def disWinOS(host_obj, shell, Framework, langBund, softNameToInstSoftOSH=None): host = modeling.createOshByCmdbIdString("host", host_obj) resultsVector = ObjectStateHolderVector() if not NTCMD_HR_REG_Software_Lib.doSoftware(shell, host, resultsVector, softNameToInstSoftOSH): discoverSoftwareByWmic(shell, host, resultsVector, softNameToInstSoftOSH) wmiProvider = getWmiProvider(shell) hostDiscoverer = WmiHostDiscoverer(wmiProvider) if hostDiscoverer.isWin2008(): softwares = discover2008Hotfixes(wmiProvider, host) for software in softwares: if not software.osh: continue if softNameToInstSoftOSH is not None: if software.name in softNameToInstSoftOSH: continue softNameToInstSoftOSH[software.name] = software.osh resultsVector.add(software.osh) elif hostDiscoverer.isWindows8_2012(): softwares = discover2012Hotfixes(wmiProvider, host) for software in softwares: if not software.osh: continue if softNameToInstSoftOSH is not None: if software.name in softNameToInstSoftOSH: continue softNameToInstSoftOSH[software.name] = software.osh resultsVector.add(software.osh) softwareList = WindowsAppsDiscoverer(shell).discover() softwareOshVector = InstalledSoftwareReporter().reportAll(softwareList, host) resultsVector.addAll(softwareOshVector) return resultsVector
def discoverPhysicalDiskByWmi(shell, OSHVec, hostOSH): wmiProvider = wmiutils.getWmiProvider(shell) queryBuilder = wmiProvider.getBuilder("Win32_DiskDrive") queryBuilder.addWmiObjectProperties("DeviceID", "SerialNumber", "Size") wmiAgent = wmiProvider.getAgent() diskDevices = [] try: diskDevices = wmiAgent.getWmiData(queryBuilder) except: logger.debugException("Failed getting physical disk via wmi") for diskDevice in diskDevices: diskOsh = ObjectStateHolder("disk_device") diskName = diskDevice.DeviceID and diskDevice.DeviceID.strip() or None if diskName: diskOsh.setStringAttribute("name", diskName.upper()) else: continue diskSerialNumber = diskDevice.SerialNumber and diskDevice.SerialNumber.strip() or None if diskSerialNumber: diskOsh.setStringAttribute("serial_number", diskSerialNumber) diskOsh.setStringAttribute("disk_type", "fixed_disk") diskSize = diskDevice.Size and diskDevice.Size.strip() or None # Byte to MB if diskSize: diskSize = int(diskSize) / 0x100000 diskOsh.setIntegerAttribute("disk_size", diskSize) diskOsh.setContainer(hostOSH) OSHVec.add(diskOsh)
def discoverPhysicalDiskByWmi(shell, OSHVec, hostOSH): wmiProvider = wmiutils.getWmiProvider(shell) queryBuilder = wmiProvider.getBuilder('Win32_DiskDrive') queryBuilder.addWmiObjectProperties('DeviceID', 'SerialNumber', 'Size') wmiAgent = wmiProvider.getAgent() diskDevices = [] try: diskDevices = wmiAgent.getWmiData(queryBuilder) except: logger.debugException('Failed getting physical disk via wmi') for diskDevice in diskDevices: diskOsh = ObjectStateHolder("disk_device") diskName = diskDevice.DeviceID and diskDevice.DeviceID.strip() or None if diskName: diskOsh.setStringAttribute("name", diskName.upper()) else: continue diskSerialNumber = diskDevice.SerialNumber and diskDevice.SerialNumber.strip( ) or None if diskSerialNumber: diskOsh.setStringAttribute("serial_number", diskSerialNumber) diskOsh.setStringAttribute("disk_type", "fixed_disk") diskSize = diskDevice.Size and diskDevice.Size.strip() or None # Byte to MB if diskSize: diskSize = int(diskSize) / 0x100000 diskOsh.setIntegerAttribute("disk_size", diskSize) diskOsh.setContainer(hostOSH) OSHVec.add(diskOsh)
