def main(argv): """Main.""" del argv # Unused. # Initialise flows and config_lib server_startup.Init() if not flags.FLAGS.target: store_names = ", ".join(sorted(blob_store.REGISTRY.keys())) print("Missing --target. Use one or multiple of: {}.".format( store_names)) exit(1) stores = [ _MakeBlobStore(blobstore_name) for blobstore_name in flags.FLAGS.target ] with io.open("/dev/urandom", "rb") as random_fd: for blobstore_name, bs in zip(flags.FLAGS.target, stores): print() print(blobstore_name) print("size\ttotal\tnum\tqps\t b/sec\tp50\tp90\tp95\tp99") for size in flags.FLAGS.sizes: size_b = rdfvalue.ByteSize(size) durations = _RunBenchmark( bs, size_b, flags.FLAGS.per_size_duration_seconds, random_fd) _PrintStats(size, size_b, durations)
def main(argv): del argv # Unused. if not flags.FLAGS.ignore_test_context: config.CONFIG.AddContext(contexts.TEST_CONTEXT, "Context for running tests.") server_startup.Init() for handler in logging.getLogger().handlers: handler.addFilter(E2ELogFilter()) handler.setLevel(logging.INFO) test_runner = runner.E2ETestRunner( api_endpoint=flags.FLAGS.api_endpoint, api_user=flags.FLAGS.api_user, api_password=flags.FLAGS.api_password, run_only_tests=flags.FLAGS.run_only_tests, skip_tests=flags.FLAGS.skip_tests, manual_tests=flags.FLAGS.manual_tests, upload_test_binaries=flags.FLAGS.upload_test_binaries) test_runner.Initialize() results, _ = test_runner.RunTestsAgainstClient(flags.FLAGS.client_id) # Exit with a non-0 error code if one of the tests failed. for r in results.values(): if r.errors or r.failures: sys.exit(1)
def main(_): """Run the main test harness.""" if flags.FLAGS.version: print("GRR Admin UI {}".format( config_server.VERSION["packageversion"])) return config.CONFIG.AddContext( contexts.ADMIN_UI_CONTEXT, "Context applied when running the admin user interface GUI.") server_startup.Init() if not config.CONFIG["AdminUI.headless"] and (not os.path.exists( os.path.join(config.CONFIG["AdminUI.document_root"], "dist/grr-ui.bundle.js")) or not os.path.exists( os.path.join( config.CONFIG["AdminUI.document_root"], "dist/grr-ui.bundle.css"))): raise RuntimeError("Can't find compiled JS/CSS bundles. " "Please reinstall the PIP package using " "\"pip install -e .\" to rebuild the bundles.") server = wsgiapp.MakeServer(multi_threaded=True) server_startup.DropPrivileges() server.serve_forever()
def main(argv): del argv # Unused. if not flags.FLAGS.ignore_test_context: config.CONFIG.AddContext(contexts.TEST_CONTEXT, "Context for running tests.") server_startup.Init() for handler in logging.getLogger().handlers: handler.addFilter(E2ELogFilter()) data_store.default_token = access_control.ACLToken( username=getpass.getuser(), reason="End-to-end tests") test_runner = runner.E2ETestRunner( api_endpoint=flags.FLAGS.api_endpoint, api_user=flags.FLAGS.api_user, api_password=flags.FLAGS.api_password, whitelisted_tests=flags.FLAGS.whitelisted_tests, blacklisted_tests=flags.FLAGS.blacklisted_tests, manual_tests=flags.FLAGS.manual_tests, upload_test_binaries=flags.FLAGS.upload_test_binaries) test_runner.Initialize() results, _ = test_runner.RunTestsAgainstClient(flags.FLAGS.client_id) # Exit with a non-0 error code if one of the tests failed. for r in results.values(): if r.errors or r.failures: sys.exit(1)
def main(argv=None): del argv # Unused. config.CONFIG.AddContext(contexts.COMMAND_LINE_CONTEXT) config.CONFIG.AddContext( contexts.CONSOLE_CONTEXT, "Context applied when running the console binary.") server_startup.Init() fleetspeak_connector.Init() username = flags.FLAGS.username if not username: username = os.environ["USER"] if not username: print("Username has to be specified with either --username flag or " "USER environment variable.") sys.exit(1) grrapi = api.GrrApi(connector=api_shell_raw_access_lib.RawConnector( token=access_control.ACLToken(username=username), page_size=flags.FLAGS.page_size)) if flags.FLAGS.exec_code and flags.FLAGS.exec_file: print("--exec_code --exec_file flags can't be supplied together.") sys.exit(1) elif flags.FLAGS.exec_code: # pylint: disable=exec-used exec(flags.FLAGS.exec_code, dict(grrapi=grrapi)) # pylint: enable=exec-used elif flags.FLAGS.exec_file: api_shell_lib.ExecFile(flags.FLAGS.exec_file, grrapi) else: api_shell_lib.IPShell([sys.argv[0]], user_ns=dict(grrapi=grrapi))
