def disWinOS(host_obj, shell, Framework, langBund, softNameToInstSoftOSH=None):
host = modeling.createOshByCmdbIdString("host", host_obj)
resultsVector = ObjectStateHolderVector()
if not NTCMD_HR_REG_Software_Lib.doSoftware(shell, host, resultsVector, softNameToInstSoftOSH):
discoverSoftwareByWmic(shell, host, resultsVector, softNameToInstSoftOSH)
wmiProvider = getWmiProvider(shell)
hostDiscoverer = WmiHostDiscoverer(wmiProvider)
if hostDiscoverer.isWin2008():
softwares = discover2008Hotfixes(wmiProvider, host)
for software in softwares:
if not software.osh:
continue
if softNameToInstSoftOSH is not None:
if software.name in softNameToInstSoftOSH:
continue
softNameToInstSoftOSH[software.name] = software.osh
resultsVector.add(software.osh)
elif hostDiscoverer.isWindows8_2012():
softwares = discover2012Hotfixes(wmiProvider, host)
for software in softwares:
if not software.osh:
continue
if softNameToInstSoftOSH is not None:
if software.name in softNameToInstSoftOSH:
continue
softNameToInstSoftOSH[software.name] = software.osh
resultsVector.add(software.osh)
softwareList = WindowsAppsDiscoverer(shell).discover()
softwareOshVector = InstalledSoftwareReporter().reportAll(softwareList, host)
resultsVector.addAll(softwareOshVector)
return resultsVector
def discoverPhysicalDiskByWmi(shell, OSHVec, hostOSH):
wmiProvider = wmiutils.getWmiProvider(shell)
queryBuilder = wmiProvider.getBuilder("Win32_DiskDrive")
queryBuilder.addWmiObjectProperties("DeviceID", "SerialNumber", "Size")
wmiAgent = wmiProvider.getAgent()
diskDevices = []
try:
diskDevices = wmiAgent.getWmiData(queryBuilder)
except:
logger.debugException("Failed getting physical disk via wmi")
for diskDevice in diskDevices:
diskOsh = ObjectStateHolder("disk_device")
diskName = diskDevice.DeviceID and diskDevice.DeviceID.strip() or None
if diskName:
diskOsh.setStringAttribute("name", diskName.upper())
else:
continue
diskSerialNumber = diskDevice.SerialNumber and diskDevice.SerialNumber.strip() or None
if diskSerialNumber:
diskOsh.setStringAttribute("serial_number", diskSerialNumber)
diskOsh.setStringAttribute("disk_type", "fixed_disk")
diskSize = diskDevice.Size and diskDevice.Size.strip() or None
# Byte to MB
if diskSize:
diskSize = int(diskSize) / 0x100000
diskOsh.setIntegerAttribute("disk_size", diskSize)
diskOsh.setContainer(hostOSH)
OSHVec.add(diskOsh)
def discoverPhysicalDiskByWmi(shell, OSHVec, hostOSH):
wmiProvider = wmiutils.getWmiProvider(shell)
queryBuilder = wmiProvider.getBuilder('Win32_DiskDrive')
queryBuilder.addWmiObjectProperties('DeviceID', 'SerialNumber', 'Size')
wmiAgent = wmiProvider.getAgent()
diskDevices = []
try:
diskDevices = wmiAgent.getWmiData(queryBuilder)
except:
logger.debugException('Failed getting physical disk via wmi')
for diskDevice in diskDevices:
diskOsh = ObjectStateHolder("disk_device")
diskName = diskDevice.DeviceID and diskDevice.DeviceID.strip() or None
if diskName:
diskOsh.setStringAttribute("name", diskName.upper())
else:
continue
diskSerialNumber = diskDevice.SerialNumber and diskDevice.SerialNumber.strip(
) or None
if diskSerialNumber:
diskOsh.setStringAttribute("serial_number", diskSerialNumber)
diskOsh.setStringAttribute("disk_type", "fixed_disk")
diskSize = diskDevice.Size and diskDevice.Size.strip() or None
# Byte to MB
if diskSize:
diskSize = int(diskSize) / 0x100000
diskOsh.setIntegerAttribute("disk_size", diskSize)
diskOsh.setContainer(hostOSH)
OSHVec.add(diskOsh)
def discoveriSCSIInfo(shell, OSHVec, hostOSH):
