def build_server_group_object(self):
session = cloudpassage.HaloSession(key_id, secret_key,
api_host=api_hostname,
api_port=api_port,
integration_string="SDK-Smoke")
server_group_object = cloudpassage.ServerGroup(session)
return(server_group_object)
def server_group_list(self, session):
s_group_list = []
sg_session = cloudpassage.ServerGroup(session)
server_group_list = sg_session.list_all()
for server_group in server_group_list:
s_group_list.append(server_group["id"])
return s_group_list
def get_all_server_groups(self):
"""Get a list of groups from the Halo API."""
try:
server_groups = cloudpassage.ServerGroup(self.session)
all_groups = server_groups.list_all()
except cloudpassage.CloudPassageAuthentication:
print("Quarantine: Authentication failure with CloudPassage API!")
all_groups = []
return all_groups
def get_servers_from_group(self, s_group_list):
session = self.session
s_list = []
for s_group in s_group_list:
sg_session = cloudpassage.ServerGroup(session)
servers_list = sg_session.list_members(s_group)
for server in servers_list:
s_list.append(server)
return s_list
def firewall_report_for_group_id(session, group_id):
fw_obj = cloudpassage.FirewallPolicy(session)
group_obj = cloudpassage.ServerGroup(session)
group_struct = group_obj.describe(group_id)
fw_polid = group_struct["linux_firewall_policy_id"]
if fw_polid is None:
retval = "No firewall policy for: %s\n" % group_id
else:
grapher = FirewallGraph(fw_obj.describe(fw_polid))
retval = FirewallGraph.dot_to_png(grapher.make_dotfile())
return retval
def get_halo_servers_id(session):
NO_SERVERS = 0
target_halo_server_group = ""
cp_server_ob = cloudpassage.Server(session)
cp_server_group_ob = cloudpassage.ServerGroup(session)
if target_halo_server_group == "":
halo_server_list = cp_server_ob.list_all(state="active")
else:
server_group_id = \
get_server_group_id_by_name(cp_server_group_ob,
target_halo_server_group)
halo_server_list = cp_server_group_ob.list_members(server_group_id)
if len(halo_server_list) == NO_SERVERS:
print "No server to use... exiting...\n"
sys.exit(1)
halo_server_id_list = []
for server in halo_server_list:
if 'aws_ec2' in server:
ec2_data = server['aws_ec2']
halo_server_id_list.append({
'halo_server_id':
server['id'],
'aws_instance_id':
ec2_data['ec2_instance_id'],
'aws_account_id':
ec2_data['ec2_account_id']
})
elif server['server_label'] and "_" in server['server_label']\
and server['server_label'] is not None:
server_label = server['server_label']
server_label_parts = server_label.split("_")
server_label_account = server_label_parts[0]
server_label_instance = server_label_parts[1]
halo_server_id_list.append({
'halo_server_id': server['id'],
'aws_instance_id': server_label_instance,
'aws_account_id': server_label_account
})
else:
halo_server_id_list.append({
'halo_server_id': server['id'],
'aws_instance_id': "N/A",
'aws_account_id': "N/A"
})
halo_instance_id_list = halo_server_id_list
print "Halo Server ID and AWS Account ID Lookup Complete "\
+ time.strftime("%Y%m%d-%H%M%S")
return halo_instance_id_list
def test_bad_scan_type(self):
session = cloudpassage.HaloSession(key_id, secret_key,
api_host=api_hostname,
api_port=api_port)
scanner = cloudpassage.Scan(session)
s_group = cloudpassage.ServerGroup(session)
scan_type = "barfola"
server_id = s_group.list_all()[0]["id"]
with pytest.raises(cloudpassage.CloudPassageValidation) as e:
scanner.initiate_scan(server_id, scan_type)
assert 'Unsupported scan type: barfola' in str(e)
def __init__(self, config):
"""Pass in a quarantine.ConfigHelper object on instantiation."""