def discoveriSCSIInfo(shell, OSHVec, hostOSH): wmiProvider = wmiutils.getWmiProvider(shell) queryBuilder = wmiProvider.getBuilder('MSFT_iSCSISession') queryBuilder.addWmiObjectProperties('InitiatorNodeAddress', 'TargetNodeAddress', 'SessionIdentifier') wmicAgent = wmiProvider.getAgent() try: wmicAgent.setNamespace('root/Microsoft/Windows/Storage') except: logger.debug( 'Cannot change to name space root/Microsoft/Windows/Storage for iSCSI discovery' ) return try: sessionItems = [] try: sessionItems = wmicAgent.getWmiData(queryBuilder) except: logger.debugException('Failed getting iSCSI information') return sessionToDiskMap = discoveriSCSISessionToDiskMap(wmiProvider) phyVolumeIdToOshMap, phyVolumeNumberToOshMap = discoverPhysicalVolumes( wmiProvider, OSHVec, hostOSH) discoverDiskMountPoints(wmiProvider, OSHVec, hostOSH, phyVolumeNumberToOshMap) for session in sessionItems: initiatorOsh = None targetOsh = None if session.InitiatorNodeAddress: initiatorOsh = ObjectStateHolder("iscsi_adapter") initiatorOsh.setStringAttribute("iqn", session.InitiatorNodeAddress) initiatorOsh.setContainer(hostOSH) OSHVec.add(initiatorOsh) if session.TargetNodeAddress: targetOsh = ObjectStateHolder("iscsi_adapter") targetOsh.setStringAttribute("iqn", session.TargetNodeAddress) OSHVec.add(targetOsh) if initiatorOsh and targetOsh: OSHVec.add( modeling.createLinkOSH('usage', initiatorOsh, targetOsh)) sessionId = session.SessionIdentifier disks = sessionToDiskMap.get(sessionId) or {} for disk in disks: diskOsh = phyVolumeIdToOshMap.get(disk) if diskOsh and targetOsh: OSHVec.add( modeling.createLinkOSH('dependency', diskOsh, targetOsh)) finally: wmicAgent.setNamespace() #set back to default
def discoverDiskByWmic(shell, OSHVec, hostOSH): wmiProvider = wmiutils.getWmiProvider(shell) queryBuilder = wmiProvider.getBuilder("Win32_LogicalDisk") queryBuilder.usePathCommand(1) queryBuilder.addWmiObjectProperties("DeviceID", "DriveType", "FreeSpace", "ProviderName", "Size", "FileSystem") queryBuilder.addWhereClause("DriveType=3") wmicAgent = wmiProvider.getAgent() diskItems = [] try: diskItems = wmicAgent.getWmiData(queryBuilder) except: logger.debugException("Failed getting disks information via wmic") return 0 for diskItem in diskItems: # size in MB diskSize = diskItem.Size and diskItem.Size.strip() or None if diskSize: diskSize = _bytesToMB(diskSize) diskFreeSize = diskItem.FreeSpace and diskItem.FreeSpace.strip() or None if diskFreeSize: diskFreeSize = _bytesToMB(diskFreeSize) diskUsedSize = None if diskFreeSize is not None and diskFreeSize is not None: diskUsedSize = diskSize - diskFreeSize diskName = diskItem.DeviceID and diskItem.DeviceID.strip() or None if diskName: diskName = re.sub(":$", "", diskName) # if provderName is set - this is a remote disk diskProviderName = diskItem.ProviderName and diskItem.ProviderName.strip() or diskName diskType = diskItem.DriveType and int(diskItem.DriveType.strip()) or None logger.debug( "found disk: %s, sizeInMB=%s, freespace=%s, type=%s" % (diskName, diskSize, diskFreeSize, diskType) ) diskType = diskType and modeling.STORAGE_ID_TO_STORAGE_TYPE.get(diskType) or modeling.OTHER_STORAGE_TYPE diskOsh = modeling.createDiskOSH( hostOSH, diskName, diskType, size=diskSize, name=diskProviderName, usedSize=diskUsedSize ) OSHVec.add(diskOsh) return 1
