def Platform(self, responses): """Stores information about the platform.""" if responses.success: response = responses.First() # These need to be in separate attributes because they get searched on in # the GUI with self._OpenClient(mode="rw") as client: client.Set(client.Schema.HOSTNAME(response.node)) client.Set(client.Schema.SYSTEM(response.system)) client.Set(client.Schema.OS_RELEASE(response.release)) client.Set(client.Schema.OS_VERSION(response.version)) client.Set(client.Schema.KERNEL(response.kernel)) client.Set(client.Schema.FQDN(response.fqdn)) # response.machine is the machine value of platform.uname() # On Windows this is the value of: # HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session # Manager\Environment\PROCESSOR_ARCHITECTURE # "AMD64", "IA64" or "x86" client.Set(client.Schema.ARCH(response.machine)) client.Set( client.Schema.UNAME("%s-%s-%s" % (response.system, response.release, response.version))) # Update the client index client_index.CreateClientIndex(token=self.token).AddClient(client) if response.system == "Windows": with aff4.FACTORY.Create( self.client_id.Add("registry"), standard.VFSDirectory, token=self.token) as fd: fd.Set(fd.Schema.PATHSPEC, fd.Schema.PATHSPEC( path="/", pathtype=rdf_paths.PathSpec.PathType.REGISTRY)) # No support for OS X cloud machines as yet. if response.system in ["Linux", "Windows"]: self.CallClient( server_stubs.GetCloudVMMetadata, cloud.BuildCloudMetadataRequests(), next_state="CloudMetadata") known_system_type = True else: client = self._OpenClient() known_system_type = client.Get(client.Schema.SYSTEM) self.Log("Could not retrieve Platform info.") if known_system_type: # We will accept a partial KBInit rather than raise, so pass # require_complete=False. self.CallFlow( artifact.KnowledgeBaseInitializationFlow.__name__, require_complete=False, lightweight=self.args.lightweight, next_state="ProcessKnowledgeBase") else: self.Log("Unknown system type, skipping KnowledgeBaseInitializationFlow")
def Platform(self, responses): """Stores information about the platform.""" if responses.success: response = responses.First() # AFF4 client. # These need to be in separate attributes because they get searched on in # the GUI with self._OpenClient(mode="rw") as client: # For backwards compatibility. client.Set(client.Schema.HOSTNAME(response.fqdn)) client.Set(client.Schema.SYSTEM(response.system)) client.Set(client.Schema.OS_RELEASE(response.release)) client.Set(client.Schema.OS_VERSION(response.version)) client.Set(client.Schema.KERNEL(response.kernel)) client.Set(client.Schema.FQDN(response.fqdn)) # response.machine is the machine value of platform.uname() # On Windows this is the value of: # HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session # Manager\Environment\PROCESSOR_ARCHITECTURE # "AMD64", "IA64" or "x86" client.Set(client.Schema.ARCH(response.machine)) client.Set( client.Schema.UNAME("%s-%s-%s" % (response.system, response.release, response.version))) # Update the client index client_index.CreateClientIndex(token=self.token).AddClient(client) # objects.Client. client = self.state.client client.os_release = response.release client.os_version = response.version client.kernel = response.kernel client.arch = response.machine # Store these for later, there might be more accurate data # coming in from the artifact collector. self.state.fqdn = response.fqdn self.state.os = response.system if data_store.RelationalDBWriteEnabled(): try: # Update the client index client_index.ClientIndex().AddClient(self.client_id.Basename(), client) except db.UnknownClientError: pass if response.system == "Windows": with aff4.FACTORY.Create( self.client_id.Add("registry"), standard.VFSDirectory, token=self.token) as fd: fd.Set(fd.Schema.PATHSPEC, fd.Schema.PATHSPEC( path="/", pathtype=rdf_paths.PathSpec.PathType.REGISTRY)) # No support for OS X cloud machines as yet. if response.system in ["Linux", "Windows"]: self.CallClient( server_stubs.GetCloudVMMetadata, cloud.BuildCloudMetadataRequests(), next_state="CloudMetadata") known_system_type = True else: # We failed to get the Platform info, maybe there is a stored # system we can use to get at least some data. if data_store.RelationalDBReadEnabled(): client = data_store.REL_DB.ReadClient(self.client_id.Basename()) known_system_type = client and client.knowledge_base.os else: client = self._OpenClient() known_system_type = client.Get(client.Schema.SYSTEM) self.Log("Could not retrieve Platform info.") if known_system_type: # We will accept a partial KBInit rather than raise, so pass # require_complete=False. self.CallFlow( artifact.KnowledgeBaseInitializationFlow.__name__, require_complete=False, lightweight=self.args.lightweight, next_state="ProcessKnowledgeBase") else: self.Log("Unknown system type, skipping KnowledgeBaseInitializationFlow")