wmiProvider = wmiutils.getWmiProvider(shell)
queryBuilder = wmiProvider.getBuilder('MSFT_iSCSISession')
queryBuilder.addWmiObjectProperties('InitiatorNodeAddress',
'TargetNodeAddress',
'SessionIdentifier')
wmicAgent = wmiProvider.getAgent()
try:
wmicAgent.setNamespace('root/Microsoft/Windows/Storage')
except:
logger.debug(
'Cannot change to name space root/Microsoft/Windows/Storage for iSCSI discovery'
)
return
try:
sessionItems = []
try:
sessionItems = wmicAgent.getWmiData(queryBuilder)
except:
logger.debugException('Failed getting iSCSI information')
return
sessionToDiskMap = discoveriSCSISessionToDiskMap(wmiProvider)
phyVolumeIdToOshMap, phyVolumeNumberToOshMap = discoverPhysicalVolumes(
wmiProvider, OSHVec, hostOSH)
discoverDiskMountPoints(wmiProvider, OSHVec, hostOSH,
phyVolumeNumberToOshMap)
for session in sessionItems:
initiatorOsh = None
targetOsh = None
if session.InitiatorNodeAddress:
initiatorOsh = ObjectStateHolder("iscsi_adapter")
initiatorOsh.setStringAttribute("iqn",
session.InitiatorNodeAddress)
initiatorOsh.setContainer(hostOSH)
OSHVec.add(initiatorOsh)
if session.TargetNodeAddress:
targetOsh = ObjectStateHolder("iscsi_adapter")
targetOsh.setStringAttribute("iqn", session.TargetNodeAddress)
OSHVec.add(targetOsh)
if initiatorOsh and targetOsh:
OSHVec.add(
modeling.createLinkOSH('usage', initiatorOsh, targetOsh))
sessionId = session.SessionIdentifier
disks = sessionToDiskMap.get(sessionId) or {}
for disk in disks:
diskOsh = phyVolumeIdToOshMap.get(disk)
if diskOsh and targetOsh:
OSHVec.add(
modeling.createLinkOSH('dependency', diskOsh,
targetOsh))
finally:
wmicAgent.setNamespace() #set back to default
def discoverDiskByWmic(shell, OSHVec, hostOSH):
wmiProvider = wmiutils.getWmiProvider(shell)
queryBuilder = wmiProvider.getBuilder("Win32_LogicalDisk")
queryBuilder.usePathCommand(1)
queryBuilder.addWmiObjectProperties("DeviceID", "DriveType", "FreeSpace", "ProviderName", "Size", "FileSystem")
queryBuilder.addWhereClause("DriveType=3")
wmicAgent = wmiProvider.getAgent()
diskItems = []
try:
diskItems = wmicAgent.getWmiData(queryBuilder)
except:
logger.debugException("Failed getting disks information via wmic")
return 0
for diskItem in diskItems:
# size in MB
diskSize = diskItem.Size and diskItem.Size.strip() or None
if diskSize:
diskSize = _bytesToMB(diskSize)
diskFreeSize = diskItem.FreeSpace and diskItem.FreeSpace.strip() or None
if diskFreeSize:
diskFreeSize = _bytesToMB(diskFreeSize)
diskUsedSize = None
if diskFreeSize is not None and diskFreeSize is not None:
diskUsedSize = diskSize - diskFreeSize
diskName = diskItem.DeviceID and diskItem.DeviceID.strip() or None
if diskName:
diskName = re.sub(":$", "", diskName)
# if provderName is set - this is a remote disk
diskProviderName = diskItem.ProviderName and diskItem.ProviderName.strip() or diskName
diskType = diskItem.DriveType and int(diskItem.DriveType.strip()) or None
logger.debug(
"found disk: %s, sizeInMB=%s, freespace=%s, type=%s" % (diskName, diskSize, diskFreeSize, diskType)
)
diskType = diskType and modeling.STORAGE_ID_TO_STORAGE_TYPE.get(diskType) or modeling.OTHER_STORAGE_TYPE
diskOsh = modeling.createDiskOSH(
hostOSH, diskName, diskType, size=diskSize, name=diskProviderName, usedSize=diskUsedSize
)
OSHVec.add(diskOsh)
return 1
def discoverServices(self):
''' -> None
@command: wmic path Win32_service get AcceptPause, Description, DisplayName, Name, PathName, ServiceType, StartMode, State
@raise ValueError: Failed getting services
'''
