def insert_service(service, relation_properties, host_node, external_check): service_name = service.get('name', 'unknown') service_node_handle = nlu.get_unique_node_handle(service_name, 'Host Service', 'Logical') service_node = service_node_handle.get_node() helpers.update_noclook_auto_manage(service_node) result = host_node.get_host_service(service_node.handle_id, **relation_properties) if not result.get('Depends_on'): result = host_node.set_host_service(service_node.handle_id, **relation_properties) relationship_id = result.get('Depends_on')[0].get('relationship_id') relationship = nlu.get_relationship_model(relationship_id) created = result.get('Depends_on')[0].get('created') # Set or update relationship properties relation_properties.update(service) if external_check: relation_properties.update({ 'public': True, 'noclook_last_external_check': datetime.now().isoformat() }) user = nlu.get_user() if created: activitylog.create_relationship(user, relationship) #TODO: log creation if host_node.data.get('services_locked', False): #TODO: log warning with new port found relation_properties['rouge_port'] = True else: #TODO: log found service None helpers.update_noclook_auto_manage(relationship) #TODO: is properties_keys needed? helpers.dict_update_relationship(user, relationship.id, relation_properties)
def insert_external_bgp_peering(peering, peering_group): """ Creates/updates the relationship and nodes needed to express the external peerings. """ user = utils.get_user() # Get or create the peering partner, unique per AS peer_node = get_peering_partner(peering) if peer_node is None: # We are done. This is a broken peering. return # Get all relationships with this ip address, should never be more than one remote_address = peering.get('remote_address', None).lower() if remote_address: # DEBUG try: result = peer_node.get_peering_group(peering_group.handle_id, remote_address) except AttributeError: print(peer_node) sys.exit(1) if not result.get('Uses'): result = peer_node.set_peering_group(peering_group.handle_id, remote_address) relationship_id = result.get('Uses')[0]['relationship_id'] relationship = nc.get_relationship_model(nc.graphdb.manager, relationship_id) helpers.set_noclook_auto_manage(relationship, True) if result.get('Uses')[0].get('created', False): activitylog.create_relationship(user, relationship) # Match the remote address against a local network dependency_node, local_address = match_remote_ip_address( ipaddress.ip_address(remote_address)) if dependency_node and local_address: result = peering_group.get_group_dependency( dependency_node.handle_id, local_address) if not result.get('Depends_on'): result = peering_group.set_group_dependency( dependency_node.handle_id, local_address) relationship_id = result.get('Depends_on')[0]['relationship_id'] relationship = nc.get_relationship_model(nc.graphdb.manager, relationship_id) helpers.set_noclook_auto_manage(relationship, True) if result.get('Depends_on')[0].get('created', False): activitylog.create_relationship(user, relationship) logger.info( 'Peering Partner {name} done.'.format(name=peer_node.data['name']))
def insert_services(service_dict, host_node, external_check=False): """ Takes a dictionary of services and a node id for a host. Gets or creates a service and makes a Depends_on relationship between the service and host. Example service_dict: {"127.0.0.1": { "tcp": { "80": { "conf": "10", "extrainfo": "", "name": "http", "product": "VMware ESXi Server httpd", "reason": "syn-ack", "state": "open", "version": "" }, "8443": { "conf": "10", "extrainfo": "", "name": "ssl", "product": "TLS", "reason": "syn-ack", "state": "open", "version": "1.0" } } } """ user = nt.get_user() node_type = "Host Service" meta_type = 'Logical' services_locked = host_node.data.get('services_locked', False) # Expected service data from nmap property_keys = [ 'ip_address', 'protocol', 'port', 'conf', 'extrainfo', 'name', 'product', 'reason', 'state', 'version' ] if external_check: property_keys.extend(['public', 'noclook_last_external_check']) external_dict = { 'public': True, 'noclook_last_external_check': datetime.now().isoformat() } set_not_public(host_node) for address in service_dict.keys(): for protocol in service_dict[address].keys(): for port in service_dict[address][protocol].keys(): service = service_dict[address][protocol][port] if service['state'] != 'closed': service_name = service['name'] if not service_name: # Blank service_name = 'unknown' service_node_handle = nt.get_unique_node_handle( service_name, node_type, meta_type) service_node = service_node_handle.get_node() helpers.update_noclook_auto_manage(service_node) relationship_properties = { 'ip_address': address, 'protocol': protocol, 'port': port } result = host_node.get_host_service( service_node.handle_id, **relationship_properties) if not result.get('Depends_on'): result = host_node.set_host_service( service_node.handle_id, **relationship_properties) relationship_id = result.get('Depends_on')[0].get( 'relationship_id') relationship = nc.get_relationship_model( nc.graphdb.manager, relationship_id) created = result.get('Depends_on')[0].get('created') # Set or update relationship properties relationship_properties.update(service) if external_check: relationship_properties.update(external_dict) if created: activitylog.create_relationship(user, relationship) if services_locked: logger.warn( 'New open port found for host {name}.'.format( name=host_node.data['name'])) property_keys.append('rogue_port') relationship_properties['rogue_port'] = True logger.info( 'Host Service {host_service_name} using port {port}/{protocol} created.' .format( host_service_name=service_node.data['name'], port=relationship.data['port'], protocol=relationship.data['protocol'])) if not created: logger.info( 'Host Service {host_service_name} using port {port}/{protocol} found.' .format( host_service_name=service_node.data['name'], port=relationship.data['port'], protocol=relationship.data['protocol'])) helpers.update_noclook_auto_manage(relationship) helpers.dict_update_relationship(user, relationship.id, relationship_properties, property_keys) logger.info( '{name} {ip_address} {port}/{protocol} processed...'. format(name=host_node.data['name'], ip_address=address, protocol=protocol, port=port))