コード例 #1
0
def test_detect_raspberry_pi():
    class mockPath():
        def __init__(self, filename):
            self._filename = filename

        def is_file(self):
            return True

        def open(self):
            return mock_open(self._filename)

    def mock_open(filename, mode='r'):
        """
        This will return either a Unicode string needed for "r" mode or bytes for "rb" mode.
        The contents are still the same which is the mock sshd_config. But they are only interpreted
        by audit_sshd.
        """
        if filename == '/proc/device-tree/model':
            content = 'Raspberry Pi 3 Model B Plus Rev 1.3\x00'
        elif filename == '/proc/device-tree/serial-number':
            content = '0000000060e3b222\x00'
        else:
            raise FileNotFoundError
        file_object = mock.mock_open(read_data=content).return_value
        file_object.__iter__.return_value = content.splitlines(True)
        return file_object

    with mock.patch('agent.rpi_helper.Path', mockPath):
        metadata = detect_raspberry_pi()
        assert metadata['is_raspberry_pi']
        assert metadata[
            'hardware_model'] == 'Raspberry Pi 3 Model B Plus Rev 1.3'
        assert metadata['serial_number'] == '0000000060e3b222'
コード例 #2
0
ファイル: test_agent.py プロジェクト: a-martynovich/agent
def test_detect_raspberry_pi(raspberry_cpuinfo):
    with mock.patch('builtins.open',
                    mock.mock_open(read_data=raspberry_cpuinfo),
                    create=True):
        metadata = detect_raspberry_pi()
        assert metadata['is_raspberry_pi']
        assert metadata['hardware_model'] == '900092'
        assert metadata['serial_number'] == '00000000ebd5f1e8'
コード例 #3
0
ファイル: __init__.py プロジェクト: MetalDent/agent
def send_ping(dev=False):
    can_read_cert()

    ping = mtls_request('get', 'ping', dev=dev, requester_name="Ping", log_on_ok=True)

    if ping is None or not ping.ok:
        logger.error('Ping failed.')
        return

    connections, ports = security_helper.netstat_scan()
    payload = {
        'device_operating_system_version': platform.release(),
        'fqdn': socket.getfqdn(),
        'ipv4_address': get_primary_ip(),
        'uptime': get_uptime(),
        'agent_version': str(__version__),
        'confinement': CONFINEMENT.name,
        'installation': detect_installation().name
    }

    # Things we can't do within a Snap or Docker
    if CONFINEMENT not in (Confinement.SNAP, Confinement.DOCKER, Confinement.BALENA):
        payload.update({
            'processes': security_helper.process_scan(),
            'logins': journal_helper.logins_last_hour(),
            'default_password': security_helper.check_for_default_passwords(CONFIG_PATH)
        })

    # Things we cannot do in Docker
    if CONFINEMENT not in (Confinement.DOCKER, Confinement.BALENA):
        blocklist = ping.json()
        iptables_helper.block(blocklist)

        payload.update({
            'selinux_status': security_helper.selinux_status(),
            'app_armor_enabled': security_helper.is_app_armor_enabled(),
            'firewall_rules': iptables_helper.dump(),
            'scan_info': ports,
            'netstat': connections
        })

    rpi_metadata = rpi_helper.detect_raspberry_pi()
    if rpi_metadata['is_raspberry_pi']:
        payload.update({
            'device_manufacturer': 'Raspberry Pi',
            'device_model': rpi_metadata['hardware_model'],
        })

    logger.debug("[GATHER] POST Ping: {}".format(payload))

    ping = mtls_request('post', 'ping', json=payload, dev=dev, requester_name="Ping", log_on_ok=True)

    if ping is None or not ping.ok:
        logger.error('Ping failed.')
        return
コード例 #4
0
def send_ping(debug=False, dev=False):
    can_read_cert()

    payload = {
        'device_operating_system_version': platform.release(),
        'fqdn': socket.getfqdn(),
        'ipv4_address': get_primary_ip(),
        'uptime': get_uptime(),
        'scan_info': get_open_ports(),
        'netstat': security_helper.netstat_scan(),
        'processes': security_helper.process_scan(),
        'firewall_enabled': security_helper.is_firewall_enabled(),
        'firewall_rules': security_helper.get_firewall_rules(),
        'app_armor_enabled': security_helper.is_app_armor_enabled()
    }