wmiProvider = wmiutils.getWmiProvider(self.shell)
queryBuilder = wmiProvider.getBuilder('Win32_Service')
queryBuilder.usePathCommand(1)
# queryBuilder = wmiutils.WmicQueryBuilder('service')
filterList = self.buildFilter()
queryBuilder.addWmiObjectProperties(*filterList)
wmicAgent = wmiProvider.getAgent()
self.serviceItems = wmicAgent.getWmiData(queryBuilder)
if not self.serviceItems:
raise ValueError("Failed getting services")
def discoveriSCSIInfo(shell, OSHVec, hostOSH):
wmiProvider = wmiutils.getWmiProvider(shell)
queryBuilder = wmiProvider.getBuilder("MSFT_iSCSISession")
queryBuilder.addWmiObjectProperties("InitiatorNodeAddress", "TargetNodeAddress", "SessionIdentifier")
wmicAgent = wmiProvider.getAgent()
try:
wmicAgent.setNamespace("root/Microsoft/Windows/Storage")
except:
logger.debug("Cannot change to name space root/Microsoft/Windows/Storage for iSCSI discovery")
return
try:
sessionItems = []
try:
sessionItems = wmicAgent.getWmiData(queryBuilder)
except:
logger.debugException("Failed getting iSCSI information")
return
sessionToDiskMap = discoveriSCSISessionToDiskMap(wmiProvider)
phyVolumeIdToOshMap, phyVolumeNumberToOshMap = discoverPhysicalVolumes(wmiProvider, OSHVec, hostOSH)
discoverDiskMountPoints(wmiProvider, OSHVec, hostOSH, phyVolumeNumberToOshMap)
for session in sessionItems:
initiatorOsh = None
targetOsh = None
if session.InitiatorNodeAddress:
initiatorOsh = ObjectStateHolder("iscsi_adapter")
initiatorOsh.setStringAttribute("iqn", session.InitiatorNodeAddress)
initiatorOsh.setContainer(hostOSH)
OSHVec.add(initiatorOsh)
if session.TargetNodeAddress:
targetOsh = ObjectStateHolder("iscsi_adapter")
targetOsh.setStringAttribute("iqn", session.TargetNodeAddress)
OSHVec.add(targetOsh)
if initiatorOsh and targetOsh:
OSHVec.add(modeling.createLinkOSH("usage", initiatorOsh, targetOsh))
sessionId = session.SessionIdentifier
disks = sessionToDiskMap.get(sessionId) or {}
for disk in disks:
diskOsh = phyVolumeIdToOshMap.get(disk)
if diskOsh and targetOsh:
OSHVec.add(modeling.createLinkOSH("dependency", diskOsh, targetOsh))
finally:
wmicAgent.setNamespace() # set back to default
def executeWmiQuery(client, OSHVResult, servicesByCmd=None, nodeOsh=None):
containerOsh = nodeOsh or modeling.createHostOSH(client.getIpAddress())
wmiProvider = wmiutils.getWmiProvider(client)
queryBuilder = wmiProvider.getBuilder('Win32_Service')
queryBuilder.addWmiObjectProperties('DisplayName', 'Description', \
'PathName', 'StartMode', 'State', \
'AcceptPause', 'StartName')
wmicAgent = wmiProvider.getAgent()
services = wmicAgent.getWmiData(queryBuilder)
serviceOshv = ObjectStateHolderVector()
for service in services:
serviceOsh = modeling.createServiceOSH(containerOsh, service.DisplayName, service.Description, \
service.PathName, service.StartMode, service.State, \
service.AcceptPause, serviceStartUser=service.StartName)
if service.PathName != None:
servicesByCmd.put(CmdLine(service.PathName.lower()), serviceOsh)
serviceOshv.add(serviceOsh)
logger.debug('Discovered ', serviceOshv.size(), ' services')
return serviceOshv
def disWinOS(hostCmdbId, shell, Framework, langBund, host_is_virtual = False):
''' Discover CPUs for windows by shell
str, WinShell, Framework, bundle -> OSH vector
@param Framework and langBund: are not used
@deprecated: use hostresources modules instead
'''
hostOsh = modeling.createOshByCmdbIdString('host', hostCmdbId)
wmiProvider = getWmiProvider(shell)
cpuDiscoverer = CpuDiscoverer(wmiProvider)
try:
