def check_data_secret(self, data): reported_serial_number = data['serial_num'] if reported_serial_number != self.machine_serial_number: # the SN reported by osquery is not the one configured in the enrollment secret auth_err = "santa reported SN {} different from enrollment SN {}".format(reported_serial_number, self.machine_serial_number) machine_info = {k: v for k, v in data.items() if k in ("hostname", "os_build", "os_version", "serial_num", "primary_user") and v} post_machine_conflict_event(self.request, "zentral.contrib.santa", reported_serial_number, self.machine_serial_number, machine_info) raise APIAuthError(auth_err)
def check_data_secret(self, data): msn = data.get('machine_serial_number') if not msn: raise APIAuthError( f"No reported machine serial number. Request SN {self.machine_serial_number}." ) if msn != self.machine_serial_number: # the serial number reported by the zentral postflight is not the one in the enrollment secret. auth_err = "Zentral postflight reported SN {} different from enrollment SN {}".format( msn, self.machine_serial_number) post_machine_conflict_event(self.request, "zentral.contrib.munki", msn, self.machine_serial_number, {}) raise APIAuthError(auth_err)
def check_data_secret(self, data): super().check_data_secret(data) self.data_data = data.pop("data") for r in self.data_data: decorations = r.pop("decorations", None) if decorations: hardware_serial = decorations.get("hardware_serial") if hardware_serial and hardware_serial != self.machine_serial_number: # the SN reported by osquery is not the one configured in the enrollment secret auth_err = "osquery reported SN {} different from enrollment SN {}".format( hardware_serial, self.machine_serial_number) post_machine_conflict_event(self.request, "zentral.contrib.osquery", hardware_serial, self.machine_serial_number, decorations) raise APIAuthError(auth_err)
def process_decorations(self, records): if not records: return decorations = records[-1].get("decorations", {}) # verify serial number serial_number = decorations.get("serial_number") if serial_number and serial_number != self.machine.serial_number: logger.warning(f"osquery reported SN {serial_number} " f"different from enrolled machine SN {self.machine.serial_number}") post_machine_conflict_event(self.request, "zentral.contrib.osquery", serial_number, self.machine.serial_number, decorations) return {"node_invalid": True} # update osquery version if necessary osquery_version = decorations.get("version") if osquery_version and self.enrolled_machine.osquery_version != osquery_version: self.enrolled_machine.osquery_version = osquery_version self.enrolled_machine.save()
def check_data_secret(self, data): super().check_data_secret(data) self.data_data = data.pop("data") for r in self.data_data: decorations = r.pop("decorations", None) if decorations: platform = platform_with_os_name(decorations.get("os_name")) if platform == MACOS: hardware_serial = decorations.get("hardware_serial") if hardware_serial and hardware_serial != self.machine_serial_number: # The SN reported by osquery is not the one configured in the enrollment secret. # For other platforms than MACOS, it could happen. For example, we take the GCE instance ID as # serial number in the enrollment secret for linux, if possible. # Osquery builds one from the SMBIOS/DMI. auth_err = "osquery reported SN {} different from enrollment SN {}".format( hardware_serial, self.machine_serial_number) post_machine_conflict_event(self.request, SOURCE_MODULE, hardware_serial, self.machine_serial_number, decorations) raise APIAuthError(auth_err)