def GetSummary(self): """Gets a client summary object. Returns: rdf_client.ClientSummary """ self.max_age = 0 summary = rdf_client.ClientSummary(client_id=self.urn) summary.system_info.node = self.Get(self.Schema.HOSTNAME) summary.system_info.system = self.Get(self.Schema.SYSTEM) summary.system_info.release = self.Get(self.Schema.OS_RELEASE) summary.system_info.version = str(self.Get(self.Schema.OS_VERSION, "")) summary.system_info.kernel = self.Get(self.Schema.KERNEL) summary.system_info.fqdn = self.Get(self.Schema.FQDN) summary.system_info.machine = self.Get(self.Schema.ARCH) summary.system_info.install_date = self.Get(self.Schema.INSTALL_DATE) kb = self.Get(self.Schema.KNOWLEDGE_BASE) if kb: summary.users = kb.users summary.interfaces = self.Get(self.Schema.INTERFACES) summary.client_info = self.Get(self.Schema.CLIENT_INFO) summary.serial_number = self.Get( self.Schema.HARDWARE_INFO).serial_number summary.timestamp = self.age summary.system_manufacturer = self.Get( self.Schema.HARDWARE_INFO).system_manufacturer return summary
def Run(self): # Fix the time to avoid regressions. with test_lib.FakeTime(42): self.SetupClients(1) start_handler = flow_plugin.ApiStartRobotGetFilesOperationHandler() start_args = flow_plugin.ApiStartRobotGetFilesOperationArgs( hostname="Host", paths=["/test"]) start_result = start_handler.Handle(start_args, token=self.token) # Exploit the fact that 'get files' operation id is effectively a flow # URN. flow_urn = rdfvalue.RDFURN(start_result.operation_id) # Put something in the output collection flow_obj = aff4.FACTORY.Open(flow_urn, aff4_type=flow.GRRFlow, token=self.token) with aff4.FACTORY.Create( flow_obj.GetRunner().output_urn, aff4_type=sequential_collection.GeneralIndexedCollection, token=self.token) as collection: collection.Add(rdf_client.ClientSummary()) self.Check("GET", "/api/robot-actions/get-files/%s" % start_result.operation_id, replace={flow_urn.Basename(): "F:ABCDEF12"})
def Run(self): # Fix the time to avoid regressions. with test_lib.FakeTime(42): client_urn = self.SetupClients(1)[0] # Delete the certificates as it's being regenerated every time the # client is created. with aff4.FACTORY.Open(client_urn, mode="rw", token=self.token) as client_obj: client_obj.DeleteAttribute(client_obj.Schema.CERT) flow_id = flow.GRRFlow.StartFlow( flow_name=discovery.Interrogate.__name__, client_id=client_urn, token=self.token) # Put something in the output collection flow_obj = aff4.FACTORY.Open(flow_id, aff4_type=flow.GRRFlow.__name__, token=self.token) flow_state = flow_obj.Get(flow_obj.Schema.FLOW_STATE) with aff4.FACTORY.Create( flow_state.context.output_urn, aff4_type=aff4_collections.RDFValueCollection.__name__, token=self.token) as collection: collection.Add(rdf_client.ClientSummary()) self.Check("GET", "/api/flows/%s/%s/status" % (client_urn.Basename(), flow_id.Basename()), replace={flow_id.Basename(): "F:ABCDEF12"})
def GetSummary(self): """Gets a client summary object. Returns: rdf_client.ClientSummary """ self.max_age = 0 summary = rdf_client.ClientSummary(client_id=self.urn) summary.system_info.node = self.Get(self.Schema.HOSTNAME) summary.system_info.system = self.Get(self.Schema.SYSTEM) summary.system_info.release = self.Get(self.Schema.OS_RELEASE) summary.system_info.version = str(self.Get(self.Schema.OS_VERSION, "")) summary.system_info.kernel = self.Get(self.Schema.KERNEL) summary.system_info.fqdn = self.Get(self.Schema.FQDN) summary.system_info.machine = self.Get(self.Schema.ARCH) summary.system_info.install_date = self.Get(self.Schema.INSTALL_DATE) # This should be summary.users = self.Get(self.Schema.USER) but older # clients may return serialized users here. users = self.Get(self.Schema.USER) if users: summary.users = [rdf_client.User(u) for u in users] summary.interfaces = self.Get(self.Schema.LAST_INTERFACES) summary.client_info = self.Get(self.Schema.CLIENT_INFO) summary.serial_number = self.Get( self.Schema.HARDWARE_INFO).serial_number summary.timestamp = self.age summary.system_manufacturer = self.Get( self.Schema.HARDWARE_INFO).system_manufacturer return summary