def main(argv): """Sets up all the component in their own threads.""" if flags.FLAGS.version: print("GRR server {}".format(config_server.VERSION["packageversion"])) return # We use .startswith so that multiple copies of services can easily be # created using systemd as worker1 worker2 ... worker25 etc. if not flags.FLAGS.component: raise ValueError("Need to specify which component to start.") # Start as a worker. if flags.FLAGS.component.startswith("worker"): worker.main([argv]) # Start as a frontend that clients communicate with. elif flags.FLAGS.component.startswith("frontend"): server_startup.Init() if config.CONFIG["Server.fleetspeak_enabled"]: fleetspeak_frontend.main([argv]) else: frontend.main([argv]) # Start as an AdminUI. elif flags.FLAGS.component.startswith("admin_ui"): admin_ui.main([argv]) # Raise on invalid component. else: raise ValueError("No valid component specified. Got: " "%s." % flags.FLAGS.component)
def main(argv): """Main.""" del argv # Unused. if flags.FLAGS.version: print("GRR console {}".format(config_server.VERSION["packageversion"])) return banner = ("\nWelcome to the GRR console\n") config.CONFIG.AddContext(contexts.COMMAND_LINE_CONTEXT) config.CONFIG.AddContext( contexts.CONSOLE_CONTEXT, "Context applied when running the console binary.") server_startup.Init() fleetspeak_connector.Init() # To make the console easier to use, we make a default token which will be # used in StartFlow operations. data_store.default_token = access_control.ACLToken( username=getpass.getuser(), reason=flags.FLAGS.reason) locals_vars = { "__name__": "GRR Console", "l": Lister, "lc": GetChildrenList, "o": aff4.FACTORY.Open, # Bring some symbols from other modules into the console's # namespace. "StartFlowAndWait": flow_utils.StartFlowAndWait, "StartFlowAndWorker": console_utils.StartFlowAndWorker, } locals_vars.update(globals()) # add global variables to console if flags.FLAGS.client is not None: locals_vars["client"], locals_vars["token"] = console_utils.OpenClient( client_id=flags.FLAGS.client) if flags.FLAGS.code_to_execute: logging.info("Running code from flag: %s", flags.FLAGS.code_to_execute) exec(flags.FLAGS.code_to_execute) # pylint: disable=exec-used elif flags.FLAGS.command_file: logging.info("Running code from file: %s", flags.FLAGS.command_file) with open(flags.FLAGS.command_file, "r") as filedesc: exec(filedesc.read()) # pylint: disable=exec-used if (flags.FLAGS.exit_on_complete and (flags.FLAGS.code_to_execute or flags.FLAGS.command_file)): return else: # We want the normal shell. locals_vars.update(globals()) # add global variables to console ipshell.IPShell(argv=[], user_ns=locals_vars, banner=banner)
def FinalizeConfigInit(config, admin_password: Optional[Text] = None, redownload_templates: bool = False, repack_templates: bool = True, prompt: bool = True): """Performs the final steps of config initialization.""" config.Set("Server.initialized", True) print("\nWriting configuration to %s." % config["Config.writeback"]) config.Write() print("Initializing the datastore.") # Reload the config and initialize the GRR database. server_startup.Init() print("\nStep 3: Adding GRR Admin User") try: CreateUser("admin", password=admin_password, is_admin=True) except UserAlreadyExistsError: if prompt: # pytype: disable=wrong-arg-count if ((input("User 'admin' already exists, do you want to " "reset the password? [yN]: ").upper() or "N") == "Y"): UpdateUser("admin", password=admin_password, is_admin=True) # pytype: enable=wrong-arg-count else: UpdateUser("admin", password=admin_password, is_admin=True) print("\nStep 4: Repackaging clients with new configuration.") if prompt: redownload_templates = RetryBoolQuestion( "Server debs include client templates. Re-download templates?", False) repack_templates = RetryBoolQuestion("Repack client templates?", True) if redownload_templates: InstallTemplatePackage() # Build debug binaries, then build release binaries. if repack_templates: repacking.TemplateRepacker().RepackAllTemplates(upload=True) print("\nGRR Initialization complete! You can edit the new configuration " "in %s.\n" % config["Config.writeback"]) if prompt and os.geteuid() == 0: restart = RetryBoolQuestion( "Restart service for the new configuration " "to take effect?", True) if restart: for service in ("grr-server", "fleetspeak-server"): try: print(f"Restarting service: {service}.") subprocess.check_call(["service", service, "restart"]) except subprocess.CalledProcessError as e: print(f"Failed to restart: {service}.") print(e, file=sys.stderr) else: print("Please restart the service for the new configuration to take " "effect.\n")