resources = cpuDiscoverer.discover()
except:
logger.debug('Failed to discover CPU info from win32_Processor. '
'Trying to discover physical CPU on base '
'of SocketDesignation property ')
cpuDiscoverer = CpuDiscovererBySocketDesignationProperty(wmiProvider)
resources = cpuDiscoverer.discover()
resources.build(hostOsh)
return resources.report()
def disWinOS(host_obj, shell, Framework, langBund, softNameToInstSoftOSH=None):
host = modeling.createOshByCmdbIdString('host', host_obj)
resultsVector = ObjectStateHolderVector()
if not NTCMD_HR_REG_Software_Lib.doSoftware(shell, host, resultsVector,
softNameToInstSoftOSH):
discoverSoftwareByWmic(shell, host, resultsVector,
softNameToInstSoftOSH)
wmiProvider = getWmiProvider(shell)
hostDiscoverer = WmiHostDiscoverer(wmiProvider)
if hostDiscoverer.isWin2008():
softwares = discover2008Hotfixes(wmiProvider, host)
for software in softwares:
if not software.osh:
continue
if softNameToInstSoftOSH is not None:
if software.name in softNameToInstSoftOSH:
continue
softNameToInstSoftOSH[software.name] = software.osh
resultsVector.add(software.osh)
elif hostDiscoverer.isWindows8_2012():
softwares = discover2012Hotfixes(wmiProvider, host)
for software in softwares:
if not software.osh:
continue
if softNameToInstSoftOSH is not None:
if software.name in softNameToInstSoftOSH:
continue
softNameToInstSoftOSH[software.name] = software.osh
resultsVector.add(software.osh)
softwareList = WindowsAppsDiscoverer(shell).discover()
softwareOshVector = InstalledSoftwareReporter().reportAll(
softwareList, host)
resultsVector.addAll(softwareOshVector)
return resultsVector
def _createWmiAgentProvider(self):
self.__wmiAgentProvider = wmiutils.getWmiProvider(self._getShell())
def discoverDiskByWmic(shell, OSHVec, hostOSH):
wmiProvider = wmiutils.getWmiProvider(shell)
queryBuilder = wmiProvider.getBuilder('Win32_LogicalDisk')
queryBuilder.usePathCommand(1)
queryBuilder.addWmiObjectProperties(
'DeviceID',
'DriveType',
'FreeSpace',
'ProviderName',
'Size',
'FileSystem',
)
queryBuilder.addWhereClause('DriveType=3')
wmicAgent = wmiProvider.getAgent()
diskItems = []
try:
diskItems = wmicAgent.getWmiData(queryBuilder)
except:
logger.debugException('Failed getting disks information via wmic')
return 0
for diskItem in diskItems:
#size in MB
diskSize = diskItem.Size and diskItem.Size.strip() or None
if diskSize:
diskSize = _bytesToMB(diskSize)
diskFreeSize = diskItem.FreeSpace and diskItem.FreeSpace.strip(
) or None
if diskFreeSize:
diskFreeSize = _bytesToMB(diskFreeSize)
diskUsedSize = None
if diskFreeSize is not None and diskFreeSize is not None:
diskUsedSize = diskSize - diskFreeSize
diskName = diskItem.DeviceID and diskItem.DeviceID.strip() or None
if diskName:
diskName = re.sub(':$', '', diskName)
# if provderName is set - this is a remote disk
diskProviderName = diskItem.ProviderName and diskItem.ProviderName.strip(
) or diskName
diskType = diskItem.DriveType and int(
diskItem.DriveType.strip()) or None
logger.debug('found disk: %s, sizeInMB=%s, freespace=%s, type=%s' %
(diskName, diskSize, diskFreeSize, diskType))
diskType = diskType and modeling.STORAGE_ID_TO_STORAGE_TYPE.get(
diskType) or modeling.OTHER_STORAGE_TYPE
diskOsh = modeling.createDiskOSH(hostOSH,
diskName,
diskType,
size=diskSize,
name=diskProviderName,
usedSize=diskUsedSize)
OSHVec.add(diskOsh)
return 1
def discoverProcessesByWmic(client, OSHVResult, hostID, Framework, pid2Process = None):
''' Discover system processes, report them and save in probe DB.