def discoverServices(self): ''' -> None @command: wmic path Win32_service get AcceptPause, Description, DisplayName, Name, PathName, ServiceType, StartMode, State @raise ValueError: Failed getting services ''' wmiProvider = wmiutils.getWmiProvider(self.shell) queryBuilder = wmiProvider.getBuilder('Win32_Service') queryBuilder.usePathCommand(1) # queryBuilder = wmiutils.WmicQueryBuilder('service') filterList = self.buildFilter() queryBuilder.addWmiObjectProperties(*filterList) wmicAgent = wmiProvider.getAgent() self.serviceItems = wmicAgent.getWmiData(queryBuilder) if not self.serviceItems: raise ValueError("Failed getting services")
def discoveriSCSIInfo(shell, OSHVec, hostOSH): wmiProvider = wmiutils.getWmiProvider(shell) queryBuilder = wmiProvider.getBuilder("MSFT_iSCSISession") queryBuilder.addWmiObjectProperties("InitiatorNodeAddress", "TargetNodeAddress", "SessionIdentifier") wmicAgent = wmiProvider.getAgent() try: wmicAgent.setNamespace("root/Microsoft/Windows/Storage") except: logger.debug("Cannot change to name space root/Microsoft/Windows/Storage for iSCSI discovery") return try: sessionItems = [] try: sessionItems = wmicAgent.getWmiData(queryBuilder) except: logger.debugException("Failed getting iSCSI information") return sessionToDiskMap = discoveriSCSISessionToDiskMap(wmiProvider) phyVolumeIdToOshMap, phyVolumeNumberToOshMap = discoverPhysicalVolumes(wmiProvider, OSHVec, hostOSH) discoverDiskMountPoints(wmiProvider, OSHVec, hostOSH, phyVolumeNumberToOshMap) for session in sessionItems: initiatorOsh = None targetOsh = None if session.InitiatorNodeAddress: initiatorOsh = ObjectStateHolder("iscsi_adapter") initiatorOsh.setStringAttribute("iqn", session.InitiatorNodeAddress) initiatorOsh.setContainer(hostOSH) OSHVec.add(initiatorOsh) if session.TargetNodeAddress: targetOsh = ObjectStateHolder("iscsi_adapter") targetOsh.setStringAttribute("iqn", session.TargetNodeAddress) OSHVec.add(targetOsh) if initiatorOsh and targetOsh: OSHVec.add(modeling.createLinkOSH("usage", initiatorOsh, targetOsh)) sessionId = session.SessionIdentifier disks = sessionToDiskMap.get(sessionId) or {} for disk in disks: diskOsh = phyVolumeIdToOshMap.get(disk) if diskOsh and targetOsh: OSHVec.add(modeling.createLinkOSH("dependency", diskOsh, targetOsh)) finally: wmicAgent.setNamespace() # set back to default
def executeWmiQuery(client, OSHVResult, servicesByCmd=None, nodeOsh=None): containerOsh = nodeOsh or modeling.createHostOSH(client.getIpAddress()) wmiProvider = wmiutils.getWmiProvider(client) queryBuilder = wmiProvider.getBuilder('Win32_Service') queryBuilder.addWmiObjectProperties('DisplayName', 'Description', \ 'PathName', 'StartMode', 'State', \ 'AcceptPause', 'StartName') wmicAgent = wmiProvider.getAgent() services = wmicAgent.getWmiData(queryBuilder) serviceOshv = ObjectStateHolderVector() for service in services: serviceOsh = modeling.createServiceOSH(containerOsh, service.DisplayName, service.Description, \ service.PathName, service.StartMode, service.State, \ service.AcceptPause, serviceStartUser=service.StartName) if service.PathName != None: servicesByCmd.put(CmdLine(service.PathName.lower()), serviceOsh) serviceOshv.add(serviceOsh) logger.debug('Discovered ', serviceOshv.size(), ' services') return serviceOshv
