def scan_all_modules(self, agent_id): scan_types = ["csm", "svm"] command_ids = [] unfinished_statuses = ['queued', 'pending'] server_module = cloudpassage.Server(self.halo_session) scan_module = cloudpassage.Scan(self.halo_session) raw_scan_results = [] # Initiate scans print "Initiating scans for agent %s" % agent_id for scan_type in scan_types: command_id = scan_module.initiate_scan(agent_id, scan_type)["id"] command_ids.append(command_id) print command_id # Wait until all are complete print "Waiting for all scan jobs to be run" while len(command_ids) > 0: time.sleep(30) for command_id in command_ids: print "Checking status of command %s" % command_id status = server_module.command_details(agent_id, command_id) if status not in unfinished_statuses: command_ids.remove(command_id) # Get results print "Getting scan results" for scan_type in scan_types: try: results = scan_module.last_scan_results(agent_id, scan_type) except CloudPassageValidation as e: message = "Error encountered: %s" % str(e) result = {"result": message} raw_scan_results.append(results) # Process and print scan results pretty = self.print_pretty_scans(raw_scan_results) return
def __init__(self, config): session = cloudpassage.HaloSession(config.halo_key, config.halo_secret, api_host=config.halo_url) self.server_obj = cloudpassage.Server(session) self.request_obj = cloudpassage.HttpHelper(session) self.sva_key = config.key
def build_server_object(self): session = cloudpassage.HaloSession(key_id, secret_key, api_host=api_hostname, api_port=api_port, integration_string="SDK-Smoke") return (cloudpassage.Server(session))
def main(): # Set up config and Halo objects. config = cloudpassage.ApiKeyManager() server_id = os.getenv("SERVER_ID") crit_threshold = int(os.getenv("CRITICAL_THRESHOLD")) non_crit_threshold = int(os.getenv("NON_CRITICAL_THRESHOLD")) halo_session = cloudpassage.HaloSession(config.key_id, config.secret_key, api_host=config.api_hostname) server_obj = cloudpassage.Server(halo_session) scan_obj = cloudpassage.Scan(halo_session) # Initiate a scan of the target server print("Initiating scan...") job_id = scan_obj.initiate_scan(server_id, 'sca')["id"] incomplete_statuses = ["queued", "pending", "running"] scan_status = "queued" while scan_status in incomplete_statuses: time.sleep(20) print("Waiting for scan %s on server %s to finish (status %s)" % (job_id, server_id, scan_status)) # NOQA scan_status = server_obj.command_details(server_id, job_id)["status"] scan_results = scan_obj.last_scan_results(server_id, 'sca')["scan"] over_threshold = False threshold_msg = "" crit_findings = scan_results["critical_findings_count"] non_crit_findings = scan_results["non_critical_findings_count"] # Test criticality against threshold if crit_findings > crit_threshold: threshold_msg += "Critical findings: %s Threshold: %s\n" % ( crit_findings, crit_threshold) # NOQA if crit_threshold != -1: over_threshold = True else: threshold_msg += "Critical threshold set to -1, not failing.\n" if non_crit_findings > non_crit_threshold: threshold_msg += "Non-critical findings: %s Threshold: %s\n" % ( non_crit_findings, non_crit_threshold) # NOQA if non_crit_threshold != -1: over_threshold = True else: threshold_msg += "Non-critical threshold set to -1, not failing.\n" # Build findings text failed_items = "" bad_findings = [ f for f in scan_results["findings"] if f["status"] == 'bad' ] # NOQA for finding in bad_findings: msg = "Critical: %s Rule: %s\n" % (str( finding["critical"]), finding["rule_name"]) failed_items += msg output_msg = "\n---\n".join([failed_items, threshold_msg]) print(output_msg) # Exit with 1 if we are over threshold. if over_threshold: print("Threshold exceeded, this job will be marked Failed") sys.exit(1) else: print("Nothing exceeds thresholds; this job will be marked Passed.")