Shell, oshVector, str, Framework, map[str, str] -> bool
@command: wmic process get commandLine, creationdate, executablepath, name, processId
'''
wmiProvider = wmiutils.getWmiProvider(client)
queryBuilder = wmiProvider.getBuilder('Win32_Process')
queryBuilder.usePathCommand(1)
#queryBuilder = wmiutils.WmicQueryBuilder('process')
queryBuilder.addWmiObjectProperties('name', 'processId', 'commandLine', 'executablepath', 'creationdate')
wmicAgent = wmiProvider.getAgent()
processItems = []
try:
processItems = wmicAgent.getWmiData(queryBuilder)
except:
logger.debugException('Failed getting processes information via wmic' )
return 0
pdu = None
try:
pdu = processdbutils.ProcessDbUtils(Framework)
processList = []
hostOSH = None
count = 0
for processItem in processItems:
if not processItem.name:
continue
processName = processItem.name
processNameLower = processName.lower()
processPid = processItem.processId
if processPid == '-1' or not processPid.isnumeric():
logger.debug("Process '%s' is system process or has non numeric pid" % processName)
continue
processExecutablePath = processItem.executablepath
processCommandLine = processItem.commandLine
processStartupTimeString = processItem.creationdate
processStartupTime = None
if processStartupTimeString:
try:
startupDate = modeling.getDateFromUtcString(processStartupTimeString)
processStartupTime = startupDate.getTime()
except:
errobj = errorobject.createError(errorcodes.PROCESS_STARTUP_TIME_ATTR_NOT_SET, ['NTCMD', processStartupTimeString], "%s: Process startup time attribute is not set due to error while parsing date string '%s'" % ('NTCMD', processStartupTimeString))
logger.reportWarningObject(errobj)
# check whether process name is included in command line
# Obtain first token containing process from the CMD line
matchObj = re.match('(:?["\'](.*?)["\']|(.*?)\s)', processCommandLine)
if matchObj and matchObj.groups():
firstCmdToken = matchObj.group(1).strip()
else:
firstCmdToken = processCommandLine.strip()
#remove quotes
firstCmdToken = re.sub('[\'"]', '', firstCmdToken).lower()
#token has to end with process name
if not firstCmdToken.endswith(processNameLower):
extStartPos = processNameLower.rfind('.')