def FinalizeConfigInit(config, token): """Performs the final steps of config initialization.""" config.Set("Server.initialized", True) print("\nWriting configuration to %s." % config["Config.writeback"]) config.Write() print("Initializing the datastore.") # Reload the config and initialize the GRR database. server_startup.Init() print("\nStep 3: Adding GRR Admin User") try: maintenance_utils.AddUser("admin", labels=["admin"], token=token, password=flags.FLAGS.admin_password) except maintenance_utils.UserError: if flags.FLAGS.noprompt: maintenance_utils.UpdateUser("admin", password=flags.FLAGS.admin_password, add_labels=["admin"], token=token) else: # pytype: disable=wrong-arg-count if ((builtins.input("User 'admin' already exists, do you want to " "reset the password? [yN]: ").upper() or "N") == "Y"): maintenance_utils.UpdateUser("admin", password=True, add_labels=["admin"], token=token) # pytype: enable=wrong-arg-count print("\nStep 4: Repackaging clients with new configuration.") redownload_templates = False repack_templates = False if flags.FLAGS.noprompt: redownload_templates = flags.FLAGS.redownload_templates repack_templates = not flags.FLAGS.norepack_templates else: redownload_templates = RetryBoolQuestion( "Server debs include client templates. Re-download templates?", False) repack_templates = RetryBoolQuestion("Repack client templates?", True) if redownload_templates: InstallTemplatePackage() # Build debug binaries, then build release binaries. if repack_templates: repacking.TemplateRepacker().RepackAllTemplates(upload=True, token=token) print("\nGRR Initialization complete! You can edit the new configuration " "in %s.\n" % config["Config.writeback"]) print("Please restart the service for the new configuration to take " "effect.\n")
def main(argv: Any) -> None: """Main.""" del argv # Unused. if flags.FLAGS.version: print(f"GRRafana server {config_server.VERSION['packageversion']}") return config.CONFIG.AddContext(contexts.GRRAFANA_CONTEXT, "Context applied when running GRRafana server.") server_startup.Init() fleetspeak_connector.Init() werkzeug_serving.run_simple(config.CONFIG["GRRafana.bind"], config.CONFIG["GRRafana.port"], Grrafana())
def main(argv): """Main.""" del argv # Unused. config.CONFIG.AddContext(contexts.WORKER_CONTEXT, "Context applied when running a worker.") # Initialise flows and config_lib server_startup.Init() fleetspeak_connector.Init() token = access_control.ACLToken(username="******").SetUID() worker_obj = worker_lib.GRRWorker(token=token) worker_obj.Run()
def main(argv): """Main.""" del argv # Unused. config.CONFIG.AddContext("HTTPServer Context") server_startup.Init() httpd = CreateServer() server_startup.DropPrivileges() try: httpd.serve_forever() except KeyboardInterrupt: print("Caught keyboard interrupt, stopping")
def main(argv): """Main.""" del argv # Unused. server_startup.Init() filename = flags.FLAGS.filename if not os.path.exists(filename): print("File %s does not exist" % filename) return with aff4.FACTORY.Create(filestore.NSRLFileStore.PATH, filestore.NSRLFileStore, mode="rw", token=aff4.FACTORY.root_token) as store: imported = ImportFile(store, filename, flags.FLAGS.start) data_store.DB.Flush() print("Imported %d hashes" % imported)
def main(argv): """Main.""" del argv # Unused. if flags.FLAGS.version: print("GRR worker {}".format(config_server.VERSION["packageversion"])) return config.CONFIG.AddContext(contexts.WORKER_CONTEXT, "Context applied when running a worker.") # Initialise flows and config_lib server_startup.Init() fleetspeak_connector.Init() worker_obj = worker_lib.GRRWorker() worker_obj.Run()
def main(argv): del argv # Unused. config.CONFIG.AddContext(contexts.TEST_CONTEXT, "Context for running tests.") server_startup.Init() for handler in logging.getLogger().handlers: handler.addFilter(E2ELogFilter()) data_store.default_token = access_control.ACLToken( username=getpass.getuser(), reason="End-to-end tests") test_runner = runner.E2ETestRunner( api_endpoint=flags.FLAGS.api_endpoint, api_user=flags.FLAGS.api_user, api_password=flags.FLAGS.api_password, whitelisted_tests=flags.FLAGS.whitelisted_tests, blacklisted_tests=flags.FLAGS.blacklisted_tests, upload_test_binaries=flags.FLAGS.upload_test_binaries) test_runner.Initialize() test_runner.RunTestsAgainstClient(flags.FLAGS.client_id)