def test_validate_bad_list(self): search_criteria_list = ["ephemeral", "cats", "!!!LOSER"] server_object = cloudpassage.Server(None) platform = server_object.validate_platform(search_criteria_list) kb = server_object.validate_kb_id(search_criteria_list) cve = server_object.validate_cve_id(search_criteria_list) assert platform is False assert kb is False assert cve is False
def __init__(self): self.key = os.getenv("HALO_API_KEY") self.secret = os.getenv("HALO_API_SECRET_KEY") self.session = cloudpassage.HaloSession(self.key, self.secret) # We go ahead and grab an auth token for all abstractions to use. self.session.authenticate_client() self.servers = cloudpassage.Server(self.session) self.scans = cloudpassage.Scan(self.session) return
def get_ip_report(self, target): """This wraps the report_server_by_id by accepting IP as target""" servers = cloudpassage.Server(self.session) report = "Unknown IP: \n" + target try: s_id = servers.list_all(connecting_ip_address=target)[0]["id"] report = self.tasks.report_server_formatted(s_id) except: pass return report
def get_svm_issues(session, server_issue_type): ## Top 4 CSP accounts by SVA/SVM issues on Server # Get all the servers issues for each server, get the SVM # count then update the output dict with the lastes numbers # # dict for the csp level issues output csp_level_issues = {} # Get server info from API serverList = cloudpassage.Server(session) list_of_servers = serverList.list_all() # process list of servers and look for issues_sorted for s in list_of_servers: #pp.pprint(s) issues = serverList.issues(s["id"]) if server_issue_type in issues: critical_count = 0 non_critical_count = 0 if debug > 2: print( "CSP Account ID: {} ID: {} Critical Count: {} Non critical count: {}" .format(s["csp_account_id"], issues["id"], issues["svm"]["critical_findings_count"], issues["svm"]["non_critical_findings_count"])) if s["csp_account_id"] in csp_level_issues: critical_count = csp_level_issues[ s["csp_account_id"]]["critical_findings_count"] non_critical_count = csp_level_issues[ s["csp_account_id"]]["non_critical_findings_count"] dict_update = { "critical_findings_count": issues["svm"]["critical_findings_count"] + critical_count, "non_critical_findings_count": issues["svm"]["non_critical_findings_count"] + non_critical_count } csp_level_issues[s["csp_account_id"]] = dict_update #Add the critical and non critical. I am keeping them seperate for now, I would like them to be shown that way but that was not the request. csp_level_issues_temp = {} for i in csp_level_issues: csp_level_issues_temp[i] = csp_level_issues[i][ "critical_findings_count"] + csp_level_issues[i][ "non_critical_findings_count"] csp_level_issues_sorted = sorted(csp_level_issues_temp.items(), key=lambda kv: (kv[1], kv[0]), reverse=True) # Make sure our output is not less than the limit or we will have index errors. limit = MAX_REPORT if len(csp_level_issues_sorted) < 10: limit = len(csp_level_issues_sorted) for i in range(0, limit): print(csp_level_issues_sorted[i][0], " |", csp_level_issues_sorted[i][1])
def get_halo_servers_id(session): NO_SERVERS = 0 target_halo_server_group = "" cp_server_ob = cloudpassage.Server(session) cp_server_group_ob = cloudpassage.ServerGroup(session) if target_halo_server_group == "": halo_server_list = cp_server_ob.list_all(state="active") else: server_group_id = \ get_server_group_id_by_name(cp_server_group_ob, target_halo_server_group) halo_server_list = cp_server_group_ob.list_members(server_group_id) if len(halo_server_list) == NO_SERVERS: print "No server to use... exiting...\n" sys.exit(1) halo_server_id_list = [] for server in halo_server_list: if 'aws_ec2' in server: ec2_data = server['aws_ec2'] halo_server_id_list.append({ 'halo_server_id': server['id'], 'aws_instance_id': ec2_data['ec2_instance_id'], 'aws_account_id': ec2_data['ec2_account_id'] }) elif server['server_label'] and "_" in server['server_label']\ and server['server_label'] is not None: server_label = server['server_label'] server_label_parts = server_label.split("_") server_label_account = server_label_parts[0] server_label_instance = server_label_parts[1] halo_server_id_list.append({ 'halo_server_id': server['id'], 'aws_instance_id': server_label_instance, 'aws_account_id': server_label_account }) else: halo_server_id_list.append({ 'halo_server_id': server['id'], 'aws_instance_id': "N/A", 'aws_account_id': "N/A" }) halo_instance_id_list = halo_server_id_list print "Halo Server ID and AWS Account ID Lookup Complete "\ + time.strftime("%Y%m%d-%H%M%S") return halo_instance_id_list