def disWinOS(hostCmdbId, shell, Framework, langBund, host_is_virtual = False): ''' Discover CPUs for windows by shell str, WinShell, Framework, bundle -> OSH vector @param Framework and langBund: are not used @deprecated: use hostresources modules instead ''' hostOsh = modeling.createOshByCmdbIdString('host', hostCmdbId) wmiProvider = getWmiProvider(shell) cpuDiscoverer = CpuDiscoverer(wmiProvider) try: resources = cpuDiscoverer.discover() except: logger.debug('Failed to discover CPU info from win32_Processor. ' 'Trying to discover physical CPU on base ' 'of SocketDesignation property ') cpuDiscoverer = CpuDiscovererBySocketDesignationProperty(wmiProvider) resources = cpuDiscoverer.discover() resources.build(hostOsh) return resources.report()
def disWinOS(host_obj, shell, Framework, langBund, softNameToInstSoftOSH=None): host = modeling.createOshByCmdbIdString('host', host_obj) resultsVector = ObjectStateHolderVector() if not NTCMD_HR_REG_Software_Lib.doSoftware(shell, host, resultsVector, softNameToInstSoftOSH): discoverSoftwareByWmic(shell, host, resultsVector, softNameToInstSoftOSH) wmiProvider = getWmiProvider(shell) hostDiscoverer = WmiHostDiscoverer(wmiProvider) if hostDiscoverer.isWin2008(): softwares = discover2008Hotfixes(wmiProvider, host) for software in softwares: if not software.osh: continue if softNameToInstSoftOSH is not None: if software.name in softNameToInstSoftOSH: continue softNameToInstSoftOSH[software.name] = software.osh resultsVector.add(software.osh) elif hostDiscoverer.isWindows8_2012(): softwares = discover2012Hotfixes(wmiProvider, host) for software in softwares: if not software.osh: continue if softNameToInstSoftOSH is not None: if software.name in softNameToInstSoftOSH: continue softNameToInstSoftOSH[software.name] = software.osh resultsVector.add(software.osh) softwareList = WindowsAppsDiscoverer(shell).discover() softwareOshVector = InstalledSoftwareReporter().reportAll( softwareList, host) resultsVector.addAll(softwareOshVector) return resultsVector
def _createWmiAgentProvider(self): self.__wmiAgentProvider = wmiutils.getWmiProvider(self._getShell())
def discoverDiskByWmic(shell, OSHVec, hostOSH): wmiProvider = wmiutils.getWmiProvider(shell) queryBuilder = wmiProvider.getBuilder('Win32_LogicalDisk') queryBuilder.usePathCommand(1) queryBuilder.addWmiObjectProperties( 'DeviceID', 'DriveType', 'FreeSpace', 'ProviderName', 'Size', 'FileSystem', ) queryBuilder.addWhereClause('DriveType=3') wmicAgent = wmiProvider.getAgent() diskItems = [] try: diskItems = wmicAgent.getWmiData(queryBuilder) except: logger.debugException('Failed getting disks information via wmic') return 0 for diskItem in diskItems: #size in MB diskSize = diskItem.Size and diskItem.Size.strip() or None if diskSize: diskSize = _bytesToMB(diskSize) diskFreeSize = diskItem.FreeSpace and diskItem.FreeSpace.strip( ) or None if diskFreeSize: diskFreeSize = _bytesToMB(diskFreeSize) diskUsedSize = None if diskFreeSize is not None and diskFreeSize is not None: diskUsedSize = diskSize - diskFreeSize diskName = diskItem.DeviceID and diskItem.DeviceID.strip() or None if diskName: diskName = re.sub(':$', '', diskName) # if provderName is set - this is a remote disk diskProviderName = diskItem.ProviderName and diskItem.ProviderName.strip( ) or diskName diskType = diskItem.DriveType and int( diskItem.DriveType.strip()) or None logger.debug('found disk: %s, sizeInMB=%s, freespace=%s, type=%s' % (diskName, diskSize, diskFreeSize, diskType)) diskType = diskType and modeling.STORAGE_ID_TO_STORAGE_TYPE.get( diskType) or modeling.OTHER_STORAGE_TYPE diskOsh = modeling.createDiskOSH(hostOSH, diskName, diskType, size=diskSize, name=diskProviderName, usedSize=diskUsedSize) OSHVec.add(diskOsh) return 1