def main(argv): """Main.""" del argv # Unused. if flags.FLAGS.version: print("GRR console {}".format(config_server.VERSION["packageversion"])) return banner = ("\nWelcome to the GRR console\n") config.CONFIG.AddContext(contexts.COMMAND_LINE_CONTEXT) config.CONFIG.AddContext( contexts.CONSOLE_CONTEXT, "Context applied when running the console binary.") server_startup.Init() fleetspeak_connector.Init() locals_vars = { "__name__": "GRR Console", # Bring some symbols from other modules into the console's # namespace. "StartFlowAndWait": flow_utils.StartFlowAndWait, } locals_vars.update(globals()) # add global variables to console if flags.FLAGS.code_to_execute: logging.info("Running code from flag: %s", flags.FLAGS.code_to_execute) exec(flags.FLAGS.code_to_execute) # pylint: disable=exec-used elif flags.FLAGS.command_file: logging.info("Running code from file: %s", flags.FLAGS.command_file) with open(flags.FLAGS.command_file, "r") as filedesc: exec(filedesc.read()) # pylint: disable=exec-used if (flags.FLAGS.exit_on_complete and (flags.FLAGS.code_to_execute or flags.FLAGS.command_file)): return else: # We want the normal shell. locals_vars.update(globals()) # add global variables to console ipshell.IPShell(argv=[], user_ns=locals_vars, banner=banner)
def main(argv): del argv # Unused. config.CONFIG.AddContext("FleetspeakFrontend Context") server_startup.Init() server_startup.DropPrivileges() fleetspeak_connector.Init() fsd = GRRFSServer() fleetspeak_connector.CONN.Listen(fsd.Process) logging.info("Serving through Fleetspeak ...") try: while True: time.sleep(600) except KeyboardInterrupt: print("Caught keyboard interrupt, stopping")
def FinalizeConfigInit(config, admin_password=None, redownload_templates=False, repack_templates=True, prompt=True): """Performs the final steps of config initialization.""" config.Set("Server.initialized", True) print("\nWriting configuration to %s." % config["Config.writeback"]) config.Write() print("Initializing the datastore.") # Reload the config and initialize the GRR database. server_startup.Init() print("\nStep 3: Adding GRR Admin User") try: CreateUser("admin", password=admin_password, is_admin=True) except UserAlreadyExistsError: if prompt: # pytype: disable=wrong-arg-count if ((input("User 'admin' already exists, do you want to " "reset the password? [yN]: ").upper() or "N") == "Y"): UpdateUser("admin", password=admin_password, is_admin=True) # pytype: enable=wrong-arg-count else: UpdateUser("admin", password=admin_password, is_admin=True) print("\nStep 4: Repackaging clients with new configuration.") if prompt: redownload_templates = RetryBoolQuestion( "Server debs include client templates. Re-download templates?", False) repack_templates = RetryBoolQuestion("Repack client templates?", True) if redownload_templates: InstallTemplatePackage() # Build debug binaries, then build release binaries. if repack_templates: repacking.TemplateRepacker().RepackAllTemplates(upload=True) print("\nGRR Initialization complete! You can edit the new configuration " "in %s.\n" % config["Config.writeback"]) print("Please restart the service for the new configuration to take " "effect.\n")
def main(argv): """Main.""" del argv # Unused. if flags.FLAGS.version: print("GRR frontend {}".format( config_server.VERSION["packageversion"])) return config.CONFIG.AddContext("HTTPServer Context") server_startup.Init() httpd = CreateServer() server_startup.DropPrivileges() try: httpd.serve_forever() except KeyboardInterrupt: print("Caught keyboard interrupt, stopping")
def AddUsers(token=None): # Now initialize with our modified config. server_startup.Init() print("\nStep 3: Adding Admin User") try: maintenance_utils.AddUser("admin", labels=["admin"], token=token, password=flags.FLAGS.admin_password) except maintenance_utils.UserError: if flags.FLAGS.noprompt: maintenance_utils.UpdateUser("admin", password=flags.FLAGS.admin_password, add_labels=["admin"], token=token) else: if ((input("User 'admin' already exists, do you want to " "reset the password? [yN]: ").upper() or "N") == "Y"): maintenance_utils.UpdateUser("admin", password=True, add_labels=["admin"], token=token)
def main(argv): del argv # Unused. server_startup.Init() MigrateArtifacts()