def __init__(self, config): """Pass in a quarantine.ConfigHelper object on instantiation.""" self.ua = config.ua_string self.session = cloudpassage.HaloSession(config.halo_key, config.halo_secret, integration_string=self.ua) self.server_obj = cloudpassage.Server(self.session) self.event_obj = cloudpassage.Event(self.session) self.group_obj = cloudpassage.ServerGroup(self.session) self.target_group_id = self.get_groupid(config.quarantine_grp_name) return
def test_describe_asset_server(self): """Requires one server in the account.""" asset_type = 'server' halo_obj = self.get_halo_object() halo_server_object = cloudpassage.Server(halo_obj.session) state = "active,missing,deactivated" query_result = halo_server_object.list_all(state=state) one_server_url = query_result[0]['url'] result = halo_obj.describe(one_server_url) assert result != {} assert "id" in result
def get_active_linux_host(self): """This test requires an active Linux host in order to run successfilly. """ session = cloudpassage.HaloSession(key_id, secret_key, api_host=api_hostname, api_port=api_port) server = cloudpassage.Server(session) list_of_active_linux_servers = server.list_all(state="active", platform="linux") return list_of_active_linux_servers[0]["id"]
def main(): global FAIL_EXIT_CODE FAIL_EXIT_CODE = int(os.getenv("FAIL_EXIT_CODE", 2)) start_time = datetime.datetime.now() copy_tree("static", "reports/html/static") Path("reports/html/cve").mkdir(parents=True, exist_ok=True) key = os.getenv("HALO_API_KEY") secret = os.getenv("HALO_API_SECRET_KEY") module_str = os.getenv("SCAN_MODULE") modules = module_str.split(",") instance_id = os.getenv("INSTANCE_ID") timeout = os.getenv("TIMEOUT") max_cvss_threshold = float(os.getenv("MAX_CVSS", 7)) modules = [module.lower() for module in modules] modules = list(set(modules)) session = cloudpassage.HaloSession(key, secret) validate_input(session, modules, instance_id, max_cvss_threshold) server = cloudpassage.Server(session) scan = cloudpassage.Scan(session) group = cloudpassage.ServerGroup(session) scanned_server = get_server(server, instance_id, start_time, timeout) server_id = scanned_server["id"] print(f"Server ID: {server_id}") modules = validate_csm(modules, scanned_server, group) scans = {} for module in modules: while True: try: scan_output = scan.last_scan_results(server_id, module) except cloudpassage.CloudPassageResourceExistence: check_timeout(start_time, timeout) print("Waiting on {} scan to complete...".format(module)) time.sleep(30) if scan_output and "scan" in scan_output: scans[module] = scan_output["scan"] break check_timeout(start_time, timeout) print("Waiting on {} scan to complete...".format(module)) time.sleep(30) build_success = process_scan(scans, scanned_server, session) if not build_success: print("Security scan results did not meet pass criteria") sys.exit(FAIL_EXIT_CODE)
def test_sam_historical_is_unsupported(self): rejected = False session = cloudpassage.HaloSession(key_id, secret_key, api_host=api_hostname, api_port=api_port) scanner = cloudpassage.Scan(session) server = cloudpassage.Server(session) scan_type = "sam" server_id = server.list_all()[0]["id"] try: scanner.last_scan_results(server_id, scan_type) except cloudpassage.CloudPassageValidation: rejected = True assert rejected
def __new__(cls): session = cloudpassage.HaloSession(CONFIG['key_id'], CONFIG['secret_key'], api_port=CONFIG["api_port"], api_host=CONFIG["api_hostname"]) return cloudpassage.Server(session)
def test_instantiation(self): session = cloudpassage.HaloSession(key_id, secret_key, api_host=api_hostname, api_port=api_port) assert cloudpassage.Server(session)
def test_instantiation(self): assert cloudpassage.Server(None)
def main(): # Suspect package names suspect_packages = "kubectl,kubeadm,kubelet" # Suspect processes URL procs_url = "/v2/servers?process_name=kubelet,kubeadm,kubectl,kube-proxy" # Minimum versions safe from API auth bug kube_min_ver = { "1.10": "1.10.11", "1.11": "1.11.5", "1.12": "1.12.3", "1.13": "1.13.0-rc.1" } # Get Halo auth info key = os.getenv("HALO_API_KEY") secret = os.getenv("HALO_API_SECRET_KEY") # Set up CloudPassage API abstractions session = cloudpassage.HaloSession(key, secret) servers = cloudpassage.Server(session) scans = cloudpassage.Scan(session) helper = cloudpassage.HttpHelper(session) # Get servers with suspect packages installed servers_installed_kube = [ x for x in servers.list_all(package_name=suspect_packages) ] # Get servers with suspect processes servers_running_kube = [ x for x in helper.get_paginated(procs_url, "servers", 99) ] # Print preliminary metrics print("Installation match: %s" % len(servers_installed_kube)) print("Running