def getOS(architecture=False, removeLinux=False):
os = distro.linux_distribution()[0]
if removeLinux:
os = re.sub('linux', '', os, flags=re.IGNORECASE)
os = os.rstrip()
if architecture:
os += ' ' + platform.machine()
return os
def info(p_json, p_home, p_repo, print_flag=True):
import os
p_user = util.get_user()
p_is_admin = util.is_admin()
pip_ver = get_pip_ver()
this_os = ""
this_uname = str(platform.system())
host_ip = util.get_host_ip()
wmic_path = os.getenv("SYSTEMROOT", "") + os.sep + "System32" + os.sep + "wbem" + os.sep + "wmic"
if this_uname == "Windows":
import psutil
host_display = os.getenv('LOGONSERVER','') + '\\' + os.getenv('COMPUTERNAME')
system_cpu_cores = os.getenv('NUMBER_OF_PROCESSORS','1')
os_arch = os.getenv('PROCESSOR_ARCHITECTURE', '')
cpu_model = check_output_wmic([wmic_path, "cpu", "get", "name"])
## system_memory_in_gb ######################################
m = psutil.virtual_memory().total
mem_bytes = int(m)
system_memory_in_kbytes = mem_bytes / 1024.0
system_memory_in_gb = str(mem_bytes / (1024.0**3))
else:
os_arch = util.getoutput("uname -m")
host_display = util.get_host_short()
## Check the OS & Resources ########################################
plat = util.get_os()
os_major_ver = ""
if this_uname == "Darwin":
mem_mb = util.get_mem_mb()
system_memory_in_kbytes = mem_mb * 1024
system_memory_in_gb = mem_mb / 1024.0
system_cpu_cores = util.get_cpu_cores()
cpu_model=util.getoutput("/usr/sbin/sysctl -n machdep.cpu.brand_string")
prod_name = util.getoutput("sw_vers -productName")
prod_version = util.getoutput("sw_vers -productVersion")
this_os = prod_name + " " + prod_version
elif this_uname == "Linux":
mem_mb = util.get_mem_mb()
system_memory_in_kbytes = mem_mb * 1024
system_memory_in_gb = mem_mb / 1024.0
system_cpu_cores = util.get_cpu_cores()
cpu_model=util.getoutput("grep 'model name' /proc/cpuinfo | head -1 | cut -d':' -f2")
os_major_ver = util.getoutput("cat /etc/os-release | grep VERSION_ID | cut -d= -f2 | tr -d '\"'")
if cpu_model == "":
cpu_model="ARM"
if os.path.exists("/etc/redhat-release"):
this_os = util.getoutput("cat /etc/redhat-release")
elif os.path.exists("/etc/system-release"):
this_os = util.getoutput("cat /etc/system-release")
elif os.path.exists("/etc/lsb-release"):
this_os = util.getoutput("cat /etc/lsb-release | grep DISTRIB_DESCRIPTION | cut -d= -f2 | tr -d '\"'")
elif os.path.exists("/etc/os-release"):
this_os = util.getoutput("cat /etc/os-release | grep PRETTY_NAME | cut -d= -f2 | tr -d '\"'")
elif this_uname == "Windows":
caption = check_output_wmic([wmic_path, "os", "get", "caption"])
svcpack = check_output_wmic([wmic_path, "os", "get", "servicepackmajorversion"])
if svcpack == "0":
this_os = caption
else:
this_os = caption + ", SP " + svcpack
round_mem = util.pretty_rounder(float(system_memory_in_gb), 1)
mem = str(round_mem) + " GB"
cores = str(system_cpu_cores)
cpu = cpu_model.strip()
cpu = cpu.replace("(R)", "")
cpu = cpu.replace("(TM)", "")
cpu = cpu.replace(" CPU ", " ")
os = this_os.replace(" release ", " ")
os = os.replace(" (Final)", "")
arch = os_arch.replace("x86_64", "AMD")
