def testInterrogateCloudMetadataLinux(self): """Check google cloud metadata on linux.""" client_id, client_urn = self._SetupMinimalClient() with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.OS, vfs_test_lib.FakeTestDataVFSHandler): with test_lib.ConfigOverrider({ "Artifacts.knowledge_base": [ "LinuxWtmp", "NetgroupConfiguration", "LinuxRelease" ], "Artifacts.netgroup_filter_regexes": [r"^login$"] }): client_mock = action_mocks.InterrogatedClient() client_mock.InitializeClient() with test_lib.SuppressLogs(): flow_test_lib.TestFlowHelper( discovery.Interrogate.__name__, client_mock, token=self.token, client_id=client_id) if data_store.RelationalDBReadEnabled(): client = self._OpenClient(client_id) self._CheckCloudMetadataRelational(client) else: client = aff4.FACTORY.Open(client_urn, token=self.token) self._CheckCloudMetadataAFF4(client)
def testFleetspeakClient(self, mock_labels_fn): mock_labels_fn.return_value = ["foo", "bar"] client_id = "C.0000000000000001" data_store.REL_DB.WriteClientMetadata(client_id, fleetspeak_enabled=True) client_mock = action_mocks.InterrogatedClient() client_mock.InitializeClient(fqdn="fleetspeak.test.com", system="Linux", release="Ubuntu", version="14.4") with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.OS, vfs_test_lib.FakeTestDataVFSHandler): flow_test_lib.TestFlowHelper(discovery.Interrogate.__name__, client_mock, token=self.token, client_id=client_id) snapshot = data_store.REL_DB.ReadClientSnapshot(client_id) self.assertEqual(snapshot.knowledge_base.fqdn, "fleetspeak.test.com") self.assertEqual(snapshot.knowledge_base.os, "Linux") self._CheckClientInfo(snapshot) self._CheckGRRConfig(snapshot) self._CheckNotificationsCreated(self.token.username, client_id) self._CheckRelease(snapshot, "Ubuntu", "14.4") self._CheckNetworkInfo(snapshot) labels = data_store.REL_DB.ReadClientLabels(client_id) self.assertCountEqual([l.name for l in labels], ["foo", "bar"])
def testFleetspeakClient_OnlyGRRLabels(self, mock_labels_fn): mock_labels_fn.return_value = [] client_id = "C.0000000000000001" data_store.REL_DB.WriteClientMetadata(client_id, fleetspeak_enabled=True) client_mock = action_mocks.InterrogatedClient() client_mock.InitializeClient(fqdn="fleetspeak.test.com", system="Linux", release="Ubuntu", version="14.4") with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.OS, vfs_test_lib.FakeTestDataVFSHandler): with self.assertStatsCounterDelta( 1, discovery.FLEETSPEAK_UNLABELED_CLIENTS): flow_test_lib.TestFlowHelper(discovery.Interrogate.__name__, client_mock, token=self.token, client_id=client_id) rdf_labels = data_store.REL_DB.ReadClientLabels(client_id) expected_labels = [ action_mocks.InterrogatedClient.LABEL1, action_mocks.InterrogatedClient.LABEL2, ] self.assertCountEqual([l.name for l in rdf_labels], expected_labels)
def testInterrogateCloudMetadataWindows(self): """Check google cloud metadata on windows.""" self.client_id = self.SetupClient(0, system="Windows", os_version="6.2", arch="AMD64") with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.REGISTRY, vfs_test_lib.FakeRegistryVFSHandler): with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.OS, vfs_test_lib.FakeFullVFSHandler): client_mock = action_mocks.InterrogatedClient() client_mock.InitializeClient(system="Windows", version="6.1.7600", kernel="6.1.7601") with mock.patch.object(platform, "system", return_value="Windows"): flow_test_lib.TestFlowHelper( discovery.Interrogate.__name__, client_mock, token=self.token, client_id=self.client_id) self.fd = aff4.FACTORY.Open(self.client_id, token=self.token) self._CheckCloudMetadata()
def testInterrogateCloudMetadataWindows(self): """Check google cloud metadata on windows.""" client_id = self.SetupClient(0, system="Windows") with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.REGISTRY, vfs_test_lib.FakeRegistryVFSHandler): with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.OS, vfs_test_lib.FakeFullVFSHandler): client_mock = action_mocks.InterrogatedClient() client_mock.InitializeClient(system="Windows", version="6.1.7600", kernel="6.1.7601") with mock.patch.object(platform, "system", return_value="Windows"): flow_test_lib.TestFlowHelper( discovery.Interrogate.__name__, client_mock, token=self.token, client_id=client_id) if data_store.RelationalDBReadEnabled(): client = self._OpenClient(client_id.Basename()) self._CheckCloudMetadataRelational(client) else: client = aff4.FACTORY.Open(client_id, token=self.token) self._CheckCloudMetadataAFF4(client)
