_ok=True)

    if ping is None or not ping.ok:
        logger.error('Ping failed.')
        return
Exemple #2
0
def test_failed_logins():
    with mock.patch('agent.journal_helper.get_journal_records') as gjr:
        gjr.return_value = [
        ]
        result = logins_last_hour()
        assert result == {}

    with mock.patch('agent.journal_helper.get_journal_records') as gjr:
        gjr.return_value = [
            {'MESSAGE': 'pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.147.17.225'}
        ]
        result = logins_last_hour()
        assert result == {'': {'success': 0, 'failed': 1}}

    with mock.patch('agent.journal_helper.get_journal_records') as gjr:
        gjr.return_value = [
            {'MESSAGE': 'pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.147.17.225  user=pi'}
        ]
        result = logins_last_hour()
        assert result == {'pi': {'success': 0, 'failed': 1}}

    with mock.patch('agent.journal_helper.get_journal_records') as gjr:
        gjr.return_value = [
            {'MESSAGE': 'PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.147.17.225  user=pi'},
            {'MESSAGE': 'pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.147.17.225  user=pi'},
            {'MESSAGE': 'PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.147.17.225  user=pi'},
            {'MESSAGE': 'pam_unix(sshd:session): session opened for user pi by (uid=0)'},
            {'MESSAGE': 'pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.147.17.225'}
        ]
        result = logins_last_hour()
        assert result == {
            'pi': {'success': 1, 'failed': 4},
            '': {'success': 0, 'failed': 1}}

    with mock.patch('agent.journal_helper.get_journal_records') as gjr:
        gjr.return_value = [
            {'MESSAGE': 'pam_unix(sshd:auth): some other message'},
            {'MESSAGE': 'something unrelated'},
            {'MESSAGE': 'PAM and something unrelated'},
        ]
        result = logins_last_hour()
        assert result == {}
Exemple #3
0
def send_ping(dev=False):
    can_read_cert()

    ping = mtls_request('get',
                        'ping',
                        dev=dev,
                        requester_name="Ping",
                        log_on_ok=True)

    if ping is None or not ping.ok:
        logger.error('Ping failed.')
        return

    ping = ping.json()
    payload = {
        'device_operating_system_version': platform.release(),
        'fqdn': socket.getfqdn(),
        'ipv4_address': get_primary_ip(),
        'uptime': get_uptime(),
        'agent_version': str(__version__),
        'confinement': CONFINEMENT.name,
        'cloud': detect_cloud().name,
        'installation': detect_installation().name,
        'os_release': get_os_release()
    }

    if CONFINEMENT != Confinement.SNAP:
        packages = get_packages()
        if ping.get('deb_packages_hash') != packages['hash']:
            payload['deb_packages'] = packages

    if CONFINEMENT in (Confinement.NONE, Confinement.SNAP):
        connections, ports = security_helper.netstat_scan()
        blocklist = ping
        iptables_helper.block(blocklist)

        payload.update({
            'processes':
            security_helper.process_scan(),
            'logins':
            journal_helper.logins_last_hour(),
            'firewall_rules':
            iptables_helper.dump(),
            'scan_info':
            ports,
            'netstat':
            connections,
            'selinux_status':
            security_helper.selinux_status(),
            'app_armor_enabled':
            security_helper.is_app_armor_enabled()
        })

    if CONFINEMENT == Confinement.NONE:
        payload.update({
            'default_password_users':
            security_helper.check_for_default_passwords(CONFIG_PATH),
            'audit_files':
            security_helper.audit_config_files(),
            'auto_upgrades':
            auto_upgrades_enabled(),
            'mysql_root_access':
            security_helper.mysql_root_access(),
            'kernel_package':
            kernel_package_info(),
            'reboot_required':
            reboot_required(),
            'cpu':
            security_helper.cpu_vulnerabilities()
        })

    rpi_metadata = detect_raspberry_pi()
    if rpi_metadata['is_raspberry_pi']:
        payload.update({
            'device_manufacturer': 'Raspberry Pi',
            'device_model': rpi_metadata['hardware_model'],
        })

    logger.debug("[GATHER] POST Ping: {}".format(payload))

    ping = mtls_request('post',
                        'ping',
                        json=payload,
                        dev=dev,
                        requester_name="Ping",
                        log_on_ok=True)

    if ping is None or not ping.ok:
        logger.error('Ping failed.')
        return
Exemple #4
0
def send_ping(debug=False, dev=False):
    can_read_cert()

    ping = requests.get('{}/v0.2/ping'.format(MTLS_ENDPOINT),
                        cert=(CLIENT_CERT_PATH, CLIENT_KEY_PATH),
                        headers={
                            'SSL-CLIENT-SUBJECT-DN': 'CN=' + get_device_id(),
                            'SSL-CLIENT-VERIFY': 'SUCCESS'
                        } if dev else {})
    if debug:
        print("[RECEIVED] GET Ping: {}".format(ping.status_code))
        print("[RECEIVED] GET Ping: {}".format(ping.content))
    if not ping.ok:
        print('Ping failed.')
        return
    blocklist = ping.json()
    security_helper.block_ports(
        blocklist.get('block_ports', {
            'tcp': [],
            'udp': []
        }))
    security_helper.block_networks(blocklist.get('block_networks', []))

    connections, ports = security_helper.netstat_scan()
    payload = {
        'device_operating_system_version':
        platform.release(),
        'fqdn':
        socket.getfqdn(),
        'ipv4_address':
        get_primary_ip(),
        'uptime':
        get_uptime(),
        'scan_info':
        ports,
        'netstat':
        connections,
        'processes':
        security_helper.process_scan(),
        'firewall_enabled':
        security_helper.is_firewall_enabled(),
        'firewall_rules':
        security_helper.get_firewall_rules(),
        'selinux_status':
        security_helper.selinux_status(),
        'app_armor_enabled':
        security_helper.is_app_armor_enabled(),
        'logins':
        journal_helper.logins_last_hour(),
        'default_password':
        security_helper.check_for_default_passwords(CONFIG_PATH),
        'agent_version':
        __version__
    }

    rpi_metadata = rpi_helper.detect_raspberry_pi()
    if rpi_metadata['is_raspberry_pi']:
        payload['device_manufacturer'] = 'Raspberry Pi'
        payload['device_model'] = rpi_metadata['hardware_model']

    if debug:
        print("[GATHER] POST Ping: {}".format(payload))

    ping = requests.post('{}/v0.2/ping'.format(MTLS_ENDPOINT),
                         cert=(CLIENT_CERT_PATH, CLIENT_KEY_PATH),
                         json=payload,
                         headers={
                             'SSL-CLIENT-SUBJECT-DN': 'CN=' + get_device_id(),
                             'SSL-CLIENT-VERIFY': 'SUCCESS'
                         } if dev else {})

    if debug:
        print("[RECEIVED] POST Ping: {}".format(ping.status_code))
        print("[RECEIVED] POST Ping: {}".format(ping.content))

    if not ping.ok:
        print('Ping failed.')
        return