def discoverProcessesByWmic(client, OSHVResult, hostID, Framework, pid2Process = None): ''' Discover system processes, report them and save in probe DB. Shell, oshVector, str, Framework, map[str, str] -> bool @command: wmic process get commandLine, creationdate, executablepath, name, processId ''' wmiProvider = wmiutils.getWmiProvider(client) queryBuilder = wmiProvider.getBuilder('Win32_Process') queryBuilder.usePathCommand(1) #queryBuilder = wmiutils.WmicQueryBuilder('process') queryBuilder.addWmiObjectProperties('name', 'processId', 'commandLine', 'executablepath', 'creationdate') wmicAgent = wmiProvider.getAgent() processItems = [] try: processItems = wmicAgent.getWmiData(queryBuilder) except: logger.debugException('Failed getting processes information via wmic' ) return 0 pdu = None try: pdu = processdbutils.ProcessDbUtils(Framework) processList = [] hostOSH = None count = 0 for processItem in processItems: if not processItem.name: continue processName = processItem.name processNameLower = processName.lower() processPid = processItem.processId if processPid == '-1' or not processPid.isnumeric(): logger.debug("Process '%s' is system process or has non numeric pid" % processName) continue processExecutablePath = processItem.executablepath processCommandLine = processItem.commandLine processStartupTimeString = processItem.creationdate processStartupTime = None if processStartupTimeString: try: startupDate = modeling.getDateFromUtcString(processStartupTimeString) processStartupTime = startupDate.getTime() except: errobj = errorobject.createError(errorcodes.PROCESS_STARTUP_TIME_ATTR_NOT_SET, ['NTCMD', processStartupTimeString], "%s: Process startup time attribute is not set due to error while parsing date string '%s'" % ('NTCMD', processStartupTimeString)) logger.reportWarningObject(errobj) # check whether process name is included in command line # Obtain first token containing process from the CMD line matchObj = re.match('(:?["\'](.*?)["\']|(.*?)\s)', processCommandLine) if matchObj and matchObj.groups(): firstCmdToken = matchObj.group(1).strip() else: firstCmdToken = processCommandLine.strip() #remove quotes firstCmdToken = re.sub('[\'"]', '', firstCmdToken).lower() #token has to end with process name if not firstCmdToken.endswith(processNameLower): extStartPos = processNameLower.rfind('.') if extStartPos != -1: pnameNoExt = processNameLower[0:extStartPos] if not firstCmdToken.endswith(pnameNoExt): processCommandLine = '%s %s' % (processName, processCommandLine) processArgs = None argsMatch = re.match('("[^"]+"|[^"]\S+)\s+(.+)$',processCommandLine) if argsMatch: processArgs = argsMatch.group(2) pdu.addProcess(hostID, processName, processPid, processCommandLine, processExecutablePath, processArgs, None, processStartupTime) if processPid in processList: logger.debug("Process: '%s' already reported" % processName) continue count += 1 processList.append(processPid) if OSHVResult is not None: if hostOSH == None: hostOSH = modeling.createOshByCmdbIdString('host', hostID) processOsh = modeling.createProcessOSH(processName, hostOSH, processCommandLine, processPid, processExecutablePath, None, None, processStartupTime) OSHVResult.add(processOsh) pdu.flushHostProcesses(hostID) if pid2Process is not None: pid2Process.putAll(pdu.getProcessCmdMap()) finally: if pdu != None: pdu.close() return 1