self.ua = config.ua_string
self.session = cloudpassage.HaloSession(config.halo_key,
config.halo_secret,
integration_string=self.ua)
self.server_obj = cloudpassage.Server(self.session)
self.event_obj = cloudpassage.Event(self.session)
self.group_obj = cloudpassage.ServerGroup(self.session)
self.target_group_id = self.get_groupid(config.quarantine_grp_name)
return
def main():
global FAIL_EXIT_CODE
FAIL_EXIT_CODE = int(os.getenv("FAIL_EXIT_CODE", 2))
start_time = datetime.datetime.now()
copy_tree("static", "reports/html/static")
Path("reports/html/cve").mkdir(parents=True, exist_ok=True)
key = os.getenv("HALO_API_KEY")
secret = os.getenv("HALO_API_SECRET_KEY")
module_str = os.getenv("SCAN_MODULE")
modules = module_str.split(",")
instance_id = os.getenv("INSTANCE_ID")
timeout = os.getenv("TIMEOUT")
max_cvss_threshold = float(os.getenv("MAX_CVSS", 7))
modules = [module.lower() for module in modules]
modules = list(set(modules))
session = cloudpassage.HaloSession(key, secret)
validate_input(session, modules, instance_id, max_cvss_threshold)
server = cloudpassage.Server(session)
scan = cloudpassage.Scan(session)
group = cloudpassage.ServerGroup(session)
scanned_server = get_server(server, instance_id, start_time, timeout)
server_id = scanned_server["id"]
print(f"Server ID: {server_id}")
modules = validate_csm(modules, scanned_server, group)
scans = {}
for module in modules:
while True:
try:
scan_output = scan.last_scan_results(server_id, module)
except cloudpassage.CloudPassageResourceExistence:
check_timeout(start_time, timeout)
print("Waiting on {} scan to complete...".format(module))
time.sleep(30)
if scan_output and "scan" in scan_output:
scans[module] = scan_output["scan"]
break
check_timeout(start_time, timeout)
print("Waiting on {} scan to complete...".format(module))
time.sleep(30)
build_success = process_scan(scans, scanned_server, session)
if not build_success:
print("Security scan results did not meet pass criteria")
sys.exit(FAIL_EXIT_CODE)
def get_root_name(session):
### Get root group Name for report using the SDK
# assume that if the parent is none it is the root group
groups = cloudpassage.ServerGroup(session)
list_of_groups = groups.list_all()
rootGroupName = ""
for s in list_of_groups:
if debug > 2:
print("ID: {} Name: {} Parent: {}".format(s["id"], s["name"],
s["parent_id"]))
if (s["parent_id"] == None):
rootGroupName = s["name"]
return rootGroupName
def get_id_for_group_target(session, target):
"""Attempts to get group_id using arg:target as group_name, then id"""
group = cloudpassage.ServerGroup(session)
orig_result = group.list_all()
result = []
for x in orig_result:
if x["name"] == target:
result.append(x)
if len(result) > 0:
return result[0]["id"]
else:
try:
result = group.describe(target)["id"]
except cloudpassage.CloudPassageResourceExistence:
result = None
except KeyError:
result = None
return result
def test_instantiation(self):
session = cloudpassage.HaloSession(key_id,
secret_key,
api_host=api_hostname,
api_port=api_port)
assert cloudpassage.ServerGroup(session)
def lambda_handler(event, context):
print('[halo_metrics_to_sumologic.lambda_handler][INFO] Starting...')