if extStartPos != -1:
pnameNoExt = processNameLower[0:extStartPos]
if not firstCmdToken.endswith(pnameNoExt):
processCommandLine = '%s %s' % (processName, processCommandLine)
processArgs = None
argsMatch = re.match('("[^"]+"|[^"]\S+)\s+(.+)$',processCommandLine)
if argsMatch:
processArgs = argsMatch.group(2)
pdu.addProcess(hostID, processName, processPid, processCommandLine, processExecutablePath, processArgs, None, processStartupTime)
if processPid in processList:
logger.debug("Process: '%s' already reported" % processName)
continue
count += 1
processList.append(processPid)
if OSHVResult is not None:
if hostOSH == None:
hostOSH = modeling.createOshByCmdbIdString('host', hostID)
processOsh = modeling.createProcessOSH(processName, hostOSH, processCommandLine, processPid, processExecutablePath, None, None, processStartupTime)
OSHVResult.add(processOsh)
pdu.flushHostProcesses(hostID)
if pid2Process is not None:
pid2Process.putAll(pdu.getProcessCmdMap())
finally:
if pdu != None:
pdu.close()
return 1
def _createWmiAgentProvider(self):
self.__wmiAgentProvider = wmiutils.getWmiProvider(self._client)
def _createWmiAgentProvider(self):
self.__wmiAgentProvider = wmiutils.getWmiProvider(self._getShell())
def doWMI(client, wmiOSH, ip_address, ip_domain, hostForLinkOSH, host_cmdbid=None, host_key=None, host_macs=None, ucmdb_version=None):
'''@types: WmiClient, ObjectStateHolder, IPAddress, str, ObjectStateHolder, str, str, list[str], int -> ObjectStateHolderVector
@param ip_address: Destination IP address
'''
wmiProvider = wmiutils.getWmiProvider(client)
hostDiscoverer = host_win_wmi.WmiHostDiscoverer(wmiProvider)
hostInfo = hostDiscoverer.discoverHostInfo()
machineName = hostInfo.hostName
interfacesDiscover = networking_win_wmi.WmiInterfaceDiscoverer(wmiProvider,
ip_address)
vector = ObjectStateHolderVector()
interfaceList = interfacesDiscover.getInterfaces()
parentLinkList = ObjectStateHolderVector()
isVirtual = 1
resultEmpty = 1
interfacesToUpdateList = []
for interface in interfaceList:
ips = interface.ips
MACAddress = interface.macAddress
masks = interface.masks
Description = interface.description
dhcpEnabled = interface.dhcpEnabled
resultEmpty = 0
for ipIndex, ipAddress in enumerate(__iterate_valid_ips(ips)):
IPSubnet = (masks and masks[ipIndex]) or None
if str(ip_address) == str(ipAddress):
isVirtual = 0
ipOSH = modeling.createIpOSH(ipAddress)
# Test if the same ip and interface are in the list allready
logger.debug('Found ip address: ', ipAddress, ', MACAddress: ', MACAddress, ', IPSubnet: ', IPSubnet, ', Description: ', Description)
# create OSH for IP and add it to the list
# create OSH for Network and add it to the list
__vector = getIPNetworkMemebrList(ipAddress, IPSubnet, '', dhcpEnabled, Description)
if __vector.size() > 0:
vector.addAll(__vector)
if netutils.isValidMac(MACAddress):
# create link interface to its ip only it has an ip defined
interfaceOSH = modeling.createInterfaceOSH(MACAddress, hostForLinkOSH, Description)
parentLinkList.add(modeling.createLinkOSH('containment', interfaceOSH, ipOSH))
interfacesToUpdateList.append(interfaceOSH)
# Check if the Input IP is virtual, we do not want to return the WMI
if isVirtual == 1:
logger.warn('Destination is not among discovered IPs assuming virtual. WMI object will not be reported.')