def testInterrogateWindows(self): """Test the Interrogate flow.""" self.client_id = self.SetupClient(0, system="Windows", kernel="10.0.14393", os_version="6.2", arch="AMD64") data_store.REL_DB.WriteClientMetadata(self.client_id.Basename(), fleetspeak_enabled=False) with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.REGISTRY, vfs_test_lib.FakeRegistryVFSHandler): with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.OS, vfs_test_lib.FakeFullVFSHandler): client_mock = action_mocks.InterrogatedClient() client_mock.InitializeClient(system="Windows", version="6.1.7600", kernel="6.1.7601") # Run the flow in the simulated way for _ in flow_test_lib.TestFlowHelper( discovery.Interrogate.__name__, client_mock, token=self.token, client_id=self.client_id): pass self.fd = aff4.FACTORY.Open(self.client_id, token=self.token) self._CheckBasicInfo("test_node.test", "Windows", 100 * 1000000) self._CheckClientInfo() self._CheckGRRConfig() self._CheckNotificationsCreated() self._CheckClientSummary("Windows", "6.1.7600", kernel="6.1.7601") # jim parsed from registry profile keys self._CheckUsers(["jim", "kovacs"]) self._CheckNetworkInfo() self._CheckVFS() self._CheckLabels() self._CheckLabelIndex() self._CheckWindowsDiskInfo() self._CheckRegistryPathspec() self._CheckClientKwIndex(["Linux"], 0) self._CheckClientKwIndex(["Windows"], 1) self._CheckClientKwIndex(["Label2"], 1) self._CheckMemory()
def testSourceFlowIdIsSet(self): client_id = self._SetupMinimalClient() client_mock = action_mocks.InterrogatedClient() client_mock.InitializeClient() with test_lib.SuppressLogs(): flow_id = flow_test_lib.TestFlowHelper( discovery.Interrogate.__name__, client_mock, creator=self.test_username, client_id=client_id) client = self._OpenClient(client_id) self.assertNotEmpty(client.metadata.source_flow_id) self.assertEqual(client.metadata.source_flow_id, flow_id)
def testInterrogateWindows(self): """Test the Interrogate flow.""" client_id = self._SetupMinimalClient() with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.REGISTRY, vfs_test_lib.FakeRegistryVFSHandler): with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.OS, vfs_test_lib.FakeFullVFSHandler): client_mock = action_mocks.InterrogatedClient() client_mock.InitializeClient(system="Windows", version="6.1.7600", kernel="6.1.7601") with test_lib.ConfigOverrider({ "Artifacts.non_kb_interrogate_artifacts": ["WMILogicalDisks"], }): # Run the flow in the simulated way flow_test_lib.TestFlowHelper( discovery.Interrogate.__name__, client_mock, token=self.token, client_id=client_id) client = self._OpenClient(client_id) self._CheckBasicInfo(client, "test_node.test", "Windows", 100 * 1000000) self._CheckClientInfo(client) self._CheckGRRConfig(client) self._CheckNotificationsCreated(self.token.username, client_id) self._CheckClientSummary(client_id, client.GetSummary(), "Windows", "6.1.7600", kernel="6.1.7601") # jim parsed from registry profile keys self._CheckUsers(client, ["jim", "kovacs"]) self._CheckNetworkInfo(client) # No VFS test for the relational db. self._CheckLabels(client_id) self._CheckLabelIndex(client_id) self._CheckWindowsDiskInfo(client) # No registry pathspec test for the relational db. self._CheckClientKwIndex(["Linux"], 0) self._CheckClientKwIndex(["Windows"], 1) self._CheckClientKwIndex(["Label2"], 1) self._CheckMemory(client)