process match: %s" % len(servers_running_kube)) # Get a list of all servers with K8s-related procs or packages kube_servers = merge_server_lists(servers_installed_kube, servers_running_kube) # Create a dictionary of packages, processes, and metadata for each server. inventory = { x["id"]: { "packages": get_package_listing_from_scan( scans.last_scan_results(x["id"], "svm")), # NOQA "processes": servers.list_processes(x["id"]), "server_metadata": x } for x in kube_servers } # Print a report to stdout print("{}{}{}{}{}{}{}".format( "Halo ID".ljust(40), "CSP account".ljust(40), "CSP Instance".ljust(40), "kubectl version".ljust(20), "kubeadm version".ljust(20), "kubelet version".ljust(20), "kubectl vulnerable".ljust(25), "kubeadm vulnerable".ljust(25), "kubelet vulnerable".ljust(25), "k8s processes(below)")) for x in inventory.items(): server_id = x[0] server_csp_id = x[1]["server_metadata"][ "csp_account_id"] if "csp_account_id" in x[1][ "server_metadata"] else "" # NOQA server_instance_id = x[1]["server_metadata"][ "csp_instance_id"] if "csp_instance_id" in x[1][ "server_metadata"] else "" # NOQA kubectl_version = get_package_version(x[1]["packages"], "kubectl") kubeadm_version = get_package_version(x[1]["packages"], "kubeadm") kubelet_version = get_package_version(x[1]["packages"], "kubelet") kube_procs = get_kube_procs(x[1]["processes"]) kubectl_vulnerable = is_kube_vulnerable(kube_min_ver, kubectl_version) kubeadm_vulnerable = is_kube_vulnerable(kube_min_ver, kubeadm_version) kubelet_vulnerable = is_kube_vulnerable(kube_min_ver, kubelet_version) print("{}{}{}{}{}{}{}{}{}\n{}\n\n".format(server_id.ljust(40), server_csp_id.ljust(40), server_instance_id.ljust(40), kubectl_version.ljust(16), kubeadm_version.ljust(16), kubelet_version.ljust(16), kubectl_vulnerable.ljust(20), kubeadm_vulnerable.ljust(20), kubelet_vulnerable.ljust(20), kube_procs)) dump_to_csv(inventory, kube_min_ver) dump_to_json(inventory)
def get_servers(halo_session): servers_object = cloudpassage.Server(halo_session) all_servers = servers_object.list_all() return all_servers
def __init__(self): super(ServerController, self).__init__() self.api = cloudpassage.HttpHelper(self.session) self.srv_obj = cloudpassage.Server(self.session)
def get_servers(self): """Return a current list of servers in Halo.""" server_obj = cloudpassage.Server(self.session) return server_obj.list_all()
def __init__(self, *kwargs): # Groups and prod lists to be replace by yaml template self.cwd = path.realpath(path.join(getcwd(), path.dirname(__file__))) self.api_key = environ['CLOUDP_KEY'] self.api_secret = environ['CLOUDP_SECRET'] self.session = cloudpassage.HaloSession(self.api_key, self.api_secret) self.server = cloudpassage.Server(self.session) self.policies = cloudpassage.FirewallPolicy(self.session) self.policy_init = cloudpassage.policy.Policy(self.session) self.poldetails = cloudpassage.FirewallRule(self.session) self.firewall_services = cloudpassage.FirewallService(self.session) self.http_helper = cloudpassage.HttpHelper(self.session) self.args = args self.firewall_ports = {} self.filtered_ports = {} self.rules = [] self.myrules = {} self.users = {} self.user_id = {} self.filtered_rules = {} self.rule_ids = [] self.filtered_rule_ids = {} self.log_positions = {} self.pol_positions = {} self.list_of_servers = self.server.list_all() self.list_of_policies = self.policies.list_all() self.list_of_services = self.firewall_services.list_all() self.policy_names = [] self.filtered_groups = [] self.policy_ids = [] self.filtered_policy_ids = [] self.unfiltered_policy_ids = [] self.filtered_policies = {} self.activerules = {} self.myactiverules = {} self.activecomments = {} self.activeurls = {} self.activepolicies = {} self.user = {} self.json = {} self.group = kwargs[0] self.chain = kwargs[1] self.active = kwargs[2] self.source = kwargs[3] self.destination = kwargs[4] self.states = kwargs[5] self.action = kwargs[6] self.username = kwargs[11] self.all = kwargs[12] # Split without spaces being added self.service = kwargs[7] self.filtered_service = {} self.unfiltered_service = {} self.log = kwargs[8] self.log_prefix = kwargs[9] self.comment = kwargs[10] self.wildcard = kwargs[13] self.setactive = kwargs[14] self.setinactive = kwargs[15] self.dryrun = kwargs[16] self.subtractfromlastrule = kwargs[17] self.deleteinactive = kwargs[18] self.fullbackup = kwargs[19] self.fullrestore = kwargs[20] self.filename = kwargs[21]
def get_all_servers(self): """Get all servers from Halo API.""" server_obj = cloudpassage.Server(self.session) result = server_obj.list_all() return result