def GetSummary(self): """Gets a client summary object. Returns: rdf_client.ClientSummary Raises: ValueError: on bad cloud type """ summary = rdf_client.ClientSummary() summary.client_id = self.client_id summary.timestamp = self.timestamp summary.system_info.release = self.os_release summary.system_info.version = str(self.os_version or "") summary.system_info.kernel = self.kernel summary.system_info.machine = self.arch summary.system_info.install_date = self.install_time kb = self.knowledge_base if kb: summary.system_info.fqdn = kb.fqdn summary.system_info.system = kb.os summary.users = kb.users summary.interfaces = self.interfaces summary.client_info = self.startup_info.client_info if kb.os_release: summary.system_info.release = kb.os_release if kb.os_major_version: summary.system_info.version = "%d.%d" % ( kb.os_major_version, kb.os_minor_version) hwi = self.hardware_info if hwi: summary.serial_number = hwi.serial_number summary.system_manufacturer = hwi.system_manufacturer summary.system_uuid = hwi.system_uuid cloud_instance = self.cloud_instance if cloud_instance: summary.cloud_type = cloud_instance.cloud_type if cloud_instance.cloud_type == "GOOGLE": summary.cloud_instance_id = cloud_instance.google.unique_id elif cloud_instance.cloud_type == "AMAZON": summary.cloud_instance_id = cloud_instance.amazon.instance_id else: raise ValueError("Bad cloud type: %s" % cloud_instance.cloud_type) return summary
def GetSummary(self): """Gets a client summary object. Returns: rdf_client.ClientSummary Raises: ValueError: on bad cloud type """ self.max_age = 0 summary = rdf_client.ClientSummary(client_id=self.urn) summary.system_info.node = self.Get(self.Schema.HOSTNAME) summary.system_info.system = self.Get(self.Schema.SYSTEM) summary.system_info.release = self.Get(self.Schema.OS_RELEASE) summary.system_info.version = str(self.Get(self.Schema.OS_VERSION, "")) summary.system_info.kernel = self.Get(self.Schema.KERNEL) summary.system_info.fqdn = self.Get(self.Schema.FQDN) summary.system_info.machine = self.Get(self.Schema.ARCH) summary.system_info.install_date = self.Get(self.Schema.INSTALL_DATE) kb = self.Get(self.Schema.KNOWLEDGE_BASE) if kb: summary.users = kb.users summary.interfaces = self.Get(self.Schema.INTERFACES) summary.client_info = self.Get(self.Schema.CLIENT_INFO) hwi = self.Get(self.Schema.HARDWARE_INFO) if hwi: summary.serial_number = hwi.serial_number summary.system_manufacturer = hwi.system_manufacturer summary.timestamp = self.age cloud_instance = self.Get(self.Schema.CLOUD_INSTANCE) if cloud_instance: summary.cloud_type = cloud_instance.cloud_type if cloud_instance.cloud_type == "GOOGLE": summary.cloud_instance_id = cloud_instance.google.unique_id elif cloud_instance.cloud_type == "AMAZON": summary.cloud_instance_id = cloud_instance.amazon.instance_id else: raise ValueError("Bad cloud type: %s" % cloud_instance.cloud_type) return summary
def Run(self): # Fix the time to avoid regressions. with test_lib.FakeTime(42): self.SetupClients(1) start_handler = flow_plugin.ApiStartRobotGetFilesOperationHandler() start_args = flow_plugin.ApiStartRobotGetFilesOperationArgs( hostname="Host", paths=["/test"]) start_result = start_handler.Handle(start_args, token=self.token) # Exploit the fact that 'get files' operation id is effectively a flow # URN. flow_urn = rdfvalue.RDFURN(start_result.operation_id) # Put something in the output collection collection = flow.GRRFlow.ResultCollectionForFID(flow_urn, token=self.token) collection.Add(rdf_client.ClientSummary()) self.Check("GetRobotGetFilesOperationState", args=flow_plugin.ApiGetRobotGetFilesOperationStateArgs( operation_id=start_result.operation_id), replace={flow_urn.Basename(): "F:ABCDEF12"})
def testRdfFormatter(self): """Hints format RDF values with arbitrary values and attributes.""" # Create a complex RDF value rdf = rdf_client.ClientSummary() rdf.system_info.system = "Linux" rdf.system_info.node = "coreai.skynet.com" # Users (repeated) rdf.users = [rdf_client.User(username=u) for u in ("root", "jconnor")] # Interface (nested, repeated) addresses = [ rdf_client.NetworkAddress(human_readable=a) for a in ("1.1.1.1", "2.2.2.2", "3.3.3.3") ] eth0 = rdf_client.Interface(ifname="eth0", addresses=addresses[:2]) ppp0 = rdf_client.Interface(ifname="ppp0", addresses=addresses[2]) rdf.interfaces = [eth0, ppp0] template = ("{system_info.system} {users.username} {interfaces.ifname} " "{interfaces.addresses.human_readable}\n") hinter = hints.Hinter(template=template) expected = "Linux root,jconnor eth0,ppp0 1.1.1.1,2.2.2.2,3.3.3.3" result = hinter.Render(rdf) self.assertEqual(expected, result)