def testInterrogateLinuxWithWtmp(self): """Test the Interrogate flow.""" self.client_id = self.SetupClient(0, system="Linux", os_version="12.04") data_store.REL_DB.WriteClientMetadata(self.client_id.Basename(), fleetspeak_enabled=False) with vfs_test_lib.FakeTestDataVFSOverrider(): with test_lib.ConfigOverrider({ "Artifacts.knowledge_base": ["LinuxWtmp", "NetgroupConfiguration", "LinuxRelease"], "Artifacts.netgroup_filter_regexes": [r"^login$"] }): client_mock = action_mocks.InterrogatedClient() client_mock.InitializeClient() for _ in flow_test_lib.TestFlowHelper( discovery.Interrogate.__name__, client_mock, token=self.token, client_id=self.client_id): pass self.fd = aff4.FACTORY.Open(self.client_id, token=self.token) self._CheckBasicInfo("test_node.test", "Linux", 100 * 1000000) self._CheckClientInfo() self._CheckGRRConfig() self._CheckNotificationsCreated() self._CheckClientSummary("Linux", "14.4", release="Ubuntu", kernel="3.13.0-39-generic") self._CheckRelease("Ubuntu", "14.4") # users 1,2,3 from wtmp # users yagharek, isaac from netgroup self._CheckUsers( ["yagharek", "isaac", "user1", "user2", "user3"]) self._CheckNetworkInfo() self._CheckVFS() self._CheckLabels() self._CheckLabelIndex() self._CheckClientKwIndex(["Linux"], 1) self._CheckClientKwIndex(["Label2"], 1) self._CheckClientLibraries() self._CheckMemory()
def testInterrogateLinuxWithWtmp(self): """Test the Interrogate flow.""" fixture_test_lib.ClientFixture(self.client_id, token=self.token) self.SetupClients(1, system="Linux", os_version="12.04") with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.OS, vfs_test_lib.FakeTestDataVFSHandler): with test_lib.ConfigOverrider({ "Artifacts.knowledge_base": ["LinuxWtmp", "NetgroupConfiguration", "LinuxRelease"], "Artifacts.interrogate_store_in_aff4": [], "Artifacts.netgroup_filter_regexes": [r"^login$"] }): client_mock = action_mocks.InterrogatedClient() client_mock.InitializeClient() for _ in flow_test_lib.TestFlowHelper( discovery.Interrogate.__name__, client_mock, token=self.token, client_id=self.client_id): pass self.fd = aff4.FACTORY.Open(self.client_id, token=self.token) self._CheckAFF4Object("test_node", "Linux", 100 * 1000000) self._CheckClientInfo() self._CheckGRRConfig() self._CheckNotificationsCreated() self._CheckClientSummary("Linux", "14.4", release="Ubuntu", kernel="3.13.0-39-generic") self._CheckRelease("Ubuntu", "14.4") # users 1,2,3 from wtmp # users yagharek, isaac from netgroup self._CheckUsers( ["yagharek", "isaac", "user1", "user2", "user3"]) self._CheckNetworkInfo() self._CheckVFS() self._CheckLabelIndex() self._CheckClientKwIndex(["Linux"], 1) self._CheckClientKwIndex(["Label2"], 1) self._CheckClientLibraries() self._CheckMemory()
def testInterrogateLinuxWithWtmp(self): """Test the Interrogate flow.""" client_id = self._SetupMinimalClient() with vfs_test_lib.FakeTestDataVFSOverrider(): with test_lib.ConfigOverrider({ "Artifacts.knowledge_base": [ "LinuxWtmp", "NetgroupConfiguration", "LinuxReleaseInfo" ], "Artifacts.netgroup_filter_regexes": [r"^login$"] }): client_mock = action_mocks.InterrogatedClient() client_mock.InitializeClient(version="14.4", release="Ubuntu") with test_lib.SuppressLogs(): flow_test_lib.TestFlowHelper( discovery.Interrogate.__name__, client_mock, token=self.token, client_id=client_id) client = self._OpenClient(client_id) self._CheckBasicInfo(client, "test_node.test", "Linux", 100 * 1000000) self._CheckClientInfo(client) self._CheckGRRConfig(client) self._CheckNotificationsCreated(self.token.username, client_id) self._CheckClientSummary( client_id, client.GetSummary(), "Linux", "14.4", release="Ubuntu", kernel="3.13.0-39-generic") self._CheckRelease(client, "Ubuntu", "14.4") # users 1,2,3 from wtmp, users yagharek, isaac from netgroup self._CheckUsers(client, ["yagharek", "isaac", "user1", "user2", "user3"]) self._CheckNetworkInfo(client) # No VFS test when running on the relational db. self._CheckLabels(client_id) self._CheckLabelIndex(client_id) self._CheckClientKwIndex(["Linux"], 1) self._CheckClientKwIndex(["Label2"], 1) self._CheckClientLibraries(client) self._CheckMemory(client)
def testInterrogateCloudMetadataLinux(self): """Check google cloud metadata on linux.""" client_id = self._SetupMinimalClient() with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.OS, vfs_test_lib.FakeTestDataVFSHandler): with test_lib.ConfigOverrider({ "Artifacts.knowledge_base": ["LinuxWtmp", "NetgroupConfiguration", "LinuxReleaseInfo"], "Artifacts.netgroup_filter_regexes": [r"^login$"] }): client_mock = action_mocks.InterrogatedClient() client_mock.InitializeClient() with test_lib.SuppressLogs(): flow_test_lib.TestFlowHelper( discovery.Interrogate.__name__, client_mock, creator=self.test_username, client_id=client_id) client = self._OpenClient(client_id) self._CheckCloudMetadata(client)