def main(argv): """Main.""" del argv # Unused. if flags.FLAGS.subparser_name == "version": version = config_server.VERSION["packageversion"] print("GRR configuration updater {}".format(version)) return token = config_updater_util.GetToken() grr_config.CONFIG.AddContext(contexts.COMMAND_LINE_CONTEXT) grr_config.CONFIG.AddContext(contexts.CONFIG_UPDATER_CONTEXT) if flags.FLAGS.subparser_name == "initialize": config_lib.ParseConfigCommandLine() if flags.FLAGS.noprompt: config_updater_util.InitializeNoPrompt(grr_config.CONFIG, token=token) else: config_updater_util.Initialize(grr_config.CONFIG, token=token) return server_startup.Init() try: print("Using configuration %s" % grr_config.CONFIG) except AttributeError: raise RuntimeError("No valid config specified.") if flags.FLAGS.subparser_name == "generate_keys": try: config_updater_util.GenerateKeys( grr_config.CONFIG, overwrite_keys=flags.FLAGS.overwrite_keys) except RuntimeError as e: # GenerateKeys will raise if keys exist and overwrite_keys is not set. print("ERROR: %s" % e) sys.exit(1) grr_config.CONFIG.Write() elif flags.FLAGS.subparser_name == "repack_clients": upload = not flags.FLAGS.noupload repacking.TemplateRepacker().RepackAllTemplates(upload=upload, token=token) elif flags.FLAGS.subparser_name == "show_user": if flags.FLAGS.username: print(config_updater_util.GetUserSummary(flags.FLAGS.username)) else: print(config_updater_util.GetAllUserSummaries()) elif flags.FLAGS.subparser_name == "update_user": config_updater_util.UpdateUser(flags.FLAGS.username, password=flags.FLAGS.password, is_admin=flags.FLAGS.admin) elif flags.FLAGS.subparser_name == "delete_user": config_updater_util.DeleteUser(flags.FLAGS.username) elif flags.FLAGS.subparser_name == "add_user": config_updater_util.CreateUser(flags.FLAGS.username, password=flags.FLAGS.password, is_admin=flags.FLAGS.admin) elif flags.FLAGS.subparser_name == "upload_python": config_updater_util.UploadSignedBinary( flags.FLAGS.file, rdf_objects.SignedBinaryID.BinaryType.PYTHON_HACK, flags.FLAGS.platform, upload_subdirectory=flags.FLAGS.upload_subdirectory, token=token) elif flags.FLAGS.subparser_name == "upload_exe": config_updater_util.UploadSignedBinary( flags.FLAGS.file, rdf_objects.SignedBinaryID.BinaryType.EXECUTABLE, flags.FLAGS.platform, upload_subdirectory=flags.FLAGS.upload_subdirectory, token=token) elif flags.FLAGS.subparser_name == "set_var": config = grr_config.CONFIG print("Setting %s to %s" % (flags.FLAGS.var, flags.FLAGS.val)) if flags.FLAGS.val.startswith("["): # Allow setting of basic lists. flags.FLAGS.val = flags.FLAGS.val[1:-1].split(",") config.Set(flags.FLAGS.var, flags.FLAGS.val) config.Write() elif flags.FLAGS.subparser_name == "upload_artifact": yaml.load(open(flags.FLAGS.file, "rb")) # Check it will parse. try: artifact.UploadArtifactYamlFile( open(flags.FLAGS.file, "rb").read(), overwrite=flags.FLAGS.overwrite_artifact) except rdf_artifacts.ArtifactDefinitionError as e: print("Error %s. You may need to set --overwrite_artifact." % e) elif flags.FLAGS.subparser_name == "delete_artifacts": artifact_list = flags.FLAGS.artifact if not artifact_list: raise ValueError("No artifact to delete given.") artifact_registry.DeleteArtifactsFromDatastore(artifact_list, token=token) print("Artifacts %s deleted." % artifact_list) elif flags.FLAGS.subparser_name == "download_missing_rekall_profiles": print("Downloading missing Rekall profiles.") s = rekall_profile_server.GRRRekallProfileServer() s.GetMissingProfiles() elif flags.FLAGS.subparser_name == "rotate_server_key": print(""" You are about to rotate the server key. Note that: - Clients might experience intermittent connection problems after the server keys rotated. - It's not possible to go back to an earlier key. Clients that see a new certificate will remember the cert's serial number and refuse to accept any certificate with a smaller serial number from that point on. """) if builtins.input("Continue? [yN]: ").upper() == "Y": if flags.FLAGS.keylength: keylength = int(flags.FLAGS.keylength) else: keylength = grr_config.CONFIG["Server.rsa_key_length"] maintenance_utils.RotateServerKey(cn=flags.FLAGS.common_name, keylength=keylength)
def setUpClass(cls): super(CronJobRegistryTest, cls).setUpClass() testing_startup.TestInit() with test_lib.ConfigOverrider({"Server.initialized": True}): server_startup.Init()
def main(args): """Main.""" grr_config.CONFIG.AddContext(contexts.COMMAND_LINE_CONTEXT) grr_config.CONFIG.AddContext(contexts.CONFIG_UPDATER_CONTEXT) if args.subparser_name == "initialize": config_lib.ParseConfigCommandLine() if args.noprompt: config_updater_util.InitializeNoPrompt( grr_config.CONFIG, external_hostname=args.external_hostname, admin_password=args.admin_password, mysql_hostname=args.mysql_hostname, mysql_port=args.mysql_port, mysql_username=args.mysql_username, mysql_password=args.mysql_password, mysql_db=args.mysql_db, mysql_client_key_path=args.mysql_client_key_path, mysql_client_cert_path=args.mysql_client_cert_path, mysql_ca_cert_path=args.mysql_ca_cert_path, redownload_templates=args.redownload_templates, repack_templates=not