arch = arch.replace("AMD64", "AMD")
ver = util.get_version()
[last_update_utc, last_update_local, unique_id] = util.read_hosts('localhost')
if last_update_local:
last_upd_dt = datetime.strptime(last_update_local, "%Y-%m-%d %H:%M:%S")
time_diff = int(util.timedelta_total_seconds(datetime.now() - last_upd_dt))
last_update_readable = util.get_readable_time_diff(str(time_diff), precision=2)
versions_sql = util.get_versions_sql()
perl_ver = util.get_perl_ver()
[java_major_ver, java_ver] = util.get_java_ver()
os_pkg_mgr = util.get_pkg_mgr()
jvm_location = util.get_jvm_location()
if p_json:
infoJsonArray = []
infoJson = {}
infoJson['version'] = ver
infoJson['home'] = p_home
infoJson['user'] = p_user
infoJson['host'] = host_display
infoJson['host_short'] = util.get_host_short()
infoJson['host_long'] = util.get_host()
infoJson['host_ip'] = util.get_host_ip()
infoJson['os'] = unicode(str(os),sys.getdefaultencoding(),errors='ignore').strip()
infoJson['os_pkg_mgr'] = os_pkg_mgr
infoJson['os_major_ver'] = os_major_ver
infoJson['platform'] = unicode(str(plat),sys.getdefaultencoding(),errors='ignore').strip()
infoJson['arch'] = arch
infoJson['mem'] = round_mem
infoJson['cores'] = system_cpu_cores
infoJson['cpu'] = cpu
infoJson['last_update_utc'] = last_update_utc
if last_update_local:
infoJson['last_update_readable'] = last_update_readable
infoJson['unique_id'] = unique_id
infoJson['repo'] = p_repo
infoJson['versions_sql'] = versions_sql
infoJson['system_memory_in_kb'] = system_memory_in_kbytes
infoJson['python_ver'] = python_ver
infoJson['python_exe'] = python_exe
if pip_ver != 'None':
infoJson['pip_ver'] = pip_ver
infoJson['perl_ver'] = perl_ver
infoJson['java_ver'] = java_ver
infoJson['java_major_ver'] = java_major_ver
infoJson['jvm_location'] = jvm_location
infoJsonArray.append(infoJson)
if print_flag:
print(json.dumps(infoJson))
return
else:
return infoJson
if p_is_admin:
admin_display = " (Admin)"
else:
admin_display = ""
langs = "Python v" + python_ver
if perl_ver > "":
langs = langs + " | Perl v" + perl_ver
if java_ver > "":
langs = langs + " | Java v" + java_ver
util.validate_distutils_click(False)
print(style_start + ("#" * 70) + style_end)
print(style_start + "# IO: " + style_end + "v" + ver + " " + p_home)
print(style_start + "# User & Host: " + style_end + p_user + admin_display + " " + host_display)
print(style_start + "# Operating System: " + style_end + os.rstrip() + " - " + str(plat))
print(style_start + "# Machine: " + style_end + mem + ", " + cores + " vCPU, " + cpu)
print(style_start + "# Programming Langs: " + style_end + langs)
default_repo = "https://openrds-download.s3.amazonaws.com/REPO"
if p_repo != default_repo:
print(style_start + "# Repo URL: " + style_end + p_repo)
if versions_sql == "versions.sql":
pass
else:
print(style_start + "# Versions SQL: " + style_end + versions_sql)
if not last_update_local:
last_update_local="None"
print(style_start + "# Last Update: " + style_end + str(last_update_local))
print(style_start + ("#" * 70) + style_end)
def info(p_json, p_home, p_repo, print_flag=True):
import os
p_user = util.get_user()
