def build_server_group_object(self): session = cloudpassage.HaloSession(key_id, secret_key, api_host=api_hostname, api_port=api_port, integration_string="SDK-Smoke") server_group_object = cloudpassage.ServerGroup(session) return(server_group_object)
def server_group_list(self, session): s_group_list = [] sg_session = cloudpassage.ServerGroup(session) server_group_list = sg_session.list_all() for server_group in server_group_list: s_group_list.append(server_group["id"]) return s_group_list
def get_all_server_groups(self): """Get a list of groups from the Halo API.""" try: server_groups = cloudpassage.ServerGroup(self.session) all_groups = server_groups.list_all() except cloudpassage.CloudPassageAuthentication: print("Quarantine: Authentication failure with CloudPassage API!") all_groups = [] return all_groups
def get_servers_from_group(self, s_group_list): session = self.session s_list = [] for s_group in s_group_list: sg_session = cloudpassage.ServerGroup(session) servers_list = sg_session.list_members(s_group) for server in servers_list: s_list.append(server) return s_list
def firewall_report_for_group_id(session, group_id): fw_obj = cloudpassage.FirewallPolicy(session) group_obj = cloudpassage.ServerGroup(session) group_struct = group_obj.describe(group_id) fw_polid = group_struct["linux_firewall_policy_id"] if fw_polid is None: retval = "No firewall policy for: %s\n" % group_id else: grapher = FirewallGraph(fw_obj.describe(fw_polid)) retval = FirewallGraph.dot_to_png(grapher.make_dotfile()) return retval
def get_halo_servers_id(session): NO_SERVERS = 0 target_halo_server_group = "" cp_server_ob = cloudpassage.Server(session) cp_server_group_ob = cloudpassage.ServerGroup(session) if target_halo_server_group == "": halo_server_list = cp_server_ob.list_all(state="active") else: server_group_id = \ get_server_group_id_by_name(cp_server_group_ob, target_halo_server_group) halo_server_list = cp_server_group_ob.list_members(server_group_id) if len(halo_server_list) == NO_SERVERS: print "No server to use... exiting...\n" sys.exit(1) halo_server_id_list = [] for server in halo_server_list: if 'aws_ec2' in server: ec2_data = server['aws_ec2'] halo_server_id_list.append({ 'halo_server_id': server['id'], 'aws_instance_id': ec2_data['ec2_instance_id'], 'aws_account_id': ec2_data['ec2_account_id'] }) elif server['server_label'] and "_" in server['server_label']\ and server['server_label'] is not None: server_label = server['server_label'] server_label_parts = server_label.split("_") server_label_account = server_label_parts[0] server_label_instance = server_label_parts[1] halo_server_id_list.append({ 'halo_server_id': server['id'], 'aws_instance_id': server_label_instance, 'aws_account_id': server_label_account }) else: halo_server_id_list.append({ 'halo_server_id': server['id'], 'aws_instance_id': "N/A", 'aws_account_id': "N/A" }) halo_instance_id_list = halo_server_id_list print "Halo Server ID and AWS Account ID Lookup Complete "\ + time.strftime("%Y%m%d-%H%M%S") return halo_instance_id_list
def test_bad_scan_type(self): session = cloudpassage.HaloSession(key_id, secret_key, api_host=api_hostname, api_port=api_port) scanner = cloudpassage.Scan(session) s_group = cloudpassage.ServerGroup(session) scan_type = "barfola" server_id = s_group.list_all()[0]["id"] with pytest.raises(cloudpassage.CloudPassageValidation) as e: scanner.initiate_scan(server_id, scan_type) assert 'Unsupported scan type: barfola' in str(e)
def __init__(self, config): """Pass in a quarantine.ConfigHelper object on instantiation.""" self.ua = config.ua_string self.session = cloudpassage.HaloSession(config.halo_key, config.halo_secret, integration_string=self.ua) self.server_obj = cloudpassage.Server(self.session) self.event_obj = cloudpassage.Event(self.session) self.group_obj = cloudpassage.ServerGroup(self.session) self.target_group_id = self.get_groupid(config.quarantine_grp_name) return