def _createWmiAgentProvider(self): self.__wmiAgentProvider = wmiutils.getWmiProvider(self._client)
def doWMI(client, wmiOSH, ip_address, ip_domain, hostForLinkOSH, host_cmdbid=None, host_key=None, host_macs=None, ucmdb_version=None): '''@types: WmiClient, ObjectStateHolder, IPAddress, str, ObjectStateHolder, str, str, list[str], int -> ObjectStateHolderVector @param ip_address: Destination IP address ''' wmiProvider = wmiutils.getWmiProvider(client) hostDiscoverer = host_win_wmi.WmiHostDiscoverer(wmiProvider) hostInfo = hostDiscoverer.discoverHostInfo() machineName = hostInfo.hostName interfacesDiscover = networking_win_wmi.WmiInterfaceDiscoverer(wmiProvider, ip_address) vector = ObjectStateHolderVector() interfaceList = interfacesDiscover.getInterfaces() parentLinkList = ObjectStateHolderVector() isVirtual = 1 resultEmpty = 1 interfacesToUpdateList = [] for interface in interfaceList: ips = interface.ips MACAddress = interface.macAddress masks = interface.masks Description = interface.description dhcpEnabled = interface.dhcpEnabled resultEmpty = 0 for ipIndex, ipAddress in enumerate(__iterate_valid_ips(ips)): IPSubnet = (masks and masks[ipIndex]) or None if str(ip_address) == str(ipAddress): isVirtual = 0 ipOSH = modeling.createIpOSH(ipAddress) # Test if the same ip and interface are in the list allready logger.debug('Found ip address: ', ipAddress, ', MACAddress: ', MACAddress, ', IPSubnet: ', IPSubnet, ', Description: ', Description) # create OSH for IP and add it to the list # create OSH for Network and add it to the list __vector = getIPNetworkMemebrList(ipAddress, IPSubnet, '', dhcpEnabled, Description) if __vector.size() > 0: vector.addAll(__vector) if netutils.isValidMac(MACAddress): # create link interface to its ip only it has an ip defined interfaceOSH = modeling.createInterfaceOSH(MACAddress, hostForLinkOSH, Description) parentLinkList.add(modeling.createLinkOSH('containment', interfaceOSH, ipOSH)) interfacesToUpdateList.append(interfaceOSH) # Check if the Input IP is virtual, we do not want to return the WMI if isVirtual == 1: logger.warn('Destination is not among discovered IPs assuming virtual. WMI object will not be reported.') vIPOSH = modeling.createIpOSH(ip_address) vIPOSH.setBoolAttribute('isvirtual', 1) vector.add(vIPOSH) if resultEmpty == 1: logger.warn('WMI was able to connect, but WMI Query returns no results') vector.clear() return vector # create the host and all the objects if len(interfaceList) > 0: hostOSH = None try: hostOSH = modeling.createCompleteHostOSHByInterfaceList('nt', interfaceList, 'Windows', machineName, None, host_cmdbid, host_key, host_macs, ucmdb_version) except: hostOSH = modeling.createHostOSH(str(ip_address), 'nt') logger.debugException('Could not find a valid MAC address for key on ip : %s. Creating incomplete host\n' % ip_address) logger.warn('Could not find a valid MAC address for key on ip : %s. Creating incomplete host\n' % ip_address) # select from Win32_OperatingSystem _wmiQuery = 'select Caption,Version,ServicePackMajorVersion,ServicePackMinorVersion,BuildNumber,Organization,RegisteredUser,TotalVisibleMemorySize,LastBootUpTime,OtherTypeDescription,description from Win32_OperatingSystem' resultSet = client.executeQuery(_wmiQuery) # @@CMD_PERMISION wmi