max_retry = 3
sumo_url = os.environ['sumologic_https_url']
halo_api_key_id = os.environ['halo_api_key_id']
halo_api_secret = os.environ['halo_api_secret_key']
print('Sumo_URL - %s' % sumo_url)
session = cloudpassage.HaloSession(halo_api_key_id, halo_api_secret)
httphelper = cloudpassage.HttpHelper(session)
server_groups = cloudpassage.ServerGroup(session)
root_server_group_id = list(
{x["id"]
for x in server_groups.list_all() if x["parent_id"] is None})[0]
current_time = datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ')
print('[halo_metrics_to_sumologic.lambda_handler][INFO] Current time: %s' %
current_time)
# Server count by state
url = "/v2/servers"
params = {
"group_id": root_server_group_id,
"state": "active,missing,deactivated,retired",
"descendants": "true",
"group_by": "state"
}
servers_by_state_summary = httphelper.get(url, params=params)
log = {'servers_by_state_summary': servers_by_state_summary}
data = {'source': 'script', 'log': log, 'created_time': current_time}
sumologic_https_forwarder(url=sumo_url,
data=json.dumps(data, ensure_ascii=False),
max_retry=max_retry)
current_time = datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ')
# Issues by criticality
url = "/v2/issues"
params = {
"group_id": root_server_group_id,
"descendants": "true",
"state": "active,deactivated,missing",
"status": "active",
"group_by": "issue_type,critical"
}
issues_by_crit = httphelper.get(url, params=params)
log = {'current_issues_by_criticality_summary': issues_by_crit}
data = {'source': 'script', 'log': log, 'created_time': current_time}
sumologic_https_forwarder(url=sumo_url,
data=json.dumps(data, ensure_ascii=False),
max_retry=max_retry)
# OS types
url = "/v2/servers"
params = {
"group_id": root_server_group_id,
"descendants": "true",
"state": "active",
"group_by": "os_distribution,os_version"
}
os_types_summary = httphelper.get(url, params=params)
log = {'os_types_summary': os_types_summary}
data = {'source': 'script', 'log': log, 'created_time': current_time}
sumologic_https_forwarder(url=sumo_url,
data=json.dumps(data, ensure_ascii=False),
max_retry=max_retry)
current_time = datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ')
# SW packages
url = "/v2/servers"
params = {
"group_id": root_server_group_id,
"descendants": "true",
"state": "active,missing,deactivated",
"group_by": "os_type,package_name,package_version"
}
sw_packages_summary = httphelper.get(url, params=params)
log = {'sw_packages_summary': sw_packages_summary}
data = {'source': 'script', 'log': log, 'created_time': current_time}
sumologic_https_forwarder(url=sumo_url,
data=json.dumps(data, ensure_ascii=False),
max_retry=max_retry)
current_time = datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ')
# Running processes
url = "/v2/servers"
params = {
"group_id": root_server_group_id,
"descendants": "true",
"state": "active,missing,deactivated",
"group_by": "os_type,process_name"
}
processes_summary = httphelper.get(url, params=params)
log = {'processes_summary': processes_summary}
data = {'source': 'script', 'log': log, 'created_time': current_time}
sumologic_https_forwarder(url=sumo_url,
data=json.dumps(data, ensure_ascii=False),
max_retry=max_retry)
current_time = datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ')
# Local server accounts
url = "/v1/local_accounts"
params = {
"group_id": root_server_group_id,
"descendants": "true",
"state": "active,missing,deactivated",
"group_by": "os_type,username",
"per_page": "100"
}
local_accounts_summary = httphelper.get(url, params=params)
# TODO: Test it with more than 100 user accounts.
log = {'local_accounts_summary': local_accounts_summary}
data = {'source': 'script', 'log': log, 'created_time': current_time}
sumologic_https_forwarder(url=sumo_url,
data=json.dumps(data, ensure_ascii=False),
max_retry=max_retry)
current_time = datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ')
# List SW Vulnerabilities
url = "/v2/issues"
params = {
"group_id": root_server_group_id,
"issue_type": "sva",
"descendants": "true",
"status": "active",
"state": "active,missing,deactivated",
"group_by": "critical,issue_type,rule_key,name,policy_id",
"sort_by": "critical.desc,count.desc",
"per_page": "100",
"page": "1"
}
sw_vulnerability_summary = httphelper.get(url, params=params)
# TODO: Test it with more than 100 SW vulnerability
print('SW Vulnerability Summary: %s' %
json.dumps(sw_vulnerability_summary, indent=2))
log = {'sw_vulnerability_summary': sw_vulnerability_summary}
data = {'source': 'script', 'log': log, 'created_time': current_time}
sumologic_https_forwarder(url=sumo_url,
data=json.dumps(data, ensure_ascii=False),
max_retry=max_retry)
print("[halo_metrics_to_sumologic.lambda_handler][INFO] End.")
return current_time
def build_server_group_object(self):
"""create halo server group object"""
srv_grp_obj = cloudpassage.ServerGroup(self.create_halo_session_object())
return(srv_grp_obj)