def main(): global FAIL_EXIT_CODE FAIL_EXIT_CODE = int(os.getenv("FAIL_EXIT_CODE", 2)) start_time = datetime.datetime.now() copy_tree("static", "reports/html/static") Path("reports/html/cve").mkdir(parents=True, exist_ok=True) key = os.getenv("HALO_API_KEY") secret = os.getenv("HALO_API_SECRET_KEY") module_str = os.getenv("SCAN_MODULE") modules = module_str.split(",") instance_id = os.getenv("INSTANCE_ID") timeout = os.getenv("TIMEOUT") max_cvss_threshold = float(os.getenv("MAX_CVSS", 7)) modules = [module.lower() for module in modules] modules = list(set(modules)) session = cloudpassage.HaloSession(key, secret) validate_input(session, modules, instance_id, max_cvss_threshold) server = cloudpassage.Server(session) scan = cloudpassage.Scan(session) group = cloudpassage.ServerGroup(session) scanned_server = get_server(server, instance_id, start_time, timeout) server_id = scanned_server["id"] print(f"Server ID: {server_id}") modules = validate_csm(modules, scanned_server, group) scans = {} for module in modules: while True: try: scan_output = scan.last_scan_results(server_id, module) except cloudpassage.CloudPassageResourceExistence: check_timeout(start_time, timeout) print("Waiting on {} scan to complete...".format(module)) time.sleep(30) if scan_output and "scan" in scan_output: scans[module] = scan_output["scan"] break check_timeout(start_time, timeout) print("Waiting on {} scan to complete...".format(module)) time.sleep(30) build_success = process_scan(scans, scanned_server, session) if not build_success: print("Security scan results did not meet pass criteria") sys.exit(FAIL_EXIT_CODE)
def get_root_name(session): ### Get root group Name for report using the SDK # assume that if the parent is none it is the root group groups = cloudpassage.ServerGroup(session) list_of_groups = groups.list_all() rootGroupName = "" for s in list_of_groups: if debug > 2: print("ID: {} Name: {} Parent: {}".format(s["id"], s["name"], s["parent_id"])) if (s["parent_id"] == None): rootGroupName = s["name"] return rootGroupName
def get_id_for_group_target(session, target): """Attempts to get group_id using arg:target as group_name, then id""" group = cloudpassage.ServerGroup(session) orig_result = group.list_all() result = [] for x in orig_result: if x["name"] == target: result.append(x) if len(result) > 0: return result[0]["id"] else: try: result = group.describe(target)["id"] except cloudpassage.CloudPassageResourceExistence: result = None except KeyError: result = None return result
def test_instantiation(self): session = cloudpassage.HaloSession(key_id, secret_key, api_host=api_hostname, api_port=api_port) assert cloudpassage.ServerGroup(session)
def lambda_handler(event, context): print('[halo_metrics_to_sumologic.lambda_handler][INFO] Starting...') max_retry = 3 sumo_url = os.environ['sumologic_https_url'] halo_api_key_id = os.environ['halo_api_key_id'] halo_api_secret = os.environ['halo_api_secret_key'] print('Sumo_URL - %s' % sumo_url) session = cloudpassage.HaloSession(halo_api_key_id, halo_api_secret) httphelper = cloudpassage.HttpHelper(session) server_groups = cloudpassage.ServerGroup(session) root_server_group_id = list( {x["id"] for x in server_groups.list_all() if x["parent_id"] is None})[0] current_time = datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ') print('[halo_metrics_to_sumologic.lambda_handler][INFO] Current time: %s' % current_time) # Server count by state url = "/v2/servers" params = { "group_id": root_server_group_id, "state": "active,missing,deactivated,retired", "descendants": "true", "group_by": "state" } servers_by_state_summary = httphelper.get(url, params=params) log = {'servers_by_state_summary': servers_by_state_summary} data = {'source': 'script', 'log': log, 