    rpi_metadata = rpi_helper.detect_raspberry_pi()
    if rpi_metadata['is_raspberry_pi']:
        payload['device_manufacturer'] = 'Raspberry Pi'
        payload['device_model'] = rpi_metadata['hardware_model']

    if debug:
        print("[GATHER] Ping: {}".format(payload))

    ping = requests.post('{}/v0.2/ping'.format(MTLS_ENDPOINT),
                         cert=(CLIENT_CERT_PATH, CLIENT_KEY_PATH),
                         json=payload,
                         headers={
                             'SSL-CLIENT-SUBJECT-DN': 'CN=' + get_device_id(),
                             'SSL-CLIENT-VERIFY': 'SUCCESS'
                         } if dev else {})

    if debug:
        print("[RECEIVED] Ping: {}".format(ping.status_code))
        print("[RECEIVED] Ping: {}".format(ping.content))

    if not ping.ok:
        print('Ping failed.')
        return

    pong = ping.json()
    security_helper.block_ports(pong.get('block_ports', []))
    security_helper.block_networks(pong.get('block_networks', []))
コード例 #5
0
def send_ping():
    can_read_cert()

    payload = {
        'device_operating_system_version': platform.release(),
        'fqdn': socket.getfqdn(),
        'ipv4_address': get_primary_ip(),
    }

    rpi_metadata = rpi_helper.detect_raspberry_pi()
    if rpi_metadata['is_raspberry_pi']:
        payload['device_manufacturer'] = 'Raspberry Pi'
        payload['device_model'] = rpi_metadata['hardware_model']

    ping = requests.post('{}/v0.2/ping'.format(MTLS_ENDPOINT),
                         cert=(CLIENT_CERT_PATH, CLIENT_KEY_PATH),
                         json=payload)

    if not ping.ok:
        print('Ping failed.')
コード例 #6
0
ファイル: __init__.py プロジェクト: ealmonte32/agent
def send_ping(dev=False):
    can_read_cert()

    ping = mtls_request('get', 'ping', dev=dev, requester_name="Ping", log_on_ok=True)

    if ping is None or not ping.ok:
        logger.error('Ping failed.')
        return

    ping = ping.json()
    payload = {
        'device_operating_system_version': platform.release(),
        'fqdn': socket.getfqdn(),
        'ipv4_address': get_primary_ip(),
        'uptime': get_uptime(),
        'agent_version': str(__version__),
        'confinement': CONFINEMENT.name,
        'installation': detect_installation().name,
        'os_release': rpi_helper.get_os_release()
    }

    if CONFINEMENT != Confinement.SNAP:
        packages = get_deb_packages()
        if ping.get('deb_packages_hash') != packages['hash']:
            payload['deb_packages'] = packages

    if CONFINEMENT in (Confinement.NONE, Confinement.SNAP):
        connections, ports = security_helper.netstat_scan()
        blocklist = ping
        iptables_helper.block(blocklist)

        payload.update({
            'processes': security_helper.process_scan(),
            'logins': journal_helper.logins_last_hour(),
            'firewall_rules': iptables_helper.dump(),
            'scan_info': ports,
            'netstat': connections,
            'selinux_status': security_helper.selinux_status(),
            'app_armor_enabled': security_helper.is_app_armor_enabled()
        })

    if CONFINEMENT == Confinement.NONE:
        payload.update({
            'default_password_users': security_helper.check_for_default_passwords(CONFIG_PATH),
            'audit_files': security_helper.audit_config_files(),
            'auto_upgrades': rpi_helper.auto_upgrades_enabled(),
            'mysql_root_access': security_helper.mysql_root_access(),
            'kernel_package': rpi_helper.kernel_deb_package(),
            'cpu': security_helper.cpu_vulnerabilities()
        })

    rpi_metadata = rpi_helper.detect_raspberry_pi()
    if rpi_metadata['is_raspberry_pi']:
        payload.update({
            'device_manufacturer': 'Raspberry Pi',
            'device_model': rpi_metadata['hardware_model'],
        })

    logger.debug("[GATHER] POST Ping: {}".format(payload))

    ping = mtls_request('post', 'ping', json=payload, dev=dev, requester_name="Ping", log_on_ok=True)

    if ping is None or not ping.ok:
        logger.error('Ping failed.')
        return