p_is_admin = util.is_admin()
this_os = ""
this_uname = str(platform.system())
host_ip = util.get_host_ip()
wmic_path = os.getenv(
"SYSTEMROOT",
"") + os.sep + "System32" + os.sep + "wbem" + os.sep + "wmic"
if this_uname == "Windows":
import psutil
host_display = os.getenv('LOGONSERVER',
'') + '\\' + os.getenv('COMPUTERNAME')
system_cpu_cores = os.getenv('NUMBER_OF_PROCESSORS', '1')
os_arch = os.getenv('PROCESSOR_ARCHITECTURE', '')
cpu_model = subprocess.check_output([wmic_path, "cpu", "get",
"name"]).strip().split("\n")[1]
## system_memory_in_gb ######################################
m = psutil.virtual_memory().total
mem_bytes = int(m)
system_memory_in_kbytes = mem_bytes / 1024.0
system_memory_in_gb = mem_bytes / (1024.0**3)
else:
os_arch = util.getoutput("uname -m")
HOST = util.get_host_short()
host_display = "{0} {1}".format(HOST, host_ip)
## Check the OS & Resources ########################################
plat = util.get_os()
if this_uname == "Darwin":
system_memory_in_bytes = int(
util.getoutput("/usr/sbin/sysctl hw.memsize | awk '{print $2}'"))
system_memory_in_kbytes = system_memory_in_bytes / 1024
system_memory_in_gb = system_memory_in_bytes / 1024 / 1024 / 1024
system_cpu_cores = int(
util.getoutput(
"/usr/sbin/sysctl hw.physicalcpu | awk '{print $2}'"))
cpu_model = util.getoutput(
"/usr/sbin/sysctl -n machdep.cpu.brand_string")
prod_name = util.getoutput("sw_vers -productName")
prod_version = util.getoutput("sw_vers -productVersion")
this_os = prod_name + " " + prod_version
elif this_uname == "Linux":
system_memory_in_kbytes = int(
util.getoutput("cat /proc/meminfo | awk '/MemTotal/ {print $2}'"))
system_memory_in_gb = system_memory_in_kbytes / 1024.0 / 1024.0
system_cpu_cores = int(
util.getoutput(
"egrep -c 'processor([[:space:]]+):.*' /proc/cpuinfo"))
cpu_model = util.getoutput(
"grep 'model name' /proc/cpuinfo | head -1 | cut -d':' -f2")
if os.path.exists("/etc/redhat-release"):
this_os = util.getoutput("cat /etc/redhat-release")
elif os.path.exists("/etc/system-release"):
this_os = util.getoutput("cat /etc/system-release")
elif os.path.exists("/etc/lsb-release"):
this_os = util.getoutput(
"cat /etc/lsb-release | grep DISTRIB_DESCRIPTION | cut -d= -f2 | tr -d '\"'"
)
elif this_uname == "Windows":
caption_result = subprocess.check_output(
[wmic_path, "os", "get", "caption"])
try:
caption = str(caption_result).strip().split("\n")[1]
except UnicodeDecodeError as e:
caption = unicode(caption_result,
sys.getdefaultencoding(),
errors='ignore').strip().split("\n")[1]
svcpack_result = subprocess.check_output(
[wmic_path, "os", "get", "servicepackmajorversion"])
try:
svcpack = str(svcpack_result).strip().split("\n")[1]
except UnicodeDecodeError as e:
svcpack = unicode(svcpack_result,
sys.getdefaultencoding(),
errors='ignore').strip().split("\n")[1]
if svcpack == "0":
this_os = caption
else:
this_os = caption + ", SP " + svcpack
round_mem = util.pretty_rounder(system_memory_in_gb, 1)
mem = str(round_mem) + " GB"
cores = str(system_cpu_cores) + " x"
cpu = cpu_model.strip()
cpu = cpu.replace("(R)", "")
cpu = cpu.replace("(TM)", "")
cpu = cpu.replace(" CPU ", " ")