'created_time': current_time} sumologic_https_forwarder(url=sumo_url, data=json.dumps(data, ensure_ascii=False), max_retry=max_retry) current_time = datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ') # Issues by criticality url = "/v2/issues" params = { "group_id": root_server_group_id, "descendants": "true", "state": "active,deactivated,missing", "status": "active", "group_by": "issue_type,critical" } issues_by_crit = httphelper.get(url, params=params) log = {'current_issues_by_criticality_summary': issues_by_crit} data = {'source': 'script', 'log': log, 'created_time': current_time} sumologic_https_forwarder(url=sumo_url, data=json.dumps(data, ensure_ascii=False), max_retry=max_retry) # OS types url = "/v2/servers" params = { "group_id": root_server_group_id, "descendants": "true", "state": "active", "group_by": "os_distribution,os_version" } os_types_summary = httphelper.get(url, params=params) log = {'os_types_summary': os_types_summary} data = {'source': 'script', 'log': log, 'created_time': current_time} sumologic_https_forwarder(url=sumo_url, data=json.dumps(data, ensure_ascii=False), max_retry=max_retry) current_time = datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ') # SW packages url = "/v2/servers" params = { "group_id": root_server_group_id, "descendants": "true", "state": "active,missing,deactivated", "group_by": "os_type,package_name,package_version" } sw_packages_summary = httphelper.get(url, params=params) log = {'sw_packages_summary': sw_packages_summary} data = {'source': 'script', 'log': log, 'created_time': current_time} sumologic_https_forwarder(url=sumo_url, data=json.dumps(data, ensure_ascii=False), max_retry=max_retry) current_time = datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ') # Running processes url = "/v2/servers" params = { "group_id": root_server_group_id, "descendants": "true", "state": "active,missing,deactivated", "group_by": "os_type,process_name" } processes_summary = httphelper.get(url, params=params) log = {'processes_summary': processes_summary} data = {'source': 'script', 'log': log, 'created_time': current_time} sumologic_https_forwarder(url=sumo_url, data=json.dumps(data, ensure_ascii=False), max_retry=max_retry) current_time = datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ') # Local server accounts url = "/v1/local_accounts" params = { "group_id": root_server_group_id, "descendants": "true", "state": "active,missing,deactivated", "group_by": "os_type,username", "per_page": "100" } local_accounts_summary = httphelper.get(url, params=params) # TODO: Test it with more than 100 user accounts. log = {'local_accounts_summary': local_accounts_summary} data = {'source': 'script', 'log': log, 'created_time': current_time} sumologic_https_forwarder(url=sumo_url, data=json.dumps(data, ensure_ascii=False), max_retry=max_retry) current_time = datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ') # List SW Vulnerabilities url = "/v2/issues" params = { "group_id": root_server_group_id, "issue_type": "sva", "descendants": "true", "status": "active", "state": "active,missing,deactivated", "group_by": "critical,issue_type,rule_key,name,policy_id", "sort_by": "critical.desc,count.desc", "per_page": "100", "page": "1" } sw_vulnerability_summary = httphelper.get(url, params=params) # TODO: Test it with more than 100 SW vulnerability print('SW Vulnerability Summary: %s' % json.dumps(sw_vulnerability_summary, indent=2)) log = {'sw_vulnerability_summary': sw_vulnerability_summary} data = {'source': 'script', 'log': log, 'created_time': current_time} sumologic_https_forwarder(url=sumo_url, data=json.dumps(data, ensure_ascii=False), max_retry=max_retry) print("[halo_metrics_to_sumologic.lambda_handler][INFO] End.") return current_time
def build_server_group_object(self): """create halo server group object""" srv_grp_obj = cloudpassage.ServerGroup(self.create_halo_session_object()) return(srv_grp_obj)