protocol execution osinstalltype = None if resultSet.next(): Caption = resultSet.getString(1) Version = resultSet.getString(2) ServicePackMajorVersion = resultSet.getString(3) ServicePackMinorVersion = resultSet.getString(4) BuildNumber = resultSet.getString(5) Organization = resultSet.getString(6) RegisteredUser = resultSet.getString(7) TotalVisibleMemorySize = resultSet.getString(8) LastBootUpTime = resultSet.getString(9) OtherTypeDescription = resultSet.getString(10) description = resultSet.getString(11) (vendor, osName, osinstalltype) = separateCaption(Caption, OtherTypeDescription) hostOSH.setAttribute('host_vendor', vendor) modeling.setHostOsName(hostOSH, osName) hostOSH.setAttribute('host_osinstalltype', osinstalltype) setLastBootUpTime(hostOSH, LastBootUpTime) biosUUID = getBIOSUUID(client) defaultGateway = getDefaultGateway(client) hostOSH.setAttribute('host_osversion', Version) sp = ServicePackMajorVersion + '.' + ServicePackMinorVersion if checkSpVersion(sp): hostOSH.setAttribute('nt_servicepack', sp) hostOSH.setAttribute('host_osrelease', str(BuildNumber)) hostOSH.setAttribute('nt_registrationorg', Organization) hostOSH.setAttribute('nt_registeredowner', RegisteredUser) hostOSH.setAttribute('nt_physicalmemory', TotalVisibleMemorySize) hostOSH.setAttribute('host_hostname', machineName) modeling.setHostBiosUuid(hostOSH, biosUUID) modeling.setHostDefaultGateway(hostOSH, defaultGateway) modeling.setHostOsFamily(hostOSH, 'windows') hostOSH = HostBuilder(hostOSH).setDescription(description).build() _wmiQuery2 = 'select Manufacturer,NumberOfProcessors,Model,Domain from Win32_ComputerSystem' resultSet = client.executeQuery(_wmiQuery2) # @@CMD_PERMISION wmi protocol execution if resultSet.next(): Manufacturer = resultSet.getString(1) if ((Manufacturer != None) and (Manufacturer.find('system manufacturer') == -1)): modeling.setHostManufacturerAttribute(hostOSH, Manufacturer.strip()) NumberOfProcessors = resultSet.getString(2) hostOSH.setAttribute('nt_processorsnumber', int(NumberOfProcessors)) Model = resultSet.getString(3) modeling.setHostModelAttribute(hostOSH, Model) osDomain = resultSet.getString(4) hostOSH.setAttribute('host_osdomain', osDomain.strip()) biosAssetTag = hostDiscoverer.getBiosAssetTag() if biosAssetTag: hostOSH.setAttribute('bios_asset_tag', biosAssetTag) _wmiQuery4 = 'SELECT SerialNumber FROM Win32_BIOS' resultSet = client.executeQuery(_wmiQuery4) # @@CMD_PERMISSION wmi protocol execution if resultSet.next(): serialNumber = processSerialNumber(resultSet.getString(1)) if not serialNumber: wmiBaseBoardSerialNumber = 'SELECT SerialNumber FROM Win32_BaseBoard' resultSet = client.executeQuery(wmiBaseBoardSerialNumber) # @@CMD_PERMISION wmi protocol execution serialNumber = processSerialNumber(str(resultSet)) modeling.setHostSerialNumberAttribute(hostOSH, serialNumber) try: paeEnabled = getPAEState(client) if paeEnabled and paeEnabled.lower() in ['1', 'true']: hostOSH.setBoolAttribute('pae_enabled', 1) elif paeEnabled and paeEnabled.lower() in ['0', 'false']: hostOSH.setBoolAttribute('pae_enabled', 0) except Exception, ex: logger.warn('Failed getting PAE state. %s' % ex) try: osArchitecture = getOsArchitecture(client) if osinstalltype and osinstalltype.find('64') != -1: osArchitecture = '64-bit' if osArchitecture: hostOSH.setStringAttribute('os_architecture', osArchitecture) except Exception, ex: logger.warn('Failed getting OS Architecture value. %s' % ex)