vIPOSH = modeling.createIpOSH(ip_address)
vIPOSH.setBoolAttribute('isvirtual', 1)
vector.add(vIPOSH)
if resultEmpty == 1:
logger.warn('WMI was able to connect, but WMI Query returns no results')
vector.clear()
return vector
# create the host and all the objects
if len(interfaceList) > 0:
hostOSH = None
try:
hostOSH = modeling.createCompleteHostOSHByInterfaceList('nt',
interfaceList, 'Windows', machineName, None,
host_cmdbid, host_key, host_macs, ucmdb_version)
except:
hostOSH = modeling.createHostOSH(str(ip_address), 'nt')
logger.debugException('Could not find a valid MAC address for key on ip : %s. Creating incomplete host\n' % ip_address)
logger.warn('Could not find a valid MAC address for key on ip : %s. Creating incomplete host\n' % ip_address)
# select from Win32_OperatingSystem
_wmiQuery = 'select Caption,Version,ServicePackMajorVersion,ServicePackMinorVersion,BuildNumber,Organization,RegisteredUser,TotalVisibleMemorySize,LastBootUpTime,OtherTypeDescription,description from Win32_OperatingSystem'
resultSet = client.executeQuery(_wmiQuery) # @@CMD_PERMISION wmi protocol execution
osinstalltype = None
if resultSet.next():
Caption = resultSet.getString(1)
Version = resultSet.getString(2)
ServicePackMajorVersion = resultSet.getString(3)
ServicePackMinorVersion = resultSet.getString(4)
BuildNumber = resultSet.getString(5)
Organization = resultSet.getString(6)
RegisteredUser = resultSet.getString(7)
TotalVisibleMemorySize = resultSet.getString(8)
LastBootUpTime = resultSet.getString(9)
OtherTypeDescription = resultSet.getString(10)
description = resultSet.getString(11)
(vendor, osName, osinstalltype) = separateCaption(Caption, OtherTypeDescription)
hostOSH.setAttribute('host_vendor', vendor)
modeling.setHostOsName(hostOSH, osName)
hostOSH.setAttribute('host_osinstalltype', osinstalltype)
setLastBootUpTime(hostOSH, LastBootUpTime)
biosUUID = getBIOSUUID(client)
defaultGateway = getDefaultGateway(client)
hostOSH.setAttribute('host_osversion', Version)
sp = ServicePackMajorVersion + '.' + ServicePackMinorVersion
if checkSpVersion(sp):
hostOSH.setAttribute('nt_servicepack', sp)
hostOSH.setAttribute('host_osrelease', str(BuildNumber))
hostOSH.setAttribute('nt_registrationorg', Organization)
hostOSH.setAttribute('nt_registeredowner', RegisteredUser)
hostOSH.setAttribute('nt_physicalmemory', TotalVisibleMemorySize)
hostOSH.setAttribute('host_hostname', machineName)
modeling.setHostBiosUuid(hostOSH, biosUUID)
modeling.setHostDefaultGateway(hostOSH, defaultGateway)
modeling.setHostOsFamily(hostOSH, 'windows')
hostOSH = HostBuilder(hostOSH).setDescription(description).build()
_wmiQuery2 = 'select Manufacturer,NumberOfProcessors,Model,Domain from Win32_ComputerSystem'
resultSet = client.executeQuery(_wmiQuery2) # @@CMD_PERMISION wmi protocol execution
if resultSet.next():
Manufacturer = resultSet.getString(1)
if ((Manufacturer != None) and (Manufacturer.find('system manufacturer') == -1)):
modeling.setHostManufacturerAttribute(hostOSH, Manufacturer.strip())
NumberOfProcessors = resultSet.getString(2)
hostOSH.setAttribute('nt_processorsnumber', int(NumberOfProcessors))
Model = resultSet.getString(3)
modeling.setHostModelAttribute(hostOSH, Model)
osDomain = resultSet.getString(4)
hostOSH.setAttribute('host_osdomain', osDomain.strip())
biosAssetTag = hostDiscoverer.getBiosAssetTag()
if biosAssetTag:
hostOSH.setAttribute('bios_asset_tag', biosAssetTag)
_wmiQuery4 = 'SELECT SerialNumber FROM Win32_BIOS'
resultSet = client.executeQuery(_wmiQuery4) # @@CMD_PERMISSION wmi protocol execution
if resultSet.next():
serialNumber = processSerialNumber(resultSet.getString(1))
if not serialNumber:
wmiBaseBoardSerialNumber = 'SELECT SerialNumber FROM Win32_BaseBoard'
resultSet = client.executeQuery(wmiBaseBoardSerialNumber) # @@CMD_PERMISION wmi protocol execution
serialNumber = processSerialNumber(str(resultSet))
modeling.setHostSerialNumberAttribute(hostOSH, serialNumber)
try:
paeEnabled = getPAEState(client)
if paeEnabled and paeEnabled.lower() in ['1', 'true']:
hostOSH.setBoolAttribute('pae_enabled', 1)
elif paeEnabled and paeEnabled.lower() in ['0', 'false']:
hostOSH.setBoolAttribute('pae_enabled', 0)
except Exception, ex:
logger.warn('Failed getting PAE state. %s' % ex)
try:
osArchitecture = getOsArchitecture(client)
if osinstalltype and osinstalltype.find('64') != -1:
osArchitecture = '64-bit'
if osArchitecture:
hostOSH.setStringAttribute('os_architecture', osArchitecture)
except Exception, ex:
logger.warn('Failed getting OS Architecture value. %s' % ex)
def _createWmiAgentProvider(self):
self.__wmiAgentProvider = wmiutils.getWmiProvider(self._client)
def discoverProcessesByWmic(client,
OSHVResult,
hostID,
Framework,
pid2Process=None):
''' Discover system processes, report them and save in probe DB.