os = this_os.replace(" release ", " ")
os = os.replace(" (Final)", "")
arch = os_arch.replace("x86_64", "x64")
arch = arch.replace("AMD64", "x64")
ver = util.get_pgc_version()
[
interval, last_update_utc, next_update_utc, last_update_local,
next_update_local, unique_id
] = util.read_hosts('localhost')
if last_update_local:
last_upd_dt = datetime.strptime(last_update_local, "%Y-%m-%d %H:%M:%S")
time_diff = int(
util.timedelta_total_seconds(datetime.now() - last_upd_dt))
last_update_readable = util.get_readable_time_diff(str(time_diff),
precision=2)
versions_sql = util.get_versions_sql()
if p_json:
infoJsonArray = []
infoJson = {}
infoJson['version'] = ver
infoJson['home'] = p_home
infoJson['user'] = p_user
infoJson['host'] = host_display
infoJson['host_short'] = util.get_host_short()
infoJson['host_long'] = util.get_host()
infoJson['host_ip'] = util.get_host_ip()
infoJson['os'] = unicode(str(os),
sys.getdefaultencoding(),
errors='ignore').strip()
infoJson['platform'] = unicode(str(plat),
sys.getdefaultencoding(),
errors='ignore').strip()
infoJson['arch'] = arch
infoJson['mem'] = round_mem
infoJson['cores'] = system_cpu_cores
infoJson['cpu'] = cpu
infoJson['interval'] = interval
infoJson['last_update_utc'] = last_update_utc
if last_update_local:
infoJson['last_update_readable'] = last_update_readable
infoJson['next_update_utc'] = next_update_utc
infoJson['unique_id'] = unique_id
infoJson['repo'] = p_repo
infoJson['versions_sql'] = versions_sql
infoJson['system_memory_in_kb'] = system_memory_in_kbytes
infoJson['python_ver'] = python_ver
infoJson['python_exe'] = python_exe
if pip_ver != 'None':
infoJson['pip_ver'] = pip_ver
infoJsonArray.append(infoJson)
if print_flag:
print(json.dumps(infoJsonArray, sort_keys=True, indent=2))
return
else:
return infoJson
if p_is_admin:
admin_display = " (Admin)"
else:
admin_display = ""
print(style_start + ("#" * 70) + style_end)
print(style_start + "# PGC: " + style_end + "v" + ver + " " +
p_home)
print(style_start + "# User & Host: " + style_end + p_user +
admin_display + " " + host_display)
print(style_start + "# Platform: " + style_end + plat + " | " +
os.rstrip())
if pip_ver != "None":
print(style_start + "# Python: " + style_end + "pip v" + pip_ver + \
" | v" + python_ver + " | " + python_exe)
else:
print(style_start + "# Python: " + style_end + "v" +
python_ver + " | " + python_exe)
print(style_start + "# Hardware: " + style_end + mem + ", " +
cores + " " + cpu)
default_repo = "https://s3.amazonaws.com/pgcentral"
if p_repo != default_repo:
print(style_start + "# Repo URL: " + style_end + p_repo)
if versions_sql == "versions.sql":
pass
else:
print(style_start + "# Versions SQL: " + style_end + versions_sql)
if not last_update_local:
last_update_local = "None"
print(style_start + "# Last Update: " + style_end +
str(last_update_local))
if interval:
print(style_start + "# Update Interval: " + style_end + str(interval))
print(style_start + "# Next Update : " + style_end +
str(next_update_local))
print(style_start + ("#" * 70) + style_end)
def passerViz(line):
try:
print "---"
version = "?"
os = "?"