def discoverProcessesByWmic(client, OSHVResult, hostID, Framework, pid2Process=None): ''' Discover system processes, report them and save in probe DB. Shell, oshVector, str, Framework, map[str, str] -> bool @command: wmic process get commandLine, creationdate, executablepath, name, processId ''' wmiProvider = wmiutils.getWmiProvider(client) queryBuilder = wmiProvider.getBuilder('Win32_Process') queryBuilder.usePathCommand(1) #queryBuilder = wmiutils.WmicQueryBuilder('process') queryBuilder.addWmiObjectProperties('name', 'processId', 'commandLine', 'executablepath', 'creationdate') wmicAgent = wmiProvider.getAgent() processItems = [] try: processItems = wmicAgent.getWmiData(queryBuilder) except: logger.debugException('Failed getting processes information via wmic') return 0 pdu = None try: pdu = processdbutils.ProcessDbUtils(Framework) processList = [] hostOSH = None count = 0 for processItem in processItems: if not processItem.name: continue processName = processItem.name processNameLower = processName.lower() processPid = processItem.processId if processPid == '-1' or not processPid.isnumeric(): logger.debug( "Process '%s' is system process or has non numeric pid" % processName) continue processExecutablePath = processItem.executablepath processCommandLine = processItem.commandLine processStartupTimeString = processItem.creationdate processStartupTime = None if processStartupTimeString: try: startupDate = modeling.getDateFromUtcString( processStartupTimeString) processStartupTime = startupDate.getTime() except: errobj = errorobject.createError( errorcodes.PROCESS_STARTUP_TIME_ATTR_NOT_SET, ['NTCMD', processStartupTimeString], "%s: Process startup time attribute is not set due to error while parsing date string '%s'" % ('NTCMD', processStartupTimeString)) logger.reportWarningObject(errobj) # check whether process name is included in command line # Obtain first token containing process from the CMD line matchObj = re.match('(:?["\'](.*?)["\']|(.*?)\s)', processCommandLine) if matchObj and matchObj.groups(): firstCmdToken = matchObj.group(1).strip() else: firstCmdToken = processCommandLine.strip() #remove quotes firstCmdToken = re.sub('[\'"]', '', firstCmdToken).lower() #token has to end with process name if not firstCmdToken.endswith(processNameLower): extStartPos = processNameLower.rfind('.') if extStartPos != -1: pnameNoExt = processNameLower[0:extStartPos] if not firstCmdToken.endswith(pnameNoExt): processCommandLine = '%s %s' % (processName, processCommandLine) processArgs = None argsMatch = re.match('("[^"]+"|[^"]\S+)\s+(.+)$', processCommandLine) if argsMatch: processArgs = argsMatch.group(2) pdu.addProcess(hostID, processName, processPid, processCommandLine, processExecutablePath, processArgs, None, processStartupTime) if processPid in processList: logger.debug("Process: '%s' already reported" % processName) continue count += 1 processList.append(processPid) if OSHVResult is not None: if hostOSH == None: hostOSH = modeling.createOshByCmdbIdString('host', hostID) processOsh = modeling.createProcessOSH( processName, hostOSH, processCommandLine, processPid, processExecutablePath, None, None, processStartupTime) OSHVResult.add(processOsh) pdu.flushHostProcesses(hostID) if pid2Process is not None: pid2Process.putAll(pdu.getProcessCmdMap()) finally: if pdu != None: pdu.close() return 1