def Platform(self, responses):
"""Stores information about the platform."""
if responses.success:
response = responses.First()
client = self.state.client
client.os_release = response.release
client.os_version = response.version
client.kernel = response.kernel
client.arch = response.machine
client.knowledge_base.os = response.system
# Store these for later, there might be more accurate data
# coming in from the artifact collector.
self.state.fqdn = response.fqdn
self.state.os = response.system
existing_client = data_store.REL_DB.ReadClientSnapshot(
self.client_id)
if existing_client is None:
# This is the first time we interrogate this client. In that case, we
# need to store basic information about this client right away so
# follow up flows work properly.
data_store.REL_DB.WriteClientSnapshot(self.state.client)
try:
# Update the client index
client_index.ClientIndex().AddClient(client)
except db.UnknownClientError:
pass
# No support for OS X cloud machines as yet.
if response.system in ["Linux", "Windows"]:
self.CallClient(server_stubs.GetCloudVMMetadata,
rdf_cloud.BuildCloudMetadataRequests(),
next_state=compatibility.GetName(
self.CloudMetadata))
known_system_type = True
else:
# We failed to get the Platform info, maybe there is a stored
# system we can use to get at least some data.
client = data_store.REL_DB.ReadClientSnapshot(self.client_id)
known_system_type = client and client.knowledge_base.os
self.Log("Could not retrieve Platform info.")
if known_system_type:
# We will accept a partial KBInit rather than raise, so pass
# require_complete=False.
self.CallFlow(artifact.KnowledgeBaseInitializationFlow.__name__,
require_complete=False,
lightweight=self.args.lightweight,
next_state=compatibility.GetName(
self.ProcessKnowledgeBase))
else:
self.Log(
"Unknown system type, skipping KnowledgeBaseInitializationFlow"
)
def Platform(self, responses):
"""Stores information about the platform."""
if responses.success:
response = responses.First()
# AFF4 client.
# These need to be in separate attributes because they get searched on in
# the GUI
with self._OpenClient(mode="rw") as client:
# For backwards compatibility.
client.Set(client.Schema.HOSTNAME(response.fqdn))
client.Set(client.Schema.SYSTEM(response.system))
client.Set(client.Schema.OS_RELEASE(response.release))
client.Set(client.Schema.OS_VERSION(response.version))
client.Set(client.Schema.KERNEL(response.kernel))
client.Set(client.Schema.FQDN(response.fqdn))
# response.machine is the machine value of platform.uname()
# On Windows this is the value of:
# HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session
# Manager\Environment\PROCESSOR_ARCHITECTURE
# "AMD64", "IA64" or "x86"
client.Set(client.Schema.ARCH(response.machine))
client.Set(
client.Schema.UNAME(
"%s-%s-%s" %
(response.system, response.release, response.version)))
# Update the client index
client_index.CreateClientIndex(
token=self.token).AddClient(client)
# rdf_objects.ClientSnapshot.
client = self.state.client
client.os_release = response.release
client.os_version = response.version
client.kernel = response.kernel
client.arch = response.machine
# Store these for later, there might be more accurate data
# coming in from the artifact collector.
self.state.fqdn = response.fqdn
self.state.os = response.system
if data_store.RelationalDBWriteEnabled():
try:
# Update the client index
client_index.ClientIndex().AddClient(client)
except db.UnknownClientError:
pass
if response.system == "Windows":
with aff4.FACTORY.Create(self.client_id.Add("registry"),
standard.VFSDirectory,
token=self.token) as fd:
fd.Set(
fd.Schema.PATHSPEC,
fd.Schema.PATHSPEC(
path="/",
pathtype=rdf_paths.PathSpec.PathType.REGISTRY))
# No support for OS X cloud machines as yet.
if response.system in ["Linux", "Windows"]:
self.CallClient(server_stubs.GetCloudVMMetadata,
rdf_cloud.BuildCloudMetadataRequests(),
next_state="CloudMetadata")
known_system_type = True
else:
# We failed to get the Platform info, maybe there is a stored
# system we can use to get at least some data.
if data_store.RelationalDBReadEnabled():
client = data_store.REL_DB.ReadClientSnapshot(
self.client_id.Basename())
known_system_type = client and client.knowledge_base.os
else:
client = self._OpenClient()
known_system_type = client.Get(client.Schema.SYSTEM)
self.Log("Could not retrieve Platform info.")
if known_system_type:
# We will accept a partial KBInit rather than raise, so pass
# require_complete=False.
self.CallFlow(artifact.KnowledgeBaseInitializationFlow.__name__,
require_complete=False,
lightweight=self.args.lightweight,
next_state="ProcessKnowledgeBase")
else:
self.Log(
"Unknown system type, skipping KnowledgeBaseInitializationFlow"
)