#print "Entered passerViz() : " + line
line = line.rstrip("\n")
fields = line.split(",")
print fields
ip = fields[1]
port = fields[2]
info = fields[4]
geoIP = ipintellib.geo_ip(ip)
cc = geoIP['countryCode']
print cc
print "info(raw) = " + info
infoRaw = info
info = info.replace("/",":")
print "ip = " + ip
print "port = " + port
info = info.replace("protocol ","protocol_")
info = info.replace(":::",":")
info = info.replace(" beta","beta")
info = info.replace("Microsoft IIS SSL","MS_IIS_SSL")
info = info.replace("Microsoft IIS","MS_IIS")
info = info.replace("Microsoft Windows RPC","MS_RPC")
info = info.replace("Microsoft Windows daytime","MS_TIME")
info = info.replace("Microsoft SQL Server","MS_SQL")
info = info.replace("Microsoft Terminal Service","MS_TS")
info = info.replace("Microsoft DNS","MS_DNS")
info = info.replace("Microsoft ftpd","MS_FTPD")
info = info.replace("Apache Jserv","JSERV")
info = info.replace("Internet Rex","REX")
info = info.replace("Courier pop3d","COURIER_POP3D")
info = info.replace("Postfix smtpd","POSTFIX_SMTPD")
info = info.replace("Linux telnetd","LINUX_TELNETD")
info = info.replace("Linux SNMP multiplexer","LINUX_SMUX")
info = info.replace("Cisco SSH","CISCO_SSH")
info = info.replace("Cisco IOS http","CISCO_HTTPD")
info = info.replace("Cisco SIP Gateway","CISCO_SIP")
info = info.replace("Oracle HTTP Server","ORACLE_HTTPD")
info = info.replace("Oracle XML DB Enterprise","ORACLE_XML_DB")
info = info.replace("ISC BIND","BIND")
info = info.replace("SCS sshd","SCS_SSHD")
info = info.replace("osiris host IDS agent","OSIRIS_AGENT")
print "info(post) = " + info
infofields = info.split(" ")
print "infofields = " + infofields.__str__()
for i in infofields :
#print "i = " + i.__str__()
if i.find(":p:") >= 0 :
program = i.rstrip(":")
program = i.lstrip(":")
#
program = program.replace("http:p:","")
program = program.replace("ssl:p:","")
program = program.replace("mysql:p:","")
program = program.replace("msrpc:p:","")
program = program.replace("http-proxy:p:","")
program = program.replace("proxy:p:","")
program = program.replace("openSSH:p:","")
program = program.replace("imap:p:","")
program = program.replace("ajp13:p:","JSERV")
program = program.replace("ms-sql-s:p:","SQL")
program = program.replace("pop3:p:","POP3")
program = program.replace("telnet:p:","TELNETD")
program = program.replace("ident:p:","")
program = program.replace("smtp:p:","")
program = program.replace("ftp:p:","")
program = program.replace("dominoconsole:p:","-")
#program = program.replace("domain:p:","DNS")
program = program.replace("microsoft-ds:p:","")
#program = program.replace("ssh:p:","SSH")
program = program.replace("nagios-nsca:p:","")
print "program found in " + i.__str__() + " is " + program.__str__()
if i.find("v:") >= 0 :
version = i.rstrip(":")
version = version.lstrip(":")
version = version.replace("v:","")
print "version found in " + i.__str__() + " is " + version.__str__()
if i.find("i:") >= 0 :
info = i.rstrip(":")
info = info.lstrip(":")
info = info.replace("protocol_","")
print "info found in " + i.__str__() + " is " + info.__str__()
if i.find("o:") >= 0 :
os = i.rstrip(":")
os = os.lstrip(":")
os = os.replace("Windows","W")
os = os.replace("Linux","L")
os = os.replace("Unix","U")
os = os.replace("IOS","I")
os = os.replace("o:","")
os = os.rstrip("\n")
print "os found in " + i.__str__() + " is " + os.__str__()
now = time.time()
nowLocal = time.gmtime(now)
tstamp = time.asctime(nowLocal)
msg = "passerViz() : ip=" + ip.__str__() + " port=" + port.__str__() + " program=" + program.__str__() + " os=" + os.__str__()
syslog.syslog(msg)
fp = open("/home/var/secviz/passer.csv","a")
msg1 = port + "," + program + "," + tstamp + "," + infoRaw
print msg1
print >> fp, msg1
msg2 = program + version + "," + program + "," + tstamp + "," + infoRaw
print msg2
print >> fp, msg2
msg3 = ip + ":" + cc + ":" + os + "," + program + version + "," + tstamp + "," + infoRaw
print msg3
print >> fp, msg3
fp.close()
except Exception,e:
msg = "kojoney_passer_parse.py : passerViz() : " + `e` + " line=" + line
syslog.syslog(msg)
return None