args.norepack_templates) else: config_updater_util.Initialize( grr_config.CONFIG, external_hostname=args.external_hostname, admin_password=args.admin_password, redownload_templates=args.redownload_templates, repack_templates=not args.norepack_templates) return server_startup.Init() try: print("Using configuration %s" % grr_config.CONFIG) except AttributeError: raise RuntimeError("No valid config specified.") if args.subparser_name == "generate_keys": try: config_updater_keys_util.GenerateKeys( grr_config.CONFIG, overwrite_keys=args.overwrite_keys) except RuntimeError as e: # GenerateKeys will raise if keys exist and overwrite_keys is not set. print("ERROR: %s" % e) sys.exit(1) grr_config.CONFIG.Write() elif args.subparser_name == "repack_clients": upload = not args.noupload repacking.TemplateRepacker().RepackAllTemplates(upload=upload) elif args.subparser_name == "show_user": if args.username: print(config_updater_util.GetUserSummary(args.username)) else: print(config_updater_util.GetAllUserSummaries()) elif args.subparser_name == "update_user": config_updater_util.UpdateUser(args.username, password=args.password, is_admin=args.admin) elif args.subparser_name == "delete_user": config_updater_util.DeleteUser(args.username) elif args.subparser_name == "add_user": config_updater_util.CreateUser(args.username, password=args.password, is_admin=args.admin) elif args.subparser_name == "upload_python": config_updater_util.UploadSignedBinary( args.file, rdf_objects.SignedBinaryID.BinaryType.PYTHON_HACK, args.platform, upload_subdirectory=args.upload_subdirectory) elif args.subparser_name == "upload_exe": config_updater_util.UploadSignedBinary( args.file, rdf_objects.SignedBinaryID.BinaryType.EXECUTABLE, args.platform, upload_subdirectory=args.upload_subdirectory) elif args.subparser_name == "set_var": var = args.var val = args.val config = grr_config.CONFIG print("Setting %s to %s" % (var, val)) if val.startswith("["): # Allow setting of basic lists. val = val[1:-1].split(",") config.Set(var, val) config.Write() elif args.subparser_name == "switch_datastore": config_updater_util.SwitchToRelDB(grr_config.CONFIG) grr_config.CONFIG.Write() elif args.subparser_name == "upload_artifact": with io.open(args.file, "r") as filedesc: source = filedesc.read() try: artifact.UploadArtifactYamlFile(source, overwrite=args.overwrite_artifact) except rdf_artifacts.ArtifactDefinitionError as e: print("Error %s. You may need to set --overwrite_artifact." % e) elif args.subparser_name == "delete_artifacts": artifact_list = args.artifact if not artifact_list: raise ValueError("No artifact to delete given.") artifact_registry.DeleteArtifactsFromDatastore(artifact_list) print("Artifacts %s deleted." % artifact_list) elif args.subparser_name == "rotate_server_key": print(""" You are about to rotate the server key. Note that: - Clients might experience intermittent connection problems after the server keys rotated. - It's not possible to go back to an earlier key. Clients that see a new certificate will remember the cert's serial number and refuse to accept any certificate with a smaller serial number from that point on. """) if input("Continue? [yN]: ").upper() == "Y": if args.keylength: keylength = int(args.keylength) else: keylength = grr_config.CONFIG["Server.rsa_key_length"] maintenance_utils.RotateServerKey(cn=args.common_name, keylength=keylength)
def main(argv): del argv # Unused. config.CONFIG.AddContext(contexts.COMMAND_LINE_CONTEXT, "Context applied for all command line tools") server_startup.Init() if fuse is None: logging.fatal("""Could not start! fusepy must be installed to run fuse_mount.py! Try to run: pip install fusepy inside your virtualenv. """) sys.exit(1) if not flags.FLAGS.mountpoint: Usage() sys.exit(1) # We multiple inherit from GRRFuse and fuse.Operations. In the # case that fuse is present, we run the actual FUSE layer, since we have # fuse.Operations. In the case that fuse is not present, we have already # exited by now if we were run from the command line, and if we were not run # from the command line, we've been imported, and we run the tests using a # mock fuse. class FuseOperation(GRRFuse, fuse.Operations): pass root = flags.FLAGS.aff4path username = flags.FLAGS.username or getpass.getuser() data_store.default_token = access_control.ACLToken( username=username, reason=flags.FLAGS.reason or "fusemount") logging.info("fuse_mount.py is mounting %s at %s....", root, flags.FLAGS.mountpoint) refresh_policy = flags.FLAGS.refresh_policy