def testInterrogateCloudMetadataLinux(self): """Check google cloud metadata on linux.""" self.SetupClients(1, system="Linux", os_version="12.04") with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.OS, vfs_test_lib.FakeTestDataVFSHandler): with test_lib.ConfigOverrider({ "Artifacts.knowledge_base": ["LinuxWtmp", "NetgroupConfiguration", "LinuxRelease"], "Artifacts.netgroup_filter_regexes": [r"^login$"] }): client_mock = action_mocks.InterrogatedClient() client_mock.InitializeClient() for _ in flow_test_lib.TestFlowHelper( discovery.Interrogate.__name__, client_mock, token=self.token, client_id=self.client_id): pass self.fd = aff4.FACTORY.Open(self.client_id, token=self.token) self._CheckCloudMetadata()
def testInterrogateCloudMetadataWindows(self): """Check google cloud metadata on windows.""" client_id = self._SetupMinimalClient() with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.REGISTRY, vfs_test_lib.FakeRegistryVFSHandler): with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.OS, vfs_test_lib.FakeFullVFSHandler): client_mock = action_mocks.InterrogatedClient() client_mock.InitializeClient(system="Windows", version="6.1.7600", kernel="6.1.7601") with mock.patch.object(platform, "system", return_value="Windows"): flow_test_lib.TestFlowHelper( discovery.Interrogate.__name__, client_mock, creator=self.test_username, client_id=client_id) client = self._OpenClient(client_id) self._CheckCloudMetadata(client)
def testInterrogateWindows(self): """Test the Interrogate flow.""" client_id, client_urn = self._SetupMinimalClient() with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.REGISTRY, vfs_test_lib.FakeRegistryVFSHandler): with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.OS, vfs_test_lib.FakeFullVFSHandler): client_mock = action_mocks.InterrogatedClient() client_mock.InitializeClient( system="Windows", version="6.1.7600", kernel="6.1.7601") # Run the flow in the simulated way flow_test_lib.TestFlowHelper( discovery.Interrogate.__name__, client_mock, token=self.token, client_id=client_id) if data_store.RelationalDBReadEnabled(): client = self._OpenClient(client_id) self._CheckBasicInfoRelational(client, "test_node.test", "Windows", 100 * 1000000) self._CheckClientInfoRelational(client) self._CheckGRRConfigRelational(client) self._CheckNotificationsCreatedRelational(self.token.username, client_id) self._CheckClientSummary( client_id, client.GetSummary(), "Windows", "6.1.7600", kernel="6.1.7601") # jim parsed from registry profile keys self._CheckUsersRelational(client, ["jim", "kovacs"]) self._CheckNetworkInfoRelational(client) # No VFS test for the relational db. self._CheckLabelsRelational(client_id) self._CheckLabelIndexRelational(client_id) self._CheckWindowsDiskInfoRelational(client) # No registry pathspec test for the relational db. self._CheckClientKwIndexRelational(["Linux"], 0) self._CheckClientKwIndexRelational(["Windows"], 1) self._CheckClientKwIndexRelational(["Label2"], 1) self._CheckMemoryRelational(client) else: client = aff4.FACTORY.Open(client_urn, token=self.token) self._CheckBasicInfoAFF4(client, "test_node.test", "Windows", 100 * 1000000) self._CheckClientInfoAFF4(client) self._CheckGRRConfigAFF4(client) self._CheckNotificationsCreatedAFF4(self.token.username, client_urn) self._CheckClientSummary( client_urn, client.GetSummary(), "Windows", "6.1.7600", kernel="6.1.7601") # jim parsed from registry profile keys self._CheckUsersAFF4(client, ["jim", "kovacs"]) self._CheckNetworkInfoAFF4(client) self._CheckVFS(client_urn) self._CheckLabelsAFF4(client) self._CheckLabelIndexAFF4(client_urn, token=self.token) self._CheckWindowsDiskInfoAFF4(client) self._CheckRegistryPathspecAFF4(client_urn) self._CheckClientKwIndexAFF4(["Linux"], 0) self._CheckClientKwIndexAFF4(["Windows"], 1) self._CheckClientKwIndexAFF4(["Label2"], 1) self._CheckMemoryAFF4(client)