Shell, oshVector, str, Framework, map[str, str] -> bool
@command: wmic process get commandLine, creationdate, executablepath, name, processId
'''
wmiProvider = wmiutils.getWmiProvider(client)
queryBuilder = wmiProvider.getBuilder('Win32_Process')
queryBuilder.usePathCommand(1)
#queryBuilder = wmiutils.WmicQueryBuilder('process')
queryBuilder.addWmiObjectProperties('name', 'processId', 'commandLine',
'executablepath', 'creationdate')
wmicAgent = wmiProvider.getAgent()
processItems = []
try:
processItems = wmicAgent.getWmiData(queryBuilder)
except:
logger.debugException('Failed getting processes information via wmic')
return 0
pdu = None
try:
pdu = processdbutils.ProcessDbUtils(Framework)
processList = []
hostOSH = None
count = 0
for processItem in processItems:
if not processItem.name:
continue
processName = processItem.name
processNameLower = processName.lower()
processPid = processItem.processId
if processPid == '-1' or not processPid.isnumeric():
logger.debug(
"Process '%s' is system process or has non numeric pid" %
processName)
continue
processExecutablePath = processItem.executablepath
processCommandLine = processItem.commandLine
processStartupTimeString = processItem.creationdate
processStartupTime = None
if processStartupTimeString:
try:
startupDate = modeling.getDateFromUtcString(
processStartupTimeString)
processStartupTime = startupDate.getTime()
except:
errobj = errorobject.createError(
errorcodes.PROCESS_STARTUP_TIME_ATTR_NOT_SET,
['NTCMD', processStartupTimeString],
"%s: Process startup time attribute is not set due to error while parsing date string '%s'"
% ('NTCMD', processStartupTimeString))
logger.reportWarningObject(errobj)
# check whether process name is included in command line
# Obtain first token containing process from the CMD line
matchObj = re.match('(:?["\'](.*?)["\']|(.*?)\s)',
processCommandLine)
if matchObj and matchObj.groups():
firstCmdToken = matchObj.group(1).strip()
else:
firstCmdToken = processCommandLine.strip()
#remove quotes
firstCmdToken = re.sub('[\'"]', '', firstCmdToken).lower()
#token has to end with process name
if not firstCmdToken.endswith(processNameLower):
extStartPos = processNameLower.rfind('.')
if extStartPos != -1:
pnameNoExt = processNameLower[0:extStartPos]
if not firstCmdToken.endswith(pnameNoExt):
processCommandLine = '%s %s' % (processName,
processCommandLine)
processArgs = None
argsMatch = re.match('("[^"]+"|[^"]\S+)\s+(.+)$',
processCommandLine)
if argsMatch:
processArgs = argsMatch.group(2)
pdu.addProcess(hostID, processName, processPid, processCommandLine,
processExecutablePath, processArgs, None,
processStartupTime)
if processPid in processList:
logger.debug("Process: '%s' already reported" % processName)
continue
count += 1
processList.append(processPid)
if OSHVResult is not None:
if hostOSH == None:
hostOSH = modeling.createOshByCmdbIdString('host', hostID)
processOsh = modeling.createProcessOSH(
processName, hostOSH, processCommandLine, processPid,
processExecutablePath, None, None, processStartupTime)
OSHVResult.add(processOsh)
pdu.flushHostProcesses(hostID)
if pid2Process is not None:
pid2Process.putAll(pdu.getProcessCmdMap())
finally:
if pdu != None:
pdu.close()
return 1