if refresh_policy == "always": max_age_before_refresh = datetime.timedelta(0) elif refresh_policy == "never": # Set the max age to be the maximum possible time difference. max_age_before_refresh = datetime.timedelta.max elif refresh_policy == "if_older_than_max_age": max_age_before_refresh = datetime.timedelta( seconds=flags.FLAGS.max_age_before_refresh) else: # Otherwise, a flag outside the enum was given and the flag validator threw # an execption. pass fuse_operation = FuseOperation( root=root, token=data_store.default_token, max_age_before_refresh=max_age_before_refresh, ignore_cache=flags.FLAGS.ignore_cache, force_sparse_image=flags.FLAGS.force_sparse_image, sparse_image_threshold=flags.FLAGS.sparse_image_threshold, timeout=flags.FLAGS.timeout) fuse.FUSE(fuse_operation, flags.FLAGS.mountpoint, foreground=not flags.FLAGS.background)
def main(argv): """Main.""" del argv # Unused. if flags.FLAGS.subparser_name == "version": version = config_server.VERSION["packageversion"] print("GRR configuration updater {}".format(version)) return token = config_updater_util.GetToken() grr_config.CONFIG.AddContext(contexts.COMMAND_LINE_CONTEXT) grr_config.CONFIG.AddContext(contexts.CONFIG_UPDATER_CONTEXT) if flags.FLAGS.subparser_name == "initialize": config_lib.ParseConfigCommandLine() if flags.FLAGS.noprompt: config_updater_util.InitializeNoPrompt(grr_config.CONFIG, token=token) else: config_updater_util.Initialize(grr_config.CONFIG, token=token) return server_startup.Init() try: print("Using configuration %s" % grr_config.CONFIG) except AttributeError: raise RuntimeError("No valid config specified.") if flags.FLAGS.subparser_name == "generate_keys": try: config_updater_util.GenerateKeys( grr_config.CONFIG, overwrite_keys=flags.FLAGS.overwrite_keys) except RuntimeError as e: # GenerateKeys will raise if keys exist and overwrite_keys is not set. print("ERROR: %s" % e) sys.exit(1) grr_config.CONFIG.Write() elif flags.FLAGS.subparser_name == "repack_clients": upload = not flags.FLAGS.noupload repacking.TemplateRepacker().RepackAllTemplates(upload=upload, token=token) elif flags.FLAGS.subparser_name == "show_user": maintenance_utils.ShowUser(flags.FLAGS.username, token=token) elif flags.FLAGS.subparser_name == "update_user": try: maintenance_utils.UpdateUser(flags.FLAGS.username, flags.FLAGS.password, flags.FLAGS.add_labels, flags.FLAGS.delete_labels, token=token) except maintenance_utils.UserError as e: print(e) elif flags.FLAGS.subparser_name == "delete_user": maintenance_utils.DeleteUser(flags.FLAGS.username, token=token) elif flags.FLAGS.subparser_name == "add_user": labels = [] if not flags.FLAGS.noadmin: labels.append("admin") if flags.FLAGS.labels: labels.extend(flags.FLAGS.labels) try: maintenance_utils.AddUser(flags.FLAGS.username, flags.FLAGS.password, labels, token=token) except maintenance_utils.UserError as e: print(e) elif flags.FLAGS.subparser_name == "upload_python": python_hack_root_urn = grr_config.CONFIG.Get("Config.python_hack_root") content = open(flags.FLAGS.file, "rb").read(1024 * 1024 * 30) aff4_path = flags.FLAGS.dest_path platform = flags.FLAGS.platform if not aff4_path: aff4_path = python_hack_root_urn.Add(platform.lower()).Add( os.path.basename(flags.FLAGS.file)) if not str(aff4_path).startswith(str(python_hack_root_urn)): raise ValueError("AFF4 path must start with %s." % python_hack_root_urn) context = ["Platform:%s" % platform.title(), "Client Context"] maintenance_utils.UploadSignedConfigBlob(content, aff4_path=aff4_path, client_context=context, token=token) elif flags.FLAGS.subparser_name == "upload_exe": content = open(flags.FLAGS.file, "rb").read(1024 * 1024 * 30) context = [ "Platform:%s" % flags.FLAGS.platform.title(), "Client Context" ] if flags.FLAGS.dest_path: dest_path = rdfvalue.RDFURN(flags.FLAGS.dest_path) else: dest_path = grr_config.CONFIG.Get( "Executables.aff4_path", context=context).Add(os.path.basename(flags.FLAGS.file)) # Now upload to the destination. maintenance_utils.UploadSignedConfigBlob(content, aff4_path=dest_path, client_context=context, token=token) print("Uploaded to %s" % dest_path) elif flags.FLAGS.subparser_name == "set_var": config = grr_config.CONFIG print("Setting %s to %s" % (flags.FLAGS.var, flags.FLAGS.val)) if flags.FLAGS.val.startswith("["): # Allow setting of basic lists. flags.FLAGS.val = flags.FLAGS.val[1:-1].split(",") config.Set(flags.FLAGS.var, flags.FLAGS.val) config.Write() elif flags.FLAGS.subparser_name == "upload_raw": if not flags.FLAGS.dest_path: flags.FLAGS.dest_path = aff4.ROOT_URN.Add("config").Add("raw") uploaded = config_updater_util.UploadRaw(flags.FLAGS.file, flags.FLAGS.dest_path, token=token) print("Uploaded to %s" % uploaded) elif flags.FLAGS.subparser_name == "upload_artifact": yaml.load(open(flags.FLAGS.file, "rb")) # Check it will parse. try: artifact.UploadArtifactYamlFile( open(flags.FLAGS.file, "rb").read(), overwrite=flags.FLAGS.overwrite_artifact) except rdf_artifacts.ArtifactDefinitionError as e: print("Error %s. You may need to set --overwrite_artifact." % e) elif flags.FLAGS.subparser_name == "delete_artifacts": artifact_list = flags.FLAGS.artifact if not artifact_list: raise ValueError("No artifact to delete given.") artifact_registry.DeleteArtifactsFromDatastore(artifact_list, token=token) print("Artifacts %s deleted." % artifact_list) elif flags.FLAGS.subparser_name == "download_missing_rekall_profiles": print("Downloading missing Rekall profiles.") s = rekall_profile_server.GRRRekallProfileServer() s.GetMissingProfiles() elif flags.FLAGS.subparser_name == "set_global_notification": notification = aff4_users.GlobalNotification( type=flags.FLAGS.type, header=flags.FLAGS.header, content=flags.FLAGS.content, link=flags.FLAGS.link) if flags.FLAGS.show_from: notification.show_from = rdfvalue.RDFDatetime( ).ParseFromHumanReadable(flags.FLAGS.show_from) if flags.FLAGS.duration: notification.duration = rdfvalue.Duration().ParseFromHumanReadable( flags.FLAGS.duration) print("Setting global notification.") print(notification) with aff4.FACTORY.Create( aff4_users.GlobalNotificationStorage.DEFAULT_PATH, aff4_type=aff4_users.GlobalNotificationStorage, mode="rw", token=token) as storage: storage.AddNotification(notification) elif flags.FLAGS.subparser_name == "rotate_server_key": print(""" You are about to rotate the server key. Note that: - Clients might experience intermittent connection problems after the server keys rotated. - It's not possible to go back to an earlier key. Clients that see a new certificate will remember the cert's serial number and refuse to accept any certificate with a smaller serial number from that point on. """) if builtins.input("Continue? [yN]: ").upper() == "Y": if flags.FLAGS.keylength: keylength = int(flags.FLAGS.keylength) else: keylength = grr_config.CONFIG["Server.rsa_key_length"] maintenance_utils.RotateServerKey(cn=flags.FLAGS.common_name, keylength=keylength)
def main(_): """Run the main test harness.""" if flags.FLAGS.version: print("GRR Admin UI {}".format(config_server.VERSION["packageversion"])) return config.CONFIG.AddContext( contexts.ADMIN_UI_CONTEXT, "Context applied when running the admin user interface GUI.") server_startup.Init() if not config.CONFIG["AdminUI.headless"] and (not os.path.exists( os.path.join(config.CONFIG["AdminUI.document_root"], "dist/grr-ui.bundle.js")) or not os.path.exists( os.path.join(config.CONFIG["AdminUI.document_root"], "dist/grr-ui.bundle.css"))): raise RuntimeError("Can't find compiled JS/CSS bundles. " "Please reinstall the PIP package using " "\"pip install -e .\" to rebuild the bundles.") # Start up a server in another thread bind_address = config.CONFIG["AdminUI.bind"] ip = ipaddr.IPAddress(bind_address) if ip.version == 4: # Address looks like an IPv4 address. ThreadedServer.address_family = socket.AF_INET max_port = config.CONFIG.Get("AdminUI.port_max", config.CONFIG["AdminUI.port"]) for port in range(config.CONFIG["AdminUI.port"], max_port + 1): # Make a simple reference implementation WSGI server try: server = simple_server.make_server( bind_address, port, wsgiapp.AdminUIApp().WSGIHandler(), server_class=ThreadedServer) break except socket.error as e: if e.errno == socket.errno.EADDRINUSE and port < max_port: logging.info("Port %s in use, trying %s", port, port + 1) else: raise proto = "HTTP" if config.CONFIG["AdminUI.enable_ssl"]: cert_file = config.CONFIG["AdminUI.ssl_cert_file"] if not cert_file: raise ValueError("Need a valid cert file to enable SSL.") key_file = config.CONFIG["AdminUI.ssl_key_file"] server.socket = ssl.wrap_socket( server.socket, certfile=cert_file, keyfile=key_file, server_side=True) proto = "HTTPS" # SSL errors are swallowed by the WSGIServer so if your configuration does # not work, uncomment the line below, point your browser at the gui and look # at the log file to see why SSL complains: # server.socket.accept() sa = server.socket.getsockname() logging.info("Serving %s on %s port %d ...", proto, sa[0], sa[1]) server_startup.DropPrivileges() server.serve_forever()